[Pkg-swan-devel] [strongswan] 02/06: Imported Upstream version 5.5.0
Yves-Alexis Perez
corsac at moszumanska.debian.org
Sat Jul 16 13:34:49 UTC 2016
This is an automated email from the git hooks/post-receive script.
corsac pushed a commit to branch master
in repository strongswan.
commit bf372706c469764d59e9f29c39e3ecbebd72b8d2
Author: Yves-Alexis Perez <corsac at debian.org>
Date: Sat Jul 16 15:19:53 2016 +0200
Imported Upstream version 5.5.0
---
Android.common.mk | 2 +-
Android.mk | 7 +-
Makefile.in | 51 +-
NEWS | 38 +
aclocal.m4 | 295 +-
compile | 2 +-
conf/Makefile.in | 30 +-
conf/options/charon.conf | 5 +
conf/options/charon.opt | 5 +
conf/plugins/imc-attestation.opt | 6 +
conf/strongswan.conf.5.main | 14 +
config.guess | 233 +-
config.h.in | 8 +-
config.sub | 60 +-
configure | 2363 ++++++---
configure.ac | 58 +-
depcomp | 2 +-
init/Makefile.in | 26 +-
init/systemd-swanctl/Makefile.in | 26 +-
init/systemd/Makefile.in | 26 +-
install-sh | 373 +-
ltmain.sh | 5533 +++++++++++++-------
m4/config/libtool.m4 | 2525 +++++----
m4/config/ltoptions.m4 | 127 +-
m4/config/ltsugar.m4 | 7 +-
m4/config/ltversion.m4 | 12 +-
m4/config/lt~obsolete.m4 | 7 +-
man/Makefile.in | 28 +-
missing | 6 +-
scripts/Makefile.in | 27 +-
scripts/timeattack.c | 10 +-
src/Makefile.am | 8 +
src/Makefile.in | 91 +-
src/_copyright/Makefile.in | 27 +-
src/_updown/Makefile.in | 26 +-
src/aikgen/Makefile.am | 9 +-
src/aikgen/Makefile.in | 36 +-
src/aikgen/aikgen.c | 229 +-
src/aikpub2/Makefile.am | 15 +
src/{aikgen => aikpub2}/Makefile.in | 69 +-
src/aikpub2/aikpub2.c | 305 ++
src/charon-cmd/Makefile.am | 2 +-
src/charon-cmd/Makefile.in | 33 +-
src/charon-cmd/cmd/cmd_connection.c | 42 +-
src/charon-nm/Makefile.am | 2 +-
src/charon-nm/Makefile.in | 31 +-
src/charon-nm/nm/nm_service.c | 84 +-
src/charon-svc/Makefile.in | 27 +-
src/charon-systemd/Makefile.am | 3 +-
src/charon-systemd/Makefile.in | 32 +-
src/charon-tkm/Makefile.in | 26 +-
src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 6 +-
src/charon-tkm/src/tkm/tkm_kernel_ipsec.c | 97 +-
src/charon-tkm/src/tkm/tkm_kernel_sad.c | 32 +-
src/charon-tkm/src/tkm/tkm_kernel_sad.h | 10 +-
src/charon-tkm/src/tkm/tkm_keymat.c | 8 +-
src/charon-tkm/src/tkm/tkm_nonceg.c | 2 +-
src/charon-tkm/src/tkm/tkm_spi_generator.c | 12 +-
src/charon-tkm/tests/nonceg_tests.c | 6 +-
src/charon/Makefile.am | 2 +-
src/charon/Makefile.in | 32 +-
src/checksum/Makefile.am | 5 +
src/checksum/Makefile.in | 79 +-
src/checksum/checksum_builder.c | 2 +-
src/conftest/Makefile.am | 2 +-
src/conftest/Makefile.in | 32 +-
src/conftest/actions.c | 2 +-
src/conftest/config.c | 26 +-
src/conftest/hooks/custom_proposal.c | 4 +-
src/conftest/hooks/log_proposals.c | 2 +-
src/conftest/hooks/rebuild_auth.c | 2 +-
src/conftest/hooks/reset_seq.c | 2 +-
src/conftest/hooks/set_ike_spi.c | 4 +-
src/conftest/hooks/set_length.c | 4 +-
src/conftest/hooks/set_proposal_number.c | 2 +-
src/conftest/hooks/set_reserved.c | 6 +-
src/dumm/Makefile.in | 27 +-
src/dumm/mconsole.c | 18 +-
src/include/Makefile.in | 26 +-
src/include/linux/pfkeyv2.h | 2 +-
src/ipsec/Makefile.in | 27 +-
src/ipsec/_ipsec.8 | 2 +-
src/libcharon/Android.mk | 1 +
src/libcharon/Makefile.am | 5 +-
src/libcharon/Makefile.in | 83 +-
src/libcharon/attributes/mem_pool.c | 16 +-
src/libcharon/bus/bus.c | 2 +-
src/libcharon/bus/bus.h | 10 +-
src/libcharon/bus/listeners/listener.h | 2 +-
src/libcharon/config/child_cfg.c | 172 +-
src/libcharon/config/child_cfg.h | 116 +-
src/libcharon/config/ike_cfg.c | 87 +-
src/libcharon/config/ike_cfg.h | 19 +-
src/libcharon/config/peer_cfg.c | 89 +-
src/libcharon/config/peer_cfg.h | 97 +-
src/libcharon/config/proposal.c | 66 +-
src/libcharon/config/proposal.h | 10 +-
src/libcharon/control/controller.c | 76 +-
src/libcharon/control/controller.h | 4 +-
src/libcharon/daemon.c | 63 +-
src/libcharon/encoding/generator.c | 64 +-
src/libcharon/encoding/generator.h | 2 +-
src/libcharon/encoding/message.c | 42 +-
src/libcharon/encoding/message.h | 16 +-
src/libcharon/encoding/parser.c | 64 +-
src/libcharon/encoding/parser.h | 2 +-
src/libcharon/encoding/payloads/auth_payload.c | 8 +-
src/libcharon/encoding/payloads/cert_payload.c | 6 +-
src/libcharon/encoding/payloads/certreq_payload.c | 6 +-
.../encoding/payloads/configuration_attribute.c | 12 +-
.../encoding/payloads/configuration_attribute.h | 4 +-
src/libcharon/encoding/payloads/cp_payload.c | 14 +-
src/libcharon/encoding/payloads/cp_payload.h | 4 +-
src/libcharon/encoding/payloads/delete_payload.c | 28 +-
src/libcharon/encoding/payloads/delete_payload.h | 8 +-
src/libcharon/encoding/payloads/eap_payload.c | 28 +-
src/libcharon/encoding/payloads/eap_payload.h | 12 +-
src/libcharon/encoding/payloads/encodings.h | 6 +-
.../encoding/payloads/encrypted_fragment_payload.h | 6 +-
.../encoding/payloads/encrypted_payload.c | 48 +-
.../encoding/payloads/encrypted_payload.h | 2 +-
src/libcharon/encoding/payloads/endpoint_notify.c | 44 +-
src/libcharon/encoding/payloads/endpoint_notify.h | 4 +-
src/libcharon/encoding/payloads/fragment_payload.c | 18 +-
src/libcharon/encoding/payloads/fragment_payload.h | 6 +-
src/libcharon/encoding/payloads/hash_payload.c | 6 +-
src/libcharon/encoding/payloads/id_payload.c | 18 +-
src/libcharon/encoding/payloads/ike_header.c | 40 +-
src/libcharon/encoding/payloads/ike_header.h | 24 +-
src/libcharon/encoding/payloads/ke_payload.c | 8 +-
src/libcharon/encoding/payloads/nonce_payload.c | 4 +-
src/libcharon/encoding/payloads/notify_payload.c | 24 +-
src/libcharon/encoding/payloads/notify_payload.h | 8 +-
src/libcharon/encoding/payloads/payload.c | 2 +-
src/libcharon/encoding/payloads/payload.h | 2 +-
.../encoding/payloads/proposal_substructure.c | 120 +-
.../encoding/payloads/proposal_substructure.h | 22 +-
src/libcharon/encoding/payloads/sa_payload.c | 32 +-
src/libcharon/encoding/payloads/sa_payload.h | 14 +-
.../payloads/traffic_selector_substructure.c | 10 +-
.../payloads/traffic_selector_substructure.h | 4 +-
.../encoding/payloads/transform_attribute.c | 14 +-
.../encoding/payloads/transform_attribute.h | 6 +-
.../encoding/payloads/transform_substructure.c | 18 +-
.../encoding/payloads/transform_substructure.h | 6 +-
src/libcharon/encoding/payloads/ts_payload.c | 6 +-
src/libcharon/encoding/payloads/unknown_payload.c | 4 +-
.../encoding/payloads/vendor_id_payload.c | 4 +-
src/libcharon/kernel/kernel_handler.c | 10 +-
src/libcharon/kernel/kernel_interface.c | 115 +-
src/libcharon/kernel/kernel_interface.h | 185 +-
src/libcharon/kernel/kernel_ipsec.h | 299 +-
src/libcharon/kernel/kernel_listener.h | 8 +-
src/libcharon/kernel/kernel_net.h | 12 +-
src/libcharon/network/receiver.c | 32 +-
src/libcharon/network/socket.h | 2 +-
src/libcharon/network/socket_manager.c | 4 +-
src/libcharon/network/socket_manager.h | 2 +-
src/libcharon/plugins/addrblock/Makefile.in | 27 +-
src/libcharon/plugins/android_dns/Makefile.in | 27 +-
src/libcharon/plugins/android_log/Makefile.in | 27 +-
src/libcharon/plugins/attr/Makefile.in | 27 +-
src/libcharon/plugins/attr/attr_provider.c | 4 +-
src/libcharon/plugins/attr_sql/Makefile.in | 27 +-
src/libcharon/plugins/certexpire/Makefile.in | 27 +-
src/libcharon/plugins/connmark/Makefile.in | 27 +-
src/libcharon/plugins/connmark/connmark_listener.c | 45 +-
src/libcharon/plugins/coupling/Makefile.in | 27 +-
src/libcharon/plugins/dhcp/Makefile.in | 27 +-
src/libcharon/plugins/dhcp/dhcp_socket.c | 34 +-
src/libcharon/plugins/dhcp/dhcp_transaction.c | 6 +-
src/libcharon/plugins/dhcp/dhcp_transaction.h | 4 +-
src/libcharon/plugins/dnscert/Makefile.in | 27 +-
src/libcharon/plugins/dnscert/dnscert.c | 8 +-
src/libcharon/plugins/dnscert/dnscert.h | 2 +-
src/libcharon/plugins/duplicheck/Makefile.in | 27 +-
src/libcharon/plugins/duplicheck/duplicheck.c | 2 +-
src/libcharon/plugins/duplicheck/duplicheck_msg.h | 2 +-
.../plugins/duplicheck/duplicheck_notify.c | 2 +-
src/libcharon/plugins/eap_aka/Makefile.in | 27 +-
src/libcharon/plugins/eap_aka/eap_aka_peer.c | 16 +-
src/libcharon/plugins/eap_aka/eap_aka_server.c | 14 +-
src/libcharon/plugins/eap_aka_3gpp2/Makefile.in | 27 +-
.../eap_aka_3gpp2/eap_aka_3gpp2_functions.c | 10 +-
src/libcharon/plugins/eap_dynamic/Makefile.in | 27 +-
src/libcharon/plugins/eap_dynamic/eap_dynamic.c | 12 +-
src/libcharon/plugins/eap_gtc/Makefile.in | 27 +-
src/libcharon/plugins/eap_gtc/eap_gtc.c | 18 +-
src/libcharon/plugins/eap_identity/Makefile.in | 27 +-
src/libcharon/plugins/eap_identity/eap_identity.c | 18 +-
src/libcharon/plugins/eap_md5/Makefile.in | 27 +-
src/libcharon/plugins/eap_md5/eap_md5.c | 20 +-
src/libcharon/plugins/eap_mschapv2/Makefile.in | 27 +-
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 58 +-
src/libcharon/plugins/eap_peap/Makefile.in | 27 +-
src/libcharon/plugins/eap_peap/eap_peap.c | 6 +-
src/libcharon/plugins/eap_peap/eap_peap_avp.c | 8 +-
src/libcharon/plugins/eap_peap/eap_peap_avp.h | 2 +-
src/libcharon/plugins/eap_peap/eap_peap_peer.c | 4 +-
src/libcharon/plugins/eap_peap/eap_peap_server.c | 4 +-
src/libcharon/plugins/eap_radius/Makefile.in | 27 +-
src/libcharon/plugins/eap_radius/eap_radius.c | 32 +-
.../plugins/eap_radius/eap_radius_accounting.c | 28 +-
.../plugins/eap_radius/eap_radius_accounting.h | 2 +-
src/libcharon/plugins/eap_radius/eap_radius_dae.c | 4 +-
.../plugins/eap_radius/eap_radius_forward.c | 6 +-
.../plugins/eap_radius/eap_radius_provider.c | 4 +-
.../plugins/eap_radius/eap_radius_provider.h | 4 +-
src/libcharon/plugins/eap_sim/Makefile.in | 27 +-
src/libcharon/plugins/eap_sim/eap_sim_peer.c | 16 +-
src/libcharon/plugins/eap_sim/eap_sim_server.c | 14 +-
src/libcharon/plugins/eap_sim_file/Makefile.in | 27 +-
src/libcharon/plugins/eap_sim_pcsc/Makefile.in | 27 +-
.../plugins/eap_simaka_pseudonym/Makefile.in | 27 +-
.../eap_simaka_pseudonym_card.c | 82 +-
.../plugins/eap_simaka_reauth/Makefile.in | 27 +-
.../eap_simaka_reauth/eap_simaka_reauth_card.c | 6 +-
.../eap_simaka_reauth/eap_simaka_reauth_provider.c | 4 +-
src/libcharon/plugins/eap_simaka_sql/Makefile.in | 27 +-
src/libcharon/plugins/eap_tls/Makefile.in | 27 +-
src/libcharon/plugins/eap_tls/eap_tls.c | 6 +-
src/libcharon/plugins/eap_tnc/Makefile.in | 27 +-
src/libcharon/plugins/eap_ttls/Makefile.in | 27 +-
src/libcharon/plugins/eap_ttls/eap_ttls.c | 6 +-
src/libcharon/plugins/eap_ttls/eap_ttls_avp.c | 10 +-
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c | 6 +-
src/libcharon/plugins/error_notify/Makefile.in | 27 +-
.../plugins/error_notify/error_notify_listener.c | 5 +
.../plugins/error_notify/error_notify_msg.h | 1 +
src/libcharon/plugins/ext_auth/Makefile.in | 27 +-
src/libcharon/plugins/farp/Makefile.in | 27 +-
src/libcharon/plugins/farp/farp_listener.c | 2 +-
src/libcharon/plugins/farp/farp_spoofer.c | 18 +-
src/libcharon/plugins/forecast/Makefile.in | 27 +-
.../plugins/forecast/forecast_forwarder.c | 6 +-
src/libcharon/plugins/forecast/forecast_listener.c | 32 +-
src/libcharon/plugins/ha/Makefile.in | 27 +-
src/libcharon/plugins/ha/ha_attribute.c | 12 +-
src/libcharon/plugins/ha/ha_cache.c | 4 +-
src/libcharon/plugins/ha/ha_child.c | 4 +-
src/libcharon/plugins/ha/ha_dispatcher.c | 20 +-
src/libcharon/plugins/ha/ha_ike.c | 6 +-
src/libcharon/plugins/ha/ha_kernel.c | 20 +-
src/libcharon/plugins/ha/ha_kernel.h | 2 +-
src/libcharon/plugins/ha/ha_message.c | 86 +-
src/libcharon/plugins/ha/ha_message.h | 44 +-
src/libcharon/plugins/ha/ha_segments.h | 2 +-
src/libcharon/plugins/ha/ha_tunnel.c | 28 +-
src/libcharon/plugins/ipseckey/Makefile.in | 27 +-
src/libcharon/plugins/ipseckey/ipseckey.c | 10 +-
src/libcharon/plugins/ipseckey/ipseckey.h | 2 +-
src/libcharon/plugins/ipseckey/ipseckey_cred.c | 2 +-
src/libcharon/plugins/kernel_iph/Makefile.in | 27 +-
src/libcharon/plugins/kernel_iph/kernel_iph_net.c | 13 +-
src/libcharon/plugins/kernel_libipsec/Makefile.in | 27 +-
.../kernel_libipsec/kernel_libipsec_ipsec.c | 101 +-
src/libcharon/plugins/kernel_netlink/Makefile.am | 2 +
src/libcharon/plugins/kernel_netlink/Makefile.in | 31 +-
.../plugins/kernel_netlink/kernel_netlink_ipsec.c | 1098 ++--
.../plugins/kernel_netlink/kernel_netlink_net.c | 126 +-
.../plugins/kernel_netlink/kernel_netlink_shared.c | 8 +-
src/libcharon/plugins/kernel_pfkey/Makefile.in | 27 +-
.../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 690 +--
src/libcharon/plugins/kernel_pfroute/Makefile.in | 27 +-
.../plugins/kernel_pfroute/kernel_pfroute_net.c | 34 +-
src/libcharon/plugins/kernel_wfp/Makefile.in | 27 +-
.../plugins/kernel_wfp/kernel_wfp_ipsec.c | 260 +-
src/libcharon/plugins/led/Makefile.in | 27 +-
src/libcharon/plugins/load_tester/Makefile.in | 27 +-
src/libcharon/plugins/load_tester/load_tester.c | 2 +-
.../plugins/load_tester/load_tester_config.c | 58 +-
.../plugins/load_tester/load_tester_creds.c | 4 +-
.../plugins/load_tester/load_tester_ipsec.c | 45 +-
src/libcharon/plugins/lookip/Makefile.in | 27 +-
src/libcharon/plugins/maemo/Makefile.in | 27 +-
src/libcharon/plugins/maemo/maemo_service.c | 36 +-
src/libcharon/plugins/medcli/Makefile.in | 27 +-
src/libcharon/plugins/medcli/medcli_config.c | 88 +-
src/libcharon/plugins/medsrv/Makefile.in | 27 +-
src/libcharon/plugins/medsrv/medsrv_config.c | 20 +-
src/libcharon/plugins/osx_attr/Makefile.in | 27 +-
src/libcharon/plugins/p_cscf/Makefile.am | 1 -
src/libcharon/plugins/p_cscf/Makefile.in | 28 +-
src/libcharon/plugins/radattr/Makefile.in | 27 +-
src/libcharon/plugins/resolve/Makefile.in | 27 +-
src/libcharon/plugins/resolve/resolve_handler.c | 203 +-
src/libcharon/plugins/smp/Makefile.in | 27 +-
src/libcharon/plugins/smp/smp.c | 2 +-
src/libcharon/plugins/socket_default/Makefile.in | 27 +-
.../plugins/socket_default/socket_default_socket.c | 32 +-
src/libcharon/plugins/socket_dynamic/Makefile.in | 27 +-
.../plugins/socket_dynamic/socket_dynamic_socket.c | 10 +-
src/libcharon/plugins/socket_win/Makefile.in | 27 +-
.../plugins/socket_win/socket_win_socket.c | 6 +-
src/libcharon/plugins/sql/Makefile.in | 27 +-
src/libcharon/plugins/sql/sql_config.c | 50 +-
src/libcharon/plugins/sql/sql_logger.c | 2 +-
src/libcharon/plugins/stroke/Makefile.in | 27 +-
src/libcharon/plugins/stroke/stroke_config.c | 132 +-
src/libcharon/plugins/stroke/stroke_control.c | 18 +-
src/libcharon/plugins/stroke/stroke_counter.c | 10 +-
src/libcharon/plugins/stroke/stroke_cred.c | 47 +-
src/libcharon/plugins/stroke/stroke_list.c | 10 +-
src/libcharon/plugins/stroke/stroke_socket.c | 2 +-
src/libcharon/plugins/systime_fix/Makefile.in | 27 +-
src/libcharon/plugins/tnc_ifmap/Makefile.in | 27 +-
.../plugins/tnc_ifmap/tnc_ifmap_listener.c | 2 +-
.../tnc_ifmap/tnc_ifmap_renew_session_job.c | 4 +-
.../tnc_ifmap/tnc_ifmap_renew_session_job.h | 2 +-
src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c | 6 +-
src/libcharon/plugins/tnc_pdp/Makefile.in | 27 +-
src/libcharon/plugins/tnc_pdp/tnc_pdp.c | 16 +-
src/libcharon/plugins/uci/Makefile.in | 27 +-
src/libcharon/plugins/uci/uci_config.c | 36 +-
src/libcharon/plugins/unity/Makefile.in | 27 +-
src/libcharon/plugins/unity/unity_handler.c | 8 +-
src/libcharon/plugins/unity/unity_provider.c | 4 +-
src/libcharon/plugins/updown/Makefile.in | 27 +-
src/libcharon/plugins/updown/updown_listener.c | 12 +-
src/libcharon/plugins/vici/Makefile.in | 27 +-
src/libcharon/plugins/vici/README.md | 11 +-
src/libcharon/plugins/vici/libvici.c | 18 +-
src/libcharon/plugins/vici/perl/Makefile.in | 26 +-
src/libcharon/plugins/vici/python/MANIFEST.in | 1 +
src/libcharon/plugins/vici/python/Makefile.am | 20 +-
src/libcharon/plugins/vici/python/Makefile.in | 46 +-
src/libcharon/plugins/vici/python/README.rst | 24 +
src/libcharon/plugins/vici/python/setup.py.in | 18 +-
src/libcharon/plugins/vici/python/vici/protocol.py | 11 +-
src/libcharon/plugins/vici/ruby/Makefile.in | 28 +-
src/libcharon/plugins/vici/suites/test_socket.c | 4 +-
src/libcharon/plugins/vici/vici_attribute.c | 6 +-
src/libcharon/plugins/vici/vici_config.c | 329 +-
src/libcharon/plugins/vici/vici_control.c | 6 +-
src/libcharon/plugins/vici/vici_dispatcher.c | 6 +-
src/libcharon/plugins/vici/vici_message.c | 2 +-
src/libcharon/plugins/vici/vici_query.c | 36 +-
src/libcharon/plugins/vici/vici_socket.c | 6 +-
src/libcharon/plugins/whitelist/Makefile.in | 27 +-
src/libcharon/plugins/xauth_eap/Makefile.in | 27 +-
src/libcharon/plugins/xauth_eap/xauth_eap.c | 2 +-
src/libcharon/plugins/xauth_generic/Makefile.in | 27 +-
src/libcharon/plugins/xauth_noauth/Makefile.in | 27 +-
src/libcharon/plugins/xauth_pam/Makefile.in | 27 +-
src/libcharon/processing/jobs/acquire_job.c | 4 +-
src/libcharon/processing/jobs/acquire_job.h | 2 +-
src/libcharon/processing/jobs/adopt_children_job.c | 2 +-
.../processing/jobs/delete_child_sa_job.c | 4 +-
.../processing/jobs/delete_child_sa_job.h | 2 +-
src/libcharon/processing/jobs/inactivity_job.c | 10 +-
src/libcharon/processing/jobs/inactivity_job.h | 2 +-
src/libcharon/processing/jobs/migrate_job.c | 4 +-
src/libcharon/processing/jobs/migrate_job.h | 2 +-
src/libcharon/processing/jobs/rekey_child_sa_job.c | 4 +-
src/libcharon/processing/jobs/rekey_child_sa_job.h | 2 +-
src/libcharon/processing/jobs/rekey_ike_sa_job.c | 6 +-
src/libcharon/processing/jobs/retransmit_job.c | 4 +-
src/libcharon/processing/jobs/retransmit_job.h | 2 +-
src/libcharon/processing/jobs/update_sa_job.c | 4 +-
src/libcharon/processing/jobs/update_sa_job.h | 2 +-
src/libcharon/sa/child_sa.c | 398 +-
src/libcharon/sa/child_sa.h | 18 +-
src/libcharon/sa/child_sa_manager.c | 14 +-
src/libcharon/sa/child_sa_manager.h | 4 +-
src/libcharon/sa/eap/eap_manager.c | 8 +-
src/libcharon/sa/eap/eap_manager.h | 6 +-
src/libcharon/sa/eap/eap_method.h | 6 +-
src/libcharon/sa/ike_sa.c | 72 +-
src/libcharon/sa/ike_sa.h | 48 +-
src/libcharon/sa/ike_sa_id.c | 20 +-
src/libcharon/sa/ike_sa_id.h | 14 +-
src/libcharon/sa/ike_sa_manager.c | 94 +-
src/libcharon/sa/ike_sa_manager.h | 4 +-
src/libcharon/sa/ikev1/keymat_v1.c | 48 +-
src/libcharon/sa/ikev1/keymat_v1.h | 8 +-
src/libcharon/sa/ikev1/task_manager_v1.c | 100 +-
src/libcharon/sa/ikev1/tasks/aggressive_mode.c | 17 +-
src/libcharon/sa/ikev1/tasks/isakmp_delete.c | 2 +-
src/libcharon/sa/ikev1/tasks/isakmp_dpd.c | 8 +-
src/libcharon/sa/ikev1/tasks/isakmp_dpd.h | 2 +-
src/libcharon/sa/ikev1/tasks/isakmp_natd.c | 4 +-
src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 2 +-
src/libcharon/sa/ikev1/tasks/main_mode.c | 22 +-
src/libcharon/sa/ikev1/tasks/mode_config.c | 2 +-
src/libcharon/sa/ikev1/tasks/quick_delete.c | 10 +-
src/libcharon/sa/ikev1/tasks/quick_delete.h | 2 +-
src/libcharon/sa/ikev1/tasks/quick_mode.c | 60 +-
src/libcharon/sa/ikev1/tasks/quick_mode.h | 6 +-
src/libcharon/sa/ikev1/tasks/xauth.c | 2 +-
.../sa/ikev2/authenticators/eap_authenticator.c | 16 +-
.../sa/ikev2/authenticators/pubkey_authenticator.c | 4 +-
src/libcharon/sa/ikev2/connect_manager.c | 34 +-
src/libcharon/sa/ikev2/keymat_v2.c | 20 +-
src/libcharon/sa/ikev2/task_manager_v2.c | 284 +-
src/libcharon/sa/ikev2/tasks/child_create.c | 74 +-
src/libcharon/sa/ikev2/tasks/child_create.h | 2 +-
src/libcharon/sa/ikev2/tasks/child_delete.c | 73 +-
src/libcharon/sa/ikev2/tasks/child_delete.h | 2 +-
src/libcharon/sa/ikev2/tasks/child_rekey.c | 146 +-
src/libcharon/sa/ikev2/tasks/child_rekey.h | 23 +-
src/libcharon/sa/ikev2/tasks/ike_auth.c | 23 +-
src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c | 8 +-
src/libcharon/sa/ikev2/tasks/ike_delete.c | 62 +-
src/libcharon/sa/ikev2/tasks/ike_init.c | 12 +-
src/libcharon/sa/ikev2/tasks/ike_me.c | 2 +-
src/libcharon/sa/ikev2/tasks/ike_mobike.c | 2 +-
src/libcharon/sa/ikev2/tasks/ike_natd.c | 6 +-
src/libcharon/sa/ikev2/tasks/ike_rekey.c | 261 +-
src/libcharon/sa/ikev2/tasks/ike_rekey.h | 10 +-
src/libcharon/sa/redirect_manager.c | 2 +-
src/libcharon/sa/shunt_manager.c | 110 +-
src/libcharon/sa/task_manager.h | 25 +-
src/libcharon/sa/trap_manager.c | 26 +-
src/libcharon/sa/trap_manager.h | 10 +-
src/libcharon/tests/Makefile.am | 34 +-
src/libcharon/tests/Makefile.in | 333 +-
.../tests/{libcharon_tests.c => exchange_tests.c} | 21 +-
.../tests/{libcharon_tests.h => exchange_tests.h} | 12 +-
src/libcharon/tests/libcharon_tests.c | 3 -
src/libcharon/tests/libcharon_tests.h | 12 +
src/libcharon/tests/suites/test_child_create.c | 106 +
src/libcharon/tests/suites/test_child_delete.c | 366 ++
src/libcharon/tests/suites/test_child_rekey.c | 1569 ++++++
src/libcharon/tests/suites/test_ike_delete.c | 137 +
src/libcharon/tests/suites/test_ike_rekey.c | 1480 ++++++
src/libcharon/tests/suites/test_message_chapoly.c | 8 +-
src/libcharon/tests/suites/test_proposal.c | 81 +
src/libcharon/tests/utils/exchange_test_asserts.c | 182 +
src/libcharon/tests/utils/exchange_test_asserts.h | 343 ++
src/libcharon/tests/utils/exchange_test_helper.c | 372 ++
src/libcharon/tests/utils/exchange_test_helper.h | 128 +
src/libcharon/tests/utils/job_asserts.h | 59 +
src/libcharon/tests/utils/mock_dh.c | 87 +
.../tests/utils/mock_dh.h} | 26 +-
src/libcharon/tests/utils/mock_ipsec.c | 128 +
.../tests/utils/mock_ipsec.h} | 34 +-
.../tests/utils/mock_nonce_gen.c} | 65 +-
.../tests/utils/mock_nonce_gen.h} | 26 +-
src/libcharon/tests/utils/mock_sender.c | 85 +
src/libcharon/tests/utils/mock_sender.h | 56 +
src/libcharon/tests/utils/sa_asserts.h | 145 +
src/libfast/Makefile.am | 2 +-
src/libfast/Makefile.in | 33 +-
src/libimcv/Android.mk | 4 +-
src/libimcv/Makefile.am | 10 +-
src/libimcv/Makefile.in | 74 +-
src/libimcv/generic/generic_attr_bool.c | 4 +-
src/libimcv/generic/generic_attr_chunk.c | 2 +-
src/libimcv/generic/generic_attr_string.c | 2 +-
src/libimcv/ietf/ietf_attr.c | 2 +-
src/libimcv/ietf/ietf_attr.h | 2 +-
src/libimcv/ietf/ietf_attr_assess_result.c | 8 +-
src/libimcv/ietf/ietf_attr_assess_result.h | 4 +-
src/libimcv/ietf/ietf_attr_attr_request.c | 10 +-
src/libimcv/ietf/ietf_attr_attr_request.h | 4 +-
src/libimcv/ietf/ietf_attr_fwd_enabled.c | 4 +-
src/libimcv/ietf/ietf_attr_installed_packages.c | 4 +-
src/libimcv/ietf/ietf_attr_numeric_version.c | 26 +-
src/libimcv/ietf/ietf_attr_numeric_version.h | 14 +-
src/libimcv/ietf/ietf_attr_op_status.c | 14 +-
src/libimcv/ietf/ietf_attr_op_status.h | 6 +-
src/libimcv/ietf/ietf_attr_port_filter.c | 16 +-
src/libimcv/ietf/ietf_attr_port_filter.h | 4 +-
src/libimcv/ietf/ietf_attr_product_info.c | 8 +-
src/libimcv/ietf/ietf_attr_product_info.h | 4 +-
src/libimcv/ietf/ietf_attr_remediation_instr.c | 4 +-
src/libimcv/ietf/ietf_attr_string_version.c | 2 +-
src/libimcv/imc/imc_agent.c | 8 +-
src/libimcv/imc/imc_agent.h | 2 +-
src/libimcv/imc/imc_os_info.c | 2 +-
src/libimcv/imc/imc_os_info.h | 4 +-
src/libimcv/imc/imc_state.h | 4 +-
src/libimcv/imv/data.sql | 170 +-
src/libimcv/imv/imv_database.h | 2 +-
src/libimcv/ita/ita_attr.c | 2 +-
src/libimcv/ita/ita_attr.h | 2 +-
src/libimcv/ita/ita_attr_angel.c | 2 +-
src/libimcv/ita/ita_attr_command.c | 2 +-
src/libimcv/ita/ita_attr_dummy.c | 2 +-
src/libimcv/ita/ita_attr_get_settings.c | 4 +-
src/libimcv/ita/ita_attr_settings.c | 4 +-
src/libimcv/pa_tnc/pa_tnc_attr_manager.h | 2 +-
src/libimcv/plugins/imc_attestation/Makefile.am | 3 +-
src/libimcv/plugins/imc_attestation/Makefile.in | 30 +-
.../imc_attestation/imc_attestation_process.c | 43 +-
.../imc_attestation/imc_attestation_state.c | 8 +-
.../imc_attestation/imc_attestation_state.h | 2 +-
src/libimcv/plugins/imc_hcd/Makefile.in | 27 +-
src/libimcv/plugins/imc_hcd/imc_hcd_state.c | 6 +-
src/libimcv/plugins/imc_os/Makefile.in | 27 +-
src/libimcv/plugins/imc_os/imc_os.c | 2 +-
src/libimcv/plugins/imc_os/imc_os_state.c | 6 +-
src/libimcv/plugins/imc_scanner/Makefile.in | 27 +-
src/libimcv/plugins/imc_scanner/imc_scanner.c | 4 +-
.../plugins/imc_scanner/imc_scanner_state.c | 6 +-
src/libimcv/plugins/imc_swid/Makefile.in | 27 +-
src/libimcv/plugins/imc_swid/imc_swid_state.c | 14 +-
src/libimcv/plugins/imc_swid/imc_swid_state.h | 2 +-
src/libimcv/plugins/imc_test/Makefile.in | 27 +-
src/libimcv/plugins/imc_test/imc_test_state.c | 6 +-
src/libimcv/plugins/imv_attestation/Makefile.am | 3 +
src/libimcv/plugins/imv_attestation/Makefile.in | 32 +-
src/libimcv/plugins/imv_attestation/attest_db.c | 2 +-
.../imv_attestation/imv_attestation_agent.c | 7 +-
.../imv_attestation/imv_attestation_process.c | 37 +-
src/libimcv/plugins/imv_hcd/Makefile.am | 1 +
src/libimcv/plugins/imv_hcd/Makefile.in | 28 +-
src/libimcv/plugins/imv_os/Makefile.am | 3 +-
src/libimcv/plugins/imv_os/Makefile.in | 30 +-
src/libimcv/plugins/imv_scanner/Makefile.am | 3 +-
src/libimcv/plugins/imv_scanner/Makefile.in | 30 +-
.../plugins/imv_scanner/imv_scanner_agent.c | 8 +-
src/libimcv/plugins/imv_swid/Makefile.am | 1 +
src/libimcv/plugins/imv_swid/Makefile.in | 28 +-
src/libimcv/plugins/imv_test/Makefile.in | 27 +-
src/libimcv/pts/components/ita/ita_comp_ima.h | 2 +-
src/libimcv/pts/components/ita/ita_comp_tboot.c | 20 +-
src/libimcv/pts/components/ita/ita_comp_tboot.h | 2 +-
src/libimcv/pts/components/ita/ita_comp_tgrub.c | 20 +-
src/libimcv/pts/components/ita/ita_comp_tgrub.h | 2 +-
src/libimcv/pts/components/pts_comp_evidence.c | 14 +-
src/libimcv/pts/components/pts_comp_evidence.h | 10 +-
src/libimcv/pts/components/pts_comp_func_name.c | 22 +-
src/libimcv/pts/components/pts_comp_func_name.h | 12 +-
src/libimcv/pts/components/pts_component.h | 10 +-
src/libimcv/pts/components/pts_component_manager.c | 10 +-
src/libimcv/pts/components/pts_component_manager.h | 8 +-
src/libimcv/pts/pts.c | 766 +--
src/libimcv/pts/pts.h | 74 +-
src/libimcv/pts/pts_file_meas.c | 8 +-
src/libimcv/pts/pts_file_meas.h | 6 +-
src/libimcv/pts/pts_file_meta.h | 12 +-
src/libimcv/pts/pts_ima_bios_list.c | 9 +-
src/libimcv/pts/pts_meas_algo.c | 18 +
src/libimcv/pts/pts_meas_algo.h | 8 +
src/libimcv/pts/pts_pcr.c | 54 +-
src/libimcv/pts/pts_pcr.h | 16 +-
src/libimcv/pts/pts_simple_evid_final.h | 47 -
src/libimcv/pwg/pwg_attr.c | 2 +-
src/libimcv/pwg/pwg_attr.h | 2 +-
src/libimcv/pwg/pwg_attr_vendor_smi_code.c | 2 +-
src/libimcv/swid/swid_error.c | 4 +-
src/libimcv/swid/swid_error.h | 4 +-
src/libimcv/tcg/pts/tcg_pts_attr_aik.c | 6 +-
src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c | 6 +-
src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h | 2 +-
.../tcg/pts/tcg_pts_attr_dh_nonce_params_req.c | 12 +-
.../tcg/pts/tcg_pts_attr_dh_nonce_params_req.h | 4 +-
.../tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c | 8 +-
src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c | 6 +-
src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c | 4 +-
src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c | 4 +-
.../tcg/pts/tcg_pts_attr_get_tpm_version_info.c | 4 +-
src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c | 4 +-
src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c | 4 +-
src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c | 20 +-
src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h | 8 +-
src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c | 14 +-
src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h | 4 +-
.../tcg/pts/tcg_pts_attr_req_func_comp_evid.c | 18 +-
.../tcg/pts/tcg_pts_attr_req_func_comp_evid.h | 2 +-
.../tcg/pts/tcg_pts_attr_simple_comp_evid.c | 16 +-
.../tcg/pts/tcg_pts_attr_simple_evid_final.c | 249 +-
.../tcg/pts/tcg_pts_attr_simple_evid_final.h | 29 +-
.../tcg/pts/tcg_pts_attr_tpm_version_info.c | 2 +-
src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c | 12 +-
src/libimcv/tcg/seg/tcg_seg_attr_max_size.c | 2 +-
src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c | 2 +-
src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c | 2 +-
src/libimcv/tcg/swid/tcg_swid_attr_req.c | 20 +-
src/libimcv/tcg/swid/tcg_swid_attr_req.h | 10 +-
src/libimcv/tcg/tcg_attr.c | 2 +-
src/libimcv/tcg/tcg_attr.h | 2 +-
src/libipsec/Makefile.in | 27 +-
src/libipsec/esp_context.c | 12 +-
src/libipsec/esp_context.h | 8 +-
src/libipsec/esp_packet.c | 28 +-
src/libipsec/esp_packet.h | 6 +-
src/libipsec/ip_packet.c | 58 +-
src/libipsec/ip_packet.h | 6 +-
src/libipsec/ipsec_event_listener.h | 2 +-
src/libipsec/ipsec_event_relay.c | 6 +-
src/libipsec/ipsec_event_relay.h | 2 +-
src/libipsec/ipsec_policy.c | 8 +-
src/libipsec/ipsec_policy.h | 4 +-
src/libipsec/ipsec_policy_mgr.c | 14 +-
src/libipsec/ipsec_policy_mgr.h | 2 +-
src/libipsec/ipsec_processor.c | 4 +-
src/libipsec/ipsec_sa.c | 36 +-
src/libipsec/ipsec_sa.h | 28 +-
src/libipsec/ipsec_sa_mgr.c | 62 +-
src/libipsec/ipsec_sa_mgr.h | 24 +-
src/libipsec/tests/Makefile.in | 27 +-
src/libipsec/tests/suites/test_chapoly.c | 6 +-
src/libpttls/Makefile.in | 27 +-
src/libpttls/pt_tls.c | 11 +-
src/libpttls/pt_tls.h | 6 +-
src/libpttls/pt_tls_client.c | 16 +-
src/libpttls/pt_tls_server.c | 14 +-
src/libradius/Makefile.in | 27 +-
src/libradius/radius_config.c | 2 +-
src/libradius/radius_config.h | 2 +-
src/libradius/radius_message.c | 30 +-
src/libradius/radius_message.h | 10 +-
src/libradius/radius_mppe.h | 10 +-
src/libradius/radius_socket.c | 18 +-
src/libradius/radius_socket.h | 4 +-
src/libsimaka/Makefile.in | 27 +-
src/libsimaka/simaka_card.h | 6 +-
src/libsimaka/simaka_manager.c | 6 +-
src/libsimaka/simaka_manager.h | 8 +-
src/libsimaka/simaka_message.c | 26 +-
src/libsimaka/simaka_message.h | 4 +-
src/libsimaka/simaka_provider.h | 4 +-
src/libstrongswan/Makefile.am | 4 +-
src/libstrongswan/Makefile.in | 117 +-
src/libstrongswan/asn1/asn1.c | 6 +-
src/libstrongswan/asn1/asn1.h | 4 +-
src/libstrongswan/asn1/oid.c | 891 ++--
src/libstrongswan/asn1/oid.h | 431 +-
src/libstrongswan/asn1/oid.txt | 1 +
src/libstrongswan/bio/bio_reader.c | 58 +-
src/libstrongswan/bio/bio_reader.h | 26 +-
src/libstrongswan/bio/bio_writer.c | 14 +-
src/libstrongswan/bio/bio_writer.h | 12 +-
src/libstrongswan/collections/array.c | 20 +-
src/libstrongswan/collections/array.h | 2 +-
src/libstrongswan/credentials/auth_cfg.h | 2 +-
src/libstrongswan/credentials/containers/pkcs12.c | 10 +-
src/libstrongswan/credentials/containers/pkcs12.h | 2 +-
src/libstrongswan/credentials/sets/mem_cred.c | 1 +
src/libstrongswan/crypto/crypto_factory.c | 4 +
src/libstrongswan/crypto/hashers/hasher.h | 2 +-
src/libstrongswan/crypto/iv/iv_gen.h | 6 +-
src/libstrongswan/crypto/iv/iv_gen_null.c | 4 +-
src/libstrongswan/crypto/iv/iv_gen_rand.c | 4 +-
src/libstrongswan/crypto/iv/iv_gen_seq.c | 28 +-
src/libstrongswan/crypto/mac.h | 2 +-
src/libstrongswan/crypto/mgf1/mgf1.c | 2 +-
src/libstrongswan/crypto/nonce_gen.h | 2 +-
src/libstrongswan/crypto/pkcs5.c | 12 +-
src/libstrongswan/crypto/prf_plus.c | 4 +-
src/libstrongswan/crypto/prf_plus.h | 2 +-
src/libstrongswan/crypto/prfs/mac_prf.c | 2 +-
src/libstrongswan/crypto/prfs/prf.h | 2 +-
.../crypto/proposal/proposal_keywords.c | 2 +-
.../crypto/proposal/proposal_keywords.h | 8 +-
.../crypto/proposal/proposal_keywords_static.c | 298 +-
.../crypto/proposal/proposal_keywords_static.txt | 5 +-
src/libstrongswan/crypto/rngs/rng.c | 4 +-
src/libstrongswan/crypto/rngs/rng.h | 4 +-
src/libstrongswan/crypto/signers/mac_signer.c | 8 +-
src/libstrongswan/crypto/signers/signer.h | 2 +-
src/libstrongswan/eap/eap.h | 12 +-
src/libstrongswan/ipsec/ipsec_types.c | 16 +
src/libstrongswan/ipsec/ipsec_types.h | 29 +-
src/libstrongswan/networking/host.c | 20 +-
src/libstrongswan/networking/host.h | 12 +-
src/libstrongswan/networking/packet.c | 6 +-
src/libstrongswan/networking/packet.h | 4 +-
src/libstrongswan/networking/tun_device.c | 16 +-
src/libstrongswan/networking/tun_device.h | 4 +-
src/libstrongswan/pen/pen.h | 6 +-
src/libstrongswan/plugins/acert/Makefile.in | 27 +-
src/libstrongswan/plugins/aes/Makefile.in | 27 +-
src/libstrongswan/plugins/aes/aes_crypter.c | 82 +-
src/libstrongswan/plugins/aesni/Makefile.in | 27 +-
src/libstrongswan/plugins/aesni/aesni_ccm.c | 8 +-
src/libstrongswan/plugins/aesni/aesni_cmac.c | 2 +-
src/libstrongswan/plugins/aesni/aesni_ctr.c | 2 +-
src/libstrongswan/plugins/aesni/aesni_gcm.c | 2 +-
src/libstrongswan/plugins/aesni/aesni_xcbc.c | 2 +-
src/libstrongswan/plugins/af_alg/Makefile.in | 27 +-
src/libstrongswan/plugins/af_alg/af_alg_hasher.c | 2 +-
src/libstrongswan/plugins/af_alg/af_alg_ops.c | 2 +-
src/libstrongswan/plugins/af_alg/af_alg_ops.h | 2 +-
src/libstrongswan/plugins/af_alg/af_alg_plugin.c | 19 +
src/libstrongswan/plugins/af_alg/af_alg_prf.c | 2 +-
src/libstrongswan/plugins/af_alg/af_alg_signer.c | 2 +-
src/libstrongswan/plugins/agent/Makefile.in | 27 +-
.../plugins/agent/agent_private_key.c | 20 +-
src/libstrongswan/plugins/bliss/Makefile.in | 27 +-
src/libstrongswan/plugins/bliss/tests/Makefile.in | 27 +-
src/libstrongswan/plugins/blowfish/Makefile.in | 27 +-
.../plugins/blowfish/blowfish_crypter.c | 6 +-
src/libstrongswan/plugins/ccm/Makefile.in | 27 +-
src/libstrongswan/plugins/ccm/ccm_aead.c | 6 +-
src/libstrongswan/plugins/chapoly/Makefile.in | 27 +-
src/libstrongswan/plugins/chapoly/chapoly_aead.c | 8 +-
.../plugins/chapoly/chapoly_drv_portable.c | 42 +-
.../plugins/chapoly/chapoly_drv_ssse3.c | 66 +-
src/libstrongswan/plugins/cmac/Makefile.in | 27 +-
src/libstrongswan/plugins/cmac/cmac.c | 16 +-
src/libstrongswan/plugins/constraints/Makefile.in | 27 +-
src/libstrongswan/plugins/ctr/Makefile.in | 27 +-
src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c | 2 +-
src/libstrongswan/plugins/curl/Makefile.in | 27 +-
src/libstrongswan/plugins/curl/curl_plugin.c | 5 +-
src/libstrongswan/plugins/des/Makefile.in | 27 +-
src/libstrongswan/plugins/des/des_crypter.c | 14 +-
src/libstrongswan/plugins/dnskey/Makefile.in | 27 +-
src/libstrongswan/plugins/dnskey/dnskey_builder.c | 8 +-
src/libstrongswan/plugins/files/Makefile.in | 27 +-
src/libstrongswan/plugins/fips_prf/Makefile.in | 27 +-
src/libstrongswan/plugins/fips_prf/fips_prf.c | 26 +-
src/libstrongswan/plugins/gcm/Makefile.in | 27 +-
src/libstrongswan/plugins/gcm/gcm_aead.c | 4 +-
src/libstrongswan/plugins/gcrypt/Makefile.in | 27 +-
src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c | 2 +-
src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c | 2 +-
src/libstrongswan/plugins/gcrypt/gcrypt_rng.c | 2 +-
src/libstrongswan/plugins/gmp/Makefile.in | 27 +-
.../plugins/gmp/gmp_rsa_private_key.c | 2 +-
src/libstrongswan/plugins/hmac/Makefile.in | 27 +-
src/libstrongswan/plugins/hmac/hmac.c | 8 +-
src/libstrongswan/plugins/keychain/Makefile.in | 27 +-
src/libstrongswan/plugins/ldap/Makefile.in | 27 +-
src/libstrongswan/plugins/md4/Makefile.in | 27 +-
src/libstrongswan/plugins/md4/md4_hasher.c | 48 +-
src/libstrongswan/plugins/md5/Makefile.in | 27 +-
src/libstrongswan/plugins/md5/md5_hasher.c | 52 +-
src/libstrongswan/plugins/mysql/Makefile.in | 27 +-
src/libstrongswan/plugins/nonce/Makefile.in | 27 +-
src/libstrongswan/plugins/nonce/nonce_nonceg.c | 2 +-
src/libstrongswan/plugins/ntru/Makefile.in | 27 +-
src/libstrongswan/plugins/ntru/ntru_drbg.c | 14 +-
src/libstrongswan/plugins/ntru/ntru_drbg.h | 8 +-
src/libstrongswan/plugins/ntru/ntru_ke.c | 4 +-
src/libstrongswan/plugins/openssl/Makefile.in | 27 +-
src/libstrongswan/plugins/openssl/openssl_crl.c | 49 +-
.../plugins/openssl/openssl_crypter.c | 55 +-
.../plugins/openssl/openssl_diffie_hellman.c | 56 +-
.../plugins/openssl/openssl_ec_private_key.c | 10 +-
.../plugins/openssl/openssl_ec_public_key.c | 19 +-
src/libstrongswan/plugins/openssl/openssl_gcm.c | 26 +-
src/libstrongswan/plugins/openssl/openssl_hasher.c | 4 +-
src/libstrongswan/plugins/openssl/openssl_hmac.c | 36 +-
src/libstrongswan/plugins/openssl/openssl_pkcs12.c | 6 +-
src/libstrongswan/plugins/openssl/openssl_pkcs7.c | 12 +-
src/libstrongswan/plugins/openssl/openssl_plugin.c | 41 +-
src/libstrongswan/plugins/openssl/openssl_rng.c | 9 +-
.../plugins/openssl/openssl_rsa_private_key.c | 41 +-
.../plugins/openssl/openssl_rsa_public_key.c | 27 +-
.../plugins/openssl/openssl_sha1_prf.c | 4 +-
src/libstrongswan/plugins/openssl/openssl_util.c | 15 +-
src/libstrongswan/plugins/openssl/openssl_util.h | 43 +-
src/libstrongswan/plugins/openssl/openssl_x509.c | 60 +-
src/libstrongswan/plugins/padlock/Makefile.in | 27 +-
src/libstrongswan/plugins/padlock/padlock_rng.c | 2 +-
.../plugins/padlock/padlock_sha1_hasher.c | 10 +-
src/libstrongswan/plugins/pem/Makefile.in | 27 +-
src/libstrongswan/plugins/pem/pem_builder.c | 2 +-
src/libstrongswan/plugins/pgp/Makefile.in | 27 +-
src/libstrongswan/plugins/pgp/pgp_builder.c | 6 +-
src/libstrongswan/plugins/pgp/pgp_cert.c | 8 +-
src/libstrongswan/plugins/pgp/pgp_utils.c | 10 +-
src/libstrongswan/plugins/pgp/pgp_utils.h | 2 +-
src/libstrongswan/plugins/pkcs1/Makefile.in | 27 +-
src/libstrongswan/plugins/pkcs11/Makefile.in | 27 +-
src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c | 2 +-
.../plugins/pkcs11/pkcs11_private_key.c | 12 +-
src/libstrongswan/plugins/pkcs11/pkcs11_rng.c | 2 +-
src/libstrongswan/plugins/pkcs12/Makefile.in | 27 +-
src/libstrongswan/plugins/pkcs12/pkcs12_decode.c | 4 +-
src/libstrongswan/plugins/pkcs7/Makefile.in | 27 +-
src/libstrongswan/plugins/pkcs8/Makefile.in | 27 +-
src/libstrongswan/plugins/plugin_feature.c | 2 +-
src/libstrongswan/plugins/plugin_feature.h | 2 +-
src/libstrongswan/plugins/plugin_loader.c | 34 +-
src/libstrongswan/plugins/pubkey/Makefile.in | 27 +-
src/libstrongswan/plugins/random/Makefile.in | 27 +-
src/libstrongswan/plugins/random/random_rng.c | 2 +-
src/libstrongswan/plugins/rc2/Makefile.in | 27 +-
src/libstrongswan/plugins/rc2/rc2_crypter.c | 20 +-
src/libstrongswan/plugins/rdrand/Makefile.in | 27 +-
src/libstrongswan/plugins/rdrand/rdrand_rng.c | 76 +-
src/libstrongswan/plugins/revocation/Makefile.in | 27 +-
src/libstrongswan/plugins/sha1/Makefile.in | 27 +-
src/libstrongswan/plugins/sha1/sha1_hasher.c | 34 +-
src/libstrongswan/plugins/sha1/sha1_prf.c | 16 +-
src/libstrongswan/plugins/sha2/Makefile.in | 27 +-
src/libstrongswan/plugins/sha2/sha2_hasher.c | 58 +-
src/libstrongswan/plugins/sha3/Makefile.in | 27 +-
src/libstrongswan/plugins/soup/Makefile.in | 27 +-
src/libstrongswan/plugins/sqlite/Makefile.in | 27 +-
src/libstrongswan/plugins/sshkey/Makefile.in | 27 +-
src/libstrongswan/plugins/test_vectors/Makefile.in | 27 +-
src/libstrongswan/plugins/unbound/Makefile.in | 27 +-
src/libstrongswan/plugins/winhttp/Makefile.in | 27 +-
.../plugins/winhttp/winhttp_fetcher.c | 2 +-
src/libstrongswan/plugins/x509/Makefile.in | 27 +-
src/libstrongswan/plugins/x509/x509_ac.c | 3 +-
src/libstrongswan/plugins/xcbc/Makefile.in | 27 +-
src/libstrongswan/plugins/xcbc/xcbc.c | 16 +-
src/libstrongswan/processing/jobs/job.h | 2 +-
src/libstrongswan/processing/scheduler.c | 4 +-
src/libstrongswan/processing/scheduler.h | 4 +-
src/libstrongswan/selectors/traffic_selector.c | 80 +-
src/libstrongswan/selectors/traffic_selector.h | 36 +-
src/libstrongswan/settings/settings.c | 14 +-
src/libstrongswan/settings/settings.h | 10 +-
src/libstrongswan/settings/settings_lexer.c | 233 +-
src/libstrongswan/settings/settings_parser.c | 44 +-
src/libstrongswan/settings/settings_parser.h | 8 +-
src/libstrongswan/tests/Makefile.am | 2 +-
src/libstrongswan/tests/Makefile.in | 31 +-
src/libstrongswan/tests/suites/test_array.c | 2 +-
src/libstrongswan/tests/suites/test_asn1.c | 6 +-
src/libstrongswan/tests/suites/test_bio_reader.c | 20 +-
src/libstrongswan/tests/suites/test_chunk.c | 38 +-
src/libstrongswan/tests/suites/test_host.c | 6 +-
src/libstrongswan/tests/suites/test_iv_gen.c | 32 +-
src/libstrongswan/tests/suites/test_ntru.c | 8 +-
src/libstrongswan/tests/suites/test_printf.c | 12 +-
.../tests/suites/test_traffic_selector.c | 40 +-
src/libstrongswan/tests/suites/test_utils.c | 96 +-
src/libstrongswan/tests/test_runner.c | 30 +-
src/libstrongswan/tests/test_runner.h | 4 +
src/libstrongswan/tests/utils/test_rng.c | 2 +-
src/libstrongswan/threading/thread.c | 26 +-
src/libstrongswan/utils/chunk.c | 62 +-
src/libstrongswan/utils/chunk.h | 18 +-
src/libstrongswan/utils/compat/android.h | 17 +
src/libstrongswan/utils/cpu_feature.c | 2 +-
src/libstrongswan/utils/identification.c | 9 +-
src/libstrongswan/utils/identification.h | 2 +
src/libstrongswan/utils/integrity_checker.c | 10 +-
src/libstrongswan/utils/integrity_checker.h | 8 +-
src/libstrongswan/utils/leak_detective.c | 34 +-
src/libstrongswan/utils/utils.c | 2 +-
src/libstrongswan/utils/utils/align.c | 6 +-
src/libstrongswan/utils/utils/align.h | 2 +-
src/libstrongswan/utils/utils/byteorder.h | 47 +-
src/libstrongswan/utils/utils/memory.c | 2 +-
src/libstrongswan/utils/utils/memory.h | 2 +-
src/libstrongswan/utils/utils/string.h | 8 +-
src/libstrongswan/utils/utils/time.c | 2 +-
src/libstrongswan/utils/utils/types.h | 15 +-
src/libtls/Makefile.in | 28 +-
src/libtls/tests/Makefile.in | 27 +-
src/libtls/tests/suites/test_socket.c | 4 +-
src/libtls/tls.c | 6 +-
src/libtls/tls_aead.c | 16 +-
src/libtls/tls_aead.h | 4 +-
src/libtls/tls_aead_expl.c | 16 +-
src/libtls/tls_aead_impl.c | 16 +-
src/libtls/tls_aead_null.c | 12 +-
src/libtls/tls_crypto.c | 6 +-
src/libtls/tls_fragmentation.c | 6 +-
src/libtls/tls_peer.c | 10 +-
src/libtls/tls_protection.c | 4 +-
src/libtls/tls_server.c | 8 +-
src/libtnccs/Makefile.in | 27 +-
src/libtnccs/plugins/tnc_imc/Makefile.in | 27 +-
src/libtnccs/plugins/tnc_imv/Makefile.in | 27 +-
src/libtnccs/plugins/tnc_tnccs/Makefile.in | 27 +-
src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c | 14 +-
src/libtnccs/plugins/tnccs_11/Makefile.in | 27 +-
src/libtnccs/plugins/tnccs_11/tnccs_11.c | 10 +-
src/libtnccs/plugins/tnccs_20/Makefile.in | 27 +-
src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c | 16 +-
.../messages/ietf/pb_access_recommendation_msg.c | 10 +-
.../messages/ietf/pb_access_recommendation_msg.h | 4 +-
.../messages/ietf/pb_assessment_result_msg.c | 8 +-
.../messages/ietf/pb_assessment_result_msg.h | 4 +-
.../plugins/tnccs_20/messages/ietf/pb_error_msg.c | 30 +-
.../plugins/tnccs_20/messages/ietf/pb_error_msg.h | 16 +-
.../tnccs_20/messages/ietf/pb_experimental_msg.c | 2 +-
.../messages/ietf/pb_language_preference_msg.c | 2 +-
.../plugins/tnccs_20/messages/ietf/pb_pa_msg.c | 16 +-
.../plugins/tnccs_20/messages/ietf/pb_pa_msg.h | 8 +-
.../tnccs_20/messages/ietf/pb_reason_string_msg.c | 2 +-
.../messages/ietf/pb_remediation_parameters_msg.c | 4 +-
.../messages/ita/pb_mutual_capability_msg.c | 2 +-
.../tnccs_20/messages/ita/pb_noskip_test_msg.c | 2 +-
.../plugins/tnccs_20/messages/pb_tnc_msg.h | 4 +-
.../tnccs_20/messages/tcg/pb_pdp_referral_msg.c | 12 +-
.../tnccs_20/messages/tcg/pb_pdp_referral_msg.h | 6 +-
src/libtnccs/plugins/tnccs_20/tnccs_20.c | 8 +-
src/libtnccs/plugins/tnccs_20/tnccs_20_client.c | 14 +-
src/libtnccs/plugins/tnccs_20/tnccs_20_client.h | 2 +-
src/libtnccs/plugins/tnccs_20/tnccs_20_server.c | 6 +-
src/libtnccs/plugins/tnccs_dynamic/Makefile.in | 27 +-
src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c | 8 +-
src/libtnccs/tnc/tnccs/tnccs.h | 6 +-
src/libtnccs/tnc/tnccs/tnccs_manager.h | 2 +-
src/libtncif/Makefile.in | 27 +-
src/libtncif/tncif_identity.c | 4 +-
src/libtpmtss/Makefile.am | 25 +
src/{libsimaka => libtpmtss}/Makefile.in | 82 +-
.../ita/ita_comp_tboot.h => libtpmtss/tpm_tss.c} | 47 +-
src/libtpmtss/tpm_tss.h | 140 +
src/libtpmtss/tpm_tss_quote_info.c | 330 ++
src/libtpmtss/tpm_tss_quote_info.h | 151 +
src/libtpmtss/tpm_tss_trousers.c | 655 +++
src/libtpmtss/tpm_tss_trousers.h | 52 +
src/libtpmtss/tpm_tss_tss2.c | 696 +++
.../libcharon_tests.h => libtpmtss/tpm_tss_tss2.h} | 23 +-
src/libtpmtss/tpm_tss_tss2_names.c | 123 +
.../tpm_tss_tss2_names.h} | 22 +-
src/manager/Makefile.in | 27 +-
src/manager/controller/control_controller.c | 4 +-
src/manager/gateway.c | 2 +-
src/manager/gateway.h | 2 +-
src/medsrv/Makefile.in | 27 +-
src/pki/Makefile.am | 2 +-
src/pki/Makefile.in | 32 +-
src/pki/man/Makefile.in | 40 +-
src/pool/Makefile.in | 28 +-
src/pool/sqlite.sql | 2 +-
src/pt-tls-client/Makefile.in | 27 +-
src/pt-tls-client/pt-tls-client.c | 2 +-
src/scepclient/Makefile.in | 28 +-
src/starter/Makefile.am | 5 +-
src/starter/Makefile.in | 38 +-
src/starter/confread.c | 2 +-
src/starter/confread.h | 20 +-
src/starter/parser/lexer.c | 233 +-
src/starter/parser/parser.c | 40 +-
src/starter/parser/parser.h | 8 +-
src/starter/tests/Makefile.in | 27 +-
src/stroke/Makefile.in | 27 +-
src/stroke/stroke_msg.h | 32 +-
src/swanctl/Makefile.am | 2 +-
src/swanctl/Makefile.in | 35 +-
src/swanctl/commands/list_conns.c | 112 +-
src/swanctl/commands/list_sas.c | 7 +-
src/swanctl/commands/load_authorities.c | 2 +-
src/swanctl/commands/load_conns.c | 2 +-
src/swanctl/commands/load_pools.c | 2 +-
src/swanctl/swanctl.conf | 6 +
src/swanctl/swanctl.conf.5.main | 14 +-
src/swanctl/swanctl.opt | 12 +-
testing/Makefile.in | 26 +-
testing/config/kernel/config-4.0 | 17 +-
testing/config/kernel/config-4.1 | 17 +-
testing/config/kernel/config-4.2 | 18 +-
testing/config/kernel/{config-4.2 => config-4.3} | 97 +-
testing/config/kernel/{config-4.2 => config-4.4} | 134 +-
testing/config/kernel/{config-4.2 => config-4.5} | 181 +-
testing/config/kernel/{config-4.2 => config-4.6} | 236 +-
testing/do-tests | 28 +-
testing/hosts/default/etc/fstab | 1 +
testing/hosts/default/etc/ssh/sshd_config | 1 +
.../hosts/default/usr/local/bin/expect-connection | 2 +-
.../apache2/conf-enabled/testresults-as-text.conf | 1 +
.../etc/apache2/sites-available/000-default.conf | 12 +
.../{001-ocsp_vhost => 001-ocsp_vhost.conf} | 33 +-
testing/hosts/winnetou/etc/openssl/generate-crl | 4 +
testing/scripts/build-baseimage | 60 +-
testing/scripts/build-guestimages | 14 +-
testing/scripts/chroot | 67 +
testing/scripts/function.sh | 8 +
testing/scripts/recipes/002_tnc-fhh.mk | 9 +-
testing/scripts/recipes/003_freeradius.mk | 2 +-
.../{004_wpa_supplicant.mk => 004_hostapd.mk} | 8 +-
testing/scripts/recipes/004_wpa_supplicant.mk | 2 +-
testing/scripts/recipes/011_openssl-fips.mk | 23 -
testing/scripts/recipes/012_openssl.mk | 13 -
testing/scripts/recipes/patches/freeradius-tnc-fhh | 4 +-
testing/scripts/recipes/patches/hostapd-config | 38 +
testing/scripts/recipes/patches/tnc-fhh-tncsim | 12 +
testing/testing.conf | 20 +-
testing/tests/af-alg/alg-camellia/evaltest.dat | 2 +-
testing/tests/af-alg/rw-cert/evaltest.dat | 4 +-
.../tests/gcrypt-ikev1/alg-serpent/evaltest.dat | 12 +-
.../alg-serpent/hosts/carol/etc/strongswan.conf | 9 +-
.../hosts/carol/etc/swanctl/swanctl.conf | 16 +-
.../alg-serpent/hosts/moon/etc/strongswan.conf | 9 +-
.../hosts/moon/etc/swanctl/swanctl.conf | 24 +
.../tests/gcrypt-ikev1/alg-serpent/posttest.dat | 4 +-
testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat | 9 +-
testing/tests/gcrypt-ikev1/alg-serpent/test.conf | 3 +
.../tests/gcrypt-ikev1/alg-twofish/evaltest.dat | 12 +-
.../alg-twofish/hosts/carol/etc/ipsec.conf | 21 -
.../alg-twofish/hosts/carol/etc/strongswan.conf | 9 +-
.../hosts/carol/etc/swanctl/swanctl.conf | 16 +-
.../alg-twofish/hosts/moon/etc/ipsec.conf | 21 -
.../alg-twofish/hosts/moon/etc/strongswan.conf | 9 +-
.../hosts/moon/etc/swanctl/swanctl.conf | 24 +
.../tests/gcrypt-ikev1/alg-twofish/posttest.dat | 4 +-
testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat | 9 +-
testing/tests/gcrypt-ikev1/alg-twofish/test.conf | 3 +
.../tests/gcrypt-ikev2/alg-camellia/evaltest.dat | 2 +-
.../tests/gcrypt-ikev2/alg-camellia/pretest.dat | 1 +
testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat | 4 +-
testing/tests/ha/active-passive/evaltest.dat | 8 +-
testing/tests/ha/both-active/evaltest.dat | 4 +-
testing/tests/ike/rw-cert/evaltest.dat | 4 +-
testing/tests/ike/rw-cert/pretest.dat | 3 +-
testing/tests/ike/rw_v1-net_v2/evaltest.dat | 4 +-
testing/tests/ike/rw_v1-net_v2/pretest.dat | 1 +
testing/tests/ikev1/alg-3des-md5/evaltest.dat | 2 +-
testing/tests/ikev1/alg-3des-md5/pretest.dat | 3 +-
testing/tests/ikev1/alg-blowfish/evaltest.dat | 4 +-
testing/tests/ikev1/alg-blowfish/pretest.dat | 3 +-
testing/tests/ikev1/alg-modp-subgroup/evaltest.dat | 4 +-
testing/tests/ikev1/alg-modp-subgroup/pretest.dat | 3 +-
testing/tests/ikev1/alg-sha256/evaltest.dat | 2 +-
testing/tests/ikev1/alg-sha256/pretest.dat | 1 +
testing/tests/ikev1/alg-sha384/evaltest.dat | 2 +-
testing/tests/ikev1/alg-sha384/pretest.dat | 1 +
testing/tests/ikev1/alg-sha512/evaltest.dat | 2 +-
testing/tests/ikev1/alg-sha512/pretest.dat | 1 +
testing/tests/ikev1/compress/pretest.dat | 3 +-
.../tests/ikev1/config-payload-push/evaltest.dat | 8 +-
.../tests/ikev1/config-payload-push/pretest.dat | 5 +-
testing/tests/ikev1/config-payload/evaltest.dat | 8 +-
testing/tests/ikev1/config-payload/pretest.dat | 5 +-
testing/tests/ikev1/double-nat-net/evaltest.dat | 6 +-
testing/tests/ikev1/double-nat-net/pretest.dat | 3 +-
testing/tests/ikev1/double-nat/evaltest.dat | 6 +-
testing/tests/ikev1/double-nat/pretest.dat | 3 +-
testing/tests/ikev1/dpd-clear/pretest.dat | 1 +
testing/tests/ikev1/dpd-restart/pretest.dat | 1 +
testing/tests/ikev1/dynamic-initiator/evaltest.dat | 2 +-
testing/tests/ikev1/dynamic-initiator/pretest.dat | 3 +-
testing/tests/ikev1/dynamic-responder/evaltest.dat | 2 +-
testing/tests/ikev1/dynamic-responder/pretest.dat | 1 +
testing/tests/ikev1/dynamic-two-peers/evaltest.dat | 4 +-
testing/tests/ikev1/dynamic-two-peers/pretest.dat | 3 +-
testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat | 2 +-
testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat | 1 +
testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat | 2 +-
testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat | 1 +
testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat | 2 +-
testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat | 1 +
testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat | 2 +-
testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat | 1 +
testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat | 2 +-
testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat | 3 +-
testing/tests/ikev1/esp-alg-null/evaltest.dat | 2 +-
testing/tests/ikev1/esp-alg-null/pretest.dat | 1 +
testing/tests/ikev1/host2host-ah/evaltest.dat | 2 +-
testing/tests/ikev1/host2host-ah/pretest.dat | 3 +-
testing/tests/ikev1/host2host-cert/evaltest.dat | 2 +-
testing/tests/ikev1/host2host-cert/pretest.dat | 3 +-
.../tests/ikev1/host2host-transport/evaltest.dat | 2 +-
.../tests/ikev1/host2host-transport/pretest.dat | 3 +-
testing/tests/ikev1/ip-pool-db/evaltest.dat | 4 +-
testing/tests/ikev1/ip-pool-db/pretest.dat | 1 +
testing/tests/ikev1/ip-pool/evaltest.dat | 4 +-
testing/tests/ikev1/ip-pool/pretest.dat | 3 +-
.../tests/ikev1/multi-level-ca-cr-init/pretest.dat | 3 +-
.../tests/ikev1/multi-level-ca-cr-resp/pretest.dat | 3 +-
testing/tests/ikev1/multi-level-ca/pretest.dat | 5 +-
testing/tests/ikev1/nat-rw/evaltest.dat | 14 +-
testing/tests/ikev1/nat-rw/pretest.dat | 3 +-
testing/tests/ikev1/nat-virtual-ip/evaltest.dat | 2 +-
testing/tests/ikev1/nat-virtual-ip/pretest.dat | 3 +-
testing/tests/ikev1/net2net-ah/evaltest.dat | 2 +-
testing/tests/ikev1/net2net-ah/pretest.dat | 1 +
testing/tests/ikev1/net2net-cert/evaltest.dat | 2 +-
testing/tests/ikev1/net2net-cert/pretest.dat | 1 +
testing/tests/ikev1/net2net-esn/description.txt | 7 +
testing/tests/ikev1/net2net-esn/evaltest.dat | 17 +
.../net2net-esn}/hosts/moon/etc/ipsec.conf | 15 +-
.../net2net-esn/hosts/moon}/etc/strongswan.conf | 4 +-
.../net2net-esn/hosts/sun}/etc/ipsec.conf | 17 +-
.../net2net-esn/hosts/sun}/etc/strongswan.conf | 4 +-
testing/tests/ikev1/net2net-esn/posttest.dat | 5 +
.../{nat-virtual-ip => net2net-esn}/pretest.dat | 3 +-
.../alg-serpent => ikev1/net2net-esn}/test.conf | 9 +-
.../tests/ikev1/net2net-fragmentation/evaltest.dat | 2 +-
.../tests/ikev1/net2net-fragmentation/pretest.dat | 1 +
testing/tests/ikev1/net2net-ntru-cert/evaltest.dat | 2 +-
testing/tests/ikev1/net2net-ntru-cert/pretest.dat | 3 +-
testing/tests/ikev1/net2net-psk-fail/pretest.dat | 1 +
testing/tests/ikev1/net2net-psk/evaltest.dat | 2 +-
testing/tests/ikev1/net2net-psk/pretest.dat | 1 +
testing/tests/ikev1/protoport-dual/evaltest.dat | 4 +-
testing/tests/ikev1/protoport-dual/pretest.dat | 2 +
.../tests/ikev1/rw-cert-aggressive/evaltest.dat | 4 +-
testing/tests/ikev1/rw-cert-aggressive/pretest.dat | 1 +
testing/tests/ikev1/rw-cert-unity/evaltest.dat | 2 +-
testing/tests/ikev1/rw-cert-unity/pretest.dat | 1 +
testing/tests/ikev1/rw-cert/evaltest.dat | 4 +-
testing/tests/ikev1/rw-initiator-only/evaltest.dat | 2 +-
testing/tests/ikev1/rw-initiator-only/pretest.dat | 1 +
testing/tests/ikev1/rw-ntru-psk/evaltest.dat | 4 +-
testing/tests/ikev1/rw-ntru-psk/pretest.dat | 2 +
testing/tests/ikev1/rw-psk-aggressive/evaltest.dat | 4 +-
testing/tests/ikev1/rw-psk-aggressive/pretest.dat | 1 +
testing/tests/ikev1/rw-psk-fqdn/evaltest.dat | 4 +-
testing/tests/ikev1/rw-psk-fqdn/pretest.dat | 2 +
testing/tests/ikev1/rw-psk-ipv4/evaltest.dat | 4 +-
testing/tests/ikev1/rw-psk-ipv4/pretest.dat | 2 +
testing/tests/ikev1/virtual-ip/evaltest.dat | 12 +-
testing/tests/ikev1/virtual-ip/pretest.dat | 3 +-
.../tests/ikev1/xauth-id-psk-config/evaltest.dat | 4 +-
.../tests/ikev1/xauth-id-psk-config/pretest.dat | 1 +
.../ikev1/xauth-id-rsa-aggressive/evaltest.dat | 4 +-
.../ikev1/xauth-id-rsa-aggressive/pretest.dat | 1 +
.../tests/ikev1/xauth-id-rsa-config/evaltest.dat | 4 +-
.../tests/ikev1/xauth-id-rsa-config/pretest.dat | 2 +
.../tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat | 4 +-
.../tests/ikev1/xauth-id-rsa-hybrid/pretest.dat | 1 +
testing/tests/ikev1/xauth-psk/evaltest.dat | 4 +-
testing/tests/ikev1/xauth-psk/pretest.dat | 1 +
.../ikev1/xauth-rsa-eap-md5-radius/evaltest.dat | 2 +-
.../ikev1/xauth-rsa-eap-md5-radius/pretest.dat | 1 +
testing/tests/ikev1/xauth-rsa-radius/evaltest.dat | 2 +-
testing/tests/ikev1/xauth-rsa-radius/pretest.dat | 1 +
testing/tests/ikev1/xauth-rsa/evaltest.dat | 4 +-
testing/tests/ikev1/xauth-rsa/pretest.dat | 1 +
testing/tests/ikev2/acert-cached/evaltest.dat | 4 +-
testing/tests/ikev2/acert-cached/pretest.dat | 1 +
testing/tests/ikev2/acert-fallback/evaltest.dat | 4 +-
testing/tests/ikev2/acert-fallback/pretest.dat | 2 +
testing/tests/ikev2/acert-inline/evaltest.dat | 4 +-
testing/tests/ikev2/acert-inline/pretest.dat | 1 +
testing/tests/ikev2/after-2038-certs/evaltest.dat | 2 +-
testing/tests/ikev2/after-2038-certs/pretest.dat | 1 +
testing/tests/ikev2/alg-3des-md5/evaltest.dat | 2 +-
testing/tests/ikev2/alg-3des-md5/pretest.dat | 1 +
testing/tests/ikev2/alg-aes-ccm/evaltest.dat | 2 +-
testing/tests/ikev2/alg-aes-ccm/pretest.dat | 1 +
testing/tests/ikev2/alg-aes-ctr/evaltest.dat | 2 +-
testing/tests/ikev2/alg-aes-ctr/pretest.dat | 1 +
testing/tests/ikev2/alg-aes-gcm/evaltest.dat | 2 +-
testing/tests/ikev2/alg-aes-gcm/pretest.dat | 1 +
testing/tests/ikev2/alg-aes-xcbc/evaltest.dat | 2 +-
testing/tests/ikev2/alg-aes-xcbc/pretest.dat | 1 +
testing/tests/ikev2/alg-blowfish/evaltest.dat | 4 +-
testing/tests/ikev2/alg-blowfish/pretest.dat | 1 +
.../tests/ikev2/alg-chacha20poly1305/evaltest.dat | 2 +-
.../tests/ikev2/alg-chacha20poly1305/pretest.dat | 1 +
testing/tests/ikev2/alg-modp-subgroup/evaltest.dat | 4 +-
testing/tests/ikev2/alg-modp-subgroup/pretest.dat | 1 +
testing/tests/ikev2/alg-sha256-96/evaltest.dat | 2 +-
testing/tests/ikev2/alg-sha256-96/pretest.dat | 1 +
testing/tests/ikev2/alg-sha256/evaltest.dat | 2 +-
testing/tests/ikev2/alg-sha256/pretest.dat | 1 +
testing/tests/ikev2/alg-sha384/evaltest.dat | 2 +-
testing/tests/ikev2/alg-sha384/pretest.dat | 1 +
testing/tests/ikev2/alg-sha512/evaltest.dat | 2 +-
testing/tests/ikev2/alg-sha512/pretest.dat | 1 +
testing/tests/ikev2/any-interface/pretest.dat | 2 +
testing/tests/ikev2/compress-nat/evaltest.dat | 12 +-
testing/tests/ikev2/compress/pretest.dat | 1 +
.../ikev2/config-payload-swapped/evaltest.dat | 4 +-
.../tests/ikev2/config-payload-swapped/pretest.dat | 3 +-
testing/tests/ikev2/config-payload/evaltest.dat | 8 +-
testing/tests/ikev2/config-payload/pretest.dat | 3 +-
testing/tests/ikev2/critical-extension/pretest.dat | 1 +
testing/tests/ikev2/crl-from-cache/pretest.dat | 1 +
testing/tests/ikev2/crl-ldap/pretest.dat | 1 +
testing/tests/ikev2/crl-revoked/pretest.dat | 1 +
testing/tests/ikev2/crl-to-cache/pretest.dat | 1 +
testing/tests/ikev2/default-keys/evaltest.dat | 2 +-
testing/tests/ikev2/default-keys/pretest.dat | 1 +
testing/tests/ikev2/dhcp-dynamic/evaltest.dat | 8 +-
testing/tests/ikev2/dhcp-dynamic/posttest.dat | 2 +-
testing/tests/ikev2/dhcp-dynamic/pretest.dat | 5 +-
.../tests/ikev2/dhcp-static-client-id/evaltest.dat | 8 +-
.../tests/ikev2/dhcp-static-client-id/posttest.dat | 2 +-
.../tests/ikev2/dhcp-static-client-id/pretest.dat | 7 +-
testing/tests/ikev2/dhcp-static-mac/evaltest.dat | 8 +-
testing/tests/ikev2/dhcp-static-mac/posttest.dat | 2 +-
testing/tests/ikev2/dhcp-static-mac/pretest.dat | 5 +-
testing/tests/ikev2/double-nat-net/evaltest.dat | 6 +-
testing/tests/ikev2/double-nat-net/pretest.dat | 1 +
testing/tests/ikev2/double-nat/evaltest.dat | 6 +-
testing/tests/ikev2/double-nat/pretest.dat | 1 +
testing/tests/ikev2/dpd-clear/pretest.dat | 1 +
testing/tests/ikev2/dpd-hold/pretest.dat | 1 +
testing/tests/ikev2/dpd-restart/pretest.dat | 1 +
testing/tests/ikev2/dynamic-initiator/evaltest.dat | 2 +-
testing/tests/ikev2/dynamic-initiator/pretest.dat | 3 +-
testing/tests/ikev2/dynamic-two-peers/evaltest.dat | 4 +-
testing/tests/ikev2/dynamic-two-peers/pretest.dat | 3 +-
testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat | 2 +-
testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat | 1 +
testing/tests/ikev2/esp-alg-md5-128/evaltest.dat | 2 +-
testing/tests/ikev2/esp-alg-md5-128/pretest.dat | 1 +
testing/tests/ikev2/esp-alg-null/evaltest.dat | 2 +-
testing/tests/ikev2/esp-alg-null/pretest.dat | 1 +
testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat | 2 +-
testing/tests/ikev2/esp-alg-sha1-160/pretest.dat | 1 +
testing/tests/ikev2/farp/evaltest.dat | 8 +-
testing/tests/ikev2/farp/pretest.dat | 3 +-
testing/tests/ikev2/force-udp-encaps/evaltest.dat | 6 +-
testing/tests/ikev2/force-udp-encaps/pretest.dat | 1 +
testing/tests/ikev2/forecast/pretest.dat | 3 +-
testing/tests/ikev2/host2host-ah/evaltest.dat | 2 +-
testing/tests/ikev2/host2host-ah/pretest.dat | 3 +-
testing/tests/ikev2/host2host-cert/evaltest.dat | 2 +-
testing/tests/ikev2/host2host-cert/pretest.dat | 3 +-
testing/tests/ikev2/host2host-swapped/evaltest.dat | 2 +-
testing/tests/ikev2/host2host-swapped/pretest.dat | 3 +-
.../host2host-transport-connmark/evaltest.dat | 1 +
.../ikev2/host2host-transport-connmark/pretest.dat | 5 +-
.../ikev2/host2host-transport-nat/evaltest.dat | 4 +-
.../ikev2/host2host-transport-nat/pretest.dat | 5 +-
.../tests/ikev2/host2host-transport/evaltest.dat | 2 +-
.../tests/ikev2/host2host-transport/pretest.dat | 3 +-
.../tests/ikev2/inactivity-timeout/evaltest.dat | 4 +-
testing/tests/ikev2/inactivity-timeout/pretest.dat | 1 +
testing/tests/ikev2/ip-pool-db/evaltest.dat | 4 +-
testing/tests/ikev2/ip-pool-db/pretest.dat | 1 +
testing/tests/ikev2/ip-pool-wish/evaltest.dat | 4 +-
testing/tests/ikev2/ip-pool-wish/pretest.dat | 3 +-
testing/tests/ikev2/ip-pool/evaltest.dat | 4 +-
testing/tests/ikev2/ip-pool/pretest.dat | 3 +-
testing/tests/ikev2/ip-split-pools-db/pretest.dat | 3 +-
testing/tests/ikev2/ip-two-pools-db/evaltest.dat | 8 +-
testing/tests/ikev2/ip-two-pools-db/pretest.dat | 2 +
.../tests/ikev2/ip-two-pools-mixed/evaltest.dat | 4 +-
testing/tests/ikev2/ip-two-pools-mixed/pretest.dat | 2 +
.../tests/ikev2/ip-two-pools-v4v6-db/evaltest.dat | 2 +-
.../tests/ikev2/ip-two-pools-v4v6-db/pretest.dat | 1 +
testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat | 2 +-
testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat | 1 +
testing/tests/ikev2/ip-two-pools/evaltest.dat | 4 +-
testing/tests/ikev2/ip-two-pools/pretest.dat | 2 +
testing/tests/ikev2/lookip/evaltest.dat | 4 +-
testing/tests/ikev2/lookip/pretest.dat | 2 +
testing/tests/ikev2/mobike-nat/evaltest.dat | 4 +-
testing/tests/ikev2/mobike-nat/pretest.dat | 1 +
testing/tests/ikev2/mobike-virtual-ip/evaltest.dat | 4 +-
testing/tests/ikev2/mobike-virtual-ip/pretest.dat | 1 +
testing/tests/ikev2/mobike/evaltest.dat | 4 +-
testing/tests/ikev2/mobike/pretest.dat | 1 +
.../ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat | 4 +-
.../ikev2/mult-auth-rsa-eap-sim-id/pretest.dat | 1 +
.../tests/ikev2/multi-level-ca-cr-init/pretest.dat | 2 +
.../tests/ikev2/multi-level-ca-cr-resp/pretest.dat | 4 +-
.../tests/ikev2/multi-level-ca-ldap/pretest.dat | 2 +
.../tests/ikev2/multi-level-ca-loop/pretest.dat | 1 +
.../tests/ikev2/multi-level-ca-pathlen/pretest.dat | 1 +
.../tests/ikev2/multi-level-ca-revoked/pretest.dat | 1 +
.../tests/ikev2/multi-level-ca-strict/pretest.dat | 4 +-
testing/tests/ikev2/multi-level-ca/pretest.dat | 4 +-
testing/tests/ikev2/nat-rw-mark/evaltest.dat | 12 +-
testing/tests/ikev2/nat-rw-mark/pretest.dat | 2 +
testing/tests/ikev2/nat-rw-psk/evaltest.dat | 8 +-
testing/tests/ikev2/nat-rw-psk/pretest.dat | 1 +
testing/tests/ikev2/nat-rw/evaltest.dat | 14 +-
testing/tests/ikev2/nat-rw/pretest.dat | 3 +-
testing/tests/ikev2/nat-virtual-ip/evaltest.dat | 2 +-
testing/tests/ikev2/nat-virtual-ip/pretest.dat | 1 +
testing/tests/ikev2/net2net-ah/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-ah/pretest.dat | 3 +-
testing/tests/ikev2/net2net-cert-sha2/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-cert-sha2/pretest.dat | 3 +-
testing/tests/ikev2/net2net-cert/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-cert/pretest.dat | 3 +-
testing/tests/ikev2/net2net-dnscert/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-dnscert/pretest.dat | 3 +-
testing/tests/ikev2/net2net-dnssec/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-dnssec/pretest.dat | 3 +-
testing/tests/ikev2/net2net-esn/pretest.dat | 3 +-
.../tests/ikev2/net2net-fragmentation/evaltest.dat | 2 +-
.../tests/ikev2/net2net-fragmentation/pretest.dat | 3 +-
.../ikev2/net2net-ntru-bandwidth/evaltest.dat | 2 +-
.../tests/ikev2/net2net-ntru-bandwidth/pretest.dat | 3 +-
testing/tests/ikev2/net2net-ntru-cert/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-ntru-cert/pretest.dat | 3 +-
testing/tests/ikev2/net2net-pgp-v3/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-pgp-v3/pretest.dat | 3 +-
testing/tests/ikev2/net2net-pgp-v4/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-pgp-v4/pretest.dat | 3 +-
testing/tests/ikev2/net2net-pkcs12/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-pkcs12/pretest.dat | 3 +-
testing/tests/ikev2/net2net-psk-dscp/evaltest.dat | 4 +-
testing/tests/ikev2/net2net-psk-dscp/pretest.dat | 5 +-
testing/tests/ikev2/net2net-psk-fail/pretest.dat | 3 +-
testing/tests/ikev2/net2net-psk/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-psk/pretest.dat | 3 +-
testing/tests/ikev2/net2net-pubkey/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-pubkey/pretest.dat | 3 +-
testing/tests/ikev2/net2net-rfc3779/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-rfc3779/pretest.dat | 1 +
testing/tests/ikev2/net2net-route/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-route/pretest.dat | 1 +
testing/tests/ikev2/net2net-rsa/evaltest.dat | 2 +-
testing/tests/ikev2/net2net-rsa/pretest.dat | 3 +-
testing/tests/ikev2/net2net-same-nets/evaltest.dat | 4 +-
testing/tests/ikev2/net2net-same-nets/pretest.dat | 1 +
testing/tests/ikev2/net2net-start/evaltest.dat | 2 +-
testing/tests/ikev2/ocsp-local-cert/pretest.dat | 1 +
testing/tests/ikev2/ocsp-multi-level/pretest.dat | 3 +-
.../tests/ikev2/ocsp-no-signer-cert/pretest.dat | 1 +
testing/tests/ikev2/ocsp-revoked/pretest.dat | 1 +
testing/tests/ikev2/ocsp-root-cert/pretest.dat | 1 +
testing/tests/ikev2/ocsp-signer-cert/pretest.dat | 1 +
testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat | 3 +-
testing/tests/ikev2/ocsp-timeouts-good/pretest.dat | 1 +
.../tests/ikev2/ocsp-timeouts-unknown/pretest.dat | 1 +
.../tests/ikev2/ocsp-untrusted-cert/pretest.dat | 1 +
testing/tests/ikev2/protoport-dual/evaltest.dat | 4 +-
testing/tests/ikev2/protoport-dual/pretest.dat | 2 +
testing/tests/ikev2/protoport-route/evaltest.dat | 4 +-
testing/tests/ikev2/protoport-route/pretest.dat | 2 +
testing/tests/ikev2/reauth-early/evaltest.dat | 2 +-
testing/tests/ikev2/reauth-early/pretest.dat | 1 +
testing/tests/ikev2/reauth-late/evaltest.dat | 2 +-
testing/tests/ikev2/reauth-late/pretest.dat | 1 +
testing/tests/ikev2/reauth-mbb-revoked/pretest.dat | 1 +
.../tests/ikev2/reauth-mbb-virtual-ip/pretest.dat | 1 +
testing/tests/ikev2/reauth-mbb/pretest.dat | 1 +
testing/tests/ikev2/redirect-active/evaltest.dat | 8 +-
testing/tests/ikev2/redirect-active/pretest.dat | 5 +-
testing/tests/ikev2/rw-cert/evaltest.dat | 4 +-
testing/tests/ikev2/rw-dnssec/evaltest.dat | 4 +-
testing/tests/ikev2/rw-dnssec/posttest.dat | 12 +-
testing/tests/ikev2/rw-dnssec/pretest.dat | 1 +
testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat | 2 +-
testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat | 1 +
testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat | 2 +-
testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat | 1 +
testing/tests/ikev2/rw-eap-dynamic/evaltest.dat | 4 +-
testing/tests/ikev2/rw-eap-dynamic/pretest.dat | 1 +
.../ikev2/rw-eap-framed-ip-radius/evaltest.dat | 4 +-
.../ikev2/rw-eap-framed-ip-radius/pretest.dat | 1 +
.../ikev2/rw-eap-md5-class-radius/evaltest.dat | 4 +-
.../ikev2/rw-eap-md5-class-radius/pretest.dat | 2 +
.../tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat | 2 +-
.../tests/ikev2/rw-eap-md5-id-prompt/pretest.dat | 1 +
.../tests/ikev2/rw-eap-md5-id-radius/evaltest.dat | 2 +-
.../tests/ikev2/rw-eap-md5-id-radius/pretest.dat | 1 +
testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat | 2 +-
testing/tests/ikev2/rw-eap-md5-radius/pretest.dat | 1 +
testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat | 2 +-
testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat | 1 +
.../ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat | 2 +-
.../tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat | 1 +
testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat | 2 +-
testing/tests/ikev2/rw-eap-peap-md5/pretest.dat | 1 +
.../tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat | 2 +-
.../tests/ikev2/rw-eap-peap-mschapv2/pretest.dat | 1 +
.../tests/ikev2/rw-eap-peap-radius/evaltest.dat | 2 +-
testing/tests/ikev2/rw-eap-peap-radius/pretest.dat | 1 +
.../tests/ikev2/rw-eap-sim-id-radius/evaltest.dat | 2 +-
.../tests/ikev2/rw-eap-sim-id-radius/pretest.dat | 1 +
.../ikev2/rw-eap-sim-only-radius/evaltest.dat | 4 +-
.../tests/ikev2/rw-eap-sim-only-radius/pretest.dat | 1 +
testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat | 4 +-
testing/tests/ikev2/rw-eap-sim-radius/pretest.dat | 1 +
testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat | 2 +-
testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat | 1 +
.../tests/ikev2/rw-eap-tls-fragments/evaltest.dat | 2 +-
.../tests/ikev2/rw-eap-tls-fragments/pretest.dat | 1 +
testing/tests/ikev2/rw-eap-tls-only/evaltest.dat | 2 +-
testing/tests/ikev2/rw-eap-tls-only/pretest.dat | 1 +
testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat | 2 +-
.../hosts/carol/etc/strongswan.conf | 3 +
testing/tests/ikev2/rw-eap-tls-radius/pretest.dat | 1 +
testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat | 2 +-
testing/tests/ikev2/rw-eap-ttls-only/pretest.dat | 1 +
.../rw-eap-ttls-phase2-piggyback/evaltest.dat | 2 +-
.../ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat | 1 +
.../tests/ikev2/rw-eap-ttls-radius/evaltest.dat | 2 +-
testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat | 1 +
testing/tests/ikev2/rw-hash-and-url/evaltest.dat | 4 +-
testing/tests/ikev2/rw-hash-and-url/pretest.dat | 1 +
testing/tests/ikev2/rw-initiator-only/evaltest.dat | 2 +-
testing/tests/ikev2/rw-initiator-only/pretest.dat | 3 +-
testing/tests/ikev2/rw-mark-in-out/evaltest.dat | 4 +-
testing/tests/ikev2/rw-mark-in-out/pretest.dat | 3 +-
testing/tests/ikev2/rw-ntru-bliss/evaltest.dat | 4 +-
testing/tests/ikev2/rw-ntru-bliss/pretest.dat | 3 +-
testing/tests/ikev2/rw-ntru-psk/evaltest.dat | 4 +-
testing/tests/ikev2/rw-ntru-psk/pretest.dat | 1 +
testing/tests/ikev2/rw-pkcs8/evaltest.dat | 4 +-
testing/tests/ikev2/rw-pkcs8/pretest.dat | 1 +
testing/tests/ikev2/rw-psk-fqdn/evaltest.dat | 4 +-
testing/tests/ikev2/rw-psk-fqdn/pretest.dat | 1 +
testing/tests/ikev2/rw-psk-ipv4/evaltest.dat | 4 +-
testing/tests/ikev2/rw-psk-ipv4/pretest.dat | 1 +
testing/tests/ikev2/rw-psk-no-idr/evaltest.dat | 4 +-
testing/tests/ikev2/rw-psk-no-idr/pretest.dat | 1 +
testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat | 4 +-
testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat | 2 +
testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat | 4 +-
testing/tests/ikev2/rw-psk-rsa-split/pretest.dat | 1 +
.../tests/ikev2/rw-radius-accounting/pretest.dat | 1 +
testing/tests/ikev2/rw-sig-auth/evaltest.dat | 4 +-
testing/tests/ikev2/rw-sig-auth/pretest.dat | 2 +
testing/tests/ikev2/rw-whitelist/evaltest.dat | 4 +-
.../tests/ikev2/shunt-policies-nat-rw/evaltest.dat | 12 +-
testing/tests/ikev2/strong-keys-certs/evaltest.dat | 4 +-
testing/tests/ikev2/strong-keys-certs/pretest.dat | 1 +
testing/tests/ikev2/trap-any/evaltest.dat | 12 +-
testing/tests/ikev2/two-certs/evaltest.dat | 4 +-
testing/tests/ikev2/two-certs/pretest.dat | 2 +
.../tests/ikev2/virtual-ip-override/pretest.dat | 3 +-
testing/tests/ikev2/virtual-ip/evaltest.dat | 12 +-
testing/tests/ikev2/virtual-ip/pretest.dat | 3 +-
testing/tests/ikev2/wildcards/pretest.dat | 2 +
.../ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat | 2 +-
.../ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat | 2 +-
testing/tests/libipsec/host2host-cert/evaltest.dat | 6 +-
.../libipsec/host2host-cert/hosts/moon/etc/updown | 31 +
.../libipsec/host2host-cert/hosts/sun/etc/updown | 31 +
testing/tests/libipsec/host2host-cert/pretest.dat | 3 +-
testing/tests/libipsec/net2net-3des/evaltest.dat | 6 +-
.../libipsec/net2net-3des/hosts/moon/etc/updown | 31 +
.../libipsec/net2net-3des/hosts/sun/etc/updown | 31 +
testing/tests/libipsec/net2net-3des/pretest.dat | 3 +-
testing/tests/libipsec/net2net-cert/evaltest.dat | 6 +-
.../libipsec/net2net-cert/hosts/moon/etc/updown | 31 +
.../libipsec/net2net-cert/hosts/sun/etc/updown | 31 +
testing/tests/libipsec/net2net-cert/pretest.dat | 3 +-
testing/tests/libipsec/net2net-null/evaltest.dat | 6 +-
.../libipsec/net2net-null/hosts/moon/etc/updown | 31 +
.../libipsec/net2net-null/hosts/sun/etc/updown | 31 +
testing/tests/libipsec/net2net-null/pretest.dat | 3 +-
testing/tests/libipsec/rw-suite-b/evaltest.dat | 12 +-
.../libipsec/rw-suite-b/hosts/carol/etc/updown | 31 +
.../libipsec/rw-suite-b/hosts/dave/etc/updown | 31 +
.../libipsec/rw-suite-b/hosts/moon/etc/updown | 31 +
.../tests/openssl-ikev1/alg-camellia/evaltest.dat | 2 +-
.../tests/openssl-ikev1/alg-camellia/pretest.dat | 1 +
.../tests/openssl-ikev1/alg-ecp-high/evaltest.dat | 4 +-
.../tests/openssl-ikev1/alg-ecp-high/pretest.dat | 1 +
.../tests/openssl-ikev1/alg-ecp-low/evaltest.dat | 4 +-
.../tests/openssl-ikev1/alg-ecp-low/pretest.dat | 1 +
.../tests/openssl-ikev1/ecdsa-certs/evaltest.dat | 4 +-
.../tests/openssl-ikev1/ecdsa-certs/pretest.dat | 1 +
.../tests/openssl-ikev2/alg-aes-gcm/evaltest.dat | 4 +-
.../tests/openssl-ikev2/alg-aes-gcm/pretest.dat | 1 +
.../tests/openssl-ikev2/alg-blowfish/evaltest.dat | 4 +-
.../tests/openssl-ikev2/alg-blowfish/pretest.dat | 1 +
.../tests/openssl-ikev2/alg-camellia/evaltest.dat | 2 +-
.../tests/openssl-ikev2/alg-camellia/pretest.dat | 1 +
.../alg-ecp-brainpool-high/evaltest.dat | 4 +-
.../alg-ecp-brainpool-high/pretest.dat | 1 +
.../alg-ecp-brainpool-low/evaltest.dat | 4 +-
.../alg-ecp-brainpool-low/pretest.dat | 1 +
.../tests/openssl-ikev2/alg-ecp-high/evaltest.dat | 4 +-
.../tests/openssl-ikev2/alg-ecp-high/pretest.dat | 1 +
.../tests/openssl-ikev2/alg-ecp-low/evaltest.dat | 4 +-
.../tests/openssl-ikev2/alg-ecp-low/pretest.dat | 1 +
.../openssl-ikev2/critical-extension/pretest.dat | 1 +
.../tests/openssl-ikev2/ecdsa-certs/evaltest.dat | 4 +-
.../tests/openssl-ikev2/ecdsa-certs/pretest.dat | 1 +
.../tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat | 4 +-
.../tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat | 1 +
.../openssl-ikev2/net2net-pgp-v3/evaltest.dat | 2 +-
.../tests/openssl-ikev2/net2net-pgp-v3/pretest.dat | 1 +
.../openssl-ikev2/net2net-pkcs12/evaltest.dat | 2 +-
.../tests/openssl-ikev2/net2net-pkcs12/pretest.dat | 1 +
testing/tests/openssl-ikev2/rw-cert/evaltest.dat | 4 +-
.../openssl-ikev2/rw-eap-tls-only/evaltest.dat | 2 +-
.../openssl-ikev2/rw-eap-tls-only/pretest.dat | 1 +
.../openssl-ikev2/rw-suite-b-128/evaltest.dat | 2 +-
.../openssl-ikev2/rw-suite-b-192/evaltest.dat | 2 +-
testing/tests/p2pnat/behind-same-nat/evaltest.dat | 4 +-
testing/tests/p2pnat/medsrv-psk/evaltest.dat | 4 +-
testing/tests/pfkey/alg-aes-xcbc/evaltest.dat | 2 +-
testing/tests/pfkey/alg-aes-xcbc/pretest.dat | 1 +
testing/tests/pfkey/alg-sha384/evaltest.dat | 2 +-
testing/tests/pfkey/alg-sha384/pretest.dat | 1 +
testing/tests/pfkey/alg-sha512/evaltest.dat | 2 +-
testing/tests/pfkey/alg-sha512/pretest.dat | 1 +
testing/tests/pfkey/compress/pretest.dat | 1 +
testing/tests/pfkey/esp-alg-null/evaltest.dat | 2 +-
testing/tests/pfkey/esp-alg-null/pretest.dat | 1 +
.../tests/pfkey/host2host-transport/evaltest.dat | 2 +-
.../tests/pfkey/host2host-transport/pretest.dat | 1 +
testing/tests/pfkey/nat-rw/evaltest.dat | 8 +-
testing/tests/pfkey/nat-rw/pretest.dat | 3 +-
testing/tests/pfkey/net2net-route/evaltest.dat | 2 +-
testing/tests/pfkey/net2net-route/pretest.dat | 1 +
testing/tests/pfkey/protoport-dual/evaltest.dat | 4 +-
testing/tests/pfkey/protoport-dual/pretest.dat | 2 +
testing/tests/pfkey/protoport-route/evaltest.dat | 4 +-
testing/tests/pfkey/protoport-route/pretest.dat | 2 +
testing/tests/pfkey/rw-cert/evaltest.dat | 4 +-
.../tests/pfkey/shunt-policies-nat-rw/evaltest.dat | 12 +-
testing/tests/sql/ip-pool-db-expired/evaltest.dat | 4 +-
testing/tests/sql/ip-pool-db-restart/evaltest.dat | 4 +-
testing/tests/sql/ip-pool-db/evaltest.dat | 4 +-
testing/tests/sql/ip-split-pools-db/evaltest.dat | 4 +-
testing/tests/sql/multi-level-ca/evaltest.dat | 4 +-
testing/tests/sql/net2net-cert/evaltest.dat | 2 +-
testing/tests/sql/net2net-psk/evaltest.dat | 2 +-
testing/tests/sql/net2net-route-pem/evaltest.dat | 4 +-
testing/tests/sql/net2net-start-pem/evaltest.dat | 4 +-
testing/tests/sql/rw-cert/evaltest.dat | 4 +-
testing/tests/sql/rw-eap-aka-rsa/evaltest.dat | 2 +-
testing/tests/sql/rw-psk-ipv4/evaltest.dat | 4 +-
testing/tests/sql/rw-psk-rsa-split/evaltest.dat | 4 +-
testing/tests/sql/rw-rsa-keyid/evaltest.dat | 4 +-
testing/tests/sql/rw-rsa/evaltest.dat | 4 +-
.../tests/sql/shunt-policies-nat-rw/evaltest.dat | 12 +-
testing/tests/swanctl/config-payload/evaltest.dat | 4 +-
testing/tests/swanctl/dhcp-dynamic/evaltest.dat | 8 +-
testing/tests/swanctl/dhcp-dynamic/posttest.dat | 2 +-
testing/tests/swanctl/dhcp-dynamic/pretest.dat | 2 +-
testing/tests/swanctl/frags-ipv4/evaltest.dat | 4 +-
testing/tests/swanctl/ip-pool-db/evaltest.dat | 4 +-
testing/tests/swanctl/ip-pool/evaltest.dat | 4 +-
testing/tests/swanctl/manual-prio/description.txt | 4 +
.../{rw-hash-and-url => manual-prio}/evaltest.dat | 22 +-
.../manual-prio/hosts/carol/etc/strongswan.conf | 14 +
.../hosts/carol/etc/swanctl/swanctl.conf | 31 +-
.../manual-prio/hosts/dave/etc/strongswan.conf | 14 +
.../hosts/dave/etc/swanctl/swanctl.conf | 29 +-
.../manual-prio/hosts/moon/etc/strongswan.conf | 14 +
.../hosts/moon/etc/swanctl/swanctl.conf | 66 +
testing/tests/swanctl/manual-prio/posttest.dat | 8 +
.../{dhcp-dynamic => manual-prio}/pretest.dat | 8 +-
.../alg-serpent => swanctl/manual-prio}/test.conf | 9 +-
.../swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat | 4 +-
testing/tests/swanctl/net2net-cert/evaltest.dat | 2 +-
.../hosts/moon/etc/swanctl/swanctl.conf | 4 +
.../hosts/sun/etc/swanctl/swanctl.conf | 4 +
testing/tests/swanctl/net2net-gw/description.txt | 7 +
testing/tests/swanctl/net2net-gw/evaltest.dat | 5 +
.../net2net-gw/hosts/carol/etc/strongswan.conf | 14 +
.../hosts/carol/etc/swanctl/swanctl.conf | 49 +
.../net2net-gw/hosts/moon/etc/strongswan.conf | 14 +
.../hosts/moon/etc/swanctl/swanctl.conf | 9 +-
.../net2net-gw/hosts/sun/etc/strongswan.conf | 14 +
.../hosts/sun/etc/swanctl/swanctl.conf | 9 +-
testing/tests/swanctl/net2net-gw/posttest.dat | 8 +
.../{net2net-pubkey => net2net-gw}/pretest.dat | 12 +-
.../alg-serpent => swanctl/net2net-gw}/test.conf | 11 +-
testing/tests/swanctl/net2net-pubkey/evaltest.dat | 2 +-
testing/tests/swanctl/net2net-pubkey/pretest.dat | 1 +
testing/tests/swanctl/net2net-route/evaltest.dat | 2 +-
testing/tests/swanctl/net2net-start/evaltest.dat | 2 +-
testing/tests/swanctl/protoport-dual/evaltest.dat | 4 +-
testing/tests/swanctl/protoport-dual/pretest.dat | 2 +
testing/tests/swanctl/protoport-range/evaltest.dat | 4 +-
testing/tests/swanctl/protoport-range/pretest.dat | 3 +
testing/tests/swanctl/rw-cert/evaltest.dat | 4 +-
testing/tests/swanctl/rw-dnssec/evaltest.dat | 4 +-
testing/tests/swanctl/rw-hash-and-url/evaltest.dat | 4 +-
.../swanctl/rw-multi-ciphers-ikev1/description.txt | 15 +
.../swanctl/rw-multi-ciphers-ikev1/evaltest.dat | 12 +
.../hosts/carol/etc/strongswan.conf | 23 +
.../hosts/carol/etc/swanctl/swanctl.conf | 20 +-
.../hosts/dave/etc/strongswan.conf | 23 +
.../hosts/dave/etc/swanctl/swanctl.conf | 20 +-
.../hosts/moon/etc/strongswan.conf | 23 +
.../hosts/moon/etc/swanctl/swanctl.conf | 45 +
.../posttest.dat | 4 -
.../pretest.dat | 5 +-
.../rw-multi-ciphers-ikev1}/test.conf | 9 +-
testing/tests/swanctl/rw-ntru-bliss/evaltest.dat | 4 +-
testing/tests/swanctl/rw-psk-fqdn/evaltest.dat | 4 +-
testing/tests/swanctl/rw-psk-ikev1/evaltest.dat | 8 +-
testing/tests/swanctl/rw-psk-ipv4/evaltest.dat | 4 +-
testing/tests/swanctl/rw-pubkey-anon/evaltest.dat | 4 +-
testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat | 4 +-
.../swanctl/shunt-policies-nat-rw/evaltest.dat | 12 +-
testing/tests/swanctl/xauth-rsa/evaltest.dat | 10 +-
.../xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf | 3 +-
.../xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf | 3 +-
.../xauth-rsa/hosts/moon/etc/swanctl/swanctl.conf | 4 +-
testing/tests/tkm/host2host-initiator/evaltest.dat | 2 +-
testing/tests/tkm/host2host-responder/evaltest.dat | 2 +-
testing/tests/tkm/host2host-xfrmproxy/evaltest.dat | 2 +-
testing/tests/tkm/multiple-clients/evaltest.dat | 4 +-
testing/tests/tkm/net2net-initiator/evaltest.dat | 2 +-
testing/tests/tkm/net2net-xfrmproxy/evaltest.dat | 2 +-
testing/tests/tkm/xfrmproxy-expire/evaltest.dat | 2 +-
testing/tests/tnc/tnccs-11-fhh/evaltest.dat | 8 +-
.../tests/tnc/tnccs-11-radius-block/evaltest.dat | 4 +-
.../tests/tnc/tnccs-11-radius-block/pretest.dat | 1 +
testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat | 8 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
testing/tests/tnc/tnccs-11-radius-pts/pretest.dat | 2 +
testing/tests/tnc/tnccs-11-radius/evaltest.dat | 8 +-
.../hosts/carol/etc/strongswan.conf | 3 +
testing/tests/tnc/tnccs-11-radius/pretest.dat | 2 +
testing/tests/tnc/tnccs-11/evaltest.dat | 8 +-
testing/tests/tnc/tnccs-11/pretest.dat | 2 +
testing/tests/tnc/tnccs-20-block/evaltest.dat | 4 +-
testing/tests/tnc/tnccs-20-block/pretest.dat | 1 +
.../tests/tnc/tnccs-20-client-retry/evaltest.dat | 8 +-
.../tests/tnc/tnccs-20-client-retry/pretest.dat | 2 +
testing/tests/tnc/tnccs-20-fail-init/pretest.dat | 2 +
testing/tests/tnc/tnccs-20-fail-resp/pretest.dat | 2 +
testing/tests/tnc/tnccs-20-fhh/evaltest.dat | 8 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat | 2 +
.../tnc/tnccs-20-mutual-eap-fail/evaltest.dat | 2 +-
.../tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat | 5 +-
testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat | 2 +-
testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat | 5 +-
testing/tests/tnc/tnccs-20-os-pts/evaltest.dat | 8 +-
.../tnccs-20-os-pts/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/tnc/tnccs-20-os-pts/pretest.dat | 2 +
testing/tests/tnc/tnccs-20-os/evaltest.dat | 8 +-
.../tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/tnc/tnccs-20-os/pretest.dat | 2 +
testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat | 8 +-
.../sites-available/{default => 000-default.conf} | 9 +-
.../alice/etc/apache2/sites-available/default | 27 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat | 2 +
.../etc/apache2/sites-available/000-default.conf} | 9 +-
.../alice/etc/apache2/sites-available/default | 27 +-
.../hosts/alice/etc/iptables.rules | 4 +-
.../hosts/alice/etc/strongswan.conf | 5 +-
testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat | 4 +-
testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat | 8 +-
.../hosts/moon/etc/strongswan.conf | 3 +-
testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat | 2 +
testing/tests/tnc/tnccs-20-pts/evaltest.dat | 8 +-
.../tnccs-20-pts/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/tnc/tnccs-20-pts/pretest.dat | 2 +
.../tests/tnc/tnccs-20-server-retry/evaltest.dat | 8 +-
.../tests/tnc/tnccs-20-server-retry/pretest.dat | 2 +
testing/tests/tnc/tnccs-20-tls/evaltest.dat | 8 +-
testing/tests/tnc/tnccs-20-tls/pretest.dat | 2 +
testing/tests/tnc/tnccs-20/evaltest.dat | 8 +-
testing/tests/tnc/tnccs-20/pretest.dat | 2 +
testing/tests/tnc/tnccs-dynamic/evaltest.dat | 8 +-
testing/tests/tnc/tnccs-dynamic/pretest.dat | 2 +
ylwrap | 28 +-
1615 files changed, 32594 insertions(+), 15143 deletions(-)
diff --git a/Android.common.mk b/Android.common.mk
index 1aa5b53..1c12487 100644
--- a/Android.common.mk
+++ b/Android.common.mk
@@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \
)
# strongSwan version, replaced by top Makefile
-strongswan_VERSION := "5.4.0"
+strongswan_VERSION := "5.5.0"
diff --git a/Android.mk b/Android.mk
index f17289e..0ca462e 100644
--- a/Android.mk
+++ b/Android.mk
@@ -61,15 +61,11 @@ strongswan_CFLAGS := \
-DHAVE_ALLOCA \
-DHAVE_CLOCK_GETTIME \
-DHAVE_DLADDR \
- -DHAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC \
-DHAVE_PRCTL \
-DHAVE_LINUX_UDP_H \
-DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY \
-DHAVE_IPSEC_MODE_BEET \
-DHAVE_IPSEC_DIR_FWD \
- -DOPENSSL_NO_EC \
- -DOPENSSL_NO_ECDSA \
- -DOPENSSL_NO_ECDH \
-DOPENSSL_NO_ENGINE \
-DCONFIG_H_INCLUDED \
-DCAPABILITIES \
@@ -100,7 +96,8 @@ strongswan_BUILD := \
libstrongswan \
libtncif \
libtnccs \
- libimcv
+ libimcv \
+ libtpmtss
ifneq ($(strongswan_BUILD_STARTER),)
strongswan_BUILD += \
diff --git a/Makefile.in b/Makefile.in
index 55ddc0e..2df942a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,12 +90,6 @@ build_triplet = @build@
host_triplet = @host@
@USE_SCRIPTS_TRUE at am__append_1 = scripts
subdir = .
-DIST_COMMON = INSTALL NEWS README AUTHORS ChangeLog \
- $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/configure $(am__configure_deps) \
- $(srcdir)/config.h.in $(top_srcdir)/src/dumm/ext/extconf.rb.in \
- COPYING TODO compile config.guess config.sub depcomp \
- install-sh missing ylwrap ltmain.sh
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -99,6 +103,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
+ $(am__configure_deps) $(am__DIST_COMMON)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
@@ -191,6 +197,10 @@ ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
DIST_SUBDIRS = src man conf init testing scripts
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
+ $(top_srcdir)/src/dumm/ext/extconf.rb.in AUTHORS COPYING \
+ ChangeLog INSTALL NEWS README TODO compile config.guess \
+ config.sub depcomp install-sh ltmain.sh missing ylwrap
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@@ -237,6 +247,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -286,6 +297,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -320,6 +332,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -431,6 +444,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -490,7 +504,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -744,15 +757,15 @@ dist-xz: distdir
$(am__post_remove_distdir)
dist-tarZ: distdir
- @echo WARNING: "Support for shar distribution archives is" \
- "deprecated." >&2
+ @echo WARNING: "Support for distribution archives compressed with" \
+ "legacy program 'compress' is deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__post_remove_distdir)
dist-shar: distdir
- @echo WARNING: "Support for distribution archives compressed with" \
- "legacy program 'compress' is deprecated." >&2
+ @echo WARNING: "Support for shar distribution archives is" \
+ "deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
$(am__post_remove_distdir)
@@ -788,17 +801,17 @@ distcheck: dist
esac
chmod -R a-w $(distdir)
chmod u+w $(distdir)
- mkdir $(distdir)/_build $(distdir)/_inst
+ mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
chmod a-w $(distdir)
test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
&& am__cwd=`pwd` \
- && $(am__cd) $(distdir)/_build \
- && ../configure \
+ && $(am__cd) $(distdir)/_build/sub \
+ && ../../configure \
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
$(DISTCHECK_CONFIGURE_FLAGS) \
- --srcdir=.. --prefix="$$dc_install_base" \
+ --srcdir=../.. --prefix="$$dc_install_base" \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \
@@ -986,6 +999,8 @@ uninstall-am: uninstall-nodist_config_includeHEADERS
tags tags-am uninstall uninstall-am \
uninstall-nodist_config_includeHEADERS
+.PRECIOUS: Makefile
+
Android.common.mk : Android.common.mk.in configure.ac
$(AM_V_GEN) \
diff --git a/NEWS b/NEWS
index 8de6cac..db30df1 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,41 @@
+strongswan-5.5.0
+----------------
+
+- The new libtpmtss library offers support for both TPM 1.2 and TPM 2.0
+ Trusted Platform Modules. This allows the Attestation IMC/IMV pair to
+ do TPM 2.0 based attestation.
+
+- The behavior during IKEv2 exchange collisions has been improved/fixed in
+ several corner cases and support for TEMPORARY_FAILURE and CHILD_SA_NOT_FOUND
+ notifies, as defined by RFC 7296, has been added.
+
+- IPsec policy priorities can be set manually (e.g. for high-priority drop
+ policies) and outbound policies may be restricted to a network interface.
+
+- The scheme for the automatically calculated default priorities has been
+ changed and now also considers port masks, which were added with 5.4.0.
+
+- FWD policies are now installed in both directions in regards to the traffic
+ selectors. Because such "outbound" FWD policies could conflict with "inbound"
+ FWD policies of other SAs they are installed with a lower priority and don't
+ have a reqid set, which allows kernel plugins to distinguish between the two
+ and prefer those with a reqid.
+
+- For outbound IPsec SAs no replay window is configured anymore.
+
+- Enhanced the functionality of the swanctl --list-conns command by listing
+ IKE_SA and CHILD_SA reauthentication and rekeying settings, and EAP/XAuth
+ identities and EAP types.
+
+- DNS servers installed by the resolve plugin are now refcounted, which should
+ fix its use with make-before-break reauthentication. Any output written to
+ stderr/stdout by resolvconf is now logged.
+
+- The methods in the kernel interfaces have been changed to take structs instead
+ of long lists of arguments. Similarly the constructors for peer_cfg_t and
+ child_cfg_t now take structs.
+
+
strongswan-5.4.0
----------------
diff --git a/aclocal.m4 b/aclocal.m4
index 4521f37..0e461b8 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -1,6 +1,6 @@
-# generated automatically by aclocal 1.14.1 -*- Autoconf -*-
+# generated automatically by aclocal 1.15 -*- Autoconf -*-
-# Copyright (C) 1996-2013 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -21,7 +21,7 @@ If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
# lib-prefix.m4 serial 7 (gettext-0.18)
-dnl Copyright (C) 2001-2005, 2008-2013 Free Software Foundation, Inc.
+dnl Copyright (C) 2001-2005, 2008-2015 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
@@ -245,32 +245,63 @@ sixtyfour bits
test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem"
])
-# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
-# serial 1 (pkg-config-0.24)
-#
-# Copyright © 2004 Scott James Remnant <scott at netsplit.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# PKG_PROG_PKG_CONFIG([MIN-VERSION])
-# ----------------------------------
+dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
+dnl serial 11 (pkg-config-0.29.1)
+dnl
+dnl Copyright © 2004 Scott James Remnant <scott at netsplit.com>.
+dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists at gmail.com>
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program; if not, write to the Free Software
+dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+dnl 02111-1307, USA.
+dnl
+dnl As a special exception to the GNU General Public License, if you
+dnl distribute this file as part of a program that contains a
+dnl configuration script generated by Autoconf, you may include it under
+dnl the same distribution terms that you use for the rest of that
+dnl program.
+
+dnl PKG_PREREQ(MIN-VERSION)
+dnl -----------------------
+dnl Since: 0.29
+dnl
+dnl Verify that the version of the pkg-config macros are at least
+dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
+dnl installed version of pkg-config, this checks the developer's version
+dnl of pkg.m4 when generating configure.
+dnl
+dnl To ensure that this macro is defined, also add:
+dnl m4_ifndef([PKG_PREREQ],
+dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
+dnl
+dnl See the "Since" comment for each macro you use to see what version
+dnl of the macros you require.
+m4_defun([PKG_PREREQ],
+[m4_define([PKG_MACROS_VERSION], [0.29.1])
+m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
+ [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
+])dnl PKG_PREREQ
+
+dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
+dnl ----------------------------------
+dnl Since: 0.16
+dnl
+dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
+dnl first found in the path. Checks that the version of pkg-config found
+dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
+dnl used since that's the first version where most current features of
+dnl pkg-config existed.
AC_DEFUN([PKG_PROG_PKG_CONFIG],
[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
@@ -292,18 +323,19 @@ if test -n "$PKG_CONFIG"; then
PKG_CONFIG=""
fi
fi[]dnl
-])# PKG_PROG_PKG_CONFIG
+])dnl PKG_PROG_PKG_CONFIG
-# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-#
-# Check to see whether a particular set of modules exists. Similar
-# to PKG_CHECK_MODULES(), but does not set variables or print errors.
-#
-# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-# only at the first occurence in configure.ac, so if the first place
-# it's called might be skipped (such as if it is within an "if", you
-# have to call PKG_CHECK_EXISTS manually
-# --------------------------------------------------------------
+dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------------------------------
+dnl Since: 0.18
+dnl
+dnl Check to see whether a particular set of modules exists. Similar to
+dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
+dnl
+dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+dnl only at the first occurence in configure.ac, so if the first place
+dnl it's called might be skipped (such as if it is within an "if", you
+dnl have to call PKG_CHECK_EXISTS manually
AC_DEFUN([PKG_CHECK_EXISTS],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
if test -n "$PKG_CONFIG" && \
@@ -313,8 +345,10 @@ m4_ifvaln([$3], [else
$3])dnl
fi])
-# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
-# ---------------------------------------------
+dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+dnl ---------------------------------------------
+dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
+dnl pkg_failed based on the result.
m4_define([_PKG_CONFIG],
[if test -n "$$1"; then
pkg_cv_[]$1="$$1"
@@ -326,10 +360,11 @@ m4_define([_PKG_CONFIG],
else
pkg_failed=untried
fi[]dnl
-])# _PKG_CONFIG
+])dnl _PKG_CONFIG
-# _PKG_SHORT_ERRORS_SUPPORTED
-# -----------------------------
+dnl _PKG_SHORT_ERRORS_SUPPORTED
+dnl ---------------------------
+dnl Internal check to see if pkg-config supports short errors.
AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
@@ -337,19 +372,17 @@ if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
else
_pkg_short_errors_supported=no
fi[]dnl
-])# _PKG_SHORT_ERRORS_SUPPORTED
+])dnl _PKG_SHORT_ERRORS_SUPPORTED
-# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-# [ACTION-IF-NOT-FOUND])
-#
-#
-# Note that if there is a possibility the first call to
-# PKG_CHECK_MODULES might not happen, you should be sure to include an
-# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
-#
-#
-# --------------------------------------------------------------
+dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl [ACTION-IF-NOT-FOUND])
+dnl --------------------------------------------------------------
+dnl Since: 0.4.0
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
+dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
AC_DEFUN([PKG_CHECK_MODULES],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
@@ -403,9 +436,92 @@ else
AC_MSG_RESULT([yes])
$3
fi[]dnl
-])# PKG_CHECK_MODULES
+])dnl PKG_CHECK_MODULES
+
+
+dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl [ACTION-IF-NOT-FOUND])
+dnl ---------------------------------------------------------------------
+dnl Since: 0.29
+dnl
+dnl Checks for existence of MODULES and gathers its build flags with
+dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
+dnl and VARIABLE-PREFIX_LIBS from --libs.
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
+dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
+dnl configure.ac.
+AC_DEFUN([PKG_CHECK_MODULES_STATIC],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+_save_PKG_CONFIG=$PKG_CONFIG
+PKG_CONFIG="$PKG_CONFIG --static"
+PKG_CHECK_MODULES($@)
+PKG_CONFIG=$_save_PKG_CONFIG[]dnl
+])dnl PKG_CHECK_MODULES_STATIC
+
-# Copyright (C) 2002-2013 Free Software Foundation, Inc.
+dnl PKG_INSTALLDIR([DIRECTORY])
+dnl -------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable pkgconfigdir as the location where a module
+dnl should install pkg-config .pc files. By default the directory is
+dnl $libdir/pkgconfig, but the default can be changed by passing
+dnl DIRECTORY. The user can override through the --with-pkgconfigdir
+dnl parameter.
+AC_DEFUN([PKG_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+ [pkg-config installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([pkgconfigdir],
+ [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
+ [with_pkgconfigdir=]pkg_default)
+AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_INSTALLDIR
+
+
+dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
+dnl --------------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable noarch_pkgconfigdir as the location where a
+dnl module should install arch-independent pkg-config .pc files. By
+dnl default the directory is $datadir/pkgconfig, but the default can be
+dnl changed by passing DIRECTORY. The user can override through the
+dnl --with-noarch-pkgconfigdir parameter.
+AC_DEFUN([PKG_NOARCH_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+ [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([noarch-pkgconfigdir],
+ [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
+ [with_noarch_pkgconfigdir=]pkg_default)
+AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_NOARCH_INSTALLDIR
+
+
+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------
+dnl Since: 0.28
+dnl
+dnl Retrieves the value of the pkg-config variable for the given module.
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])dnl PKG_CHECK_VAR
+
+# Copyright (C) 2002-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -417,10 +533,10 @@ fi[]dnl
# generated from the m4 files accompanying Automake X.Y.
# (This private macro should not be called outside this file.)
AC_DEFUN([AM_AUTOMAKE_VERSION],
-[am__api_version='1.14'
+[am__api_version='1.15'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
-m4_if([$1], [1.14.1], [],
+m4_if([$1], [1.15], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@@ -436,14 +552,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.14.1])dnl
+[AM_AUTOMAKE_VERSION([1.15])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
-# Copyright (C) 2001-2013 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -488,15 +604,14 @@ _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# configured tree to be moved without reconfiguration.
AC_DEFUN([AM_AUX_DIR_EXPAND],
-[dnl Rely on autoconf to set up CDPATH properly.
-AC_PREREQ([2.50])dnl
-# expand $ac_aux_dir to an absolute path
-am_aux_dir=`cd $ac_aux_dir && pwd`
+[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
+# Expand $ac_aux_dir to an absolute path.
+am_aux_dir=`cd "$ac_aux_dir" && pwd`
])
# AM_COND_IF -*- Autoconf -*-
-# Copyright (C) 2008-2013 Free Software Foundation, Inc.
+# Copyright (C) 2008-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -533,7 +648,7 @@ fi[]dnl
# AM_CONDITIONAL -*- Autoconf -*-
-# Copyright (C) 1997-2013 Free Software Foundation, Inc.
+# Copyright (C) 1997-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -564,7 +679,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
-# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -755,7 +870,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*-
-# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -831,7 +946,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
# Do all the work for Automake. -*- Autoconf -*-
-# Copyright (C) 1996-2013 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -921,8 +1036,8 @@ AC_REQUIRE([AC_PROG_MKDIR_P])dnl
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
-# We need awk for the "check" target. The system "awk" is bad on
-# some platforms.
+# We need awk for the "check" target (and possibly the TAP driver). The
+# system "awk" is bad on some platforms.
AC_REQUIRE([AC_PROG_AWK])dnl
AC_REQUIRE([AC_PROG_MAKE_SET])dnl
AC_REQUIRE([AM_SET_LEADING_DOT])dnl
@@ -995,7 +1110,11 @@ to "yes", and re-run configure.
END
AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
fi
-fi])
+fi
+dnl The trailing newline in this macro's definition is deliberate, for
+dnl backward compatibility and to allow trailing 'dnl'-style comments
+dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841.
+])
dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
@@ -1024,7 +1143,7 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
-# Copyright (C) 2001-2013 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1035,7 +1154,7 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co
# Define $install_sh.
AC_DEFUN([AM_PROG_INSTALL_SH],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-if test x"${install_sh}" != xset; then
+if test x"${install_sh+set}" != xset; then
case $am_aux_dir in
*\ * | *\ *)
install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
@@ -1045,7 +1164,7 @@ if test x"${install_sh}" != xset; then
fi
AC_SUBST([install_sh])])
-# Copyright (C) 2003-2013 Free Software Foundation, Inc.
+# Copyright (C) 2003-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1066,7 +1185,7 @@ AC_SUBST([am__leading_dot])])
# Check to see how 'make' treats includes. -*- Autoconf -*-
-# Copyright (C) 2001-2013 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1116,7 +1235,7 @@ rm -f confinc confmf
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
-# Copyright (C) 1997-2013 Free Software Foundation, Inc.
+# Copyright (C) 1997-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1155,7 +1274,7 @@ fi
# Helper functions for option handling. -*- Autoconf -*-
-# Copyright (C) 2001-2013 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1184,7 +1303,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
-# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1231,7 +1350,7 @@ AC_LANG_POP([C])])
# For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
-# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1466,7 +1585,7 @@ for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]]
sys.exit(sys.hexversion < minverhex)"
AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])])
-# Copyright (C) 2001-2013 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1485,7 +1604,7 @@ AC_DEFUN([AM_RUN_LOG],
# Check to make sure that the build environment is sane. -*- Autoconf -*-
-# Copyright (C) 1996-2013 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1566,7 +1685,7 @@ AC_CONFIG_COMMANDS_PRE(
rm -f conftest.file
])
-# Copyright (C) 2009-2013 Free Software Foundation, Inc.
+# Copyright (C) 2009-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1626,7 +1745,7 @@ AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
-# Copyright (C) 2001-2013 Free Software Foundation, Inc.
+# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1654,7 +1773,7 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
-# Copyright (C) 2006-2013 Free Software Foundation, Inc.
+# Copyright (C) 2006-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1673,7 +1792,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*-
-# Copyright (C) 2004-2013 Free Software Foundation, Inc.
+# Copyright (C) 2004-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
diff --git a/compile b/compile
index 531136b..a85b723 100755
--- a/compile
+++ b/compile
@@ -3,7 +3,7 @@
scriptversion=2012-10-14.11; # UTC
-# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey at cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
diff --git a/conf/Makefile.in b/conf/Makefile.in
index 8bfc298..6804d91 100644
--- a/conf/Makefile.in
+++ b/conf/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,9 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = conf
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(srcdir)/strongswan.conf.5.head.in \
- $(srcdir)/strongswan.conf.5.tail.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES = strongswan.conf.5.head strongswan.conf.5.tail
@@ -154,12 +162,16 @@ MANS = $(man_MANS)
DATA = $(optionstemplate_DATA) $(pluginstemplate_DATA) \
$(templates_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in \
+ $(srcdir)/strongswan.conf.5.head.in \
+ $(srcdir)/strongswan.conf.5.tail.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -209,6 +221,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -243,6 +256,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -354,6 +368,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -516,7 +531,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu conf/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu conf/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -819,6 +833,8 @@ uninstall-man: uninstall-man5
uninstall-optionstemplateDATA uninstall-pluginstemplateDATA \
uninstall-templatesDATA
+.PRECIOUS: Makefile
+
.opt.conf:
$(AM_V_GEN) \
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 5ca61a8..7841125 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -157,6 +157,11 @@ charon {
# will be allocated.
# port_nat_t = 4500
+ # Prefer locally configured proposals for IKE/IPsec over supplied ones as
+ # responder (disabling this can avoid keying retries due to
+ # INVALID_KE_PAYLOAD notifies).
+ # prefer_configured_proposals = yes
+
# By default public IPv6 addresses are preferred over temporary ones (RFC
# 4941), to make connections more stable. Enable this option to reverse
# this.
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 86279ec..3970012 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -253,6 +253,11 @@ charon.port_nat_t = 4500
allocated. Has to be different from **charon.port**, otherwise a random
port will be allocated.
+charon.prefer_configured_proposals = yes
+ Prefer locally configured proposals for IKE/IPsec over supplied ones as
+ responder (disabling this can avoid keying retries due to INVALID_KE_PAYLOAD
+ notifies).
+
charon.prefer_temporary_addrs = no
By default public IPv6 addresses are preferred over temporary ones (RFC
4941), to make connections more stable. Enable this option to reverse this.
diff --git a/conf/plugins/imc-attestation.opt b/conf/plugins/imc-attestation.opt
index 7a40bc9..925ac4e 100644
--- a/conf/plugins/imc-attestation.opt
+++ b/conf/plugins/imc-attestation.opt
@@ -7,6 +7,9 @@ libimcv.plugins.imc-attestation.aik_cert =
libimcv.plugins.imc-attestation.aik_pubkey =
AIK public key file.
+libimcv.plugins.imc-attestation.aik_handle =
+ AIK object handle.
+
libimcv.plugins.imc-attestation.mandatory_dh_groups = yes
Enforce mandatory Diffie-Hellman groups.
@@ -16,6 +19,9 @@ libimcv.plugins.imc-attestation.nonce_len = 20
libimcv.plugins.imc-attestation.use_quote2 = yes
Use Quote2 AIK signature instead of Quote signature.
+libimcv.plugins.imc-attestation.use_version_info = no
+ Version Info is included in Quote2 signature.
+
libimcv.plugins.imc-attestation.pcr_info = no
Whether to send pcr_before and pcr_after info.
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index e6a5029..3d03f20 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -1537,6 +1537,12 @@ otherwise a random port
will be allocated.
.TP
+.BR charon.prefer_configured_proposals " [yes]"
+Prefer locally configured proposals for IKE/IPsec over supplied ones as
+responder (disabling this can avoid keying retries due to INVALID_KE_PAYLOAD
+notifies).
+
+.TP
.BR charon.prefer_temporary_addrs " [no]"
By default public IPv6 addresses are preferred over temporary ones (RFC 4941),
to make connections more stable. Enable this option to reverse this.
@@ -1780,6 +1786,10 @@ AIK encrypted private key blob file.
AIK certificate file.
.TP
+.BR libimcv.plugins.imc-attestation.aik_handle " []"
+AIK object handle.
+
+.TP
.BR libimcv.plugins.imc-attestation.aik_pubkey " []"
AIK public key file.
@@ -1824,6 +1834,10 @@ Whether to send pcr_before and pcr_after info.
Use Quote2 AIK signature instead of Quote signature.
.TP
+.BR libimcv.plugins.imc-attestation.use_version_info " [no]"
+Version Info is included in Quote2 signature.
+
+.TP
.BR libimcv.plugins.imc-hcd.push_info " [yes]"
Send quadruple info without being prompted.
diff --git a/config.guess b/config.guess
index b79252d..1659250 100755
--- a/config.guess
+++ b/config.guess
@@ -1,8 +1,8 @@
#! /bin/sh
# Attempt to guess a canonical system name.
-# Copyright 1992-2013 Free Software Foundation, Inc.
+# Copyright 1992-2015 Free Software Foundation, Inc.
-timestamp='2013-06-10'
+timestamp='2015-08-20'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -24,12 +24,12 @@ timestamp='2013-06-10'
# program. This Exception is an additional permission under section 7
# of the GNU General Public License, version 3 ("GPLv3").
#
-# Originally written by Per Bothner.
+# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
#
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
#
-# Please send patches with a ChangeLog entry to config-patches at gnu.org.
+# Please send patches to <config-patches at gnu.org>.
me=`echo "$0" | sed -e 's,.*/,,'`
@@ -50,7 +50,7 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright 1992-2013 Free Software Foundation, Inc.
+Copyright 1992-2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -149,7 +149,7 @@ Linux|GNU|GNU/*)
LIBC=gnu
#endif
EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
;;
esac
@@ -168,20 +168,27 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
- UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
- /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
+ /sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || \
+ echo unknown)`
case "${UNAME_MACHINE_ARCH}" in
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
sh5el) machine=sh5le-unknown ;;
+ earmv*)
+ arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
+ endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
+ machine=${arch}${endian}-unknown
+ ;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently, or will in the future.
case "${UNAME_MACHINE_ARCH}" in
- arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ELF__
@@ -197,6 +204,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
os=netbsd
;;
esac
+ # Determine ABI tags.
+ case "${UNAME_MACHINE_ARCH}" in
+ earm*)
+ expr='s/^earmv[0-9]/-eabi/;s/eb$//'
+ abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
+ ;;
+ esac
# The OS release
# Debian GNU/NetBSD machines have a different userland, and
# thus, need a distinct triplet. However, they do not need
@@ -207,13 +221,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
release='-gnu'
;;
*)
- release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
- echo "${machine}-${os}${release}"
+ echo "${machine}-${os}${release}${abi}"
exit ;;
*:Bitrig:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
@@ -235,6 +249,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:MirBSD:*:*)
echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
exit ;;
+ *:Sortix:*:*)
+ echo ${UNAME_MACHINE}-unknown-sortix
+ exit ;;
alpha:OSF1:*:*)
case $UNAME_RELEASE in
*4.0)
@@ -579,8 +596,9 @@ EOF
else
IBM_ARCH=powerpc
fi
- if [ -x /usr/bin/oslevel ] ; then
- IBM_REV=`/usr/bin/oslevel`
+ if [ -x /usr/bin/lslpp ] ; then
+ IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
+ awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
else
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
@@ -826,7 +844,7 @@ EOF
*:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit ;;
- i*:MSYS*:*)
+ *:MSYS*:*)
echo ${UNAME_MACHINE}-pc-msys
exit ;;
i*:windows32*:*)
@@ -932,6 +950,9 @@ EOF
crisv32:Linux:*:*)
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
+ e2k:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ exit ;;
frv:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
@@ -969,10 +990,10 @@ EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
;;
- or1k:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ openrisc*:Linux:*:*)
+ echo or1k-unknown-linux-${LIBC}
exit ;;
- or32:Linux:*:*)
+ or32:Linux:*:* | or1k*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
padre:Linux:*:*)
@@ -1020,7 +1041,7 @@ EOF
echo ${UNAME_MACHINE}-dec-linux-${LIBC}
exit ;;
x86_64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;;
xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
@@ -1260,16 +1281,26 @@ EOF
if test "$UNAME_PROCESSOR" = unknown ; then
UNAME_PROCESSOR=powerpc
fi
- if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
- if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
- (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
- grep IS_64BIT_ARCH >/dev/null
- then
- case $UNAME_PROCESSOR in
- i386) UNAME_PROCESSOR=x86_64 ;;
- powerpc) UNAME_PROCESSOR=powerpc64 ;;
- esac
+ if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ case $UNAME_PROCESSOR in
+ i386) UNAME_PROCESSOR=x86_64 ;;
+ powerpc) UNAME_PROCESSOR=powerpc64 ;;
+ esac
+ fi
fi
+ elif test "$UNAME_PROCESSOR" = i386 ; then
+ # Avoid executing cc on OS X 10.9, as it ships with a stub
+ # that puts up a graphical alert prompting to install
+ # developer tools. Any system running Mac OS X 10.7 or
+ # later (Darwin 11 and later) is required to have a 64-bit
+ # processor. This is not true of the ARM version of Darwin
+ # that Apple uses in portable devices.
+ UNAME_PROCESSOR=x86_64
fi
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
exit ;;
@@ -1361,154 +1392,6 @@ EOF
exit ;;
esac
-eval $set_cc_for_build
-cat >$dummy.c <<EOF
-#ifdef _SEQUENT_
-# include <sys/types.h>
-# include <sys/utsname.h>
-#endif
-main ()
-{
-#if defined (sony)
-#if defined (MIPSEB)
- /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
- I don't know.... */
- printf ("mips-sony-bsd\n"); exit (0);
-#else
-#include <sys/param.h>
- printf ("m68k-sony-newsos%s\n",
-#ifdef NEWSOS4
- "4"
-#else
- ""
-#endif
- ); exit (0);
-#endif
-#endif
-
-#if defined (__arm) && defined (__acorn) && defined (__unix)
- printf ("arm-acorn-riscix\n"); exit (0);
-#endif
-
-#if defined (hp300) && !defined (hpux)
- printf ("m68k-hp-bsd\n"); exit (0);
-#endif
-
-#if defined (NeXT)
-#if !defined (__ARCHITECTURE__)
-#define __ARCHITECTURE__ "m68k"
-#endif
- int version;
- version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
- if (version < 4)
- printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
- else
- printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
- exit (0);
-#endif
-
-#if defined (MULTIMAX) || defined (n16)
-#if defined (UMAXV)
- printf ("ns32k-encore-sysv\n"); exit (0);
-#else
-#if defined (CMU)
- printf ("ns32k-encore-mach\n"); exit (0);
-#else
- printf ("ns32k-encore-bsd\n"); exit (0);
-#endif
-#endif
-#endif
-
-#if defined (__386BSD__)
- printf ("i386-pc-bsd\n"); exit (0);
-#endif
-
-#if defined (sequent)
-#if defined (i386)
- printf ("i386-sequent-dynix\n"); exit (0);
-#endif
-#if defined (ns32000)
- printf ("ns32k-sequent-dynix\n"); exit (0);
-#endif
-#endif
-
-#if defined (_SEQUENT_)
- struct utsname un;
-
- uname(&un);
-
- if (strncmp(un.version, "V2", 2) == 0) {
- printf ("i386-sequent-ptx2\n"); exit (0);
- }
- if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
- printf ("i386-sequent-ptx1\n"); exit (0);
- }
- printf ("i386-sequent-ptx\n"); exit (0);
-
-#endif
-
-#if defined (vax)
-# if !defined (ultrix)
-# include <sys/param.h>
-# if defined (BSD)
-# if BSD == 43
- printf ("vax-dec-bsd4.3\n"); exit (0);
-# else
-# if BSD == 199006
- printf ("vax-dec-bsd4.3reno\n"); exit (0);
-# else
- printf ("vax-dec-bsd\n"); exit (0);
-# endif
-# endif
-# else
- printf ("vax-dec-bsd\n"); exit (0);
-# endif
-# else
- printf ("vax-dec-ultrix\n"); exit (0);
-# endif
-#endif
-
-#if defined (alliant) && defined (i860)
- printf ("i860-alliant-bsd\n"); exit (0);
-#endif
-
- exit (1);
-}
-EOF
-
-$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
- { echo "$SYSTEM_NAME"; exit; }
-
-# Apollos put the system type in the environment.
-
-test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
-
-# Convex versions that predate uname can use getsysinfo(1)
-
-if [ -x /usr/convex/getsysinfo ]
-then
- case `getsysinfo -f cpu_type` in
- c1*)
- echo c1-convex-bsd
- exit ;;
- c2*)
- if getsysinfo -f scalar_acc
- then echo c32-convex-bsd
- else echo c2-convex-bsd
- fi
- exit ;;
- c34*)
- echo c34-convex-bsd
- exit ;;
- c38*)
- echo c38-convex-bsd
- exit ;;
- c4*)
- echo c4-convex-bsd
- exit ;;
- esac
-fi
-
cat >&2 <<EOF
$0: unable to guess system type
diff --git a/config.h.in b/config.h.in
index 02528e7..1e513da 100644
--- a/config.h.in
+++ b/config.h.in
@@ -272,8 +272,7 @@
/* username to run daemon with */
#undef IPSEC_USER
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
- */
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
/* mediation extension support */
@@ -317,9 +316,12 @@
/* Define to 1 if strerror_r returns char *. */
#undef STRERROR_R_CHAR_P
-/* use TrouSerS library libtspi as TSS implementation */
+/* use TrouSerS library libtspi */
#undef TSS_TROUSERS
+/* use TSS 2.0 library libtss2 */
+#undef TSS_TSS2
+
/* using builtin printf for printf hooks */
#undef USE_BUILTIN_PRINTF
diff --git a/config.sub b/config.sub
index 9633db7..1acc966 100755
--- a/config.sub
+++ b/config.sub
@@ -1,8 +1,8 @@
#! /bin/sh
# Configuration validation subroutine script.
-# Copyright 1992-2013 Free Software Foundation, Inc.
+# Copyright 1992-2015 Free Software Foundation, Inc.
-timestamp='2013-08-10'
+timestamp='2015-08-20'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -25,7 +25,7 @@ timestamp='2013-08-10'
# of the GNU General Public License, version 3 ("GPLv3").
-# Please send patches with a ChangeLog entry to config-patches at gnu.org.
+# Please send patches to <config-patches at gnu.org>.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
@@ -68,7 +68,7 @@ Report bugs and patches to <config-patches at gnu.org>."
version="\
GNU config.sub ($timestamp)
-Copyright 1992-2013 Free Software Foundation, Inc.
+Copyright 1992-2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -117,7 +117,7 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
- knetbsd*-gnu* | netbsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
@@ -255,16 +255,18 @@ case $basic_machine in
| arc | arceb \
| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
| avr | avr32 \
+ | ba \
| be32 | be64 \
| bfin \
| c4x | c8051 | clipper \
| d10v | d30v | dlx | dsp16xx \
- | epiphany \
- | fido | fr30 | frv \
+ | e2k | epiphany \
+ | fido | fr30 | frv | ft32 \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| hexagon \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
+ | k1om \
| le32 | le64 \
| lm32 \
| m32c | m32r | m32rle | m68000 | m68k | m88k \
@@ -282,8 +284,10 @@ case $basic_machine in
| mips64vr5900 | mips64vr5900el \
| mipsisa32 | mipsisa32el \
| mipsisa32r2 | mipsisa32r2el \
+ | mipsisa32r6 | mipsisa32r6el \
| mipsisa64 | mipsisa64el \
| mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64r6 | mipsisa64r6el \
| mipsisa64sb1 | mipsisa64sb1el \
| mipsisa64sr71k | mipsisa64sr71kel \
| mipsr5900 | mipsr5900el \
@@ -295,14 +299,14 @@ case $basic_machine in
| nds32 | nds32le | nds32be \
| nios | nios2 | nios2eb | nios2el \
| ns16k | ns32k \
- | open8 \
- | or1k | or32 \
+ | open8 | or1k | or1knd | or32 \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle \
| pyramid \
+ | riscv32 | riscv64 \
| rl78 | rx \
| score \
- | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
@@ -310,6 +314,7 @@ case $basic_machine in
| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
| ubicom32 \
| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
+ | visium \
| we32k \
| x86 | xc16x | xstormy16 | xtensa \
| z8k | z80)
@@ -324,7 +329,10 @@ case $basic_machine in
c6x)
basic_machine=tic6x-unknown
;;
- m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
+ leon|leon[3-9])
+ basic_machine=sparc-$basic_machine
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
basic_machine=$basic_machine-unknown
os=-none
;;
@@ -369,18 +377,20 @@ case $basic_machine in
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
+ | ba-* \
| be32-* | be64-* \
| bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* \
| c8051-* | clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
- | elxsi-* \
+ | e2k-* | elxsi-* \
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| hexagon-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
+ | k1om-* \
| le32-* | le64-* \
| lm32-* \
| m32c-* | m32r-* | m32rle-* \
@@ -400,8 +410,10 @@ case $basic_machine in
| mips64vr5900-* | mips64vr5900el-* \
| mipsisa32-* | mipsisa32el-* \
| mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa32r6-* | mipsisa32r6el-* \
| mipsisa64-* | mipsisa64el-* \
| mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64r6-* | mipsisa64r6el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
| mipsr5900-* | mipsr5900el-* \
@@ -413,16 +425,18 @@ case $basic_machine in
| nios-* | nios2-* | nios2eb-* | nios2el-* \
| none-* | np1-* | ns16k-* | ns32k-* \
| open8-* \
+ | or1k*-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \
+ | riscv32-* | riscv64-* \
| rl78-* | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
- | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
| tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tile*-* \
@@ -430,6 +444,7 @@ case $basic_machine in
| ubicom32-* \
| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
| vax-* \
+ | visium-* \
| we32k-* \
| x86-* | x86_64-* | xc16x-* | xps100-* \
| xstormy16-* | xtensa*-* \
@@ -506,6 +521,9 @@ case $basic_machine in
basic_machine=i386-pc
os=-aros
;;
+ asmjs)
+ basic_machine=asmjs-unknown
+ ;;
aux)
basic_machine=m68k-apple
os=-aux
@@ -767,6 +785,9 @@ case $basic_machine in
basic_machine=m68k-isi
os=-sysv
;;
+ leon-*|leon[3-9]-*)
+ basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'`
+ ;;
m68knommu)
basic_machine=m68k-unknown
os=-linux
@@ -822,6 +843,10 @@ case $basic_machine in
basic_machine=powerpc-unknown
os=-morphos
;;
+ moxiebox)
+ basic_machine=moxie-unknown
+ os=-moxiebox
+ ;;
msdos)
basic_machine=i386-pc
os=-msdos
@@ -1354,7 +1379,7 @@ case $os in
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
| -sym* | -kopensolaris* | -plan9* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* | -aros* \
+ | -aos* | -aros* | -cloudabi* | -sortix* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
@@ -1367,14 +1392,14 @@ case $os in
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
- | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
- | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@@ -1592,9 +1617,6 @@ case $basic_machine in
mips*-*)
os=-elf
;;
- or1k-*)
- os=-elf
- ;;
or32-*)
os=-coff
;;
diff --git a/configure b/configure
index dac40ea..be9df97 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for strongSwan 5.4.0.
+# Generated by GNU Autoconf 2.69 for strongSwan 5.5.0.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='strongSwan'
PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='5.4.0'
-PACKAGE_STRING='strongSwan 5.4.0'
+PACKAGE_VERSION='5.5.0'
+PACKAGE_STRING='strongSwan 5.5.0'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -649,6 +649,8 @@ USE_SVC_FALSE
USE_SVC_TRUE
USE_SWANCTL_FALSE
USE_SWANCTL_TRUE
+USE_AIKPUB2_FALSE
+USE_AIKPUB2_TRUE
USE_AIKGEN_FALSE
USE_AIKGEN_TRUE
USE_CMD_FALSE
@@ -663,6 +665,8 @@ USE_SILENT_RULES_FALSE
USE_SILENT_RULES_TRUE
MONOLITHIC_FALSE
MONOLITHIC_TRUE
+USE_TSS2_FALSE
+USE_TSS2_TRUE
USE_TROUSERS_FALSE
USE_TROUSERS_TRUE
USE_IMCV_FALSE
@@ -683,6 +687,8 @@ USE_IPSEC_SCRIPT_FALSE
USE_IPSEC_SCRIPT_TRUE
USE_FILE_CONFIG_FALSE
USE_FILE_CONFIG_TRUE
+USE_LIBTPMTSS_FALSE
+USE_LIBTPMTSS_TRUE
USE_LIBPTTLS_FALSE
USE_LIBPTTLS_TRUE
USE_LIBTNCCS_FALSE
@@ -1034,6 +1040,7 @@ PYTHON_EGGS_INSTALL_TRUE
PY_TEST
PYTHONEGGINSTALLDIR
EASY_INSTALL
+PYTHON_PACKAGE_VERSION
RUBY_GEMS_INSTALL_FALSE
RUBY_GEMS_INSTALL_TRUE
RUBYGEMDIR
@@ -1087,6 +1094,7 @@ OPENSSL_LIB
RTLIB
USE_SYSLOG_FALSE
USE_SYSLOG_TRUE
+ATOMICLIB
PTHREADLIB
SOCKLIB
BTLIB
@@ -1108,6 +1116,7 @@ YACC
LEXLIB
LEX_OUTPUT_ROOT
LEX
+LT_SYS_LIBRARY_PATH
OTOOL64
OTOOL
LIPO
@@ -1230,6 +1239,7 @@ infodir
docdir
oldincludedir
includedir
+runstatedir
localstatedir
sharedstatedir
sysconfdir
@@ -1269,7 +1279,6 @@ with_routing_table
with_routing_table_prio
with_ipsec_script
with_fips_mode
-with_tss
with_capabilities
with_mpz_powm_sec
with_dev_headers
@@ -1419,6 +1428,7 @@ enable_systime_fix
enable_test_vectors
enable_updown
enable_aikgen
+enable_aikpub2
enable_charon
enable_cmd
enable_conftest
@@ -1450,6 +1460,8 @@ enable_python_eggs
enable_python_eggs_install
enable_perl_cpan
enable_perl_cpan_install
+enable_tss_trousers
+enable_tss_tss2
enable_coverage
enable_leak_detective
enable_lock_profiler
@@ -1463,6 +1475,7 @@ enable_shared
enable_static
with_pic
enable_fast_install
+with_aix_soname
with_gnu_ld
with_sysroot
enable_libtool_lock
@@ -1479,6 +1492,7 @@ LDFLAGS
LIBS
CPPFLAGS
CPP
+LT_SYS_LIBRARY_PATH
YACC
YFLAGS
PYTHON
@@ -1542,6 +1556,7 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1794,6 +1809,15 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
+ -runstatedir | --runstatedir | --runstatedi | --runstated \
+ | --runstate | --runstat | --runsta | --runst | --runs \
+ | --run | --ru | --r)
+ ac_prev=runstatedir ;;
+ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+ | --run=* | --ru=* | --r=*)
+ runstatedir=$ac_optarg ;;
+
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1931,7 +1955,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir
+ libdir localedir mandir runstatedir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@@ -2044,7 +2068,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures strongSwan 5.4.0 to adapt to many kinds of systems.
+\`configure' configures strongSwan 5.5.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -2084,6 +2108,7 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
@@ -2114,7 +2139,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of strongSwan 5.4.0:";;
+ short | recursive ) echo "Configuration of strongSwan 5.5.0:";;
esac
cat <<\_ACEOF
@@ -2299,7 +2324,8 @@ Optional Features:
system time gracefully.
--enable-test-vectors enable plugin providing crypto test vectors.
--disable-updown disable updown firewall script plugin.
- --enable-aikgen enable AIK generator.
+ --enable-aikgen enable AIK generator for TPM 1.2.
+ --enable-aikpub2 enable AIK extractor for TPM 2.0.
--disable-charon disable the IKEv1/IKEv2 keying daemon charon.
--enable-cmd enable the command line IKE client charon-cmd.
--enable-conftest enforce Suite B conformance test framework.
@@ -2345,6 +2371,9 @@ Optional Features:
--enable-perl-cpan enable build of provided perl CPAN module.
--enable-perl-cpan-install
enable installation of provided CPAN module.
+ --enable-tss-trousers enable the use of the TrouSerS Trusted Software
+ Stack
+ --enable-tss-tss2 enable the use of the TSS 2.0 Trusted Software Stack
--enable-coverage enable lcov coverage report generation.
--enable-leak-detective enable malloc hooks to find memory leaks.
--enable-lock-profiler enable lock/mutex profiling code.
@@ -2410,9 +2439,6 @@ Optional Packages:
ipsec).
--with-fips-mode=arg set openssl FIPS mode: disabled(0), enabled(1),
Suite B enabled(2) (default: 0).
- --with-tss=arg set implementation of the Trusted Computing Group's
- Software Stack (TSS). Currently the only supported
- value is "trousers" (default: no).
--with-capabilities=arg set capability dropping library. Currently supported
values are "libcap" and "native" (default: no).
--with-mpz_powm_sec=arg use the more side-channel resistant mpz_powm_sec in
@@ -2444,9 +2470,12 @@ Optional Packages:
--without-lib-prefix don't search for libraries in includedir and libdir
--with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
both]
+ --with-aix-soname=aix|svr4|both
+ shared library versioning (aka "SONAME") variant to
+ provide on AIX, [default=aix].
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
- --with-sysroot=DIR Search for dependent libraries within DIR
- (or the compiler's sysroot if not specified).
+ --with-sysroot[=DIR] Search for dependent libraries within DIR (or the
+ compiler's sysroot if not specified).
Some influential environment variables:
PKG_CONFIG path to pkg-config utility
@@ -2462,6 +2491,8 @@ Some influential environment variables:
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CPP C preprocessor
+ LT_SYS_LIBRARY_PATH
+ User-defined run-time library search path.
YACC The `Yet Another Compiler Compiler' implementation to use.
Defaults to the first program found out of: `bison -y', `byacc',
`yacc'.
@@ -2569,7 +2600,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-strongSwan configure 5.4.0
+strongSwan configure 5.5.0
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3091,7 +3122,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by strongSwan $as_me 5.4.0, which was
+It was created by strongSwan $as_me 5.5.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3439,7 +3470,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-am__api_version='1.14'
+am__api_version='1.15'
ac_aux_dir=
for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
@@ -3640,8 +3671,8 @@ test "$program_suffix" != NONE &&
ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
-# expand $ac_aux_dir to an absolute path
-am_aux_dir=`cd $ac_aux_dir && pwd`
+# Expand $ac_aux_dir to an absolute path.
+am_aux_dir=`cd "$ac_aux_dir" && pwd`
if test x"${MISSING+set}" != xset; then
case $am_aux_dir in
@@ -3660,7 +3691,7 @@ else
$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
fi
-if test x"${install_sh}" != xset; then
+if test x"${install_sh+set}" != xset; then
case $am_aux_dir in
*\ * | *\ *)
install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
@@ -3954,7 +3985,7 @@ fi
# Define the identity of the package.
PACKAGE='strongswan'
- VERSION='5.4.0'
+ VERSION='5.5.0'
cat >>confdefs.h <<_ACEOF
@@ -3988,8 +4019,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
mkdir_p='$(MKDIR_P)'
-# We need awk for the "check" target. The system "awk" is bad on
-# some platforms.
+# We need awk for the "check" target (and possibly the TAP driver). The
+# system "awk" is bad on some platforms.
# Always define AMTAR for backward compatibility. Yes, it's still used
# in the wild :-( We should find a proper way to deprecate it ...
AMTAR='$${TAR-tar}'
@@ -4162,6 +4193,7 @@ END
as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
fi
fi
+
# Check whether --enable-silent-rules was given.
if test "${enable_silent_rules+set}" = set; then :
enableval=$enable_silent_rules;
@@ -4625,17 +4657,6 @@ fi
-
-# Check whether --with-tss was given.
-if test "${with_tss+set}" = set; then :
- withval=$with_tss; tss="$withval"
-else
- tss=no
-
-fi
-
-
-
# Check whether --with-capabilities was given.
if test "${with_capabilities+set}" = set; then :
withval=$with_capabilities; capabilities="$withval"
@@ -7025,6 +7046,22 @@ fi
disabled_by_default=${disabled_by_default}" aikgen"
+# Check whether --enable-aikpub2 was given.
+if test "${enable_aikpub2+set}" = set; then :
+ enableval=$enable_aikpub2; aikpub2_given=true
+ if test x$enableval = xyes; then
+ aikpub2=true
+ else
+ aikpub2=false
+ fi
+else
+ aikpub2=false
+ aikpub2_given=false
+
+fi
+
+ disabled_by_default=${disabled_by_default}" aikpub2"
+
# Check whether --enable-charon was given.
if test "${enable_charon+set}" = set; then :
enableval=$enable_charon; charon_given=true
@@ -7522,6 +7559,39 @@ fi
disabled_by_default=${disabled_by_default}" perl_cpan_install"
+# Check whether --enable-tss-trousers was given.
+if test "${enable_tss_trousers+set}" = set; then :
+ enableval=$enable_tss_trousers; tss_trousers_given=true
+ if test x$enableval = xyes; then
+ tss_trousers=true
+ else
+ tss_trousers=false
+ fi
+else
+ tss_trousers=false
+ tss_trousers_given=false
+
+fi
+
+ disabled_by_default=${disabled_by_default}" tss_trousers"
+
+# Check whether --enable-tss-tss2 was given.
+if test "${enable_tss_tss2+set}" = set; then :
+ enableval=$enable_tss_tss2; tss_tss2_given=true
+ if test x$enableval = xyes; then
+ tss_tss2=true
+ else
+ tss_tss2=false
+ fi
+else
+ tss_tss2=false
+ tss_tss2_given=false
+
+fi
+
+ disabled_by_default=${disabled_by_default}" tss_tss2"
+
+
# compile options
# Check whether --enable-coverage was given.
if test "${enable_coverage+set}" = set; then :
@@ -9607,8 +9677,8 @@ esac
-macro_version='2.4.2'
-macro_revision='1.3337'
+macro_version='2.4.6'
+macro_revision='2.4.6'
@@ -9622,7 +9692,7 @@ macro_revision='1.3337'
-ltmain="$ac_aux_dir/ltmain.sh"
+ltmain=$ac_aux_dir/ltmain.sh
# Backslashify metacharacters that are still active within
# double-quoted strings.
@@ -9671,7 +9741,7 @@ func_echo_all ()
$ECHO ""
}
-case "$ECHO" in
+case $ECHO in
printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5
$as_echo "printf" >&6; } ;;
print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
@@ -9864,19 +9934,19 @@ test -z "$GREP" && GREP=grep
# Check whether --with-gnu-ld was given.
if test "${with_gnu_ld+set}" = set; then :
- withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+ withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
else
with_gnu_ld=no
fi
ac_prog=ld
-if test "$GCC" = yes; then
+if test yes = "$GCC"; then
# Check if gcc -print-prog-name=ld gives a path.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
$as_echo_n "checking for ld used by $CC... " >&6; }
case $host in
*-*-mingw*)
- # gcc leaves a trailing carriage return which upsets mingw
+ # gcc leaves a trailing carriage return, which upsets mingw
ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
*)
ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
@@ -9890,7 +9960,7 @@ $as_echo_n "checking for ld used by $CC... " >&6; }
while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
done
- test -z "$LD" && LD="$ac_prog"
+ test -z "$LD" && LD=$ac_prog
;;
"")
# If it fails, then pretend we aren't using GCC.
@@ -9901,7 +9971,7 @@ $as_echo_n "checking for ld used by $CC... " >&6; }
with_gnu_ld=unknown
;;
esac
-elif test "$with_gnu_ld" = yes; then
+elif test yes = "$with_gnu_ld"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
$as_echo_n "checking for GNU ld... " >&6; }
else
@@ -9912,32 +9982,32 @@ if ${lt_cv_path_LD+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -z "$LD"; then
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
for ac_dir in $PATH; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
test -z "$ac_dir" && ac_dir=.
if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD="$ac_dir/$ac_prog"
+ lt_cv_path_LD=$ac_dir/$ac_prog
# Check to see if the program is GNU ld. I'd rather use --version,
# but apparently some variants of GNU ld only accept -v.
# Break only if it was the GNU/non-GNU ld that we prefer.
case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
*GNU* | *'with BFD'*)
- test "$with_gnu_ld" != no && break
+ test no != "$with_gnu_ld" && break
;;
*)
- test "$with_gnu_ld" != yes && break
+ test yes != "$with_gnu_ld" && break
;;
esac
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
else
- lt_cv_path_LD="$LD" # Let the user override the test with a path.
+ lt_cv_path_LD=$LD # Let the user override the test with a path.
fi
fi
-LD="$lt_cv_path_LD"
+LD=$lt_cv_path_LD
if test -n "$LD"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
$as_echo "$LD" >&6; }
@@ -9980,33 +10050,38 @@ if ${lt_cv_path_NM+:} false; then :
else
if test -n "$NM"; then
# Let the user override the test.
- lt_cv_path_NM="$NM"
+ lt_cv_path_NM=$NM
else
- lt_nm_to_check="${ac_tool_prefix}nm"
+ lt_nm_to_check=${ac_tool_prefix}nm
if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
lt_nm_to_check="$lt_nm_to_check nm"
fi
for lt_tmp_nm in $lt_nm_to_check; do
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
test -z "$ac_dir" && ac_dir=.
- tmp_nm="$ac_dir/$lt_tmp_nm"
- if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ tmp_nm=$ac_dir/$lt_tmp_nm
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
# Check to see if the nm accepts a BSD-compat flag.
- # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # Adding the 'sed 1q' prevents false positives on HP-UX, which says:
# nm: unknown option "B" ignored
# Tru64's nm complains that /dev/null is an invalid object file
- case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
- */dev/null* | *'Invalid file or object type'*)
+ # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
+ case $build_os in
+ mingw*) lt_bad_file=conftest.nm/nofile ;;
+ *) lt_bad_file=/dev/null ;;
+ esac
+ case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
+ *$lt_bad_file* | *'Invalid file or object type'*)
lt_cv_path_NM="$tmp_nm -B"
- break
+ break 2
;;
*)
case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
*/dev/null*)
lt_cv_path_NM="$tmp_nm -p"
- break
+ break 2
;;
*)
lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
@@ -10017,15 +10092,15 @@ else
esac
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
done
: ${lt_cv_path_NM=no}
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
$as_echo "$lt_cv_path_NM" >&6; }
-if test "$lt_cv_path_NM" != "no"; then
- NM="$lt_cv_path_NM"
+if test no != "$lt_cv_path_NM"; then
+ NM=$lt_cv_path_NM
else
# Didn't find any BSD compatible name lister, look for dumpbin.
if test -n "$DUMPBIN"; then :
@@ -10131,9 +10206,9 @@ esac
fi
fi
- case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in
+ case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
*COFF*)
- DUMPBIN="$DUMPBIN -symbols"
+ DUMPBIN="$DUMPBIN -symbols -headers"
;;
*)
DUMPBIN=:
@@ -10141,8 +10216,8 @@ fi
esac
fi
- if test "$DUMPBIN" != ":"; then
- NM="$DUMPBIN"
+ if test : != "$DUMPBIN"; then
+ NM=$DUMPBIN
fi
fi
test -z "$NM" && NM=nm
@@ -10193,7 +10268,7 @@ if ${lt_cv_sys_max_cmd_len+:} false; then :
$as_echo_n "(cached) " >&6
else
i=0
- teststring="ABCD"
+ teststring=ABCD
case $build_os in
msdosdjgpp*)
@@ -10233,7 +10308,7 @@ else
lt_cv_sys_max_cmd_len=8192;
;;
- netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
# This has been around since 386BSD, at least. Likely further.
if test -x /sbin/sysctl; then
lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
@@ -10284,22 +10359,22 @@ else
*)
lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
if test -n "$lt_cv_sys_max_cmd_len" && \
- test undefined != "$lt_cv_sys_max_cmd_len"; then
+ test undefined != "$lt_cv_sys_max_cmd_len"; then
lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
else
# Make teststring a little bigger before we do anything with it.
# a 1K string should be a reasonable start.
- for i in 1 2 3 4 5 6 7 8 ; do
+ for i in 1 2 3 4 5 6 7 8; do
teststring=$teststring$teststring
done
SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
# If test is not a shell built-in, we'll probably end up computing a
# maximum length that is only half of the actual maximum length, but
# we can't tell.
- while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \
+ while { test X`env echo "$teststring$teststring" 2>/dev/null` \
= "X$teststring$teststring"; } >/dev/null 2>&1 &&
- test $i != 17 # 1/2 MB should be enough
+ test 17 != "$i" # 1/2 MB should be enough
do
i=`expr $i + 1`
teststring=$teststring$teststring
@@ -10317,7 +10392,7 @@ else
fi
-if test -n $lt_cv_sys_max_cmd_len ; then
+if test -n "$lt_cv_sys_max_cmd_len"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
else
@@ -10335,30 +10410,6 @@ max_cmd_len=$lt_cv_sys_max_cmd_len
: ${MV="mv -f"}
: ${RM="rm -f"}
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5
-$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; }
-# Try some XSI features
-xsi_shell=no
-( _lt_dummy="a/b/c"
- test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \
- = c,a/b,b/c, \
- && eval 'test $(( 1 + 1 )) -eq 2 \
- && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
- && xsi_shell=yes
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5
-$as_echo "$xsi_shell" >&6; }
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5
-$as_echo_n "checking whether the shell understands \"+=\"... " >&6; }
-lt_shell_append=no
-( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \
- >/dev/null 2>&1 \
- && lt_shell_append=yes
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5
-$as_echo "$lt_shell_append" >&6; }
-
-
if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
lt_unset=unset
else
@@ -10481,13 +10532,13 @@ esac
reload_cmds='$LD$reload_flag -o $output$reload_objs'
case $host_os in
cygwin* | mingw* | pw32* | cegcc*)
- if test "$GCC" != yes; then
+ if test yes != "$GCC"; then
reload_cmds=false
fi
;;
darwin*)
- if test "$GCC" = yes; then
- reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+ if test yes = "$GCC"; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
else
reload_cmds='$LD$reload_flag -o $output$reload_objs'
fi
@@ -10615,13 +10666,13 @@ lt_cv_deplibs_check_method='unknown'
# Need to set the preceding variable on all platforms that support
# interlibrary dependencies.
# 'none' -- dependencies not supported.
-# `unknown' -- same as none, but documents that we really don't know.
+# 'unknown' -- same as none, but documents that we really don't know.
# 'pass_all' -- all dependencies passed with no checks.
# 'test_compile' -- check by making test program.
# 'file_magic [[regex]]' -- check by looking for files in library path
-# which responds to the $file_magic_cmd with a given extended regex.
-# If you have `file' or equivalent on your system and you're not sure
-# whether `pass_all' will *always* work, you probably want this one.
+# that responds to the $file_magic_cmd with a given extended regex.
+# If you have 'file' or equivalent on your system and you're not sure
+# whether 'pass_all' will *always* work, you probably want this one.
case $host_os in
aix[4-9]*)
@@ -10648,8 +10699,7 @@ mingw* | pw32*)
# Base MSYS/MinGW do not provide the 'file' command needed by
# func_win32_libid shell function, so use a weaker test based on 'objdump',
# unless we find 'file', for example because we are cross-compiling.
- # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin.
- if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then
+ if ( file / ) >/dev/null 2>&1; then
lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
lt_cv_file_magic_cmd='func_win32_libid'
else
@@ -10745,8 +10795,8 @@ newos6*)
lt_cv_deplibs_check_method=pass_all
;;
-openbsd*)
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+openbsd* | bitrig*)
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
else
lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
@@ -10799,6 +10849,9 @@ sysv4 | sysv4.3*)
tpf*)
lt_cv_deplibs_check_method=pass_all
;;
+os2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
esac
fi
@@ -10956,8 +11009,8 @@ else
case $host_os in
cygwin* | mingw* | pw32* | cegcc*)
- # two different shell functions defined in ltmain.sh
- # decide which to use based on capabilities of $DLLTOOL
+ # two different shell functions defined in ltmain.sh;
+ # decide which one to use based on capabilities of $DLLTOOL
case `$DLLTOOL --help 2>&1` in
*--identify-strict*)
lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
@@ -10969,7 +11022,7 @@ cygwin* | mingw* | pw32* | cegcc*)
;;
*)
# fallback: assume linklib IS sharedlib
- lt_cv_sharedlib_from_linklib_cmd="$ECHO"
+ lt_cv_sharedlib_from_linklib_cmd=$ECHO
;;
esac
@@ -11123,7 +11176,7 @@ if ac_fn_c_try_compile "$LINENO"; then :
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
- if test "$ac_status" -eq 0; then
+ if test 0 -eq "$ac_status"; then
# Ensure the archiver fails upon bogus file names.
rm -f conftest.$ac_objext libconftest.a
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
@@ -11131,7 +11184,7 @@ if ac_fn_c_try_compile "$LINENO"; then :
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
- if test "$ac_status" -ne 0; then
+ if test 0 -ne "$ac_status"; then
lt_cv_ar_at_file=@
fi
fi
@@ -11144,7 +11197,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
$as_echo "$lt_cv_ar_at_file" >&6; }
-if test "x$lt_cv_ar_at_file" = xno; then
+if test no = "$lt_cv_ar_at_file"; then
archiver_list_spec=
else
archiver_list_spec=$lt_cv_ar_at_file
@@ -11361,7 +11414,7 @@ old_postuninstall_cmds=
if test -n "$RANLIB"; then
case $host_os in
- openbsd*)
+ bitrig* | openbsd*)
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
;;
*)
@@ -11451,7 +11504,7 @@ cygwin* | mingw* | pw32* | cegcc*)
symcode='[ABCDGISTW]'
;;
hpux*)
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
symcode='[ABCDEGRST]'
fi
;;
@@ -11484,14 +11537,44 @@ case `$NM -V 2>&1` in
symcode='[ABCDGIRSTW]' ;;
esac
+if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ # Gets list of data symbols to import.
+ lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
+ # Adjust the below global symbol transforms to fixup imported variables.
+ lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
+ lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
+ lt_c_name_lib_hook="\
+ -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\
+ -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'"
+else
+ # Disable hooks by default.
+ lt_cv_sys_global_symbol_to_import=
+ lt_cdecl_hook=
+ lt_c_name_hook=
+ lt_c_name_lib_hook=
+fi
+
# Transform an extracted symbol line into a proper C declaration.
# Some systems (esp. on ia64) link data and code symbols differently,
# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+lt_cv_sys_global_symbol_to_cdecl="sed -n"\
+$lt_cdecl_hook\
+" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'"
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
+$lt_c_name_hook\
+" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
+
+# Transform an extracted symbol line into symbol name with lib prefix and
+# symbol address.
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
+$lt_c_name_lib_hook\
+" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
+" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'"
# Handle CRLF in mingw tool chain
opt_cr=
@@ -11509,21 +11592,24 @@ for ac_symprfx in "" "_"; do
# Write the raw and C identifiers.
if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Fake it for dumpbin and say T for any non-static function
- # and D for any global variable.
+ # Fake it for dumpbin and say T for any non-static function,
+ # D for any global variable and I for any imported variable.
# Also find C++ and __fastcall symbols from MSVC++,
# which start with @ or ?.
lt_cv_sys_global_symbol_pipe="$AWK '"\
" {last_section=section; section=\$ 3};"\
" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
+" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
+" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
" \$ 0!~/External *\|/{next};"\
" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
" {if(hide[section]) next};"\
-" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
-" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
-" s[1]~/^[@?]/{print s[1], s[1]; next};"\
-" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
+" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
+" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
+" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
" ' prfx=^$ac_symprfx"
else
lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
@@ -11571,11 +11657,11 @@ _LT_EOF
if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
cat <<_LT_EOF > conftest.$ac_ext
/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE)
-/* DATA imports from DLLs on WIN32 con't be const, because runtime
+#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
+/* DATA imports from DLLs on WIN32 can't be const, because runtime
relocations are performed -- see ld's documentation on pseudo-relocs. */
# define LT_DLSYM_CONST
-#elif defined(__osf__)
+#elif defined __osf__
/* This system does not cope well with relocations in const data. */
# define LT_DLSYM_CONST
#else
@@ -11601,7 +11687,7 @@ lt__PROGRAM__LTX_preloaded_symbols[] =
{
{ "@PROGRAM@", (void *) 0 },
_LT_EOF
- $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+ $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
cat <<\_LT_EOF >> conftest.$ac_ext
{0, (void *) 0}
};
@@ -11621,13 +11707,13 @@ _LT_EOF
mv conftest.$ac_objext conftstm.$ac_objext
lt_globsym_save_LIBS=$LIBS
lt_globsym_save_CFLAGS=$CFLAGS
- LIBS="conftstm.$ac_objext"
+ LIBS=conftstm.$ac_objext
CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s conftest${ac_exeext}; then
+ test $ac_status = 0; } && test -s conftest$ac_exeext; then
pipe_works=yes
fi
LIBS=$lt_globsym_save_LIBS
@@ -11648,7 +11734,7 @@ _LT_EOF
rm -rf conftest* conftst*
# Do not use the global_symbol_pipe unless it works.
- if test "$pipe_works" = yes; then
+ if test yes = "$pipe_works"; then
break
else
lt_cv_sys_global_symbol_pipe=
@@ -11701,6 +11787,16 @@ fi
+
+
+
+
+
+
+
+
+
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
$as_echo_n "checking for sysroot... " >&6; }
@@ -11713,9 +11809,9 @@ fi
lt_sysroot=
-case ${with_sysroot} in #(
+case $with_sysroot in #(
yes)
- if test "$GCC" = yes; then
+ if test yes = "$GCC"; then
lt_sysroot=`$CC --print-sysroot 2>/dev/null`
fi
;; #(
@@ -11725,8 +11821,8 @@ case ${with_sysroot} in #(
no|'')
;; #(
*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${with_sysroot}" >&5
-$as_echo "${with_sysroot}" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
+$as_echo "$with_sysroot" >&6; }
as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
;;
esac
@@ -11738,18 +11834,99 @@ $as_echo "${lt_sysroot:-no}" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
+$as_echo_n "checking for a working dd... " >&6; }
+if ${ac_cv_path_lt_DD+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ printf 0123456789abcdef0123456789abcdef >conftest.i
+cat conftest.i conftest.i >conftest2.i
+: ${lt_DD:=$DD}
+if test -z "$lt_DD"; then
+ ac_path_lt_DD_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in dd; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_lt_DD" || continue
+if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
+ cmp -s conftest.i conftest.out \
+ && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
+fi
+ $ac_path_lt_DD_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_lt_DD"; then
+ :
+ fi
+else
+ ac_cv_path_lt_DD=$lt_DD
+fi
+
+rm -f conftest.i conftest2.i conftest.out
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
+$as_echo "$ac_cv_path_lt_DD" >&6; }
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
+$as_echo_n "checking how to truncate binary pipes... " >&6; }
+if ${lt_cv_truncate_bin+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ printf 0123456789abcdef0123456789abcdef >conftest.i
+cat conftest.i conftest.i >conftest2.i
+lt_cv_truncate_bin=
+if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
+ cmp -s conftest.i conftest.out \
+ && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
+fi
+rm -f conftest.i conftest2.i conftest.out
+test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
+$as_echo "$lt_cv_truncate_bin" >&6; }
+
+
+
+
+
+
+
+# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+func_cc_basename ()
+{
+ for cc_temp in $*""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+ done
+ func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
+}
+
# Check whether --enable-libtool-lock was given.
if test "${enable_libtool_lock+set}" = set; then :
enableval=$enable_libtool_lock;
fi
-test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+test no = "$enable_libtool_lock" || enable_libtool_lock=yes
# Some flags need to be propagated to the compiler or linker for good
# libtool support.
case $host in
ia64-*-hpux*)
- # Find out which ABI we are using.
+ # Find out what ABI is being produced by ac_compile, and set mode
+ # options accordingly.
echo 'int i;' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
@@ -11758,24 +11935,25 @@ ia64-*-hpux*)
test $ac_status = 0; }; then
case `/usr/bin/file conftest.$ac_objext` in
*ELF-32*)
- HPUX_IA64_MODE="32"
+ HPUX_IA64_MODE=32
;;
*ELF-64*)
- HPUX_IA64_MODE="64"
+ HPUX_IA64_MODE=64
;;
esac
fi
rm -rf conftest*
;;
*-*-irix6*)
- # Find out which ABI we are using.
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly.
echo '#line '$LINENO' "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
- if test "$lt_cv_prog_gnu_ld" = yes; then
+ if test yes = "$lt_cv_prog_gnu_ld"; then
case `/usr/bin/file conftest.$ac_objext` in
*32-bit*)
LD="${LD-ld} -melf32bsmip"
@@ -11804,9 +11982,50 @@ ia64-*-hpux*)
rm -rf conftest*
;;
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+mips64*-*linux*)
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly.
+ echo '#line '$LINENO' "configure"' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ emul=elf
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ emul="${emul}32"
+ ;;
+ *64-bit*)
+ emul="${emul}64"
+ ;;
+ esac
+ case `/usr/bin/file conftest.$ac_objext` in
+ *MSB*)
+ emul="${emul}btsmip"
+ ;;
+ *LSB*)
+ emul="${emul}ltsmip"
+ ;;
+ esac
+ case `/usr/bin/file conftest.$ac_objext` in
+ *N32*)
+ emul="${emul}n32"
+ ;;
+ esac
+ LD="${LD-ld} -m $emul"
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
- # Find out which ABI we are using.
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly. Note that the listed cases only cover the
+ # situations where additional linker options are needed (such as when
+ # doing 32-bit compilation for a host where ld defaults to 64-bit, or
+ # vice versa); the common cases where no linker options are needed do
+ # not appear in the list.
echo 'int i;' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
@@ -11829,7 +12048,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
;;
esac
;;
- ppc64-*linux*|powerpc64-*linux*)
+ powerpc64le-*linux*)
+ LD="${LD-ld} -m elf32lppclinux"
+ ;;
+ powerpc64-*linux*)
LD="${LD-ld} -m elf32ppclinux"
;;
s390x-*linux*)
@@ -11848,7 +12070,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
x86_64-*linux*)
LD="${LD-ld} -m elf_x86_64"
;;
- ppc*-*linux*|powerpc*-*linux*)
+ powerpcle-*linux*)
+ LD="${LD-ld} -m elf64lppc"
+ ;;
+ powerpc-*linux*)
LD="${LD-ld} -m elf64ppc"
;;
s390*-*linux*|s390*-*tpf*)
@@ -11866,7 +12091,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
*-*-sco3.2v5*)
# On SCO OpenServer 5, we need -belf to get full-featured binaries.
- SAVE_CFLAGS="$CFLAGS"
+ SAVE_CFLAGS=$CFLAGS
CFLAGS="$CFLAGS -belf"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
@@ -11906,13 +12131,14 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
$as_echo "$lt_cv_cc_needs_belf" >&6; }
- if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ if test yes != "$lt_cv_cc_needs_belf"; then
# this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
- CFLAGS="$SAVE_CFLAGS"
+ CFLAGS=$SAVE_CFLAGS
fi
;;
*-*solaris*)
- # Find out which ABI we are using.
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly.
echo 'int i;' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
@@ -11924,7 +12150,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; }
case $lt_cv_prog_gnu_ld in
yes*)
case $host in
- i?86-*-solaris*)
+ i?86-*-solaris*|x86_64-*-solaris*)
LD="${LD-ld} -m elf_x86_64"
;;
sparc*-*-solaris*)
@@ -11933,7 +12159,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; }
esac
# GNU ld 2.21 introduced _sol2 emulations. Use them if available.
if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
- LD="${LD-ld}_sol2"
+ LD=${LD-ld}_sol2
fi
;;
*)
@@ -11949,7 +12175,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; }
;;
esac
-need_locks="$enable_libtool_lock"
+need_locks=$enable_libtool_lock
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
@@ -12060,7 +12286,7 @@ else
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
$as_echo "$lt_cv_path_mainfest_tool" >&6; }
-if test "x$lt_cv_path_mainfest_tool" != xyes; then
+if test yes != "$lt_cv_path_mainfest_tool"; then
MANIFEST_TOOL=:
fi
@@ -12563,7 +12789,7 @@ if ${lt_cv_apple_cc_single_mod+:} false; then :
$as_echo_n "(cached) " >&6
else
lt_cv_apple_cc_single_mod=no
- if test -z "${LT_MULTI_MODULE}"; then
+ if test -z "$LT_MULTI_MODULE"; then
# By default we will add the -single_module flag. You can override
# by either setting the environment variable LT_MULTI_MODULE
# non-empty at configure time, or by adding -multi_module to the
@@ -12581,7 +12807,7 @@ else
cat conftest.err >&5
# Otherwise, if the output was created with a 0 exit code from
# the compiler, it worked.
- elif test -f libconftest.dylib && test $_lt_result -eq 0; then
+ elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
lt_cv_apple_cc_single_mod=yes
else
cat conftest.err >&5
@@ -12620,7 +12846,7 @@ else
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
- LDFLAGS="$save_LDFLAGS"
+ LDFLAGS=$save_LDFLAGS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
@@ -12649,7 +12875,7 @@ _LT_EOF
_lt_result=$?
if test -s conftest.err && $GREP force_load conftest.err; then
cat conftest.err >&5
- elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then
+ elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
lt_cv_ld_force_load=yes
else
cat conftest.err >&5
@@ -12662,32 +12888,32 @@ fi
$as_echo "$lt_cv_ld_force_load" >&6; }
case $host_os in
rhapsody* | darwin1.[012])
- _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+ _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
darwin1.*)
- _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
darwin*) # darwin 5.x on
# if running on 10.5 or later, the deployment target defaults
# to the OS version, if on x86, and 10.4, the deployment
# target defaults to 10.4. Don't you love it?
case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
10.0,*86*-darwin8*|10.0,*-darwin[91]*)
- _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
- 10.[012]*)
- _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+ 10.[012][,.]*)
+ _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
10.*)
- _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
esac
;;
esac
- if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+ if test yes = "$lt_cv_apple_cc_single_mod"; then
_lt_dar_single_mod='$single_module'
fi
- if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
- _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+ if test yes = "$lt_cv_ld_exported_symbols_list"; then
+ _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
else
- _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
fi
- if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then
+ if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
_lt_dsymutil='~$DSYMUTIL $lib || :'
else
_lt_dsymutil=
@@ -12695,6 +12921,41 @@ $as_echo "$lt_cv_ld_force_load" >&6; }
;;
esac
+# func_munge_path_list VARIABLE PATH
+# -----------------------------------
+# VARIABLE is name of variable containing _space_ separated list of
+# directories to be munged by the contents of PATH, which is string
+# having a format:
+# "DIR[:DIR]:"
+# string "DIR[ DIR]" will be prepended to VARIABLE
+# ":DIR[:DIR]"
+# string "DIR[ DIR]" will be appended to VARIABLE
+# "DIRP[:DIRP]::[DIRA:]DIRA"
+# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
+# "DIRA[ DIRA]" will be appended to VARIABLE
+# "DIR[:DIR]"
+# VARIABLE will be replaced by "DIR[ DIR]"
+func_munge_path_list ()
+{
+ case x$2 in
+ x)
+ ;;
+ *:)
+ eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\"
+ ;;
+ x:*)
+ eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\"
+ ;;
+ *::*)
+ eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
+ eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\"
+ ;;
+ *)
+ eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\"
+ ;;
+ esac
+}
+
for ac_header in dlfcn.h
do :
ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
@@ -12731,14 +12992,14 @@ if test "${enable_shared+set}" = set; then :
*)
enable_shared=no
# Look at the argument we got. We use all the common list separators.
- lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_shared=yes
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
;;
esac
else
@@ -12762,14 +13023,14 @@ if test "${enable_static+set}" = set; then :
*)
enable_static=no
# Look at the argument we got. We use all the common list separators.
- lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_static=yes
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
;;
esac
else
@@ -12793,14 +13054,14 @@ if test "${with_pic+set}" = set; then :
*)
pic_mode=default
# Look at the argument we got. We use all the common list separators.
- lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for lt_pkg in $withval; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
if test "X$lt_pkg" = "X$lt_p"; then
pic_mode=yes
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
;;
esac
else
@@ -12808,8 +13069,6 @@ else
fi
-test -z "$pic_mode" && pic_mode=default
-
@@ -12825,14 +13084,14 @@ if test "${enable_fast_install+set}" = set; then :
*)
enable_fast_install=no
# Look at the argument we got. We use all the common list separators.
- lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_fast_install=yes
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
;;
esac
else
@@ -12846,11 +13105,63 @@ fi
+ shared_archive_member_spec=
+case $host,$enable_shared in
+power*-*-aix[5-9]*,yes)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
+$as_echo_n "checking which variant of shared library versioning to provide... " >&6; }
+
+# Check whether --with-aix-soname was given.
+if test "${with_aix_soname+set}" = set; then :
+ withval=$with_aix_soname; case $withval in
+ aix|svr4|both)
+ ;;
+ *)
+ as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5
+ ;;
+ esac
+ lt_cv_with_aix_soname=$with_aix_soname
+else
+ if ${lt_cv_with_aix_soname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_with_aix_soname=aix
+fi
+
+ with_aix_soname=$lt_cv_with_aix_soname
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
+$as_echo "$with_aix_soname" >&6; }
+ if test aix != "$with_aix_soname"; then
+ # For the AIX way of multilib, we name the shared archive member
+ # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
+ # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
+ # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
+ # the AIX toolchain works better with OBJECT_MODE set (default 32).
+ if test 64 = "${OBJECT_MODE-32}"; then
+ shared_archive_member_spec=shr_64
+ else
+ shared_archive_member_spec=shr
+ fi
+ fi
+ ;;
+*)
+ with_aix_soname=aix
+ ;;
+esac
+
+
+
+
+
+
+
# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS="$ltmain"
+LIBTOOL_DEPS=$ltmain
# Always use our own libtool.
LIBTOOL='$(SHELL) $(top_builddir)/libtool'
@@ -12899,7 +13210,7 @@ test -z "$LN_S" && LN_S="ln -s"
-if test -n "${ZSH_VERSION+set}" ; then
+if test -n "${ZSH_VERSION+set}"; then
setopt NO_GLOB_SUBST
fi
@@ -12938,7 +13249,7 @@ aix3*)
# AIX sometimes has problems with the GCC collect2 program. For some
# reason, if we set the COLLECT_NAMES environment variable, the problems
# vanish in a puff of smoke.
- if test "X${COLLECT_NAMES+set}" != Xset; then
+ if test set != "${COLLECT_NAMES+set}"; then
COLLECT_NAMES=
export COLLECT_NAMES
fi
@@ -12949,14 +13260,14 @@ esac
ofile=libtool
can_build_shared=yes
-# All known linkers require a `.a' archive for static linking (except MSVC,
+# All known linkers require a '.a' archive for static linking (except MSVC,
# which needs '.lib').
libext=a
-with_gnu_ld="$lt_cv_prog_gnu_ld"
+with_gnu_ld=$lt_cv_prog_gnu_ld
-old_CC="$CC"
-old_CFLAGS="$CFLAGS"
+old_CC=$CC
+old_CFLAGS=$CFLAGS
# Set sane defaults for various variables
test -z "$CC" && CC=cc
@@ -12965,15 +13276,8 @@ test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
test -z "$LD" && LD=ld
test -z "$ac_objext" && ac_objext=o
-for cc_temp in $compiler""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
-done
-cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
+func_cc_basename $compiler
+cc_basename=$func_cc_basename_result
# Only perform the check for file, if the check method requires it
@@ -12988,22 +13292,22 @@ if ${lt_cv_path_MAGIC_CMD+:} false; then :
else
case $MAGIC_CMD in
[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
;;
*)
- lt_save_MAGIC_CMD="$MAGIC_CMD"
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ lt_save_MAGIC_CMD=$MAGIC_CMD
+ lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
for ac_dir in $ac_dummy; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/${ac_tool_prefix}file; then
- lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
+ if test -f "$ac_dir/${ac_tool_prefix}file"; then
+ lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file"
if test -n "$file_magic_test_file"; then
case $deplibs_check_method in
"file_magic "*)
file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
$EGREP "$file_magic_regex" > /dev/null; then
:
@@ -13026,13 +13330,13 @@ _LT_EOF
break
fi
done
- IFS="$lt_save_ifs"
- MAGIC_CMD="$lt_save_MAGIC_CMD"
+ IFS=$lt_save_ifs
+ MAGIC_CMD=$lt_save_MAGIC_CMD
;;
esac
fi
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if test -n "$MAGIC_CMD"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
$as_echo "$MAGIC_CMD" >&6; }
@@ -13054,22 +13358,22 @@ if ${lt_cv_path_MAGIC_CMD+:} false; then :
else
case $MAGIC_CMD in
[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
;;
*)
- lt_save_MAGIC_CMD="$MAGIC_CMD"
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ lt_save_MAGIC_CMD=$MAGIC_CMD
+ lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
for ac_dir in $ac_dummy; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/file; then
- lt_cv_path_MAGIC_CMD="$ac_dir/file"
+ if test -f "$ac_dir/file"; then
+ lt_cv_path_MAGIC_CMD=$ac_dir/"file"
if test -n "$file_magic_test_file"; then
case $deplibs_check_method in
"file_magic "*)
file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
$EGREP "$file_magic_regex" > /dev/null; then
:
@@ -13092,13 +13396,13 @@ _LT_EOF
break
fi
done
- IFS="$lt_save_ifs"
- MAGIC_CMD="$lt_save_MAGIC_CMD"
+ IFS=$lt_save_ifs
+ MAGIC_CMD=$lt_save_MAGIC_CMD
;;
esac
fi
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if test -n "$MAGIC_CMD"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
$as_echo "$MAGIC_CMD" >&6; }
@@ -13119,7 +13423,7 @@ esac
# Use C for the default configuration in the libtool script
-lt_save_CC="$CC"
+lt_save_CC=$CC
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -13181,7 +13485,7 @@ if test -n "$compiler"; then
lt_prog_compiler_no_builtin_flag=
-if test "$GCC" = yes; then
+if test yes = "$GCC"; then
case $cc_basename in
nvcc*)
lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;;
@@ -13197,7 +13501,7 @@ else
lt_cv_prog_compiler_rtti_exceptions=no
ac_outfile=conftest.$ac_objext
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="-fno-rtti -fno-exceptions"
+ lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment
# Insert the option either (1) after the last *FLAGS variable, or
# (2) before a word containing "conftest.", or (3) at the end.
# Note that $ac_compile itself does not contain backslashes and begins
@@ -13227,7 +13531,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
-if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then
lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
else
:
@@ -13245,17 +13549,18 @@ lt_prog_compiler_pic=
lt_prog_compiler_static=
- if test "$GCC" = yes; then
+ if test yes = "$GCC"; then
lt_prog_compiler_wl='-Wl,'
lt_prog_compiler_static='-static'
case $host_os in
aix*)
# All AIX code is PIC.
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# AIX 5 now supports IA64 processor
lt_prog_compiler_static='-Bstatic'
fi
+ lt_prog_compiler_pic='-fPIC'
;;
amigaos*)
@@ -13266,8 +13571,8 @@ lt_prog_compiler_static=
;;
m68k)
# FIXME: we need at least 68020 code to build shared libraries, but
- # adding the `-m68020' flag to GCC prevents building anything better,
- # like `-m68040'.
+ # adding the '-m68020' flag to GCC prevents building anything better,
+ # like '-m68040'.
lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
;;
esac
@@ -13283,6 +13588,11 @@ lt_prog_compiler_static=
# Although the cygwin gcc ignores -fPIC, still need this for old-style
# (--disable-auto-import) libraries
lt_prog_compiler_pic='-DDLL_EXPORT'
+ case $host_os in
+ os2*)
+ lt_prog_compiler_static='$wl-static'
+ ;;
+ esac
;;
darwin* | rhapsody*)
@@ -13353,7 +13663,7 @@ lt_prog_compiler_static=
case $host_os in
aix*)
lt_prog_compiler_wl='-Wl,'
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# AIX 5 now supports IA64 processor
lt_prog_compiler_static='-Bstatic'
else
@@ -13361,10 +13671,29 @@ lt_prog_compiler_static=
fi
;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic='-fno-common'
+ case $cc_basename in
+ nagfor*)
+ # NAG Fortran compiler
+ lt_prog_compiler_wl='-Wl,-Wl,,'
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ esac
+ ;;
+
mingw* | cygwin* | pw32* | os2* | cegcc*)
# This hack is so that the source file can tell whether it is being
# built for inclusion in a dll (and should export symbols for example).
lt_prog_compiler_pic='-DDLL_EXPORT'
+ case $host_os in
+ os2*)
+ lt_prog_compiler_static='$wl-static'
+ ;;
+ esac
;;
hpux9* | hpux10* | hpux11*)
@@ -13380,7 +13709,7 @@ lt_prog_compiler_static=
;;
esac
# Is there a better lt_prog_compiler_static that works with the bundled CC?
- lt_prog_compiler_static='${wl}-a ${wl}archive'
+ lt_prog_compiler_static='$wl-a ${wl}archive'
;;
irix5* | irix6* | nonstopux*)
@@ -13391,7 +13720,7 @@ lt_prog_compiler_static=
linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
case $cc_basename in
- # old Intel for x86_64 which still supported -KPIC.
+ # old Intel for x86_64, which still supported -KPIC.
ecc*)
lt_prog_compiler_wl='-Wl,'
lt_prog_compiler_pic='-KPIC'
@@ -13416,6 +13745,12 @@ lt_prog_compiler_static=
lt_prog_compiler_pic='-PIC'
lt_prog_compiler_static='-Bstatic'
;;
+ tcc*)
+ # Fabrice Bellard et al's Tiny C Compiler
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
# Portland Group compilers (*not* the Pentium gcc compiler,
# which looks to be a dead project)
@@ -13513,7 +13848,7 @@ lt_prog_compiler_static=
;;
sysv4*MP*)
- if test -d /usr/nec ;then
+ if test -d /usr/nec; then
lt_prog_compiler_pic='-Kconform_pic'
lt_prog_compiler_static='-Bstatic'
fi
@@ -13542,7 +13877,7 @@ lt_prog_compiler_static=
fi
case $host_os in
- # For platforms which do not support PIC, -DPIC is meaningless:
+ # For platforms that do not support PIC, -DPIC is meaningless:
*djgpp*)
lt_prog_compiler_pic=
;;
@@ -13574,7 +13909,7 @@ else
lt_cv_prog_compiler_pic_works=no
ac_outfile=conftest.$ac_objext
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
+ lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment
# Insert the option either (1) after the last *FLAGS variable, or
# (2) before a word containing "conftest.", or (3) at the end.
# Note that $ac_compile itself does not contain backslashes and begins
@@ -13604,7 +13939,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
-if test x"$lt_cv_prog_compiler_pic_works" = xyes; then
+if test yes = "$lt_cv_prog_compiler_pic_works"; then
case $lt_prog_compiler_pic in
"" | " "*) ;;
*) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
@@ -13636,7 +13971,7 @@ if ${lt_cv_prog_compiler_static_works+:} false; then :
$as_echo_n "(cached) " >&6
else
lt_cv_prog_compiler_static_works=no
- save_LDFLAGS="$LDFLAGS"
+ save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
echo "$lt_simple_link_test_code" > conftest.$ac_ext
if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
@@ -13655,13 +13990,13 @@ else
fi
fi
$RM -r conftest*
- LDFLAGS="$save_LDFLAGS"
+ LDFLAGS=$save_LDFLAGS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
-if test x"$lt_cv_prog_compiler_static_works" = xyes; then
+if test yes = "$lt_cv_prog_compiler_static_works"; then
:
else
lt_prog_compiler_static=
@@ -13781,8 +14116,8 @@ $as_echo "$lt_cv_prog_compiler_c_o" >&6; }
-hard_links="nottested"
-if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
+hard_links=nottested
+if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then
# do not overwrite the value of need_locks provided by the user
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
$as_echo_n "checking if we can lock with hard links... " >&6; }
@@ -13794,9 +14129,9 @@ $as_echo_n "checking if we can lock with hard links... " >&6; }
ln conftest.a conftest.b 2>/dev/null && hard_links=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
$as_echo "$hard_links" >&6; }
- if test "$hard_links" = no; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
-$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ if test no = "$hard_links"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
need_locks=warn
fi
else
@@ -13839,9 +14174,9 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie
# included in the symbol list
include_expsyms=
# exclude_expsyms can be an extended regexp of symbols to exclude
- # it will be wrapped by ` (' and `)$', so one must not match beginning or
- # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
- # as well as any symbol that contains `d'.
+ # it will be wrapped by ' (' and ')$', so one must not match beginning or
+ # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
+ # as well as any symbol that contains 'd'.
exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
# Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
# platforms (ab)use it in PIC code, but their linkers get confused if
@@ -13856,7 +14191,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie
# FIXME: the MSVC++ port hasn't been tested in a loooong time
# When not using gcc, we currently assume that we are using
# Microsoft Visual C++.
- if test "$GCC" != yes; then
+ if test yes != "$GCC"; then
with_gnu_ld=no
fi
;;
@@ -13864,7 +14199,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie
# we just hope/assume this is gcc and not c89 (= MSVC++)
with_gnu_ld=yes
;;
- openbsd*)
+ openbsd* | bitrig*)
with_gnu_ld=no
;;
linux* | k*bsd*-gnu | gnu*)
@@ -13877,7 +14212,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie
# On some targets, GNU ld is compatible enough with the native linker
# that we're better off using the native interface for both.
lt_use_gnu_ld_interface=no
- if test "$with_gnu_ld" = yes; then
+ if test yes = "$with_gnu_ld"; then
case $host_os in
aix*)
# The AIX port of GNU ld has always aspired to compatibility
@@ -13899,24 +14234,24 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie
esac
fi
- if test "$lt_use_gnu_ld_interface" = yes; then
+ if test yes = "$lt_use_gnu_ld_interface"; then
# If archive_cmds runs LD, not CC, wlarc should be empty
- wlarc='${wl}'
+ wlarc='$wl'
# Set some defaults for GNU ld with shared library support. These
# are reset later if shared libraries are not supported. Putting them
# here allows them to be overridden if necessary.
runpath_var=LD_RUN_PATH
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- export_dynamic_flag_spec='${wl}--export-dynamic'
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+ export_dynamic_flag_spec='$wl--export-dynamic'
# ancient GNU ld didn't support --whole-archive et. al.
if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
- whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
else
whole_archive_flag_spec=
fi
supports_anon_versioning=no
- case `$LD -v 2>&1` in
+ case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in
*GNU\ gold*) supports_anon_versioning=yes ;;
*\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
*\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
@@ -13929,7 +14264,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie
case $host_os in
aix[3-9]*)
# On AIX/PPC, the GNU linker is very broken
- if test "$host_cpu" != ia64; then
+ if test ia64 != "$host_cpu"; then
ld_shlibs=no
cat <<_LT_EOF 1>&2
@@ -13948,7 +14283,7 @@ _LT_EOF
case $host_cpu in
powerpc)
# see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
archive_expsym_cmds=''
;;
m68k)
@@ -13964,7 +14299,7 @@ _LT_EOF
allow_undefined_flag=unsupported
# Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
# support --undefined. This deserves some investigation. FIXME
- archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
else
ld_shlibs=no
fi
@@ -13974,7 +14309,7 @@ _LT_EOF
# _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
# as there is no search path for DLLs.
hardcode_libdir_flag_spec='-L$libdir'
- export_dynamic_flag_spec='${wl}--export-all-symbols'
+ export_dynamic_flag_spec='$wl--export-all-symbols'
allow_undefined_flag=unsupported
always_export_symbols=no
enable_shared_with_static_runtimes=yes
@@ -13982,61 +14317,89 @@ _LT_EOF
exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'
if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file (1st line
- # is EXPORTS), use it as is; otherwise, prepend...
- archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file, use it as
+ # is; otherwise, prepend EXPORTS...
+ archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
else
ld_shlibs=no
fi
;;
haiku*)
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
link_all_deplibs=yes
;;
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ allow_undefined_flag=unsupported
+ shrext_cmds=.dll
+ archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ prefix_cmds="$SED"~
+ if test EXPORTS = "`$SED 1q $export_symbols`"; then
+ prefix_cmds="$prefix_cmds -e 1d";
+ fi~
+ prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+ cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+ enable_shared_with_static_runtimes=yes
+ ;;
+
interix[3-9]*)
hardcode_direct=no
hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
- export_dynamic_flag_spec='${wl}-E'
+ hardcode_libdir_flag_spec='$wl-rpath,$libdir'
+ export_dynamic_flag_spec='$wl-E'
# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
# Instead, shared libraries are loaded at an image base (0x10000000 by
# default) and relocated if they conflict, which is a slow very memory
# consuming and fragmenting process. To avoid this, we pick a random,
# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
# time. Moving up from 0x10000000 also allows more sbrk(2) space.
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
;;
gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
tmp_diet=no
- if test "$host_os" = linux-dietlibc; then
+ if test linux-dietlibc = "$host_os"; then
case $cc_basename in
diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
esac
fi
if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
- && test "$tmp_diet" = no
+ && test no = "$tmp_diet"
then
tmp_addflag=' $pic_flag'
tmp_sharedflag='-shared'
case $cc_basename,$host_cpu in
pgcc*) # Portland Group C compiler
- whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
tmp_addflag=' $pic_flag'
;;
pgf77* | pgf90* | pgf95* | pgfortran*)
# Portland Group f77 and f90 compilers
- whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
tmp_addflag=' $pic_flag -Mnomain' ;;
ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
tmp_addflag=' -i_dynamic' ;;
@@ -14047,42 +14410,47 @@ _LT_EOF
lf95*) # Lahey Fortran 8.1
whole_archive_flag_spec=
tmp_sharedflag='--shared' ;;
+ nagfor*) # NAGFOR 5.3
+ tmp_sharedflag='-Wl,-shared' ;;
xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
tmp_sharedflag='-qmkshrobj'
tmp_addflag= ;;
nvcc*) # Cuda Compiler Driver 2.2
- whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
compiler_needs_object=yes
;;
esac
case `$CC -V 2>&1 | sed 5q` in
*Sun\ C*) # Sun C 5.9
- whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
compiler_needs_object=yes
tmp_sharedflag='-G' ;;
*Sun\ F*) # Sun Fortran 8.3
tmp_sharedflag='-G' ;;
esac
- archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- if test "x$supports_anon_versioning" = xyes; then
+ if test yes = "$supports_anon_versioning"; then
archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
fi
case $cc_basename in
+ tcc*)
+ export_dynamic_flag_spec='-rdynamic'
+ ;;
xlf* | bgf* | bgxlf* | mpixlf*)
# IBM XL Fortran 10.1 on PPC cannot create shared libs itself
whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
- if test "x$supports_anon_versioning" = xyes; then
+ if test yes = "$supports_anon_versioning"; then
archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
fi
;;
esac
@@ -14096,8 +14464,8 @@ _LT_EOF
archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
wlarc=
else
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
fi
;;
@@ -14115,8 +14483,8 @@ _LT_EOF
_LT_EOF
elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
else
ld_shlibs=no
fi
@@ -14128,7 +14496,7 @@ _LT_EOF
ld_shlibs=no
cat <<_LT_EOF 1>&2
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
*** reliably create shared libraries on SCO systems. Therefore, libtool
*** is disabling shared libraries support. We urge you to upgrade GNU
*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
@@ -14143,9 +14511,9 @@ _LT_EOF
# DT_RUNPATH tag from executables and libraries. But doing so
# requires that you compile everything twice, which is a pain.
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
else
ld_shlibs=no
fi
@@ -14162,15 +14530,15 @@ _LT_EOF
*)
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
else
ld_shlibs=no
fi
;;
esac
- if test "$ld_shlibs" = no; then
+ if test no = "$ld_shlibs"; then
runpath_var=
hardcode_libdir_flag_spec=
export_dynamic_flag_spec=
@@ -14186,7 +14554,7 @@ _LT_EOF
# Note: this linker hardcodes the directories in LIBPATH if there
# are no directories specified by -L.
hardcode_minus_L=yes
- if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
# Neither direct hardcoding nor static linking is supported with a
# broken collect2.
hardcode_direct=unsupported
@@ -14194,34 +14562,57 @@ _LT_EOF
;;
aix[4-9]*)
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# On IA64, the linker does run time linking by default, so we don't
# have to do anything special.
aix_use_runtimelinking=no
exp_sym_flag='-Bexport'
- no_entry_flag=""
+ no_entry_flag=
else
# If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to AIX nm, but means don't demangle with GNU nm
- # Also, AIX nm treats weak defined symbols like other global
- # defined symbols, whereas GNU nm marks them as "W".
+ # -C means demangle to GNU nm, but means don't demangle to AIX nm.
+ # Without the "-l" option, or with the "-B" option, AIX nm treats
+ # weak defined symbols like other global defined symbols, whereas
+ # GNU nm marks them as "W".
+ # While the 'weak' keyword is ignored in the Export File, we need
+ # it in the Import File for the 'aix-soname' feature, so we have
+ # to replace the "-B" option with "-P" for AIX nm.
if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
else
- export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
fi
aix_use_runtimelinking=no
# Test if we are trying to use run time linking or normal
# AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # need to do runtime linking.
+ # have runtime linking enabled, and use it for executables.
+ # For shared libraries, we enable/disable runtime linking
+ # depending on the kind of the shared library created -
+ # when "with_aix_soname,aix_use_runtimelinking" is:
+ # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
+ # "aix,yes" lib.so shared, rtl:yes, for executables
+ # lib.a static archive
+ # "both,no" lib.so.V(shr.o) shared, rtl:yes
+ # lib.a(lib.so.V) shared, rtl:no, for executables
+ # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
+ # lib.a(lib.so.V) shared, rtl:no
+ # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
+ # lib.a static archive
case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
for ld_flag in $LDFLAGS; do
- if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
aix_use_runtimelinking=yes
break
fi
done
+ if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
+ # With aix-soname=svr4, we create the lib.so.V shared archives only,
+ # so we don't have lib.a shared libs to link our executables.
+ # We have to force runtime linking in this case.
+ aix_use_runtimelinking=yes
+ LDFLAGS="$LDFLAGS -Wl,-brtl"
+ fi
;;
esac
@@ -14240,13 +14631,21 @@ _LT_EOF
hardcode_direct_absolute=yes
hardcode_libdir_separator=':'
link_all_deplibs=yes
- file_list_spec='${wl}-f,'
+ file_list_spec='$wl-f,'
+ case $with_aix_soname,$aix_use_runtimelinking in
+ aix,*) ;; # traditional, no import file
+ svr4,* | *,yes) # use import file
+ # The Import File defines what to hardcode.
+ hardcode_direct=no
+ hardcode_direct_absolute=no
+ ;;
+ esac
- if test "$GCC" = yes; then
+ if test yes = "$GCC"; then
case $host_os in aix4.[012]|aix4.[012].*)
# We only want to do this on AIX 4.2 and lower, the check
# below for broken collect2 doesn't work under 4.3+
- collect2name=`${CC} -print-prog-name=collect2`
+ collect2name=`$CC -print-prog-name=collect2`
if test -f "$collect2name" &&
strings "$collect2name" | $GREP resolve_lib_name >/dev/null
then
@@ -14265,36 +14664,42 @@ _LT_EOF
;;
esac
shared_flag='-shared'
- if test "$aix_use_runtimelinking" = yes; then
- shared_flag="$shared_flag "'${wl}-G'
+ if test yes = "$aix_use_runtimelinking"; then
+ shared_flag="$shared_flag "'$wl-G'
fi
- link_all_deplibs=no
+ # Need to ensure runtime linking is disabled for the traditional
+ # shared library, or the linker may eventually find shared libraries
+ # /with/ Import File - we do not want to mix them.
+ shared_flag_aix='-shared'
+ shared_flag_svr4='-shared $wl-G'
else
# not using gcc
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
# chokes on -Wl,-G. The following line is correct:
shared_flag='-G'
else
- if test "$aix_use_runtimelinking" = yes; then
- shared_flag='${wl}-G'
+ if test yes = "$aix_use_runtimelinking"; then
+ shared_flag='$wl-G'
else
- shared_flag='${wl}-bM:SRE'
+ shared_flag='$wl-bM:SRE'
fi
+ shared_flag_aix='$wl-bM:SRE'
+ shared_flag_svr4='$wl-G'
fi
fi
- export_dynamic_flag_spec='${wl}-bexpall'
+ export_dynamic_flag_spec='$wl-bexpall'
# It seems that -bexpall does not export symbols beginning with
# underscore (_), so it is better to generate a list of symbols to export.
always_export_symbols=yes
- if test "$aix_use_runtimelinking" = yes; then
+ if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
# Warning - without using the other runtime loading flags (-brtl),
# -berok will link without error, but may produce a broken library.
allow_undefined_flag='-berok'
# Determine the default libpath from the value encoded in an
# empty executable.
- if test "${lt_cv_aix_libpath+set}" = set; then
+ if test set = "${lt_cv_aix_libpath+set}"; then
aix_libpath=$lt_cv_aix_libpath
else
if ${lt_cv_aix_libpath_+:} false; then :
@@ -14329,7 +14734,7 @@ fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_="/usr/lib:/lib"
+ lt_cv_aix_libpath_=/usr/lib:/lib
fi
fi
@@ -14337,17 +14742,17 @@ fi
aix_libpath=$lt_cv_aix_libpath_
fi
- hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
- archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
else
- if test "$host_cpu" = ia64; then
- hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+ if test ia64 = "$host_cpu"; then
+ hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib'
allow_undefined_flag="-z nodefs"
- archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
else
# Determine the default libpath from the value encoded in an
# empty executable.
- if test "${lt_cv_aix_libpath+set}" = set; then
+ if test set = "${lt_cv_aix_libpath+set}"; then
aix_libpath=$lt_cv_aix_libpath
else
if ${lt_cv_aix_libpath_+:} false; then :
@@ -14382,7 +14787,7 @@ fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_="/usr/lib:/lib"
+ lt_cv_aix_libpath_=/usr/lib:/lib
fi
fi
@@ -14390,21 +14795,33 @@ fi
aix_libpath=$lt_cv_aix_libpath_
fi
- hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
# Warning - without using the other run time loading flags,
# -berok will link without error, but may produce a broken library.
- no_undefined_flag=' ${wl}-bernotok'
- allow_undefined_flag=' ${wl}-berok'
- if test "$with_gnu_ld" = yes; then
+ no_undefined_flag=' $wl-bernotok'
+ allow_undefined_flag=' $wl-berok'
+ if test yes = "$with_gnu_ld"; then
# We only use this code for GNU lds that support --whole-archive.
- whole_archive_flag_spec='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive'
else
# Exported symbols can be pulled into shared objects from archives
whole_archive_flag_spec='$convenience'
fi
archive_cmds_need_lc=yes
- # This is similar to how AIX traditionally builds its shared libraries.
- archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
+ # -brtl affects multiple linker settings, -berok does not and is overridden later
+ compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`'
+ if test svr4 != "$with_aix_soname"; then
+ # This is similar to how AIX traditionally builds its shared libraries.
+ archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
+ fi
+ if test aix != "$with_aix_soname"; then
+ archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > [...]
+ else
+ # used by -dlpreopen to get the symbols
+ archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
+ fi
+ archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d'
fi
fi
;;
@@ -14413,7 +14830,7 @@ fi
case $host_cpu in
powerpc)
# see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
archive_expsym_cmds=''
;;
m68k)
@@ -14443,16 +14860,17 @@ fi
# Tell ltmain to make .lib files, not .a files.
libext=lib
# Tell ltmain to make .dll files, not .so files.
- shrext_cmds=".dll"
+ shrext_cmds=.dll
# FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames='
- archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
- sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp;
- else
- sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
+ archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
+ archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
+ cp "$export_symbols" "$output_objdir/$soname.def";
+ echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
+ else
+ $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
+ fi~
+ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+ linknames='
# The linker will not automatically build a static lib if we build a DLL.
# _LT_TAGVAR(old_archive_from_new_cmds, )='true'
enable_shared_with_static_runtimes=yes
@@ -14461,18 +14879,18 @@ fi
# Don't use ranlib
old_postinstall_cmds='chmod 644 $oldlib'
postlink_cmds='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile="$lt_outputfile.exe"
- lt_tool_outputfile="$lt_tool_outputfile.exe"
- ;;
- esac~
- if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
+ lt_tool_outputfile="@TOOL_OUTPUT@"~
+ case $lt_outputfile in
+ *.exe|*.EXE) ;;
+ *)
+ lt_outputfile=$lt_outputfile.exe
+ lt_tool_outputfile=$lt_tool_outputfile.exe
+ ;;
+ esac~
+ if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
+ $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
+ $RM "$lt_outputfile.manifest";
+ fi'
;;
*)
# Assume MSVC wrapper
@@ -14481,7 +14899,7 @@ fi
# Tell ltmain to make .lib files, not .a files.
libext=lib
# Tell ltmain to make .dll files, not .so files.
- shrext_cmds=".dll"
+ shrext_cmds=.dll
# FIXME: Setting linknames here is a bad hack.
archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
# The linker will automatically build a .lib file if we build a DLL.
@@ -14500,24 +14918,24 @@ fi
hardcode_direct=no
hardcode_automatic=yes
hardcode_shlibpath_var=unsupported
- if test "$lt_cv_ld_force_load" = "yes"; then
- whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+ if test yes = "$lt_cv_ld_force_load"; then
+ whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
else
whole_archive_flag_spec=''
fi
link_all_deplibs=yes
- allow_undefined_flag="$_lt_dar_allow_undefined"
+ allow_undefined_flag=$_lt_dar_allow_undefined
case $cc_basename in
- ifort*) _lt_dar_can_shared=yes ;;
+ ifort*|nagfor*) _lt_dar_can_shared=yes ;;
*) _lt_dar_can_shared=$GCC ;;
esac
- if test "$_lt_dar_can_shared" = "yes"; then
+ if test yes = "$_lt_dar_can_shared"; then
output_verbose_link_cmd=func_echo_all
- archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
- module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
- archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
- module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+ archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
+ module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
+ archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+ module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
else
ld_shlibs=no
@@ -14559,33 +14977,33 @@ fi
;;
hpux9*)
- if test "$GCC" = yes; then
- archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ if test yes = "$GCC"; then
+ archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
else
- archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
fi
- hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_flag_spec='$wl+b $wl$libdir'
hardcode_libdir_separator=:
hardcode_direct=yes
# hardcode_minus_L: Not really in the search PATH,
# but as the default location of the library.
hardcode_minus_L=yes
- export_dynamic_flag_spec='${wl}-E'
+ export_dynamic_flag_spec='$wl-E'
;;
hpux10*)
- if test "$GCC" = yes && test "$with_gnu_ld" = no; then
- archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ if test yes,no = "$GCC,$with_gnu_ld"; then
+ archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
else
archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
fi
- if test "$with_gnu_ld" = no; then
- hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ if test no = "$with_gnu_ld"; then
+ hardcode_libdir_flag_spec='$wl+b $wl$libdir'
hardcode_libdir_separator=:
hardcode_direct=yes
hardcode_direct_absolute=yes
- export_dynamic_flag_spec='${wl}-E'
+ export_dynamic_flag_spec='$wl-E'
# hardcode_minus_L: Not really in the search PATH,
# but as the default location of the library.
hardcode_minus_L=yes
@@ -14593,25 +15011,25 @@ fi
;;
hpux11*)
- if test "$GCC" = yes && test "$with_gnu_ld" = no; then
+ if test yes,no = "$GCC,$with_gnu_ld"; then
case $host_cpu in
hppa*64*)
- archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
;;
ia64*)
- archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
;;
*)
- archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
;;
esac
else
case $host_cpu in
hppa*64*)
- archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
;;
ia64*)
- archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
;;
*)
@@ -14623,7 +15041,7 @@ if ${lt_cv_prog_compiler__b+:} false; then :
$as_echo_n "(cached) " >&6
else
lt_cv_prog_compiler__b=no
- save_LDFLAGS="$LDFLAGS"
+ save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS -b"
echo "$lt_simple_link_test_code" > conftest.$ac_ext
if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
@@ -14642,14 +15060,14 @@ else
fi
fi
$RM -r conftest*
- LDFLAGS="$save_LDFLAGS"
+ LDFLAGS=$save_LDFLAGS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
$as_echo "$lt_cv_prog_compiler__b" >&6; }
-if test x"$lt_cv_prog_compiler__b" = xyes; then
- archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+if test yes = "$lt_cv_prog_compiler__b"; then
+ archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
else
archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
fi
@@ -14657,8 +15075,8 @@ fi
;;
esac
fi
- if test "$with_gnu_ld" = no; then
- hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ if test no = "$with_gnu_ld"; then
+ hardcode_libdir_flag_spec='$wl+b $wl$libdir'
hardcode_libdir_separator=:
case $host_cpu in
@@ -14669,7 +15087,7 @@ fi
*)
hardcode_direct=yes
hardcode_direct_absolute=yes
- export_dynamic_flag_spec='${wl}-E'
+ export_dynamic_flag_spec='$wl-E'
# hardcode_minus_L: Not really in the search PATH,
# but as the default location of the library.
@@ -14680,8 +15098,8 @@ fi
;;
irix5* | irix6* | nonstopux*)
- if test "$GCC" = yes; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ if test yes = "$GCC"; then
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
# Try to use the -exported_symbol ld option, if it does not
# work, assume that -exports_file does not work either and
# implicitly export all symbols.
@@ -14691,8 +15109,8 @@ $as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >
if ${lt_cv_irix_exported_symbol+:} false; then :
$as_echo_n "(cached) " >&6
else
- save_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+ save_LDFLAGS=$LDFLAGS
+ LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int foo (void) { return 0; }
@@ -14704,24 +15122,35 @@ else
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
- LDFLAGS="$save_LDFLAGS"
+ LDFLAGS=$save_LDFLAGS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
$as_echo "$lt_cv_irix_exported_symbol" >&6; }
- if test "$lt_cv_irix_exported_symbol" = yes; then
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+ if test yes = "$lt_cv_irix_exported_symbol"; then
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
fi
+ link_all_deplibs=no
else
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
fi
archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
hardcode_libdir_separator=:
inherit_rpath=yes
link_all_deplibs=yes
;;
+ linux*)
+ case $cc_basename in
+ tcc*)
+ # Fabrice Bellard et al's Tiny C Compiler
+ ld_shlibs=yes
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
@@ -14736,7 +15165,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
newsos6)
archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
hardcode_direct=yes
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
hardcode_libdir_separator=:
hardcode_shlibpath_var=no
;;
@@ -14744,27 +15173,19 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
*nto* | *qnx*)
;;
- openbsd*)
+ openbsd* | bitrig*)
if test -f /usr/libexec/ld.so; then
hardcode_direct=yes
hardcode_shlibpath_var=no
hardcode_direct_absolute=yes
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
- hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
- export_dynamic_flag_spec='${wl}-E'
+ archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec='$wl-rpath,$libdir'
+ export_dynamic_flag_spec='$wl-E'
else
- case $host_os in
- openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-R$libdir'
- ;;
- *)
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
- ;;
- esac
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='$wl-rpath,$libdir'
fi
else
ld_shlibs=no
@@ -14775,33 +15196,53 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
hardcode_libdir_flag_spec='-L$libdir'
hardcode_minus_L=yes
allow_undefined_flag=unsupported
- archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
- old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ shrext_cmds=.dll
+ archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ prefix_cmds="$SED"~
+ if test EXPORTS = "`$SED 1q $export_symbols`"; then
+ prefix_cmds="$prefix_cmds -e 1d";
+ fi~
+ prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+ cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+ enable_shared_with_static_runtimes=yes
;;
osf3*)
- if test "$GCC" = yes; then
- allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
- archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ if test yes = "$GCC"; then
+ allow_undefined_flag=' $wl-expect_unresolved $wl\*'
+ archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
else
allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
fi
archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
hardcode_libdir_separator=:
;;
osf4* | osf5*) # as osf3* with the addition of -msym flag
- if test "$GCC" = yes; then
- allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
- archive_cmds='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ if test yes = "$GCC"; then
+ allow_undefined_flag=' $wl-expect_unresolved $wl\*'
+ archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
else
allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+ $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
# Both c and cxx compiler support -rpath directly
hardcode_libdir_flag_spec='-rpath $libdir'
@@ -14812,24 +15253,24 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
solaris*)
no_undefined_flag=' -z defs'
- if test "$GCC" = yes; then
- wlarc='${wl}'
- archive_cmds='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ if test yes = "$GCC"; then
+ wlarc='$wl'
+ archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
else
case `$CC -V 2>&1` in
*"Compilers 5.0"*)
wlarc=''
- archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+ $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
;;
*)
- wlarc='${wl}'
- archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ wlarc='$wl'
+ archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
;;
esac
fi
@@ -14839,11 +15280,11 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
solaris2.[0-5] | solaris2.[0-5].*) ;;
*)
# The compiler driver will combine and reorder linker options,
- # but understands `-z linker_flag'. GCC discards it without `$wl',
+ # but understands '-z linker_flag'. GCC discards it without '$wl',
# but is careful enough not to reorder.
# Supported since Solaris 2.6 (maybe 2.5.1?)
- if test "$GCC" = yes; then
- whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ if test yes = "$GCC"; then
+ whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
else
whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
fi
@@ -14853,10 +15294,10 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
;;
sunos4*)
- if test "x$host_vendor" = xsequent; then
+ if test sequent = "$host_vendor"; then
# Use $CC to link under sequent, because it throws in some extra .o
# files that make .init and .fini sections work.
- archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
else
archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
fi
@@ -14905,43 +15346,43 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
;;
sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
- no_undefined_flag='${wl}-z,text'
+ no_undefined_flag='$wl-z,text'
archive_cmds_need_lc=no
hardcode_shlibpath_var=no
runpath_var='LD_RUN_PATH'
- if test "$GCC" = yes; then
- archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ if test yes = "$GCC"; then
+ archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
else
- archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
fi
;;
sysv5* | sco3.2v5* | sco5v6*)
- # Note: We can NOT use -z defs as we might desire, because we do not
+ # Note: We CANNOT use -z defs as we might desire, because we do not
# link with -lc, and that would cause any symbols used from libc to
# always be unresolved, which means just about no library would
# ever link correctly. If we're not using GNU ld we use -z text
# though, which does catch some bad symbols but isn't as heavy-handed
# as -z defs.
- no_undefined_flag='${wl}-z,text'
- allow_undefined_flag='${wl}-z,nodefs'
+ no_undefined_flag='$wl-z,text'
+ allow_undefined_flag='$wl-z,nodefs'
archive_cmds_need_lc=no
hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='${wl}-R,$libdir'
+ hardcode_libdir_flag_spec='$wl-R,$libdir'
hardcode_libdir_separator=':'
link_all_deplibs=yes
- export_dynamic_flag_spec='${wl}-Bexport'
+ export_dynamic_flag_spec='$wl-Bexport'
runpath_var='LD_RUN_PATH'
- if test "$GCC" = yes; then
- archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ if test yes = "$GCC"; then
+ archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
else
- archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
fi
;;
@@ -14956,10 +15397,10 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
;;
esac
- if test x$host_vendor = xsni; then
+ if test sni = "$host_vendor"; then
case $host in
sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
- export_dynamic_flag_spec='${wl}-Blargedynsym'
+ export_dynamic_flag_spec='$wl-Blargedynsym'
;;
esac
fi
@@ -14967,7 +15408,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
$as_echo "$ld_shlibs" >&6; }
-test "$ld_shlibs" = no && can_build_shared=no
+test no = "$ld_shlibs" && can_build_shared=no
with_gnu_ld=$with_gnu_ld
@@ -14993,7 +15434,7 @@ x|xyes)
# Assume -lc should be added
archive_cmds_need_lc=yes
- if test "$enable_shared" = yes && test "$GCC" = yes; then
+ if test yes,yes = "$GCC,$enable_shared"; then
case $archive_cmds in
*'~'*)
# FIXME: we may have to deal with multi-command sequences.
@@ -15208,14 +15649,14 @@ esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
$as_echo_n "checking dynamic linker characteristics... " >&6; }
-if test "$GCC" = yes; then
+if test yes = "$GCC"; then
case $host_os in
- darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
- *) lt_awk_arg="/^libraries:/" ;;
+ darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
+ *) lt_awk_arg='/^libraries:/' ;;
esac
case $host_os in
- mingw* | cegcc*) lt_sed_strip_eq="s,=\([A-Za-z]:\),\1,g" ;;
- *) lt_sed_strip_eq="s,=/,/,g" ;;
+ mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;;
+ *) lt_sed_strip_eq='s|=/|/|g' ;;
esac
lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
case $lt_search_path_spec in
@@ -15231,28 +15672,35 @@ if test "$GCC" = yes; then
;;
esac
# Ok, now we have the path, separated by spaces, we can step through it
- # and add multilib dir if necessary.
+ # and add multilib dir if necessary...
lt_tmp_lt_search_path_spec=
- lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ # ...but if some path component already ends with the multilib dir we assume
+ # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
+ case "$lt_multi_os_dir; $lt_search_path_spec " in
+ "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
+ lt_multi_os_dir=
+ ;;
+ esac
for lt_sys_path in $lt_search_path_spec; do
- if test -d "$lt_sys_path/$lt_multi_os_dir"; then
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
- else
+ if test -d "$lt_sys_path$lt_multi_os_dir"; then
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
+ elif test -n "$lt_multi_os_dir"; then
test -d "$lt_sys_path" && \
lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
fi
done
lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS=" "; FS="/|\n";} {
- lt_foo="";
- lt_count=0;
+BEGIN {RS = " "; FS = "/|\n";} {
+ lt_foo = "";
+ lt_count = 0;
for (lt_i = NF; lt_i > 0; lt_i--) {
if ($lt_i != "" && $lt_i != ".") {
if ($lt_i == "..") {
lt_count++;
} else {
if (lt_count == 0) {
- lt_foo="/" $lt_i lt_foo;
+ lt_foo = "/" $lt_i lt_foo;
} else {
lt_count--;
}
@@ -15266,7 +15714,7 @@ BEGIN {RS=" "; FS="/|\n";} {
# for these hosts.
case $host_os in
mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
- $SED 's,/\([A-Za-z]:\),\1,g'` ;;
+ $SED 's|/\([A-Za-z]:\)|\1|g'` ;;
esac
sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
else
@@ -15275,7 +15723,7 @@ fi
library_names_spec=
libname_spec='lib$name'
soname_spec=
-shrext_cmds=".so"
+shrext_cmds=.so
postinstall_cmds=
postuninstall_cmds=
finish_cmds=
@@ -15292,14 +15740,16 @@ hardcode_into_libs=no
# flags to be left without arguments
need_version=unknown
+
+
case $host_os in
aix3*)
version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
shlibpath_var=LIBPATH
# AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='${libname}${release}${shared_ext}$major'
+ soname_spec='$libname$release$shared_ext$major'
;;
aix[4-9]*)
@@ -15307,41 +15757,91 @@ aix[4-9]*)
need_lib_prefix=no
need_version=no
hardcode_into_libs=yes
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# AIX 5 supports IA64
- library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
shlibpath_var=LD_LIBRARY_PATH
else
# With GCC up to 2.95.x, collect2 would create an import file
# for dependence libraries. The import file would start with
- # the line `#! .'. This would cause the generated library to
- # depend on `.', always an invalid library. This was fixed in
+ # the line '#! .'. This would cause the generated library to
+ # depend on '.', always an invalid library. This was fixed in
# development snapshots of GCC prior to 3.0.
case $host_os in
aix4 | aix4.[01] | aix4.[01].*)
if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
echo ' yes '
- echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+ echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
:
else
can_build_shared=no
fi
;;
esac
- # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # Using Import Files as archive members, it is possible to support
+ # filename-based versioning of shared library archives on AIX. While
+ # this would work for both with and without runtime linking, it will
+ # prevent static linking of such archives. So we do filename-based
+ # shared library versioning with .so extension only, which is used
+ # when both runtime linking and shared linking is enabled.
+ # Unfortunately, runtime linking may impact performance, so we do
+ # not want this to be the default eventually. Also, we use the
+ # versioned .so libs for executables only if there is the -brtl
+ # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
+ # To allow for filename-based versioning support, we need to create
+ # libNAME.so.V as an archive file, containing:
+ # *) an Import File, referring to the versioned filename of the
+ # archive as well as the shared archive member, telling the
+ # bitwidth (32 or 64) of that shared object, and providing the
+ # list of exported symbols of that shared object, eventually
+ # decorated with the 'weak' keyword
+ # *) the shared object with the F_LOADONLY flag set, to really avoid
+ # it being seen by the linker.
+ # At run time we better use the real file rather than another symlink,
+ # but for link time we create the symlink libNAME.so -> libNAME.so.V
+
+ case $with_aix_soname,$aix_use_runtimelinking in
+ # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
# soname into executable. Probably we can add versioning support to
# collect2, so additional links can be useful in future.
- if test "$aix_use_runtimelinking" = yes; then
+ aix,yes) # traditional libtool
+ dynamic_linker='AIX unversionable lib.so'
# If using run time linking (on AIX 4.2 or later) use lib<name>.so
# instead of lib<name>.a to let people know that these are not
# typical AIX shared libraries.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- else
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ ;;
+ aix,no) # traditional AIX only
+ dynamic_linker='AIX lib.a(lib.so.V)'
# We preserve .a as extension for shared libraries through AIX4.2
# and later when we are not doing run time linking.
- library_names_spec='${libname}${release}.a $libname.a'
- soname_spec='${libname}${release}${shared_ext}$major'
- fi
+ library_names_spec='$libname$release.a $libname.a'
+ soname_spec='$libname$release$shared_ext$major'
+ ;;
+ svr4,*) # full svr4 only
+ dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)"
+ library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+ # We do not specify a path in Import Files, so LIBPATH fires.
+ shlibpath_overrides_runpath=yes
+ ;;
+ *,yes) # both, prefer svr4
+ dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)"
+ library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+ # unpreferred sharedlib libNAME.a needs extra handling
+ postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
+ postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
+ # We do not specify a path in Import Files, so LIBPATH fires.
+ shlibpath_overrides_runpath=yes
+ ;;
+ *,no) # both, prefer aix
+ dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)"
+ library_names_spec='$libname$release.a $libname.a'
+ soname_spec='$libname$release$shared_ext$major'
+ # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
+ postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
+ postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
+ ;;
+ esac
shlibpath_var=LIBPATH
fi
;;
@@ -15351,18 +15851,18 @@ amigaos*)
powerpc)
# Since July 2007 AmigaOS4 officially supports .so libraries.
# When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
;;
m68k)
library_names_spec='$libname.ixlibrary $libname.a'
# Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
;;
esac
;;
beos*)
- library_names_spec='${libname}${shared_ext}'
+ library_names_spec='$libname$shared_ext'
dynamic_linker="$host_os ld.so"
shlibpath_var=LIBRARY_PATH
;;
@@ -15370,8 +15870,8 @@ beos*)
bsdi[45]*)
version_type=linux # correct to gnu/linux during the next big refactor
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
shlibpath_var=LD_LIBRARY_PATH
sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
@@ -15383,7 +15883,7 @@ bsdi[45]*)
cygwin* | mingw* | pw32* | cegcc*)
version_type=windows
- shrext_cmds=".dll"
+ shrext_cmds=.dll
need_version=no
need_lib_prefix=no
@@ -15392,8 +15892,8 @@ cygwin* | mingw* | pw32* | cegcc*)
# gcc
library_names_spec='$libname.dll.a'
# DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \${file}`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ postinstall_cmds='base_file=`basename \$file`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
dldir=$destdir/`dirname \$dlpath`~
test -d \$dldir || mkdir -p \$dldir~
$install_prog $dir/$dlname \$dldir/$dlname~
@@ -15409,17 +15909,17 @@ cygwin* | mingw* | pw32* | cegcc*)
case $host_os in
cygwin*)
# Cygwin DLLs use 'cyg' prefix rather than 'lib'
- soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
;;
mingw* | cegcc*)
# MinGW DLLs use traditional 'lib' prefix
- soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
;;
pw32*)
# pw32 DLLs use 'pw' prefix rather than 'lib'
- library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
;;
esac
dynamic_linker='Win32 ld.exe'
@@ -15428,8 +15928,8 @@ cygwin* | mingw* | pw32* | cegcc*)
*,cl*)
# Native MSVC
libname_spec='$name'
- soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
- library_names_spec='${libname}.dll.lib'
+ soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+ library_names_spec='$libname.dll.lib'
case $build_os in
mingw*)
@@ -15456,7 +15956,7 @@ cygwin* | mingw* | pw32* | cegcc*)
sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
;;
*)
- sys_lib_search_path_spec="$LIB"
+ sys_lib_search_path_spec=$LIB
if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
# It is most probably a Windows format PATH.
sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
@@ -15469,8 +15969,8 @@ cygwin* | mingw* | pw32* | cegcc*)
esac
# DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \${file}`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ postinstall_cmds='base_file=`basename \$file`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
dldir=$destdir/`dirname \$dlpath`~
test -d \$dldir || mkdir -p \$dldir~
$install_prog $dir/$dlname \$dldir/$dlname'
@@ -15483,7 +15983,7 @@ cygwin* | mingw* | pw32* | cegcc*)
*)
# Assume MSVC wrapper
- library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
dynamic_linker='Win32 ld.exe'
;;
esac
@@ -15496,8 +15996,8 @@ darwin* | rhapsody*)
version_type=darwin
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
- soname_spec='${libname}${release}${major}$shared_ext'
+ library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
+ soname_spec='$libname$release$major$shared_ext'
shlibpath_overrides_runpath=yes
shlibpath_var=DYLD_LIBRARY_PATH
shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
@@ -15510,8 +16010,8 @@ dgux*)
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
;;
@@ -15529,12 +16029,13 @@ freebsd* | dragonfly*)
version_type=freebsd-$objformat
case $version_type in
freebsd-elf*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
need_version=no
need_lib_prefix=no
;;
freebsd-*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
need_version=yes
;;
esac
@@ -15564,10 +16065,10 @@ haiku*)
need_lib_prefix=no
need_version=no
dynamic_linker="$host_os runtime_loader"
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LIBRARY_PATH
- shlibpath_overrides_runpath=yes
+ shlibpath_overrides_runpath=no
sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
hardcode_into_libs=yes
;;
@@ -15585,14 +16086,15 @@ hpux9* | hpux10* | hpux11*)
dynamic_linker="$host_os dld.so"
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- if test "X$HPUX_IA64_MODE" = X32; then
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ if test 32 = "$HPUX_IA64_MODE"; then
sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ sys_lib_dlsearch_path_spec=/usr/lib/hpux32
else
sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ sys_lib_dlsearch_path_spec=/usr/lib/hpux64
fi
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
;;
hppa*64*)
shrext_cmds='.sl'
@@ -15600,8 +16102,8 @@ hpux9* | hpux10* | hpux11*)
dynamic_linker="$host_os dld.sl"
shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
;;
@@ -15610,8 +16112,8 @@ hpux9* | hpux10* | hpux11*)
dynamic_linker="$host_os dld.sl"
shlibpath_var=SHLIB_PATH
shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
;;
esac
# HP-UX runs *really* slowly unless shared libraries are mode 555, ...
@@ -15624,8 +16126,8 @@ interix[3-9]*)
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
@@ -15636,7 +16138,7 @@ irix5* | irix6* | nonstopux*)
case $host_os in
nonstopux*) version_type=nonstopux ;;
*)
- if test "$lt_cv_prog_gnu_ld" = yes; then
+ if test yes = "$lt_cv_prog_gnu_ld"; then
version_type=linux # correct to gnu/linux during the next big refactor
else
version_type=irix
@@ -15644,8 +16146,8 @@ irix5* | irix6* | nonstopux*)
esac
need_lib_prefix=no
need_version=no
- soname_spec='${libname}${release}${shared_ext}$major'
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='$libname$release$shared_ext$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
case $host_os in
irix5* | nonstopux*)
libsuff= shlibsuff=
@@ -15664,8 +16166,8 @@ irix5* | irix6* | nonstopux*)
esac
shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
- sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
+ sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
hardcode_into_libs=yes
;;
@@ -15674,13 +16176,33 @@ linux*oldld* | linux*aout* | linux*coff*)
dynamic_linker=no
;;
+linux*android*)
+ version_type=none # Android doesn't support versioned libraries.
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='$libname$release$shared_ext'
+ soname_spec='$libname$release$shared_ext'
+ finish_cmds=
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ dynamic_linker='Android linker'
+ # Don't embed -rpath directories since the linker doesn't support them.
+ hardcode_libdir_flag_spec='-L$libdir'
+ ;;
+
# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
@@ -15724,7 +16246,12 @@ fi
# before this can be enabled.
hardcode_into_libs=yes
- # Append ld.so.conf contents to the search path
+ # Ideally, we could use ldconfig to report *all* directores which are
+ # searched for libraries, however this is still not possible. Aside from not
+ # being certain /sbin/ldconfig is available, command
+ # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
+ # even though it is searched at run-time. Try to do the best guess by
+ # appending ld.so.conf contents (and includes) to the search path.
if test -f /etc/ld.so.conf; then
lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
@@ -15756,12 +16283,12 @@ netbsd*)
need_lib_prefix=no
need_version=no
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
dynamic_linker='NetBSD (a.out) ld.so'
else
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
dynamic_linker='NetBSD ld.elf_so'
fi
shlibpath_var=LD_LIBRARY_PATH
@@ -15771,7 +16298,7 @@ netbsd*)
newsos6)
version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
;;
@@ -15780,58 +16307,68 @@ newsos6)
version_type=qnx
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
dynamic_linker='ldqnx.so'
;;
-openbsd*)
+openbsd* | bitrig*)
version_type=sunos
- sys_lib_dlsearch_path_spec="/usr/lib"
+ sys_lib_dlsearch_path_spec=/usr/lib
need_lib_prefix=no
- # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
- case $host_os in
- openbsd3.3 | openbsd3.3.*) need_version=yes ;;
- *) need_version=no ;;
- esac
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
- case $host_os in
- openbsd2.[89] | openbsd2.[89].*)
- shlibpath_overrides_runpath=no
- ;;
- *)
- shlibpath_overrides_runpath=yes
- ;;
- esac
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+ need_version=no
else
- shlibpath_overrides_runpath=yes
+ need_version=yes
fi
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
;;
os2*)
libname_spec='$name'
- shrext_cmds=".dll"
+ version_type=windows
+ shrext_cmds=.dll
+ need_version=no
need_lib_prefix=no
- library_names_spec='$libname${shared_ext} $libname.a'
+ # OS/2 can only load a DLL with a base name of 8 characters or less.
+ soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
+ v=$($ECHO $release$versuffix | tr -d .-);
+ n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
+ $ECHO $n$v`$shared_ext'
+ library_names_spec='${libname}_dll.$libext'
dynamic_linker='OS/2 ld.exe'
- shlibpath_var=LIBPATH
+ shlibpath_var=BEGINLIBPATH
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ postinstall_cmds='base_file=`basename \$file`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
;;
osf3* | osf4* | osf5*)
version_type=osf
need_lib_prefix=no
need_version=no
- soname_spec='${libname}${release}${shared_ext}$major'
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='$libname$release$shared_ext$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
shlibpath_var=LD_LIBRARY_PATH
sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
;;
rdos*)
@@ -15842,8 +16379,8 @@ solaris*)
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
hardcode_into_libs=yes
@@ -15853,11 +16390,11 @@ solaris*)
sunos4*)
version_type=sunos
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
- if test "$with_gnu_ld" = yes; then
+ if test yes = "$with_gnu_ld"; then
need_lib_prefix=no
fi
need_version=yes
@@ -15865,8 +16402,8 @@ sunos4*)
sysv4 | sysv4.3*)
version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
case $host_vendor in
sni)
@@ -15887,24 +16424,24 @@ sysv4 | sysv4.3*)
;;
sysv4*MP*)
- if test -d /usr/nec ;then
+ if test -d /usr/nec; then
version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
- soname_spec='$libname${shared_ext}.$major'
+ library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
+ soname_spec='$libname$shared_ext.$major'
shlibpath_var=LD_LIBRARY_PATH
fi
;;
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- version_type=freebsd-elf
+ version_type=sco
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
hardcode_into_libs=yes
- if test "$with_gnu_ld" = yes; then
+ if test yes = "$with_gnu_ld"; then
sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
else
sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
@@ -15922,7 +16459,7 @@ tpf*)
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
@@ -15930,8 +16467,8 @@ tpf*)
uts4*)
version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
;;
@@ -15941,20 +16478,35 @@ uts4*)
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
$as_echo "$dynamic_linker" >&6; }
-test "$dynamic_linker" = no && can_build_shared=no
+test no = "$dynamic_linker" && can_build_shared=no
variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
+if test yes = "$GCC"; then
variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
fi
-if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
- sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
+ sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
fi
-if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
- sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+
+if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
+ sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
fi
+# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
+configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
+
+# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
+func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
+
+# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
+configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
+
+
+
+
+
+
@@ -16051,15 +16603,15 @@ $as_echo_n "checking how to hardcode library paths into programs... " >&6; }
hardcode_action=
if test -n "$hardcode_libdir_flag_spec" ||
test -n "$runpath_var" ||
- test "X$hardcode_automatic" = "Xyes" ; then
+ test yes = "$hardcode_automatic"; then
# We can hardcode non-existent directories.
- if test "$hardcode_direct" != no &&
+ if test no != "$hardcode_direct" &&
# If the only mechanism to avoid hardcoding is shlibpath_var, we
# have to relink, otherwise we might link with an installed library
# when we should be linking with a yet-to-be-installed one
- ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no &&
- test "$hardcode_minus_L" != no; then
+ ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" &&
+ test no != "$hardcode_minus_L"; then
# Linking always hardcodes the temporary library directory.
hardcode_action=relink
else
@@ -16074,12 +16626,12 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
$as_echo "$hardcode_action" >&6; }
-if test "$hardcode_action" = relink ||
- test "$inherit_rpath" = yes; then
+if test relink = "$hardcode_action" ||
+ test yes = "$inherit_rpath"; then
# Fast installation is not supported
enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
- test "$enable_shared" = no; then
+elif test yes = "$shlibpath_overrides_runpath" ||
+ test no = "$enable_shared"; then
# Fast installation is not necessary
enable_fast_install=needless
fi
@@ -16089,7 +16641,7 @@ fi
- if test "x$enable_dlopen" != xyes; then
+ if test yes != "$enable_dlopen"; then
enable_dlopen=unknown
enable_dlopen_self=unknown
enable_dlopen_self_static=unknown
@@ -16099,23 +16651,23 @@ else
case $host_os in
beos*)
- lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen=load_add_on
lt_cv_dlopen_libs=
lt_cv_dlopen_self=yes
;;
mingw* | pw32* | cegcc*)
- lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen=LoadLibrary
lt_cv_dlopen_libs=
;;
cygwin*)
- lt_cv_dlopen="dlopen"
+ lt_cv_dlopen=dlopen
lt_cv_dlopen_libs=
;;
darwin*)
- # if libdl is installed we need to link against it
+ # if libdl is installed we need to link against it
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
$as_echo_n "checking for dlopen in -ldl... " >&6; }
if ${ac_cv_lib_dl_dlopen+:} false; then :
@@ -16153,10 +16705,10 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
- lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+ lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
else
- lt_cv_dlopen="dyld"
+ lt_cv_dlopen=dyld
lt_cv_dlopen_libs=
lt_cv_dlopen_self=yes
@@ -16164,10 +16716,18 @@ fi
;;
+ tpf*)
+ # Don't try to run any link tests for TPF. We know it's impossible
+ # because TPF is a cross-compiler, and we know how we open DSOs.
+ lt_cv_dlopen=dlopen
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=no
+ ;;
+
*)
ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
if test "x$ac_cv_func_shl_load" = xyes; then :
- lt_cv_dlopen="shl_load"
+ lt_cv_dlopen=shl_load
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
$as_echo_n "checking for shl_load in -ldld... " >&6; }
@@ -16206,11 +16766,11 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
if test "x$ac_cv_lib_dld_shl_load" = xyes; then :
- lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
+ lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
else
ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
if test "x$ac_cv_func_dlopen" = xyes; then :
- lt_cv_dlopen="dlopen"
+ lt_cv_dlopen=dlopen
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
$as_echo_n "checking for dlopen in -ldl... " >&6; }
@@ -16249,7 +16809,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
- lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+ lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
$as_echo_n "checking for dlopen in -lsvld... " >&6; }
@@ -16288,7 +16848,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
if test "x$ac_cv_lib_svld_dlopen" = xyes; then :
- lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+ lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
$as_echo_n "checking for dld_link in -ldld... " >&6; }
@@ -16327,7 +16887,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
if test "x$ac_cv_lib_dld_dld_link" = xyes; then :
- lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
+ lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
fi
@@ -16348,21 +16908,21 @@ fi
;;
esac
- if test "x$lt_cv_dlopen" != xno; then
- enable_dlopen=yes
- else
+ if test no = "$lt_cv_dlopen"; then
enable_dlopen=no
+ else
+ enable_dlopen=yes
fi
case $lt_cv_dlopen in
dlopen)
- save_CPPFLAGS="$CPPFLAGS"
- test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+ save_CPPFLAGS=$CPPFLAGS
+ test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
- save_LDFLAGS="$LDFLAGS"
+ save_LDFLAGS=$LDFLAGS
wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
- save_LIBS="$LIBS"
+ save_LIBS=$LIBS
LIBS="$lt_cv_dlopen_libs $LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
@@ -16370,7 +16930,7 @@ $as_echo_n "checking whether a program can dlopen itself... " >&6; }
if ${lt_cv_dlopen_self+:} false; then :
$as_echo_n "(cached) " >&6
else
- if test "$cross_compiling" = yes; then :
+ if test yes = "$cross_compiling"; then :
lt_cv_dlopen_self=cross
else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
@@ -16417,9 +16977,9 @@ else
# endif
#endif
-/* When -fvisbility=hidden is used, assume the code has been annotated
+/* When -fvisibility=hidden is used, assume the code has been annotated
correspondingly for the symbols needed. */
-#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
int fnord () __attribute__((visibility("default")));
#endif
@@ -16449,7 +17009,7 @@ _LT_EOF
(eval $ac_link) 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+ test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
(./conftest; exit; ) >&5 2>/dev/null
lt_status=$?
case x$lt_status in
@@ -16469,14 +17029,14 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
$as_echo "$lt_cv_dlopen_self" >&6; }
- if test "x$lt_cv_dlopen_self" = xyes; then
+ if test yes = "$lt_cv_dlopen_self"; then
wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
if ${lt_cv_dlopen_self_static+:} false; then :
$as_echo_n "(cached) " >&6
else
- if test "$cross_compiling" = yes; then :
+ if test yes = "$cross_compiling"; then :
lt_cv_dlopen_self_static=cross
else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
@@ -16523,9 +17083,9 @@ else
# endif
#endif
-/* When -fvisbility=hidden is used, assume the code has been annotated
+/* When -fvisibility=hidden is used, assume the code has been annotated
correspondingly for the symbols needed. */
-#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
int fnord () __attribute__((visibility("default")));
#endif
@@ -16555,7 +17115,7 @@ _LT_EOF
(eval $ac_link) 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+ test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
(./conftest; exit; ) >&5 2>/dev/null
lt_status=$?
case x$lt_status in
@@ -16576,9 +17136,9 @@ fi
$as_echo "$lt_cv_dlopen_self_static" >&6; }
fi
- CPPFLAGS="$save_CPPFLAGS"
- LDFLAGS="$save_LDFLAGS"
- LIBS="$save_LIBS"
+ CPPFLAGS=$save_CPPFLAGS
+ LDFLAGS=$save_LDFLAGS
+ LIBS=$save_LIBS
;;
esac
@@ -16622,7 +17182,7 @@ else
# FIXME - insert some real tests, host_os isn't really good enough
case $host_os in
darwin*)
- if test -n "$STRIP" ; then
+ if test -n "$STRIP"; then
striplib="$STRIP -x"
old_striplib="$STRIP -S"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
@@ -16650,7 +17210,7 @@ fi
- # Report which library types will actually be built
+ # Report what library types will actually be built
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
$as_echo_n "checking if libtool supports shared libraries... " >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
@@ -16658,13 +17218,13 @@ $as_echo "$can_build_shared" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
$as_echo_n "checking whether to build shared libraries... " >&6; }
- test "$can_build_shared" = "no" && enable_shared=no
+ test no = "$can_build_shared" && enable_shared=no
# On AIX, shared libraries and static libraries use the same namespace, and
# are all built from PIC.
case $host_os in
aix3*)
- test "$enable_shared" = yes && enable_static=no
+ test yes = "$enable_shared" && enable_static=no
if test -n "$RANLIB"; then
archive_cmds="$archive_cmds~\$RANLIB \$lib"
postinstall_cmds='$RANLIB $lib'
@@ -16672,8 +17232,12 @@ $as_echo_n "checking whether to build shared libraries... " >&6; }
;;
aix[4-9]*)
- if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
- test "$enable_shared" = yes && enable_static=no
+ if test ia64 != "$host_cpu"; then
+ case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
+ yes,aix,yes) ;; # shared object as lib.so file only
+ yes,svr4,*) ;; # shared object as lib.so archive member only
+ yes,*) enable_static=no ;; # shared object in lib.a archive as well
+ esac
fi
;;
esac
@@ -16683,7 +17247,7 @@ $as_echo "$enable_shared" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
$as_echo_n "checking whether to build static libraries... " >&6; }
# Make sure either enable_shared or enable_static is yes.
- test "$enable_shared" = yes || enable_static=yes
+ test yes = "$enable_shared" || enable_static=yes
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
$as_echo "$enable_static" >&6; }
@@ -16697,7 +17261,7 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-CC="$lt_save_CC"
+CC=$lt_save_CC
@@ -17420,6 +17984,14 @@ if test x$perl_cpan_install = xtrue; then
perl_cpan=true
fi
+if test x$aikgen = xtrue; then
+ tss_trousers=true
+fi
+
+if test x$aikpub2 = xtrue; then
+ tss_tss2=true
+fi
+
# ===========================================
# check required libraries and header files
# ===========================================
@@ -18045,7 +18617,7 @@ fi
# Android has pthread_* functions in bionic (libc), others need libpthread
-LIBS=""
+LIBS=$DLLIB
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing pthread_create" >&5
$as_echo_n "checking for library containing pthread_create... " >&6; }
if ${ac_cv_search_pthread_create+:} false; then :
@@ -18104,6 +18676,66 @@ fi
+# uClibc requires explicit -latomic for __atomic_* operations
+LIBS=""
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __atomic_load" >&5
+$as_echo_n "checking for library containing __atomic_load... " >&6; }
+if ${ac_cv_search___atomic_load+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char __atomic_load ();
+int
+main ()
+{
+return __atomic_load ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' atomic; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search___atomic_load=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search___atomic_load+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search___atomic_load+:} false; then :
+
+else
+ ac_cv_search___atomic_load=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___atomic_load" >&5
+$as_echo "$ac_cv_search___atomic_load" >&6; }
+ac_res=$ac_cv_search___atomic_load
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+ ATOMICLIB=$LIBS
+fi
+
+
+
LIBS=$saved_LIBS
# ------------------------------------------------------
@@ -18134,11 +18766,11 @@ $as_echo "no" >&6; }
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-# check if pthread_condattr_setclock(CLOCK_MONOTONE) is supported
+# check if pthread_condattr_setclock(CLOCK_MONOTONIC) is supported
saved_LIBS=$LIBS
LIBS=$PTHREADLIB
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_condattr_setclock(CLOCK_MONOTONE)" >&5
-$as_echo_n "checking for pthread_condattr_setclock(CLOCK_MONOTONE)... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_condattr_setclock(CLOCK_MONOTONIC)" >&5
+$as_echo_n "checking for pthread_condattr_setclock(CLOCK_MONOTONIC)... " >&6; }
if test "$cross_compiling" = yes; then :
# Check existence of pthread_condattr_setclock if cross-compiling
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5
@@ -19329,7 +19961,6 @@ if test "x$ac_cv_lib_ldns_main" = xyes; then :
else
as_fn_error $? "UNBOUND library ldns not found" "$LINENO" 5
fi
-ac_cv_lib_ldns=ac_cv_lib_ldns_main
ac_fn_c_check_header_mongrel "$LINENO" "ldns/ldns.h" "ac_cv_header_ldns_ldns_h" "$ac_includes_default"
if test "x$ac_cv_header_ldns_ldns_h" = xyes; then :
@@ -19374,7 +20005,6 @@ if test "x$ac_cv_lib_unbound_main" = xyes; then :
else
as_fn_error $? "UNBOUND library libunbound not found" "$LINENO" 5
fi
-ac_cv_lib_unbound=ac_cv_lib_unbound_main
ac_fn_c_check_header_mongrel "$LINENO" "unbound.h" "ac_cv_header_unbound_h" "$ac_includes_default"
if test "x$ac_cv_header_unbound_h" = xyes; then :
@@ -20034,7 +20664,7 @@ $as_echo "yes" >&6; }
fi
fi
-if test x$tss = xtrousers; then
+if test x$tss_trousers = xtrue; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ltspi" >&5
$as_echo_n "checking for main in -ltspi... " >&6; }
if ${ac_cv_lib_tspi_main+:} false; then :
@@ -20084,6 +20714,55 @@ $as_echo "#define TSS_TROUSERS /**/" >>confdefs.h
fi
+if test x$tss_tss2 = xtrue; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ltss2" >&5
+$as_echo_n "checking for main in -ltss2... " >&6; }
+if ${ac_cv_lib_tss2_main+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ltss2 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_tss2_main=yes
+else
+ ac_cv_lib_tss2_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tss2_main" >&5
+$as_echo "$ac_cv_lib_tss2_main" >&6; }
+if test "x$ac_cv_lib_tss2_main" = xyes; then :
+ LIBS="$LIBS"
+else
+ as_fn_error $? "TTS 2.0 library libtss2 not found" "$LINENO" 5
+fi
+
+ ac_fn_c_check_header_mongrel "$LINENO" "tss2/tpm20.h" "ac_cv_header_tss2_tpm20_h" "$ac_includes_default"
+if test "x$ac_cv_header_tss2_tpm20_h" = xyes; then :
+
+else
+ as_fn_error $? "TSS 2.0 header tss2/tpm20.h not found!" "$LINENO" 5
+fi
+
+
+
+$as_echo "#define TSS_TSS2 /**/" >>confdefs.h
+
+fi
if test x$imv_swid = xtrue; then
pkg_failed=no
@@ -22106,6 +22785,8 @@ fi
if test x$python_eggs = xtrue; then
+ PYTHON_PACKAGE_VERSION=`echo "$PACKAGE_VERSION" | $SED 's/dr/dev/'`
+
if test x$python_eggs_install = xtrue; then
# Extract the first word of "easy_install", so it can be a program name with args.
set dummy easy_install; ac_word=$2
@@ -24581,7 +25262,7 @@ else
USE_CONFTEST_FALSE=
fi
- if test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue; then
+ if test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$svc = xtrue -o x$systemd = xtrue; then
USE_LIBSTRONGSWAN_TRUE=
USE_LIBSTRONGSWAN_FALSE='#'
else
@@ -24629,6 +25310,14 @@ else
USE_LIBPTTLS_FALSE=
fi
+ if test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$imcv = xtrue; then
+ USE_LIBTPMTSS_TRUE=
+ USE_LIBTPMTSS_FALSE='#'
+else
+ USE_LIBTPMTSS_TRUE='#'
+ USE_LIBTPMTSS_FALSE=
+fi
+
if test x$stroke = xtrue; then
USE_FILE_CONFIG_TRUE=
USE_FILE_CONFIG_FALSE='#'
@@ -24701,7 +25390,7 @@ else
USE_IMCV_FALSE=
fi
- if test x$tss = xtrousers -o x$aikgen = xtrue; then
+ if test x$tss_trousers = xtrue; then
USE_TROUSERS_TRUE=
USE_TROUSERS_FALSE='#'
else
@@ -24709,6 +25398,14 @@ else
USE_TROUSERS_FALSE=
fi
+ if test x$tss_tss2 = xtrue; then
+ USE_TSS2_TRUE=
+ USE_TSS2_FALSE='#'
+else
+ USE_TSS2_TRUE='#'
+ USE_TSS2_FALSE=
+fi
+
if test x$monolithic = xtrue; then
MONOLITHIC_TRUE=
MONOLITHIC_FALSE='#'
@@ -24765,6 +25462,14 @@ else
USE_AIKGEN_FALSE=
fi
+ if test x$aikpub2 = xtrue; then
+ USE_AIKPUB2_TRUE=
+ USE_AIKPUB2_FALSE='#'
+else
+ USE_AIKPUB2_TRUE='#'
+ USE_AIKPUB2_FALSE=
+fi
+
if test x$swanctl = xtrue; then
USE_SWANCTL_TRUE=
USE_SWANCTL_FALSE='#'
@@ -24874,6 +25579,9 @@ strongswan_options=
if test -z "$USE_AIKGEN_TRUE"; then :
strongswan_options=${strongswan_options}" aikgen"
fi
+if test -z "$USE_AIKPUB2_TRUE"; then :
+ strongswan_options=${strongswan_options}" aikpub2"
+fi
if test -z "$USE_ATTR_SQL_TRUE"; then :
strongswan_options=${strongswan_options}" pool"
fi
@@ -24917,7 +25625,7 @@ fi
# build Makefiles
# =================
-ac_config_files="$ac_config_files Makefile conf/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswa [...]
+ac_config_files="$ac_config_files Makefile conf/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswa [...]
# =================
@@ -25745,6 +26453,10 @@ if test -z "${USE_LIBPTTLS_TRUE}" && test -z "${USE_LIBPTTLS_FALSE}"; then
as_fn_error $? "conditional \"USE_LIBPTTLS\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_LIBTPMTSS_TRUE}" && test -z "${USE_LIBTPMTSS_FALSE}"; then
+ as_fn_error $? "conditional \"USE_LIBTPMTSS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${USE_FILE_CONFIG_TRUE}" && test -z "${USE_FILE_CONFIG_FALSE}"; then
as_fn_error $? "conditional \"USE_FILE_CONFIG\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -25785,6 +26497,10 @@ if test -z "${USE_TROUSERS_TRUE}" && test -z "${USE_TROUSERS_FALSE}"; then
as_fn_error $? "conditional \"USE_TROUSERS\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_TSS2_TRUE}" && test -z "${USE_TSS2_FALSE}"; then
+ as_fn_error $? "conditional \"USE_TSS2\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${MONOLITHIC_TRUE}" && test -z "${MONOLITHIC_FALSE}"; then
as_fn_error $? "conditional \"MONOLITHIC\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -25813,6 +26529,10 @@ if test -z "${USE_AIKGEN_TRUE}" && test -z "${USE_AIKGEN_FALSE}"; then
as_fn_error $? "conditional \"USE_AIKGEN\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_AIKPUB2_TRUE}" && test -z "${USE_AIKPUB2_FALSE}"; then
+ as_fn_error $? "conditional \"USE_AIKPUB2\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${USE_SWANCTL_TRUE}" && test -z "${USE_SWANCTL_FALSE}"; then
as_fn_error $? "conditional \"USE_SWANCTL\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -26242,7 +26962,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by strongSwan $as_me 5.4.0, which was
+This file was extended by strongSwan $as_me 5.5.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -26308,7 +27028,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-strongSwan config.status 5.4.0
+strongSwan config.status 5.5.0
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@@ -26443,6 +27163,7 @@ enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`'
enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`'
pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
+shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`'
SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`'
ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`'
PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
@@ -26492,10 +27213,13 @@ compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`'
GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`'
lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`'
lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`'
lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`'
lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`'
+lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`'
nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`'
lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`'
+lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`'
objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`'
MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`'
lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`'
@@ -26560,7 +27284,8 @@ finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`'
finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`'
hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`'
sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`'
-sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`'
+configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`'
+configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`'
hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`'
enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`'
enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`'
@@ -26611,9 +27336,12 @@ CFLAGS \
compiler \
lt_cv_sys_global_symbol_pipe \
lt_cv_sys_global_symbol_to_cdecl \
+lt_cv_sys_global_symbol_to_import \
lt_cv_sys_global_symbol_to_c_name_address \
lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
+lt_cv_nm_interface \
nm_file_list_spec \
+lt_cv_truncate_bin \
lt_prog_compiler_no_builtin_flag \
lt_prog_compiler_pic \
lt_prog_compiler_wl \
@@ -26648,7 +27376,7 @@ old_striplib \
striplib; do
case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
*[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
;;
*)
eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
@@ -26675,10 +27403,11 @@ postinstall_cmds \
postuninstall_cmds \
finish_cmds \
sys_lib_search_path_spec \
-sys_lib_dlsearch_path_spec; do
+configure_time_dlsearch_path \
+configure_time_lt_sys_library_path; do
case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
*[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
;;
*)
eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
@@ -26687,19 +27416,16 @@ sys_lib_dlsearch_path_spec; do
done
ac_aux_dir='$ac_aux_dir'
-xsi_shell='$xsi_shell'
-lt_shell_append='$lt_shell_append'
-# See if we are running on zsh, and set the options which allow our
+# See if we are running on zsh, and set the options that allow our
# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}" ; then
+if test -n "\${ZSH_VERSION+set}"; then
setopt NO_GLOB_SUBST
fi
PACKAGE='$PACKAGE'
VERSION='$VERSION'
- TIMESTAMP='$TIMESTAMP'
RM='$RM'
ofile='$ofile'
@@ -26889,6 +27615,7 @@ do
"src/libcharon/plugins/attr/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/attr/Makefile" ;;
"src/libcharon/plugins/attr_sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/attr_sql/Makefile" ;;
"src/libcharon/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/tests/Makefile" ;;
+ "src/libtpmtss/Makefile") CONFIG_FILES="$CONFIG_FILES src/libtpmtss/Makefile" ;;
"src/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/stroke/Makefile" ;;
"src/ipsec/Makefile") CONFIG_FILES="$CONFIG_FILES src/ipsec/Makefile" ;;
"src/starter/Makefile") CONFIG_FILES="$CONFIG_FILES src/starter/Makefile" ;;
@@ -26897,6 +27624,7 @@ do
"src/_copyright/Makefile") CONFIG_FILES="$CONFIG_FILES src/_copyright/Makefile" ;;
"src/scepclient/Makefile") CONFIG_FILES="$CONFIG_FILES src/scepclient/Makefile" ;;
"src/aikgen/Makefile") CONFIG_FILES="$CONFIG_FILES src/aikgen/Makefile" ;;
+ "src/aikpub2/Makefile") CONFIG_FILES="$CONFIG_FILES src/aikpub2/Makefile" ;;
"src/pki/Makefile") CONFIG_FILES="$CONFIG_FILES src/pki/Makefile" ;;
"src/pki/man/Makefile") CONFIG_FILES="$CONFIG_FILES src/pki/man/Makefile" ;;
"src/pool/Makefile") CONFIG_FILES="$CONFIG_FILES src/pool/Makefile" ;;
@@ -27623,55 +28351,53 @@ $as_echo X"$file" |
;;
"libtool":C)
- # See if we are running on zsh, and set the options which allow our
+ # See if we are running on zsh, and set the options that allow our
# commands through without removal of \ escapes.
- if test -n "${ZSH_VERSION+set}" ; then
+ if test -n "${ZSH_VERSION+set}"; then
setopt NO_GLOB_SUBST
fi
- cfgfile="${ofile}T"
+ cfgfile=${ofile}T
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
$RM "$cfgfile"
cat <<_LT_EOF >> "$cfgfile"
#! $SHELL
-
-# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
-# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Generated automatically by $as_me ($PACKAGE) $VERSION
# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+
+# Provide generalized library-building support services.
+# Written by Gordon Matzigkeit, 1996
+
+# Copyright (C) 2014 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions. There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of of the License, or
+# (at your option) any later version.
#
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
-# Foundation, Inc.
-# Written by Gordon Matzigkeit, 1996
-#
-# This file is part of GNU Libtool.
-#
-# GNU Libtool is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# As a special exception to the GNU General Public License,
-# if you distribute this file as part of a program or library that
-# is built using GNU Libtool, you may include this file under the
-# same distribution terms that you use for the rest of that program.
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program or library that is built
+# using GNU Libtool, you may include this file under the same
+# distribution terms that you use for the rest of that program.
#
-# GNU Libtool is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with GNU Libtool; see the file COPYING. If not, a copy
-# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
-# obtained by writing to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
# The names of the tagged configurations supported by this script.
-available_tags=""
+available_tags=''
+
+# Configured defaults for sys_lib_dlsearch_path munging.
+: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
# ### BEGIN LIBTOOL CONFIG
@@ -27691,6 +28417,9 @@ pic_mode=$pic_mode
# Whether or not to optimize for fast installation.
fast_install=$enable_fast_install
+# Shared archive member basename,for filename based shared library versioning on AIX.
+shared_archive_member_spec=$shared_archive_member_spec
+
# Shell to use when invoking shell scripts.
SHELL=$lt_SHELL
@@ -27808,18 +28537,27 @@ global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
# Transform the output of nm in a proper C declaration.
global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+# Transform the output of nm into a list of symbols to manually relocate.
+global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import
+
# Transform the output of nm in a C name address pair.
global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
# Transform the output of nm in a C name address pair when lib prefix is needed.
global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
+# The name lister interface.
+nm_interface=$lt_lt_cv_nm_interface
+
# Specify filename containing input files for \$NM.
nm_file_list_spec=$lt_nm_file_list_spec
-# The root where to search for dependent libraries,and in which our libraries should be installed.
+# The root where to search for dependent libraries,and where our libraries should be installed.
lt_sysroot=$lt_sysroot
+# Command to truncate a binary pipe.
+lt_truncate_bin=$lt_lt_cv_truncate_bin
+
# The name of the directory that contains temporary libtool files.
objdir=$objdir
@@ -27910,8 +28648,11 @@ hardcode_into_libs=$hardcode_into_libs
# Compile-time system search path for libraries.
sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-# Run-time system search path for libraries.
-sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+# Detected run-time system search path for libraries.
+sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path
+
+# Explicit LT_SYS_LIBRARY_PATH set during ./configure time.
+configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path
# Whether dlopen is supported.
dlopen_support=$enable_dlopen
@@ -28004,13 +28745,13 @@ hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
# Whether we need a single "-rpath" flag with a separated argument.
hardcode_libdir_separator=$lt_hardcode_libdir_separator
-# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
# DIR into the resulting binary.
hardcode_direct=$hardcode_direct
-# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
# DIR into the resulting binary and the resulting library dependency is
-# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
+# "absolute",i.e impossible to change by setting \$shlibpath_var if the
# library is relocated.
hardcode_direct_absolute=$hardcode_direct_absolute
@@ -28062,13 +28803,72 @@ hardcode_action=$hardcode_action
_LT_EOF
+ cat <<'_LT_EOF' >> "$cfgfile"
+
+# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
+
+# func_munge_path_list VARIABLE PATH
+# -----------------------------------
+# VARIABLE is name of variable containing _space_ separated list of
+# directories to be munged by the contents of PATH, which is string
+# having a format:
+# "DIR[:DIR]:"
+# string "DIR[ DIR]" will be prepended to VARIABLE
+# ":DIR[:DIR]"
+# string "DIR[ DIR]" will be appended to VARIABLE
+# "DIRP[:DIRP]::[DIRA:]DIRA"
+# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
+# "DIRA[ DIRA]" will be appended to VARIABLE
+# "DIR[:DIR]"
+# VARIABLE will be replaced by "DIR[ DIR]"
+func_munge_path_list ()
+{
+ case x$2 in
+ x)
+ ;;
+ *:)
+ eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\"
+ ;;
+ x:*)
+ eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\"
+ ;;
+ *::*)
+ eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
+ eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\"
+ ;;
+ *)
+ eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\"
+ ;;
+ esac
+}
+
+
+# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+func_cc_basename ()
+{
+ for cc_temp in $*""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+ done
+ func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
+}
+
+
+# ### END FUNCTIONS SHARED WITH CONFIGURE
+
+_LT_EOF
+
case $host_os in
aix3*)
cat <<\_LT_EOF >> "$cfgfile"
# AIX sometimes has problems with the GCC collect2 program. For some
# reason, if we set the COLLECT_NAMES environment variable, the problems
# vanish in a puff of smoke.
-if test "X${COLLECT_NAMES+set}" != Xset; then
+if test set != "${COLLECT_NAMES+set}"; then
COLLECT_NAMES=
export COLLECT_NAMES
fi
@@ -28077,7 +28877,7 @@ _LT_EOF
esac
-ltmain="$ac_aux_dir/ltmain.sh"
+ltmain=$ac_aux_dir/ltmain.sh
# We use sed instead of cat because bash on DJGPP gets confused if
@@ -28087,165 +28887,6 @@ ltmain="$ac_aux_dir/ltmain.sh"
sed '$q' "$ltmain" >> "$cfgfile" \
|| (rm -f "$cfgfile"; exit 1)
- if test x"$xsi_shell" = xyes; then
- sed -e '/^func_dirname ()$/,/^} # func_dirname /c\
-func_dirname ()\
-{\
-\ case ${1} in\
-\ */*) func_dirname_result="${1%/*}${2}" ;;\
-\ * ) func_dirname_result="${3}" ;;\
-\ esac\
-} # Extended-shell func_dirname implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-
- sed -e '/^func_basename ()$/,/^} # func_basename /c\
-func_basename ()\
-{\
-\ func_basename_result="${1##*/}"\
-} # Extended-shell func_basename implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-
- sed -e '/^func_dirname_and_basename ()$/,/^} # func_dirname_and_basename /c\
-func_dirname_and_basename ()\
-{\
-\ case ${1} in\
-\ */*) func_dirname_result="${1%/*}${2}" ;;\
-\ * ) func_dirname_result="${3}" ;;\
-\ esac\
-\ func_basename_result="${1##*/}"\
-} # Extended-shell func_dirname_and_basename implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-
- sed -e '/^func_stripname ()$/,/^} # func_stripname /c\
-func_stripname ()\
-{\
-\ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are\
-\ # positional parameters, so assign one to ordinary parameter first.\
-\ func_stripname_result=${3}\
-\ func_stripname_result=${func_stripname_result#"${1}"}\
-\ func_stripname_result=${func_stripname_result%"${2}"}\
-} # Extended-shell func_stripname implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-
- sed -e '/^func_split_long_opt ()$/,/^} # func_split_long_opt /c\
-func_split_long_opt ()\
-{\
-\ func_split_long_opt_name=${1%%=*}\
-\ func_split_long_opt_arg=${1#*=}\
-} # Extended-shell func_split_long_opt implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-
- sed -e '/^func_split_short_opt ()$/,/^} # func_split_short_opt /c\
-func_split_short_opt ()\
-{\
-\ func_split_short_opt_arg=${1#??}\
-\ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}\
-} # Extended-shell func_split_short_opt implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-
- sed -e '/^func_lo2o ()$/,/^} # func_lo2o /c\
-func_lo2o ()\
-{\
-\ case ${1} in\
-\ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;\
-\ *) func_lo2o_result=${1} ;;\
-\ esac\
-} # Extended-shell func_lo2o implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-
- sed -e '/^func_xform ()$/,/^} # func_xform /c\
-func_xform ()\
-{\
- func_xform_result=${1%.*}.lo\
-} # Extended-shell func_xform implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-
- sed -e '/^func_arith ()$/,/^} # func_arith /c\
-func_arith ()\
-{\
- func_arith_result=$(( $* ))\
-} # Extended-shell func_arith implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-
- sed -e '/^func_len ()$/,/^} # func_len /c\
-func_len ()\
-{\
- func_len_result=${#1}\
-} # Extended-shell func_len implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-fi
-
-if test x"$lt_shell_append" = xyes; then
- sed -e '/^func_append ()$/,/^} # func_append /c\
-func_append ()\
-{\
- eval "${1}+=\\${2}"\
-} # Extended-shell func_append implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-
- sed -e '/^func_append_quoted ()$/,/^} # func_append_quoted /c\
-func_append_quoted ()\
-{\
-\ func_quote_for_eval "${2}"\
-\ eval "${1}+=\\\\ \\$func_quote_for_eval_result"\
-} # Extended-shell func_append_quoted implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-
-
- # Save a `func_append' function call where possible by direct use of '+='
- sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
- test 0 -eq $? || _lt_function_replace_fail=:
-else
- # Save a `func_append' function call even when '+=' is not available
- sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
- test 0 -eq $? || _lt_function_replace_fail=:
-fi
-
-if test x"$_lt_function_replace_fail" = x":"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to substitute extended shell functions in $ofile" >&5
-$as_echo "$as_me: WARNING: Unable to substitute extended shell functions in $ofile" >&2;}
-fi
-
-
mv -f "$cfgfile" "$ofile" ||
(rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
chmod +x "$ofile"
diff --git a/configure.ac b/configure.ac
index 9486907..3aa7d91 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,8 +1,8 @@
#
# Copyright (C) 2007-2015 Tobias Brunner
-# Copyright (C) 2006-2015 Andreas Steffen
+# Copyright (C) 2006-2016 Andreas Steffen
# Copyright (C) 2006-2014 Martin Willi
-# Hochschule fuer Technik Rapperswil
+# HSR Hochschule fuer Technik Rapperswil
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
@@ -19,7 +19,7 @@
# initialize & set some vars
# ============================
-AC_INIT([strongSwan],[5.4.0])
+AC_INIT([strongSwan],[5.5.0])
AM_INIT_AUTOMAKE(m4_esyscmd([
echo tar-ustar
echo subdir-objects
@@ -62,8 +62,6 @@ ARG_WITH_SUBST([routing-table], [220], [set routing table to use for IPsec
ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])
ARG_WITH_SUBST([ipsec-script], [ipsec], [change the name of the ipsec script])
ARG_WITH_SUBST([fips-mode], [0], [set openssl FIPS mode: disabled(0), enabled(1), Suite B enabled(2)])
-
-ARG_WITH_SET([tss], [no], [set implementation of the Trusted Computing Group's Software Stack (TSS). Currently the only supported value is "trousers"])
ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently supported values are "libcap" and "native"])
ARG_WITH_SET([mpz_powm_sec], [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
ARG_WITH_SET([dev-headers], [no], [install strongSwan development headers to directory.])
@@ -269,7 +267,8 @@ ARG_ENABL_SET([systime-fix], [enable plugin to handle cert lifetimes with inv
ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.])
ARG_DISBL_SET([updown], [disable updown firewall script plugin.])
# programs/components
-ARG_ENABL_SET([aikgen], [enable AIK generator.])
+ARG_ENABL_SET([aikgen], [enable AIK generator for TPM 1.2.])
+ARG_ENABL_SET([aikpub2], [enable AIK extractor for TPM 2.0.])
ARG_DISBL_SET([charon], [disable the IKEv1/IKEv2 keying daemon charon.])
ARG_ENABL_SET([cmd], [enable the command line IKE client charon-cmd.])
ARG_ENABL_SET([conftest], [enforce Suite B conformance test framework.])
@@ -302,6 +301,9 @@ ARG_ENABL_SET([python-eggs], [enable build of provided python eggs.])
ARG_ENABL_SET([python-eggs-install],[enable installation of provided python eggs.])
ARG_ENABL_SET([perl-cpan], [enable build of provided perl CPAN module.])
ARG_ENABL_SET([perl-cpan-install],[enable installation of provided CPAN module.])
+ARG_ENABL_SET([tss-trousers], [enable the use of the TrouSerS Trusted Software Stack])
+ARG_ENABL_SET([tss-tss2], [enable the use of the TSS 2.0 Trusted Software Stack])
+
# compile options
ARG_ENABL_SET([coverage], [enable lcov coverage report generation.])
ARG_ENABL_SET([leak-detective], [enable malloc hooks to find memory leaks.])
@@ -455,6 +457,14 @@ if test x$perl_cpan_install = xtrue; then
perl_cpan=true
fi
+if test x$aikgen = xtrue; then
+ tss_trousers=true
+fi
+
+if test x$aikpub2 = xtrue; then
+ tss_tss2=true
+fi
+
# ===========================================
# check required libraries and header files
# ===========================================
@@ -486,10 +496,15 @@ AC_SEARCH_LIBS(socket, socket, [SOCKLIB=$LIBS],
AC_SUBST(SOCKLIB)
# Android has pthread_* functions in bionic (libc), others need libpthread
-LIBS=""
+LIBS=$DLLIB
AC_SEARCH_LIBS(pthread_create, pthread, [PTHREADLIB=$LIBS])
AC_SUBST(PTHREADLIB)
+# uClibc requires explicit -latomic for __atomic_* operations
+LIBS=""
+AC_SEARCH_LIBS(__atomic_load, atomic, [ATOMICLIB=$LIBS])
+AC_SUBST(ATOMICLIB)
+
LIBS=$saved_LIBS
# ------------------------------------------------------
@@ -504,10 +519,10 @@ AC_COMPILE_IFELSE(
[AC_MSG_RESULT([no])]
)
-# check if pthread_condattr_setclock(CLOCK_MONOTONE) is supported
+# check if pthread_condattr_setclock(CLOCK_MONOTONIC) is supported
saved_LIBS=$LIBS
LIBS=$PTHREADLIB
-AC_MSG_CHECKING([for pthread_condattr_setclock(CLOCK_MONOTONE)])
+AC_MSG_CHECKING([for pthread_condattr_setclock(CLOCK_MONOTONIC)])
AC_RUN_IFELSE(
[AC_LANG_SOURCE(
[[#include <pthread.h>
@@ -917,9 +932,9 @@ if test x$curl = xtrue; then
fi
if test x$unbound = xtrue; then
- AC_HAVE_LIBRARY([ldns],[LIBS="$LIBS"],[AC_MSG_ERROR([UNBOUND library ldns not found])])
+ AC_CHECK_LIB([ldns],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([UNBOUND library ldns not found])],[])
AC_CHECK_HEADER([ldns/ldns.h],,[AC_MSG_ERROR([UNBOUND header ldns/ldns.h not found!])])
- AC_HAVE_LIBRARY([unbound],[LIBS="$LIBS"],[AC_MSG_ERROR([UNBOUND library libunbound not found])])
+ AC_CHECK_LIB([unbound],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([UNBOUND library libunbound not found])],[])
AC_CHECK_HEADER([unbound.h],,[AC_MSG_ERROR([UNBOUND header unbound.h not found!])])
fi
@@ -955,12 +970,17 @@ if test x$systemd = xtrue; then
)
fi
-if test x$tss = xtrousers; then
+if test x$tss_trousers = xtrue; then
AC_CHECK_LIB([tspi],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([TrouSerS library libtspi not found])],[])
AC_CHECK_HEADER([trousers/tss.h],,[AC_MSG_ERROR([TrouSerS header trousers/tss.h not found!])])
- AC_DEFINE([TSS_TROUSERS], [], [use TrouSerS library libtspi as TSS implementation])
+ AC_DEFINE([TSS_TROUSERS], [], [use TrouSerS library libtspi])
fi
+if test x$tss_tss2 = xtrue; then
+ AC_CHECK_LIB([tss2],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([TTS 2.0 library libtss2 not found])],[])
+ AC_CHECK_HEADER([tss2/tpm20.h],,[AC_MSG_ERROR([TSS 2.0 header tss2/tpm20.h not found!])])
+ AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 library libtss2])
+fi
if test x$imv_swid = xtrue; then
PKG_CHECK_MODULES(json, [json-c], [],
[PKG_CHECK_MODULES(json, [json])])
@@ -1244,6 +1264,8 @@ fi
AM_CONDITIONAL(RUBY_GEMS_INSTALL, [test "x$ruby_gems_install" = xtrue])
if test x$python_eggs = xtrue; then
+ PYTHON_PACKAGE_VERSION=`echo "$PACKAGE_VERSION" | $SED 's/dr/dev/'`
+ AC_SUBST([PYTHON_PACKAGE_VERSION])
if test x$python_eggs_install = xtrue; then
AC_PATH_PROG([EASY_INSTALL], [easy_install], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
if test x$EASY_INSTALL = x; then
@@ -1604,12 +1626,13 @@ AM_CONDITIONAL(USE_PKI, test x$pki = xtrue)
AM_CONDITIONAL(USE_SCEPCLIENT, test x$scepclient = xtrue)
AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue)
AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue)
-AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
+AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue)
AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue)
AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue)
AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue)
+AM_CONDITIONAL(USE_LIBTPMTSS, test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$imcv = xtrue)
AM_CONDITIONAL(USE_FILE_CONFIG, test x$stroke = xtrue)
AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$stroke = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue)
AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap)
@@ -1619,7 +1642,8 @@ AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue)
AM_CONDITIONAL(USE_TLS, test x$tls = xtrue)
AM_CONDITIONAL(USE_RADIUS, test x$radius = xtrue)
AM_CONDITIONAL(USE_IMCV, test x$imcv = xtrue)
-AM_CONDITIONAL(USE_TROUSERS, test x$tss = xtrousers -o x$aikgen = xtrue)
+AM_CONDITIONAL(USE_TROUSERS, test x$tss_trousers = xtrue)
+AM_CONDITIONAL(USE_TSS2, test x$tss_tss2 = xtrue)
AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue)
AM_CONDITIONAL(USE_SILENT_RULES, test x$enable_silent_rules = xyes)
AM_CONDITIONAL(COVERAGE, test x$coverage = xtrue)
@@ -1627,6 +1651,7 @@ AM_CONDITIONAL(USE_DBGHELP, test x$dbghelp_backtraces = xtrue)
AM_CONDITIONAL(USE_TKM, test x$tkm = xtrue)
AM_CONDITIONAL(USE_CMD, test x$cmd = xtrue)
AM_CONDITIONAL(USE_AIKGEN, test x$aikgen = xtrue)
+AM_CONDITIONAL(USE_AIKPUB2, test x$aikpub2 = xtrue)
AM_CONDITIONAL(USE_SWANCTL, test x$swanctl = xtrue)
AM_CONDITIONAL(USE_SVC, test x$svc = xtrue)
AM_CONDITIONAL(USE_SYSTEMD, test x$systemd = xtrue)
@@ -1666,6 +1691,7 @@ fi
strongswan_options=
AM_COND_IF([USE_AIKGEN], [strongswan_options=${strongswan_options}" aikgen"])
+AM_COND_IF([USE_AIKPUB2], [strongswan_options=${strongswan_options}" aikpub2"])
AM_COND_IF([USE_ATTR_SQL], [strongswan_options=${strongswan_options}" pool"])
AM_COND_IF([USE_CHARON], [strongswan_options=${strongswan_options}" charon charon-logging"])
AM_COND_IF([USE_FILE_CONFIG], [strongswan_options=${strongswan_options}" starter"])
@@ -1858,6 +1884,7 @@ AC_CONFIG_FILES([
src/libcharon/plugins/attr/Makefile
src/libcharon/plugins/attr_sql/Makefile
src/libcharon/tests/Makefile
+ src/libtpmtss/Makefile
src/stroke/Makefile
src/ipsec/Makefile
src/starter/Makefile
@@ -1866,6 +1893,7 @@ AC_CONFIG_FILES([
src/_copyright/Makefile
src/scepclient/Makefile
src/aikgen/Makefile
+ src/aikpub2/Makefile
src/pki/Makefile
src/pki/man/Makefile
src/pool/Makefile
diff --git a/depcomp b/depcomp
index 4ebd5b3..fc98710 100755
--- a/depcomp
+++ b/depcomp
@@ -3,7 +3,7 @@
scriptversion=2013-05-30.07; # UTC
-# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/init/Makefile.in b/init/Makefile.in
index 72ee059..a7c723a 100644
--- a/init/Makefile.in
+++ b/init/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,7 +90,6 @@ host_triplet = @host@
@USE_CHARON_TRUE@@USE_LEGACY_SYSTEMD_TRUE at am__append_1 = systemd
@USE_SWANCTL_TRUE@@USE_SYSTEMD_TRUE at am__append_2 = systemd-swanctl
subdir = init
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -153,6 +163,7 @@ am__define_uniq_tagged_files = \
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = systemd systemd-swanctl
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -184,6 +195,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -233,6 +245,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -267,6 +280,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -378,6 +392,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -422,7 +437,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu init/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu init/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -717,6 +731,8 @@ uninstall-am:
mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
ps ps-am tags tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/init/systemd-swanctl/Makefile.in b/init/systemd-swanctl/Makefile.in
index 0c5f5ce..ceb0563 100644
--- a/init/systemd-swanctl/Makefile.in
+++ b/init/systemd-swanctl/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,7 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = init/systemd-swanctl
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -93,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -146,12 +156,14 @@ am__uninstall_files_from_dir = { \
am__installdirs = "$(DESTDIR)$(systemdsystemunitdir)"
DATA = $(systemdsystemunit_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -201,6 +213,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -235,6 +248,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -346,6 +360,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -392,7 +407,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu init/systemd-swanctl/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu init/systemd-swanctl/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -593,6 +607,8 @@ uninstall-am: uninstall-systemdsystemunitDATA
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-systemdsystemunitDATA
+.PRECIOUS: Makefile
+
strongswan-swanctl.service : strongswan-swanctl.service.in
$(AM_V_GEN) \
diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in
index ab7d647..a3a7963 100644
--- a/init/systemd/Makefile.in
+++ b/init/systemd/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,7 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = init/systemd
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -93,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -146,12 +156,14 @@ am__uninstall_files_from_dir = { \
am__installdirs = "$(DESTDIR)$(systemdsystemunitdir)"
DATA = $(systemdsystemunit_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -201,6 +213,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -235,6 +248,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -346,6 +360,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -392,7 +407,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu init/systemd/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu init/systemd/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -593,6 +607,8 @@ uninstall-am: uninstall-systemdsystemunitDATA
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-systemdsystemunitDATA
+.PRECIOUS: Makefile
+
strongswan.service : strongswan.service.in
$(AM_V_GEN) \
diff --git a/install-sh b/install-sh
index 377bb86..59990a1 100755
--- a/install-sh
+++ b/install-sh
@@ -1,7 +1,7 @@
#!/bin/sh
# install - install a program, script, or datafile
-scriptversion=2011-11-20.07; # UTC
+scriptversion=2014-09-12.12; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@@ -41,19 +41,15 @@ scriptversion=2011-11-20.07; # UTC
# This script is compatible with the BSD install script, but was written
# from scratch.
+tab=' '
nl='
'
-IFS=" "" $nl"
+IFS=" $tab$nl"
-# set DOITPROG to echo to test this script
+# Set DOITPROG to "echo" to test this script.
-# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-}
-if test -z "$doit"; then
- doit_exec=exec
-else
- doit_exec=$doit
-fi
+doit_exec=${doit:-exec}
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
@@ -68,17 +64,6 @@ mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
-posix_glob='?'
-initialize_posix_glob='
- test "$posix_glob" != "?" || {
- if (set -f) 2>/dev/null; then
- posix_glob=
- else
- posix_glob=:
- fi
- }
-'
-
posix_mkdir=
# Desired mode of installed file.
@@ -97,7 +82,7 @@ dir_arg=
dst_arg=
copy_on_change=false
-no_target_directory=
+is_target_a_directory=possibly
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
@@ -137,46 +122,57 @@ while test $# -ne 0; do
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
- shift;;
+ shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
- case $mode in
- *' '* | *' '* | *'
-'* | *'*'* | *'?'* | *'['*)
- echo "$0: invalid mode: $mode" >&2
- exit 1;;
- esac
- shift;;
+ case $mode in
+ *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
+ echo "$0: invalid mode: $mode" >&2
+ exit 1;;
+ esac
+ shift;;
-o) chowncmd="$chownprog $2"
- shift;;
+ shift;;
-s) stripcmd=$stripprog;;
- -t) dst_arg=$2
- # Protect names problematic for 'test' and other utilities.
- case $dst_arg in
- -* | [=\(\)!]) dst_arg=./$dst_arg;;
- esac
- shift;;
+ -t)
+ is_target_a_directory=always
+ dst_arg=$2
+ # Protect names problematic for 'test' and other utilities.
+ case $dst_arg in
+ -* | [=\(\)!]) dst_arg=./$dst_arg;;
+ esac
+ shift;;
- -T) no_target_directory=true;;
+ -T) is_target_a_directory=never;;
--version) echo "$0 $scriptversion"; exit $?;;
- --) shift
- break;;
+ --) shift
+ break;;
- -*) echo "$0: invalid option: $1" >&2
- exit 1;;
+ -*) echo "$0: invalid option: $1" >&2
+ exit 1;;
*) break;;
esac
shift
done
+# We allow the use of options -d and -T together, by making -d
+# take the precedence; this is for compatibility with GNU install.
+
+if test -n "$dir_arg"; then
+ if test -n "$dst_arg"; then
+ echo "$0: target directory not allowed when installing a directory." >&2
+ exit 1
+ fi
+fi
+
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
@@ -208,6 +204,15 @@ if test $# -eq 0; then
fi
if test -z "$dir_arg"; then
+ if test $# -gt 1 || test "$is_target_a_directory" = always; then
+ if test ! -d "$dst_arg"; then
+ echo "$0: $dst_arg: Is not a directory." >&2
+ exit 1
+ fi
+ fi
+fi
+
+if test -z "$dir_arg"; then
do_exit='(exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
trap "ret=130; $do_exit" 2
@@ -223,16 +228,16 @@ if test -z "$dir_arg"; then
*[0-7])
if test -z "$stripcmd"; then
- u_plus_rw=
+ u_plus_rw=
else
- u_plus_rw='% 200'
+ u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
- u_plus_rw=
+ u_plus_rw=
else
- u_plus_rw=,u+rw
+ u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
@@ -269,41 +274,15 @@ do
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
- if test -n "$no_target_directory"; then
- echo "$0: $dst_arg: Is a directory" >&2
- exit 1
+ if test "$is_target_a_directory" = never; then
+ echo "$0: $dst_arg: Is a directory" >&2
+ exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
- # Prefer dirname, but fall back on a substitute if dirname fails.
- dstdir=`
- (dirname "$dst") 2>/dev/null ||
- expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$dst" : 'X\(//\)[^/]' \| \
- X"$dst" : 'X\(//\)$' \| \
- X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
- echo X"$dst" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'
- `
-
+ dstdir=`dirname "$dst"`
test -d "$dstdir"
dstdir_status=$?
fi
@@ -314,74 +293,81 @@ do
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
- # Create intermediate dirs using mode 755 as modified by the umask.
- # This is like FreeBSD 'install' as of 1997-10-28.
- umask=`umask`
- case $stripcmd.$umask in
- # Optimize common cases.
- *[2367][2367]) mkdir_umask=$umask;;
- .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
-
- *[0-7])
- mkdir_umask=`expr $umask + 22 \
- - $umask % 100 % 40 + $umask % 20 \
- - $umask % 10 % 4 + $umask % 2
- `;;
- *) mkdir_umask=$umask,go-w;;
- esac
-
- # With -d, create the new directory with the user-specified mode.
- # Otherwise, rely on $mkdir_umask.
- if test -n "$dir_arg"; then
- mkdir_mode=-m$mode
- else
- mkdir_mode=
- fi
-
- posix_mkdir=false
- case $umask in
- *[123567][0-7][0-7])
- # POSIX mkdir -p sets u+wx bits regardless of umask, which
- # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
- ;;
- *)
- tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
- trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
-
- if (umask $mkdir_umask &&
- exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
- then
- if test -z "$dir_arg" || {
- # Check for POSIX incompatibilities with -m.
- # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
- # other-writable bit of parent directory when it shouldn't.
- # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
- ls_ld_tmpdir=`ls -ld "$tmpdir"`
- case $ls_ld_tmpdir in
- d????-?r-*) different_mode=700;;
- d????-?--*) different_mode=755;;
- *) false;;
- esac &&
- $mkdirprog -m$different_mode -p -- "$tmpdir" && {
- ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
- test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
- }
- }
- then posix_mkdir=:
- fi
- rmdir "$tmpdir/d" "$tmpdir"
- else
- # Remove any dirs left behind by ancient mkdir implementations.
- rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
- fi
- trap '' 0;;
- esac;;
+ # Create intermediate dirs using mode 755 as modified by the umask.
+ # This is like FreeBSD 'install' as of 1997-10-28.
+ umask=`umask`
+ case $stripcmd.$umask in
+ # Optimize common cases.
+ *[2367][2367]) mkdir_umask=$umask;;
+ .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+ *[0-7])
+ mkdir_umask=`expr $umask + 22 \
+ - $umask % 100 % 40 + $umask % 20 \
+ - $umask % 10 % 4 + $umask % 2
+ `;;
+ *) mkdir_umask=$umask,go-w;;
+ esac
+
+ # With -d, create the new directory with the user-specified mode.
+ # Otherwise, rely on $mkdir_umask.
+ if test -n "$dir_arg"; then
+ mkdir_mode=-m$mode
+ else
+ mkdir_mode=
+ fi
+
+ posix_mkdir=false
+ case $umask in
+ *[123567][0-7][0-7])
+ # POSIX mkdir -p sets u+wx bits regardless of umask, which
+ # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+ ;;
+ *)
+ # $RANDOM is not portable (e.g. dash); use it when possible to
+ # lower collision chance
+ tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+ trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+ # As "mkdir -p" follows symlinks and we work in /tmp possibly; so
+ # create the $tmpdir first (and fail if unsuccessful) to make sure
+ # that nobody tries to guess the $tmpdir name.
+ if (umask $mkdir_umask &&
+ $mkdirprog $mkdir_mode "$tmpdir" &&
+ exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
+ then
+ if test -z "$dir_arg" || {
+ # Check for POSIX incompatibilities with -m.
+ # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+ # other-writable bit of parent directory when it shouldn't.
+ # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+ test_tmpdir="$tmpdir/a"
+ ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
+ case $ls_ld_tmpdir in
+ d????-?r-*) different_mode=700;;
+ d????-?--*) different_mode=755;;
+ *) false;;
+ esac &&
+ $mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
+ ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
+ test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+ }
+ }
+ then posix_mkdir=:
+ fi
+ rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
+ else
+ # Remove any dirs left behind by ancient mkdir implementations.
+ rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
+ fi
+ trap '' 0;;
+ esac;;
esac
if
$posix_mkdir && (
- umask $mkdir_umask &&
- $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+ umask $mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
@@ -391,53 +377,51 @@ do
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
- /*) prefix='/';;
- [-=\(\)!]*) prefix='./';;
- *) prefix='';;
+ /*) prefix='/';;
+ [-=\(\)!]*) prefix='./';;
+ *) prefix='';;
esac
- eval "$initialize_posix_glob"
-
oIFS=$IFS
IFS=/
- $posix_glob set -f
+ set -f
set fnord $dstdir
shift
- $posix_glob set +f
+ set +f
IFS=$oIFS
prefixes=
for d
do
- test X"$d" = X && continue
-
- prefix=$prefix$d
- if test -d "$prefix"; then
- prefixes=
- else
- if $posix_mkdir; then
- (umask=$mkdir_umask &&
- $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
- # Don't fail if two instances are running concurrently.
- test -d "$prefix" || exit 1
- else
- case $prefix in
- *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
- *) qprefix=$prefix;;
- esac
- prefixes="$prefixes '$qprefix'"
- fi
- fi
- prefix=$prefix/
+ test X"$d" = X && continue
+
+ prefix=$prefix$d
+ if test -d "$prefix"; then
+ prefixes=
+ else
+ if $posix_mkdir; then
+ (umask=$mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+ # Don't fail if two instances are running concurrently.
+ test -d "$prefix" || exit 1
+ else
+ case $prefix in
+ *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) qprefix=$prefix;;
+ esac
+ prefixes="$prefixes '$qprefix'"
+ fi
+ fi
+ prefix=$prefix/
done
if test -n "$prefixes"; then
- # Don't fail if two instances are running concurrently.
- (umask $mkdir_umask &&
- eval "\$doit_exec \$mkdirprog $prefixes") ||
- test -d "$dstdir" || exit 1
- obsolete_mkdir_used=true
+ # Don't fail if two instances are running concurrently.
+ (umask $mkdir_umask &&
+ eval "\$doit_exec \$mkdirprog $prefixes") ||
+ test -d "$dstdir" || exit 1
+ obsolete_mkdir_used=true
fi
fi
fi
@@ -472,15 +456,12 @@ do
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
- old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
- new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
-
- eval "$initialize_posix_glob" &&
- $posix_glob set -f &&
+ old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
+ new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
+ set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
- $posix_glob set +f &&
-
+ set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
@@ -493,24 +474,24 @@ do
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
- # Now remove or move aside any old file at destination location.
- # We try this two ways since rm can't unlink itself on some
- # systems and the destination file might be busy for other
- # reasons. In this case, the final cleanup might fail but the new
- # file should still install successfully.
- {
- test ! -f "$dst" ||
- $doit $rmcmd -f "$dst" 2>/dev/null ||
- { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
- { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
- } ||
- { echo "$0: cannot unlink or rename $dst" >&2
- (exit 1); exit 1
- }
- } &&
-
- # Now rename the file to the real destination.
- $doit $mvcmd "$dsttmp" "$dst"
+ # Now remove or move aside any old file at destination location.
+ # We try this two ways since rm can't unlink itself on some
+ # systems and the destination file might be busy for other
+ # reasons. In this case, the final cleanup might fail but the new
+ # file should still install successfully.
+ {
+ test ! -f "$dst" ||
+ $doit $rmcmd -f "$dst" 2>/dev/null ||
+ { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+ { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+ } ||
+ { echo "$0: cannot unlink or rename $dst" >&2
+ (exit 1); exit 1
+ }
+ } &&
+
+ # Now rename the file to the real destination.
+ $doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1
diff --git a/ltmain.sh b/ltmain.sh
index 3825a2a..147d758 100644
--- a/ltmain.sh
+++ b/ltmain.sh
@@ -1,9 +1,12 @@
+#! /bin/sh
+## DO NOT EDIT - This file generated from ./build-aux/ltmain.in
+## by inline-source v2014-01-03.01
-# libtool (GNU libtool) 2.4.2
+# libtool (GNU libtool) 2.4.6
+# Provide generalized library-building support services.
# Written by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
-# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
+# Copyright (C) 1996-2015 Free Software Foundation, Inc.
# This is free software; see the source for copying conditions. There is NO
# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@@ -23,881 +26,2112 @@
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with GNU Libtool; see the file COPYING. If not, a copy
-# can be downloaded from http://www.gnu.org/licenses/gpl.html,
-# or obtained by writing to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
-# Usage: $progname [OPTION]... [MODE-ARG]...
-#
-# Provide generalized library-building support services.
-#
-# --config show all configuration variables
-# --debug enable verbose shell tracing
-# -n, --dry-run display commands without modifying any files
-# --features display basic configuration information and exit
-# --mode=MODE use operation mode MODE
-# --preserve-dup-deps don't remove duplicate dependency libraries
-# --quiet, --silent don't print informational messages
-# --no-quiet, --no-silent
-# print informational messages (default)
-# --no-warn don't display warning messages
-# --tag=TAG use configuration variables from tag TAG
-# -v, --verbose print more informational messages than default
-# --no-verbose don't print the extra informational messages
-# --version print version information
-# -h, --help, --help-all print short, long, or detailed help message
-#
-# MODE must be one of the following:
-#
-# clean remove files from the build directory
-# compile compile a source file into a libtool object
-# execute automatically set library path, then run a program
-# finish complete the installation of libtool libraries
-# install install libraries or executables
-# link create a library or an executable
-# uninstall remove libraries from an installed directory
-#
-# MODE-ARGS vary depending on the MODE. When passed as first option,
-# `--mode=MODE' may be abbreviated as `MODE' or a unique abbreviation of that.
-# Try `$progname --help --mode=MODE' for a more detailed description of MODE.
-#
-# When reporting a bug, please describe a test case to reproduce it and
-# include the following information:
-#
-# host-triplet: $host
-# shell: $SHELL
-# compiler: $LTCC
-# compiler flags: $LTCFLAGS
-# linker: $LD (gnu? $with_gnu_ld)
-# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1.3ubuntu1
-# automake: $automake_version
-# autoconf: $autoconf_version
-#
-# Report bugs to <bug-libtool at gnu.org>.
-# GNU libtool home page: <http://www.gnu.org/software/libtool/>.
-# General help using GNU software: <http://www.gnu.org/gethelp/>.
PROGRAM=libtool
PACKAGE=libtool
-VERSION="2.4.2 Debian-2.4.2-1.3ubuntu1"
-TIMESTAMP=""
-package_revision=1.3337
+VERSION="2.4.6 Debian-2.4.6-0.1"
+package_revision=2.4.6
-# Be Bourne compatible
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+
+## ------ ##
+## Usage. ##
+## ------ ##
+
+# Run './libtool --help' for help with using this script from the
+# command line.
+
+
+## ------------------------------- ##
+## User overridable command paths. ##
+## ------------------------------- ##
+
+# After configure completes, it has a better idea of some of the
+# shell tools we need than the defaults used by the functions shared
+# with bootstrap, so set those here where they can still be over-
+# ridden by the user, but otherwise take precedence.
+
+: ${AUTOCONF="autoconf"}
+: ${AUTOMAKE="automake"}
+
+
+## -------------------------- ##
+## Source external libraries. ##
+## -------------------------- ##
+
+# Much of our low-level functionality needs to be sourced from external
+# libraries, which are installed to $pkgauxdir.
+
+# Set a version string for this script.
+scriptversion=2015-01-20.17; # UTC
+
+# General shell script boiler plate, and helper functions.
+# Written by Gary V. Vaughan, 2004
+
+# Copyright (C) 2004-2015 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions. There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+
+# As a special exception to the GNU General Public License, if you distribute
+# this file as part of a program or library that is built using GNU Libtool,
+# you may include this file under the same distribution terms that you use
+# for the rest of that program.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Please report bugs or propose patches to gary at gnu.org.
+
+
+## ------ ##
+## Usage. ##
+## ------ ##
+
+# Evaluate this file near the top of your script to gain access to
+# the functions and variables defined here:
+#
+# . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh
+#
+# If you need to override any of the default environment variable
+# settings, do that before evaluating this file.
+
+
+## -------------------- ##
+## Shell normalisation. ##
+## -------------------- ##
+
+# Some shells need a little help to be as Bourne compatible as possible.
+# Before doing anything else, make sure all that help has been provided!
+
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
emulate sh
NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
setopt NO_GLOB_SUBST
else
- case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
+ case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac
fi
-BIN_SH=xpg4; export BIN_SH # for Tru64
-DUALCASE=1; export DUALCASE # for MKS sh
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-$1
-_LTECHO_EOF'
-}
-# NLS nuisances: We save the old values to restore during execute mode.
-lt_user_locale=
-lt_safe_locale=
-for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+# NLS nuisances: We save the old values in case they are required later.
+_G_user_locale=
+_G_safe_locale=
+for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
do
- eval "if test \"\${$lt_var+set}\" = set; then
- save_$lt_var=\$$lt_var
- $lt_var=C
- export $lt_var
- lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\"
- lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\"
+ eval "if test set = \"\${$_G_var+set}\"; then
+ save_$_G_var=\$$_G_var
+ $_G_var=C
+ export $_G_var
+ _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\"
+ _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\"
fi"
done
-LC_ALL=C
-LANGUAGE=C
-export LANGUAGE LC_ALL
-$lt_unset CDPATH
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+# Make sure IFS has a sensible default
+sp=' '
+nl='
+'
+IFS="$sp $nl"
+
+# There are apparently some retarded systems that use ';' as a PATH separator!
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
-# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
-# is ksh but when the shell is invoked as "sh" and the current value of
-# the _XPG environment variable is not equal to 1 (one), the special
-# positional parameter $0, within a function call, is the name of the
-# function.
-progpath="$0"
+## ------------------------- ##
+## Locate command utilities. ##
+## ------------------------- ##
+
+
+# func_executable_p FILE
+# ----------------------
+# Check that FILE is an executable regular file.
+func_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+}
+
+
+# func_path_progs PROGS_LIST CHECK_FUNC [PATH]
+# --------------------------------------------
+# Search for either a program that responds to --version with output
+# containing "GNU", or else returned by CHECK_FUNC otherwise, by
+# trying all the directories in PATH with each of the elements of
+# PROGS_LIST.
+#
+# CHECK_FUNC should accept the path to a candidate program, and
+# set $func_check_prog_result if it truncates its output less than
+# $_G_path_prog_max characters.
+func_path_progs ()
+{
+ _G_progs_list=$1
+ _G_check_func=$2
+ _G_PATH=${3-"$PATH"}
+
+ _G_path_prog_max=0
+ _G_path_prog_found=false
+ _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:}
+ for _G_dir in $_G_PATH; do
+ IFS=$_G_save_IFS
+ test -z "$_G_dir" && _G_dir=.
+ for _G_prog_name in $_G_progs_list; do
+ for _exeext in '' .EXE; do
+ _G_path_prog=$_G_dir/$_G_prog_name$_exeext
+ func_executable_p "$_G_path_prog" || continue
+ case `"$_G_path_prog" --version 2>&1` in
+ *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;;
+ *) $_G_check_func $_G_path_prog
+ func_path_progs_result=$func_check_prog_result
+ ;;
+ esac
+ $_G_path_prog_found && break 3
+ done
+ done
+ done
+ IFS=$_G_save_IFS
+ test -z "$func_path_progs_result" && {
+ echo "no acceptable sed could be found in \$PATH" >&2
+ exit 1
+ }
+}
+
+
+# We want to be able to use the functions in this file before configure
+# has figured out where the best binaries are kept, which means we have
+# to search for them ourselves - except when the results are already set
+# where we skip the searches.
+
+# Unless the user overrides by setting SED, search the path for either GNU
+# sed, or the sed that truncates its output the least.
+test -z "$SED" && {
+ _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+ for _G_i in 1 2 3 4 5 6 7; do
+ _G_sed_script=$_G_sed_script$nl$_G_sed_script
+ done
+ echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed
+ _G_sed_script=
+
+ func_check_prog_sed ()
+ {
+ _G_path_prog=$1
+
+ _G_count=0
+ printf 0123456789 >conftest.in
+ while :
+ do
+ cat conftest.in conftest.in >conftest.tmp
+ mv conftest.tmp conftest.in
+ cp conftest.in conftest.nl
+ echo '' >> conftest.nl
+ "$_G_path_prog" -f conftest.sed <conftest.nl >conftest.out 2>/dev/null || break
+ diff conftest.out conftest.nl >/dev/null 2>&1 || break
+ _G_count=`expr $_G_count + 1`
+ if test "$_G_count" -gt "$_G_path_prog_max"; then
+ # Best one so far, save it but keep looking for a better one
+ func_check_prog_result=$_G_path_prog
+ _G_path_prog_max=$_G_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test 10 -lt "$_G_count" && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out
+ }
+
+ func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin
+ rm -f conftest.sed
+ SED=$func_path_progs_result
+}
+
+
+# Unless the user overrides by setting GREP, search the path for either GNU
+# grep, or the grep that truncates its output the least.
+test -z "$GREP" && {
+ func_check_prog_grep ()
+ {
+ _G_path_prog=$1
+
+ _G_count=0
+ _G_path_prog_max=0
+ printf 0123456789 >conftest.in
+ while :
+ do
+ cat conftest.in conftest.in >conftest.tmp
+ mv conftest.tmp conftest.in
+ cp conftest.in conftest.nl
+ echo 'GREP' >> conftest.nl
+ "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' <conftest.nl >conftest.out 2>/dev/null || break
+ diff conftest.out conftest.nl >/dev/null 2>&1 || break
+ _G_count=`expr $_G_count + 1`
+ if test "$_G_count" -gt "$_G_path_prog_max"; then
+ # Best one so far, save it but keep looking for a better one
+ func_check_prog_result=$_G_path_prog
+ _G_path_prog_max=$_G_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test 10 -lt "$_G_count" && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out
+ }
+
+ func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin
+ GREP=$func_path_progs_result
+}
+
+
+## ------------------------------- ##
+## User overridable command paths. ##
+## ------------------------------- ##
+
+# All uppercase variable names are used for environment variables. These
+# variables can be overridden by the user before calling a script that
+# uses them if a suitable command of that name is not already available
+# in the command search PATH.
: ${CP="cp -f"}
-test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'}
+: ${ECHO="printf %s\n"}
+: ${EGREP="$GREP -E"}
+: ${FGREP="$GREP -F"}
+: ${LN_S="ln -s"}
: ${MAKE="make"}
: ${MKDIR="mkdir"}
: ${MV="mv -f"}
: ${RM="rm -f"}
: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
-: ${Xsed="$SED -e 1s/^X//"}
-
-# Global variables:
-EXIT_SUCCESS=0
-EXIT_FAILURE=1
-EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing.
-EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake.
-
-exit_status=$EXIT_SUCCESS
-
-# Make sure IFS has a sensible default
-lt_nl='
-'
-IFS=" $lt_nl"
-dirname="s,/[^/]*$,,"
-basename="s,^.*/,,"
-# func_dirname file append nondir_replacement
-# Compute the dirname of FILE. If nonempty, add APPEND to the result,
-# otherwise set result to NONDIR_REPLACEMENT.
-func_dirname ()
-{
- func_dirname_result=`$ECHO "${1}" | $SED "$dirname"`
- if test "X$func_dirname_result" = "X${1}"; then
- func_dirname_result="${3}"
- else
- func_dirname_result="$func_dirname_result${2}"
- fi
-} # func_dirname may be replaced by extended shell implementation
+## -------------------- ##
+## Useful sed snippets. ##
+## -------------------- ##
+sed_dirname='s|/[^/]*$||'
+sed_basename='s|^.*/||'
-# func_basename file
-func_basename ()
-{
- func_basename_result=`$ECHO "${1}" | $SED "$basename"`
-} # func_basename may be replaced by extended shell implementation
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s|\([`"$\\]\)|\\\1|g'
+# Same as above, but do not quote variable references.
+sed_double_quote_subst='s/\(["`\\]\)/\\\1/g'
-# func_dirname_and_basename file append nondir_replacement
-# perform func_basename and func_dirname in a single function
-# call:
-# dirname: Compute the dirname of FILE. If nonempty,
-# add APPEND to the result, otherwise set result
-# to NONDIR_REPLACEMENT.
-# value returned in "$func_dirname_result"
-# basename: Compute filename of FILE.
-# value retuned in "$func_basename_result"
-# Implementation must be kept synchronized with func_dirname
-# and func_basename. For efficiency, we do not delegate to
-# those functions but instead duplicate the functionality here.
-func_dirname_and_basename ()
-{
- # Extract subdirectory from the argument.
- func_dirname_result=`$ECHO "${1}" | $SED -e "$dirname"`
- if test "X$func_dirname_result" = "X${1}"; then
- func_dirname_result="${3}"
- else
- func_dirname_result="$func_dirname_result${2}"
- fi
- func_basename_result=`$ECHO "${1}" | $SED -e "$basename"`
-} # func_dirname_and_basename may be replaced by extended shell implementation
+# Sed substitution that turns a string into a regex matching for the
+# string literally.
+sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g'
+# Sed substitution that converts a w32 file name or path
+# that contains forward slashes, into one that contains
+# (escaped) backslashes. A very naive implementation.
+sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+
+# Re-'\' parameter expansions in output of sed_double_quote_subst that
+# were '\'-ed in input to the same. If an odd number of '\' preceded a
+# '$' in input to sed_double_quote_subst, that '$' was protected from
+# expansion. Since each input '\' is now two '\'s, look for any number
+# of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'.
+_G_bs='\\'
+_G_bs2='\\\\'
+_G_bs4='\\\\\\\\'
+_G_dollar='\$'
+sed_double_backslash="\
+ s/$_G_bs4/&\\
+/g
+ s/^$_G_bs2$_G_dollar/$_G_bs&/
+ s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g
+ s/\n//g"
-# func_stripname prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-# func_strip_suffix prefix name
-func_stripname ()
-{
- case ${2} in
- .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;;
- *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;;
- esac
-} # func_stripname may be replaced by extended shell implementation
+## ----------------- ##
+## Global variables. ##
+## ----------------- ##
-# These SED scripts presuppose an absolute path with a trailing slash.
-pathcar='s,^/\([^/]*\).*$,\1,'
-pathcdr='s,^/[^/]*,,'
-removedotparts=':dotsl
- s@/\./@/@g
- t dotsl
- s,/\.$,/,'
-collapseslashes='s@/\{1,\}@/@g'
-finalslash='s,/*$,/,'
+# Except for the global variables explicitly listed below, the following
+# functions in the '^func_' namespace, and the '^require_' namespace
+# variables initialised in the 'Resource management' section, sourcing
+# this file will not pollute your global namespace with anything
+# else. There's no portable way to scope variables in Bourne shell
+# though, so actually running these functions will sometimes place
+# results into a variable named after the function, and often use
+# temporary variables in the '^_G_' namespace. If you are careful to
+# avoid using those namespaces casually in your sourcing script, things
+# should continue to work as you expect. And, of course, you can freely
+# overwrite any of the functions or variables defined here before
+# calling anything to customize them.
-# func_normal_abspath PATH
-# Remove doubled-up and trailing slashes, "." path components,
-# and cancel out any ".." path components in PATH after making
-# it an absolute path.
-# value returned in "$func_normal_abspath_result"
-func_normal_abspath ()
-{
- # Start from root dir and reassemble the path.
- func_normal_abspath_result=
- func_normal_abspath_tpath=$1
- func_normal_abspath_altnamespace=
- case $func_normal_abspath_tpath in
- "")
- # Empty path, that just means $cwd.
- func_stripname '' '/' "`pwd`"
- func_normal_abspath_result=$func_stripname_result
- return
- ;;
- # The next three entries are used to spot a run of precisely
- # two leading slashes without using negated character classes;
- # we take advantage of case's first-match behaviour.
- ///*)
- # Unusual form of absolute path, do nothing.
- ;;
- //*)
- # Not necessarily an ordinary path; POSIX reserves leading '//'
- # and for example Cygwin uses it to access remote file shares
- # over CIFS/SMB, so we conserve a leading double slash if found.
- func_normal_abspath_altnamespace=/
- ;;
- /*)
- # Absolute path, do nothing.
- ;;
- *)
- # Relative path, prepend $cwd.
- func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath
- ;;
- esac
- # Cancel out all the simple stuff to save iterations. We also want
- # the path to end with a slash for ease of parsing, so make sure
- # there is one (and only one) here.
- func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
- -e "$removedotparts" -e "$collapseslashes" -e "$finalslash"`
- while :; do
- # Processed it all yet?
- if test "$func_normal_abspath_tpath" = / ; then
- # If we ascended to the root using ".." the result may be empty now.
- if test -z "$func_normal_abspath_result" ; then
- func_normal_abspath_result=/
- fi
- break
- fi
- func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \
- -e "$pathcar"`
- func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
- -e "$pathcdr"`
- # Figure out what to do with it
- case $func_normal_abspath_tcomponent in
- "")
- # Trailing empty path component, ignore it.
- ;;
- ..)
- # Parent dir; strip last assembled component from result.
- func_dirname "$func_normal_abspath_result"
- func_normal_abspath_result=$func_dirname_result
- ;;
- *)
- # Actual path component, append it.
- func_normal_abspath_result=$func_normal_abspath_result/$func_normal_abspath_tcomponent
- ;;
- esac
- done
- # Restore leading double-slash if one was found on entry.
- func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result
-}
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing.
+EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake.
-# func_relative_path SRCDIR DSTDIR
-# generates a relative path from SRCDIR to DSTDIR, with a trailing
-# slash if non-empty, suitable for immediately appending a filename
-# without needing to append a separator.
-# value returned in "$func_relative_path_result"
-func_relative_path ()
-{
- func_relative_path_result=
- func_normal_abspath "$1"
- func_relative_path_tlibdir=$func_normal_abspath_result
- func_normal_abspath "$2"
- func_relative_path_tbindir=$func_normal_abspath_result
-
- # Ascend the tree starting from libdir
- while :; do
- # check if we have found a prefix of bindir
- case $func_relative_path_tbindir in
- $func_relative_path_tlibdir)
- # found an exact match
- func_relative_path_tcancelled=
- break
- ;;
- $func_relative_path_tlibdir*)
- # found a matching prefix
- func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir"
- func_relative_path_tcancelled=$func_stripname_result
- if test -z "$func_relative_path_result"; then
- func_relative_path_result=.
- fi
- break
- ;;
- *)
- func_dirname $func_relative_path_tlibdir
- func_relative_path_tlibdir=${func_dirname_result}
- if test "x$func_relative_path_tlibdir" = x ; then
- # Have to descend all the way to the root!
- func_relative_path_result=../$func_relative_path_result
- func_relative_path_tcancelled=$func_relative_path_tbindir
- break
- fi
- func_relative_path_result=../$func_relative_path_result
- ;;
- esac
- done
+# Allow overriding, eg assuming that you follow the convention of
+# putting '$debug_cmd' at the start of all your functions, you can get
+# bash to show function call trace with:
+#
+# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name
+debug_cmd=${debug_cmd-":"}
+exit_cmd=:
- # Now calculate path; take care to avoid doubling-up slashes.
- func_stripname '' '/' "$func_relative_path_result"
- func_relative_path_result=$func_stripname_result
- func_stripname '/' '/' "$func_relative_path_tcancelled"
- if test "x$func_stripname_result" != x ; then
- func_relative_path_result=${func_relative_path_result}/${func_stripname_result}
- fi
+# By convention, finish your script with:
+#
+# exit $exit_status
+#
+# so that you can set exit_status to non-zero if you want to indicate
+# something went wrong during execution without actually bailing out at
+# the point of failure.
+exit_status=$EXIT_SUCCESS
- # Normalisation. If bindir is libdir, return empty string,
- # else relative path ending with a slash; either way, target
- # file name can be directly appended.
- if test ! -z "$func_relative_path_result"; then
- func_stripname './' '' "$func_relative_path_result/"
- func_relative_path_result=$func_stripname_result
- fi
-}
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath=$0
-# The name of this program:
-func_dirname_and_basename "$progpath"
-progname=$func_basename_result
+# The name of this program.
+progname=`$ECHO "$progpath" |$SED "$sed_basename"`
-# Make sure we have an absolute path for reexecution:
+# Make sure we have an absolute progpath for reexecution:
case $progpath in
[\\/]*|[A-Za-z]:\\*) ;;
*[\\/]*)
- progdir=$func_dirname_result
+ progdir=`$ECHO "$progpath" |$SED "$sed_dirname"`
progdir=`cd "$progdir" && pwd`
- progpath="$progdir/$progname"
+ progpath=$progdir/$progname
;;
*)
- save_IFS="$IFS"
+ _G_IFS=$IFS
IFS=${PATH_SEPARATOR-:}
for progdir in $PATH; do
- IFS="$save_IFS"
+ IFS=$_G_IFS
test -x "$progdir/$progname" && break
done
- IFS="$save_IFS"
+ IFS=$_G_IFS
test -n "$progdir" || progdir=`pwd`
- progpath="$progdir/$progname"
+ progpath=$progdir/$progname
;;
esac
-# Sed substitution that helps us do robust quoting. It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed="${SED}"' -e 1s/^X//'
-sed_quote_subst='s/\([`"$\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\(["`\\]\)/\\\1/g'
-# Sed substitution that turns a string into a regex matching for the
-# string literally.
-sed_make_literal_regex='s,[].[^$\\*\/],\\&,g'
+## ----------------- ##
+## Standard options. ##
+## ----------------- ##
-# Sed substitution that converts a w32 file name or path
-# which contains forward slashes, into one that contains
-# (escaped) backslashes. A very naive implementation.
-lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
-
-# Re-`\' parameter expansions in output of double_quote_subst that were
-# `\'-ed in input to the same. If an odd number of `\' preceded a '$'
-# in input to double_quote_subst, that '$' was protected from expansion.
-# Since each input `\' is now two `\'s, look for any number of runs of
-# four `\'s followed by two `\'s and then a '$'. `\' that '$'.
-bs='\\'
-bs2='\\\\'
-bs4='\\\\\\\\'
-dollar='\$'
-sed_double_backslash="\
- s/$bs4/&\\
-/g
- s/^$bs2$dollar/$bs&/
- s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g
- s/\n//g"
+# The following options affect the operation of the functions defined
+# below, and should be set appropriately depending on run-time para-
+# meters passed on the command line.
-# Standard options:
opt_dry_run=false
-opt_help=false
opt_quiet=false
opt_verbose=false
-opt_warning=:
-# func_echo arg...
-# Echo program name prefixed message, along with the current mode
-# name if it has been set yet.
-func_echo ()
-{
- $ECHO "$progname: ${opt_mode+$opt_mode: }$*"
-}
+# Categories 'all' and 'none' are always available. Append any others
+# you will pass as the first argument to func_warning from your own
+# code.
+warning_categories=
-# func_verbose arg...
-# Echo program name prefixed message in verbose mode only.
-func_verbose ()
-{
- $opt_verbose && func_echo ${1+"$@"}
+# By default, display warnings according to 'opt_warning_types'. Set
+# 'warning_func' to ':' to elide all warnings, or func_fatal_error to
+# treat the next displayed warning as a fatal error.
+warning_func=func_warn_and_continue
- # A bug in bash halts the script if the last line of a function
- # fails when set -e is in force, so we need another command to
- # work around that:
- :
-}
+# Set to 'all' to display all warnings, 'none' to suppress all
+# warnings, or a space delimited list of some subset of
+# 'warning_categories' to display only the listed warnings.
+opt_warning_types=all
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
- $ECHO "$*"
-}
-# func_error arg...
-# Echo program name prefixed message to standard error.
-func_error ()
-{
- $ECHO "$progname: ${opt_mode+$opt_mode: }"${1+"$@"} 1>&2
-}
+## -------------------- ##
+## Resource management. ##
+## -------------------- ##
-# func_warning arg...
-# Echo program name prefixed warning message to standard error.
-func_warning ()
-{
- $opt_warning && $ECHO "$progname: ${opt_mode+$opt_mode: }warning: "${1+"$@"} 1>&2
+# This section contains definitions for functions that each ensure a
+# particular resource (a file, or a non-empty configuration variable for
+# example) is available, and if appropriate to extract default values
+# from pertinent package files. Call them using their associated
+# 'require_*' variable to ensure that they are executed, at most, once.
+#
+# It's entirely deliberate that calling these functions can set
+# variables that don't obey the namespace limitations obeyed by the rest
+# of this file, in order that that they be as useful as possible to
+# callers.
- # bash bug again:
- :
-}
-# func_fatal_error arg...
-# Echo program name prefixed message to standard error, and exit.
-func_fatal_error ()
+# require_term_colors
+# -------------------
+# Allow display of bold text on terminals that support it.
+require_term_colors=func_require_term_colors
+func_require_term_colors ()
{
- func_error ${1+"$@"}
- exit $EXIT_FAILURE
-}
+ $debug_cmd
+
+ test -t 1 && {
+ # COLORTERM and USE_ANSI_COLORS environment variables take
+ # precedence, because most terminfo databases neglect to describe
+ # whether color sequences are supported.
+ test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"}
+
+ if test 1 = "$USE_ANSI_COLORS"; then
+ # Standard ANSI escape sequences
+ tc_reset='�[0m'
+ tc_bold='�[1m'; tc_standout='�[7m'
+ tc_red='�[31m'; tc_green='�[32m'
+ tc_blue='�[34m'; tc_cyan='�[36m'
+ else
+ # Otherwise trust the terminfo database after all.
+ test -n "`tput sgr0 2>/dev/null`" && {
+ tc_reset=`tput sgr0`
+ test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold`
+ tc_standout=$tc_bold
+ test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso`
+ test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1`
+ test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2`
+ test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4`
+ test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5`
+ }
+ fi
+ }
-# func_fatal_help arg...
-# Echo program name prefixed message to standard error, followed by
-# a help hint, and exit.
-func_fatal_help ()
-{
- func_error ${1+"$@"}
- func_fatal_error "$help"
+ require_term_colors=:
}
-help="Try \`$progname --help' for more information." ## default
-# func_grep expression filename
+## ----------------- ##
+## Function library. ##
+## ----------------- ##
+
+# This section contains a variety of useful functions to call in your
+# scripts. Take note of the portable wrappers for features provided by
+# some modern shells, which will fall back to slower equivalents on
+# less featureful shells.
+
+
+# func_append VAR VALUE
+# ---------------------
+# Append VALUE onto the existing contents of VAR.
+
+ # We should try to minimise forks, especially on Windows where they are
+ # unreasonably slow, so skip the feature probes when bash or zsh are
+ # being used:
+ if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then
+ : ${_G_HAVE_ARITH_OP="yes"}
+ : ${_G_HAVE_XSI_OPS="yes"}
+ # The += operator was introduced in bash 3.1
+ case $BASH_VERSION in
+ [12].* | 3.0 | 3.0*) ;;
+ *)
+ : ${_G_HAVE_PLUSEQ_OP="yes"}
+ ;;
+ esac
+ fi
+
+ # _G_HAVE_PLUSEQ_OP
+ # Can be empty, in which case the shell is probed, "yes" if += is
+ # useable or anything else if it does not work.
+ test -z "$_G_HAVE_PLUSEQ_OP" \
+ && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \
+ && _G_HAVE_PLUSEQ_OP=yes
+
+if test yes = "$_G_HAVE_PLUSEQ_OP"
+then
+ # This is an XSI compatible shell, allowing a faster implementation...
+ eval 'func_append ()
+ {
+ $debug_cmd
+
+ eval "$1+=\$2"
+ }'
+else
+ # ...otherwise fall back to using expr, which is often a shell builtin.
+ func_append ()
+ {
+ $debug_cmd
+
+ eval "$1=\$$1\$2"
+ }
+fi
+
+
+# func_append_quoted VAR VALUE
+# ----------------------------
+# Quote VALUE and append to the end of shell variable VAR, separated
+# by a space.
+if test yes = "$_G_HAVE_PLUSEQ_OP"; then
+ eval 'func_append_quoted ()
+ {
+ $debug_cmd
+
+ func_quote_for_eval "$2"
+ eval "$1+=\\ \$func_quote_for_eval_result"
+ }'
+else
+ func_append_quoted ()
+ {
+ $debug_cmd
+
+ func_quote_for_eval "$2"
+ eval "$1=\$$1\\ \$func_quote_for_eval_result"
+ }
+fi
+
+
+# func_append_uniq VAR VALUE
+# --------------------------
+# Append unique VALUE onto the existing contents of VAR, assuming
+# entries are delimited by the first character of VALUE. For example:
+#
+# func_append_uniq options " --another-option option-argument"
+#
+# will only append to $options if " --another-option option-argument "
+# is not already present somewhere in $options already (note spaces at
+# each end implied by leading space in second argument).
+func_append_uniq ()
+{
+ $debug_cmd
+
+ eval _G_current_value='`$ECHO $'$1'`'
+ _G_delim=`expr "$2" : '\(.\)'`
+
+ case $_G_delim$_G_current_value$_G_delim in
+ *"$2$_G_delim"*) ;;
+ *) func_append "$@" ;;
+ esac
+}
+
+
+# func_arith TERM...
+# ------------------
+# Set func_arith_result to the result of evaluating TERMs.
+ test -z "$_G_HAVE_ARITH_OP" \
+ && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \
+ && _G_HAVE_ARITH_OP=yes
+
+if test yes = "$_G_HAVE_ARITH_OP"; then
+ eval 'func_arith ()
+ {
+ $debug_cmd
+
+ func_arith_result=$(( $* ))
+ }'
+else
+ func_arith ()
+ {
+ $debug_cmd
+
+ func_arith_result=`expr "$@"`
+ }
+fi
+
+
+# func_basename FILE
+# ------------------
+# Set func_basename_result to FILE with everything up to and including
+# the last / stripped.
+if test yes = "$_G_HAVE_XSI_OPS"; then
+ # If this shell supports suffix pattern removal, then use it to avoid
+ # forking. Hide the definitions single quotes in case the shell chokes
+ # on unsupported syntax...
+ _b='func_basename_result=${1##*/}'
+ _d='case $1 in
+ */*) func_dirname_result=${1%/*}$2 ;;
+ * ) func_dirname_result=$3 ;;
+ esac'
+
+else
+ # ...otherwise fall back to using sed.
+ _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`'
+ _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"`
+ if test "X$func_dirname_result" = "X$1"; then
+ func_dirname_result=$3
+ else
+ func_append func_dirname_result "$2"
+ fi'
+fi
+
+eval 'func_basename ()
+{
+ $debug_cmd
+
+ '"$_b"'
+}'
+
+
+# func_dirname FILE APPEND NONDIR_REPLACEMENT
+# -------------------------------------------
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+eval 'func_dirname ()
+{
+ $debug_cmd
+
+ '"$_d"'
+}'
+
+
+# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT
+# --------------------------------------------------------
+# Perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# For efficiency, we do not delegate to the functions above but instead
+# duplicate the functionality here.
+eval 'func_dirname_and_basename ()
+{
+ $debug_cmd
+
+ '"$_b"'
+ '"$_d"'
+}'
+
+
+# func_echo ARG...
+# ----------------
+# Echo program name prefixed message.
+func_echo ()
+{
+ $debug_cmd
+
+ _G_message=$*
+
+ func_echo_IFS=$IFS
+ IFS=$nl
+ for _G_line in $_G_message; do
+ IFS=$func_echo_IFS
+ $ECHO "$progname: $_G_line"
+ done
+ IFS=$func_echo_IFS
+}
+
+
+# func_echo_all ARG...
+# --------------------
+# Invoke $ECHO with all args, space-separated.
+func_echo_all ()
+{
+ $ECHO "$*"
+}
+
+
+# func_echo_infix_1 INFIX ARG...
+# ------------------------------
+# Echo program name, followed by INFIX on the first line, with any
+# additional lines not showing INFIX.
+func_echo_infix_1 ()
+{
+ $debug_cmd
+
+ $require_term_colors
+
+ _G_infix=$1; shift
+ _G_indent=$_G_infix
+ _G_prefix="$progname: $_G_infix: "
+ _G_message=$*
+
+ # Strip color escape sequences before counting printable length
+ for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan"
+ do
+ test -n "$_G_tc" && {
+ _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"`
+ _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"`
+ }
+ done
+ _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes
+
+ func_echo_infix_1_IFS=$IFS
+ IFS=$nl
+ for _G_line in $_G_message; do
+ IFS=$func_echo_infix_1_IFS
+ $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2
+ _G_prefix=$_G_indent
+ done
+ IFS=$func_echo_infix_1_IFS
+}
+
+
+# func_error ARG...
+# -----------------
+# Echo program name prefixed message to standard error.
+func_error ()
+{
+ $debug_cmd
+
+ $require_term_colors
+
+ func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2
+}
+
+
+# func_fatal_error ARG...
+# -----------------------
+# Echo program name prefixed message to standard error, and exit.
+func_fatal_error ()
+{
+ $debug_cmd
+
+ func_error "$*"
+ exit $EXIT_FAILURE
+}
+
+
+# func_grep EXPRESSION FILENAME
+# -----------------------------
# Check whether EXPRESSION matches any line of FILENAME, without output.
func_grep ()
{
+ $debug_cmd
+
$GREP "$1" "$2" >/dev/null 2>&1
}
-# func_mkdir_p directory-path
+# func_len STRING
+# ---------------
+# Set func_len_result to the length of STRING. STRING may not
+# start with a hyphen.
+ test -z "$_G_HAVE_XSI_OPS" \
+ && (eval 'x=a/b/c;
+ test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
+ && _G_HAVE_XSI_OPS=yes
+
+if test yes = "$_G_HAVE_XSI_OPS"; then
+ eval 'func_len ()
+ {
+ $debug_cmd
+
+ func_len_result=${#1}
+ }'
+else
+ func_len ()
+ {
+ $debug_cmd
+
+ func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
+ }
+fi
+
+
+# func_mkdir_p DIRECTORY-PATH
+# ---------------------------
# Make sure the entire path to DIRECTORY-PATH is available.
func_mkdir_p ()
{
- my_directory_path="$1"
- my_dir_list=
+ $debug_cmd
- if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then
+ _G_directory_path=$1
+ _G_dir_list=
- # Protect directory names starting with `-'
- case $my_directory_path in
- -*) my_directory_path="./$my_directory_path" ;;
+ if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then
+
+ # Protect directory names starting with '-'
+ case $_G_directory_path in
+ -*) _G_directory_path=./$_G_directory_path ;;
esac
# While some portion of DIR does not yet exist...
- while test ! -d "$my_directory_path"; do
+ while test ! -d "$_G_directory_path"; do
# ...make a list in topmost first order. Use a colon delimited
# list incase some portion of path contains whitespace.
- my_dir_list="$my_directory_path:$my_dir_list"
+ _G_dir_list=$_G_directory_path:$_G_dir_list
# If the last portion added has no slash in it, the list is done
- case $my_directory_path in */*) ;; *) break ;; esac
+ case $_G_directory_path in */*) ;; *) break ;; esac
# ...otherwise throw away the child directory and loop
- my_directory_path=`$ECHO "$my_directory_path" | $SED -e "$dirname"`
+ _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"`
done
- my_dir_list=`$ECHO "$my_dir_list" | $SED 's,:*$,,'`
+ _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'`
- save_mkdir_p_IFS="$IFS"; IFS=':'
- for my_dir in $my_dir_list; do
- IFS="$save_mkdir_p_IFS"
- # mkdir can fail with a `File exist' error if two processes
+ func_mkdir_p_IFS=$IFS; IFS=:
+ for _G_dir in $_G_dir_list; do
+ IFS=$func_mkdir_p_IFS
+ # mkdir can fail with a 'File exist' error if two processes
# try to create one of the directories concurrently. Don't
# stop in that case!
- $MKDIR "$my_dir" 2>/dev/null || :
+ $MKDIR "$_G_dir" 2>/dev/null || :
done
- IFS="$save_mkdir_p_IFS"
+ IFS=$func_mkdir_p_IFS
# Bail out if we (or some other process) failed to create a directory.
- test -d "$my_directory_path" || \
- func_fatal_error "Failed to create \`$1'"
+ test -d "$_G_directory_path" || \
+ func_fatal_error "Failed to create '$1'"
fi
}
-# func_mktempdir [string]
+# func_mktempdir [BASENAME]
+# -------------------------
# Make a temporary directory that won't clash with other running
# libtool processes, and avoids race conditions if possible. If
-# given, STRING is the basename for that directory.
+# given, BASENAME is the basename for that directory.
func_mktempdir ()
{
- my_template="${TMPDIR-/tmp}/${1-$progname}"
+ $debug_cmd
+
+ _G_template=${TMPDIR-/tmp}/${1-$progname}
- if test "$opt_dry_run" = ":"; then
+ if test : = "$opt_dry_run"; then
# Return a directory name, but don't create it in dry-run mode
- my_tmpdir="${my_template}-$$"
+ _G_tmpdir=$_G_template-$$
else
# If mktemp works, use that first and foremost
- my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+ _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null`
- if test ! -d "$my_tmpdir"; then
+ if test ! -d "$_G_tmpdir"; then
# Failing that, at least try and use $RANDOM to avoid a race
- my_tmpdir="${my_template}-${RANDOM-0}$$"
+ _G_tmpdir=$_G_template-${RANDOM-0}$$
- save_mktempdir_umask=`umask`
+ func_mktempdir_umask=`umask`
umask 0077
- $MKDIR "$my_tmpdir"
- umask $save_mktempdir_umask
+ $MKDIR "$_G_tmpdir"
+ umask $func_mktempdir_umask
fi
# If we're not in dry-run mode, bomb out on failure
- test -d "$my_tmpdir" || \
- func_fatal_error "cannot create temporary directory \`$my_tmpdir'"
+ test -d "$_G_tmpdir" || \
+ func_fatal_error "cannot create temporary directory '$_G_tmpdir'"
+ fi
+
+ $ECHO "$_G_tmpdir"
+}
+
+
+# func_normal_abspath PATH
+# ------------------------
+# Remove doubled-up and trailing slashes, "." path components,
+# and cancel out any ".." path components in PATH after making
+# it an absolute path.
+func_normal_abspath ()
+{
+ $debug_cmd
+
+ # These SED scripts presuppose an absolute path with a trailing slash.
+ _G_pathcar='s|^/\([^/]*\).*$|\1|'
+ _G_pathcdr='s|^/[^/]*||'
+ _G_removedotparts=':dotsl
+ s|/\./|/|g
+ t dotsl
+ s|/\.$|/|'
+ _G_collapseslashes='s|/\{1,\}|/|g'
+ _G_finalslash='s|/*$|/|'
+
+ # Start from root dir and reassemble the path.
+ func_normal_abspath_result=
+ func_normal_abspath_tpath=$1
+ func_normal_abspath_altnamespace=
+ case $func_normal_abspath_tpath in
+ "")
+ # Empty path, that just means $cwd.
+ func_stripname '' '/' "`pwd`"
+ func_normal_abspath_result=$func_stripname_result
+ return
+ ;;
+ # The next three entries are used to spot a run of precisely
+ # two leading slashes without using negated character classes;
+ # we take advantage of case's first-match behaviour.
+ ///*)
+ # Unusual form of absolute path, do nothing.
+ ;;
+ //*)
+ # Not necessarily an ordinary path; POSIX reserves leading '//'
+ # and for example Cygwin uses it to access remote file shares
+ # over CIFS/SMB, so we conserve a leading double slash if found.
+ func_normal_abspath_altnamespace=/
+ ;;
+ /*)
+ # Absolute path, do nothing.
+ ;;
+ *)
+ # Relative path, prepend $cwd.
+ func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath
+ ;;
+ esac
+
+ # Cancel out all the simple stuff to save iterations. We also want
+ # the path to end with a slash for ease of parsing, so make sure
+ # there is one (and only one) here.
+ func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
+ -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"`
+ while :; do
+ # Processed it all yet?
+ if test / = "$func_normal_abspath_tpath"; then
+ # If we ascended to the root using ".." the result may be empty now.
+ if test -z "$func_normal_abspath_result"; then
+ func_normal_abspath_result=/
+ fi
+ break
+ fi
+ func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \
+ -e "$_G_pathcar"`
+ func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
+ -e "$_G_pathcdr"`
+ # Figure out what to do with it
+ case $func_normal_abspath_tcomponent in
+ "")
+ # Trailing empty path component, ignore it.
+ ;;
+ ..)
+ # Parent dir; strip last assembled component from result.
+ func_dirname "$func_normal_abspath_result"
+ func_normal_abspath_result=$func_dirname_result
+ ;;
+ *)
+ # Actual path component, append it.
+ func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent"
+ ;;
+ esac
+ done
+ # Restore leading double-slash if one was found on entry.
+ func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result
+}
+
+
+# func_notquiet ARG...
+# --------------------
+# Echo program name prefixed message only when not in quiet mode.
+func_notquiet ()
+{
+ $debug_cmd
+
+ $opt_quiet || func_echo ${1+"$@"}
+
+ # A bug in bash halts the script if the last line of a function
+ # fails when set -e is in force, so we need another command to
+ # work around that:
+ :
+}
+
+
+# func_relative_path SRCDIR DSTDIR
+# --------------------------------
+# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR.
+func_relative_path ()
+{
+ $debug_cmd
+
+ func_relative_path_result=
+ func_normal_abspath "$1"
+ func_relative_path_tlibdir=$func_normal_abspath_result
+ func_normal_abspath "$2"
+ func_relative_path_tbindir=$func_normal_abspath_result
+
+ # Ascend the tree starting from libdir
+ while :; do
+ # check if we have found a prefix of bindir
+ case $func_relative_path_tbindir in
+ $func_relative_path_tlibdir)
+ # found an exact match
+ func_relative_path_tcancelled=
+ break
+ ;;
+ $func_relative_path_tlibdir*)
+ # found a matching prefix
+ func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir"
+ func_relative_path_tcancelled=$func_stripname_result
+ if test -z "$func_relative_path_result"; then
+ func_relative_path_result=.
+ fi
+ break
+ ;;
+ *)
+ func_dirname $func_relative_path_tlibdir
+ func_relative_path_tlibdir=$func_dirname_result
+ if test -z "$func_relative_path_tlibdir"; then
+ # Have to descend all the way to the root!
+ func_relative_path_result=../$func_relative_path_result
+ func_relative_path_tcancelled=$func_relative_path_tbindir
+ break
+ fi
+ func_relative_path_result=../$func_relative_path_result
+ ;;
+ esac
+ done
+
+ # Now calculate path; take care to avoid doubling-up slashes.
+ func_stripname '' '/' "$func_relative_path_result"
+ func_relative_path_result=$func_stripname_result
+ func_stripname '/' '/' "$func_relative_path_tcancelled"
+ if test -n "$func_stripname_result"; then
+ func_append func_relative_path_result "/$func_stripname_result"
+ fi
+
+ # Normalisation. If bindir is libdir, return '.' else relative path.
+ if test -n "$func_relative_path_result"; then
+ func_stripname './' '' "$func_relative_path_result"
+ func_relative_path_result=$func_stripname_result
fi
- $ECHO "$my_tmpdir"
+ test -n "$func_relative_path_result" || func_relative_path_result=.
+
+ :
+}
+
+
+# func_quote_for_eval ARG...
+# --------------------------
+# Aesthetically quote ARGs to be evaled later.
+# This function returns two values:
+# i) func_quote_for_eval_result
+# double-quoted, suitable for a subsequent eval
+# ii) func_quote_for_eval_unquoted_result
+# has all characters that are still active within double
+# quotes backslashified.
+func_quote_for_eval ()
+{
+ $debug_cmd
+
+ func_quote_for_eval_unquoted_result=
+ func_quote_for_eval_result=
+ while test 0 -lt $#; do
+ case $1 in
+ *[\\\`\"\$]*)
+ _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;;
+ *)
+ _G_unquoted_arg=$1 ;;
+ esac
+ if test -n "$func_quote_for_eval_unquoted_result"; then
+ func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg"
+ else
+ func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg"
+ fi
+
+ case $_G_unquoted_arg in
+ # Double-quote args containing shell metacharacters to delay
+ # word splitting, command substitution and variable expansion
+ # for a subsequent eval.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ _G_quoted_arg=\"$_G_unquoted_arg\"
+ ;;
+ *)
+ _G_quoted_arg=$_G_unquoted_arg
+ ;;
+ esac
+
+ if test -n "$func_quote_for_eval_result"; then
+ func_append func_quote_for_eval_result " $_G_quoted_arg"
+ else
+ func_append func_quote_for_eval_result "$_G_quoted_arg"
+ fi
+ shift
+ done
+}
+
+
+# func_quote_for_expand ARG
+# -------------------------
+# Aesthetically quote ARG to be evaled later; same as above,
+# but do not quote variable references.
+func_quote_for_expand ()
+{
+ $debug_cmd
+
+ case $1 in
+ *[\\\`\"]*)
+ _G_arg=`$ECHO "$1" | $SED \
+ -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;;
+ *)
+ _G_arg=$1 ;;
+ esac
+
+ case $_G_arg in
+ # Double-quote args containing shell metacharacters to delay
+ # word splitting and command substitution for a subsequent eval.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ _G_arg=\"$_G_arg\"
+ ;;
+ esac
+
+ func_quote_for_expand_result=$_G_arg
+}
+
+
+# func_stripname PREFIX SUFFIX NAME
+# ---------------------------------
+# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+if test yes = "$_G_HAVE_XSI_OPS"; then
+ eval 'func_stripname ()
+ {
+ $debug_cmd
+
+ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+ # positional parameters, so assign one to ordinary variable first.
+ func_stripname_result=$3
+ func_stripname_result=${func_stripname_result#"$1"}
+ func_stripname_result=${func_stripname_result%"$2"}
+ }'
+else
+ func_stripname ()
+ {
+ $debug_cmd
+
+ case $2 in
+ .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;;
+ *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;;
+ esac
+ }
+fi
+
+
+# func_show_eval CMD [FAIL_EXP]
+# -----------------------------
+# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is
+# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.
+func_show_eval ()
+{
+ $debug_cmd
+
+ _G_cmd=$1
+ _G_fail_exp=${2-':'}
+
+ func_quote_for_expand "$_G_cmd"
+ eval "func_notquiet $func_quote_for_expand_result"
+
+ $opt_dry_run || {
+ eval "$_G_cmd"
+ _G_status=$?
+ if test 0 -ne "$_G_status"; then
+ eval "(exit $_G_status); $_G_fail_exp"
+ fi
+ }
+}
+
+
+# func_show_eval_locale CMD [FAIL_EXP]
+# ------------------------------------
+# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is
+# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it. Use the saved locale for evaluation.
+func_show_eval_locale ()
+{
+ $debug_cmd
+
+ _G_cmd=$1
+ _G_fail_exp=${2-':'}
+
+ $opt_quiet || {
+ func_quote_for_expand "$_G_cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+
+ $opt_dry_run || {
+ eval "$_G_user_locale
+ $_G_cmd"
+ _G_status=$?
+ eval "$_G_safe_locale"
+ if test 0 -ne "$_G_status"; then
+ eval "(exit $_G_status); $_G_fail_exp"
+ fi
+ }
+}
+
+
+# func_tr_sh
+# ----------
+# Turn $1 into a string suitable for a shell variable name.
+# Result is stored in $func_tr_sh_result. All characters
+# not in the set a-zA-Z0-9_ are replaced with '_'. Further,
+# if $1 begins with a digit, a '_' is prepended as well.
+func_tr_sh ()
+{
+ $debug_cmd
+
+ case $1 in
+ [0-9]* | *[!a-zA-Z0-9_]*)
+ func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'`
+ ;;
+ * )
+ func_tr_sh_result=$1
+ ;;
+ esac
+}
+
+
+# func_verbose ARG...
+# -------------------
+# Echo program name prefixed message in verbose mode only.
+func_verbose ()
+{
+ $debug_cmd
+
+ $opt_verbose && func_echo "$*"
+
+ :
+}
+
+
+# func_warn_and_continue ARG...
+# -----------------------------
+# Echo program name prefixed warning message to standard error.
+func_warn_and_continue ()
+{
+ $debug_cmd
+
+ $require_term_colors
+
+ func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2
+}
+
+
+# func_warning CATEGORY ARG...
+# ----------------------------
+# Echo program name prefixed warning message to standard error. Warning
+# messages can be filtered according to CATEGORY, where this function
+# elides messages where CATEGORY is not listed in the global variable
+# 'opt_warning_types'.
+func_warning ()
+{
+ $debug_cmd
+
+ # CATEGORY must be in the warning_categories list!
+ case " $warning_categories " in
+ *" $1 "*) ;;
+ *) func_internal_error "invalid warning category '$1'" ;;
+ esac
+
+ _G_category=$1
+ shift
+
+ case " $opt_warning_types " in
+ *" $_G_category "*) $warning_func ${1+"$@"} ;;
+ esac
+}
+
+
+# func_sort_ver VER1 VER2
+# -----------------------
+# 'sort -V' is not generally available.
+# Note this deviates from the version comparison in automake
+# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a
+# but this should suffice as we won't be specifying old
+# version formats or redundant trailing .0 in bootstrap.conf.
+# If we did want full compatibility then we should probably
+# use m4_version_compare from autoconf.
+func_sort_ver ()
+{
+ $debug_cmd
+
+ printf '%s\n%s\n' "$1" "$2" \
+ | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n
+}
+
+# func_lt_ver PREV CURR
+# ---------------------
+# Return true if PREV and CURR are in the correct order according to
+# func_sort_ver, otherwise false. Use it like this:
+#
+# func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..."
+func_lt_ver ()
+{
+ $debug_cmd
+
+ test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q`
+}
+
+
+# Local variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
+# time-stamp-time-zone: "UTC"
+# End:
+#! /bin/sh
+
+# Set a version string for this script.
+scriptversion=2014-01-07.03; # UTC
+
+# A portable, pluggable option parser for Bourne shell.
+# Written by Gary V. Vaughan, 2010
+
+# Copyright (C) 2010-2015 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions. There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Please report bugs or propose patches to gary at gnu.org.
+
+
+## ------ ##
+## Usage. ##
+## ------ ##
+
+# This file is a library for parsing options in your shell scripts along
+# with assorted other useful supporting features that you can make use
+# of too.
+#
+# For the simplest scripts you might need only:
+#
+# #!/bin/sh
+# . relative/path/to/funclib.sh
+# . relative/path/to/options-parser
+# scriptversion=1.0
+# func_options ${1+"$@"}
+# eval set dummy "$func_options_result"; shift
+# ...rest of your script...
+#
+# In order for the '--version' option to work, you will need to have a
+# suitably formatted comment like the one at the top of this file
+# starting with '# Written by ' and ending with '# warranty; '.
+#
+# For '-h' and '--help' to work, you will also need a one line
+# description of your script's purpose in a comment directly above the
+# '# Written by ' line, like the one at the top of this file.
+#
+# The default options also support '--debug', which will turn on shell
+# execution tracing (see the comment above debug_cmd below for another
+# use), and '--verbose' and the func_verbose function to allow your script
+# to display verbose messages only when your user has specified
+# '--verbose'.
+#
+# After sourcing this file, you can plug processing for additional
+# options by amending the variables from the 'Configuration' section
+# below, and following the instructions in the 'Option parsing'
+# section further down.
+
+## -------------- ##
+## Configuration. ##
+## -------------- ##
+
+# You should override these variables in your script after sourcing this
+# file so that they reflect the customisations you have added to the
+# option parser.
+
+# The usage line for option parsing errors and the start of '-h' and
+# '--help' output messages. You can embed shell variables for delayed
+# expansion at the time the message is displayed, but you will need to
+# quote other shell meta-characters carefully to prevent them being
+# expanded when the contents are evaled.
+usage='$progpath [OPTION]...'
+
+# Short help message in response to '-h' and '--help'. Add to this or
+# override it after sourcing this library to reflect the full set of
+# options your script accepts.
+usage_message="\
+ --debug enable verbose shell tracing
+ -W, --warnings=CATEGORY
+ report the warnings falling in CATEGORY [all]
+ -v, --verbose verbosely report processing
+ --version print version information and exit
+ -h, --help print short or long help message and exit
+"
+
+# Additional text appended to 'usage_message' in response to '--help'.
+long_help_message="
+Warning categories include:
+ 'all' show all warnings
+ 'none' turn off all the warnings
+ 'error' warnings are treated as fatal errors"
+
+# Help message printed before fatal option parsing errors.
+fatal_help="Try '\$progname --help' for more information."
+
+
+
+## ------------------------- ##
+## Hook function management. ##
+## ------------------------- ##
+
+# This section contains functions for adding, removing, and running hooks
+# to the main code. A hook is just a named list of of function, that can
+# be run in order later on.
+
+# func_hookable FUNC_NAME
+# -----------------------
+# Declare that FUNC_NAME will run hooks added with
+# 'func_add_hook FUNC_NAME ...'.
+func_hookable ()
+{
+ $debug_cmd
+
+ func_append hookable_fns " $1"
+}
+
+
+# func_add_hook FUNC_NAME HOOK_FUNC
+# ---------------------------------
+# Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must
+# first have been declared "hookable" by a call to 'func_hookable'.
+func_add_hook ()
+{
+ $debug_cmd
+
+ case " $hookable_fns " in
+ *" $1 "*) ;;
+ *) func_fatal_error "'$1' does not accept hook functions." ;;
+ esac
+
+ eval func_append ${1}_hooks '" $2"'
+}
+
+
+# func_remove_hook FUNC_NAME HOOK_FUNC
+# ------------------------------------
+# Remove HOOK_FUNC from the list of functions called by FUNC_NAME.
+func_remove_hook ()
+{
+ $debug_cmd
+
+ eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`'
+}
+
+
+# func_run_hooks FUNC_NAME [ARG]...
+# ---------------------------------
+# Run all hook functions registered to FUNC_NAME.
+# It is assumed that the list of hook functions contains nothing more
+# than a whitespace-delimited list of legal shell function names, and
+# no effort is wasted trying to catch shell meta-characters or preserve
+# whitespace.
+func_run_hooks ()
+{
+ $debug_cmd
+
+ case " $hookable_fns " in
+ *" $1 "*) ;;
+ *) func_fatal_error "'$1' does not support hook funcions.n" ;;
+ esac
+
+ eval _G_hook_fns=\$$1_hooks; shift
+
+ for _G_hook in $_G_hook_fns; do
+ eval $_G_hook '"$@"'
+
+ # store returned options list back into positional
+ # parameters for next 'cmd' execution.
+ eval _G_hook_result=\$${_G_hook}_result
+ eval set dummy "$_G_hook_result"; shift
+ done
+
+ func_quote_for_eval ${1+"$@"}
+ func_run_hooks_result=$func_quote_for_eval_result
+}
+
+
+
+## --------------- ##
+## Option parsing. ##
+## --------------- ##
+
+# In order to add your own option parsing hooks, you must accept the
+# full positional parameter list in your hook function, remove any
+# options that you action, and then pass back the remaining unprocessed
+# options in '<hooked_function_name>_result', escaped suitably for
+# 'eval'. Like this:
+#
+# my_options_prep ()
+# {
+# $debug_cmd
+#
+# # Extend the existing usage message.
+# usage_message=$usage_message'
+# -s, --silent don'\''t print informational messages
+# '
+#
+# func_quote_for_eval ${1+"$@"}
+# my_options_prep_result=$func_quote_for_eval_result
+# }
+# func_add_hook func_options_prep my_options_prep
+#
+#
+# my_silent_option ()
+# {
+# $debug_cmd
+#
+# # Note that for efficiency, we parse as many options as we can
+# # recognise in a loop before passing the remainder back to the
+# # caller on the first unrecognised argument we encounter.
+# while test $# -gt 0; do
+# opt=$1; shift
+# case $opt in
+# --silent|-s) opt_silent=: ;;
+# # Separate non-argument short options:
+# -s*) func_split_short_opt "$_G_opt"
+# set dummy "$func_split_short_opt_name" \
+# "-$func_split_short_opt_arg" ${1+"$@"}
+# shift
+# ;;
+# *) set dummy "$_G_opt" "$*"; shift; break ;;
+# esac
+# done
+#
+# func_quote_for_eval ${1+"$@"}
+# my_silent_option_result=$func_quote_for_eval_result
+# }
+# func_add_hook func_parse_options my_silent_option
+#
+#
+# my_option_validation ()
+# {
+# $debug_cmd
+#
+# $opt_silent && $opt_verbose && func_fatal_help "\
+# '--silent' and '--verbose' options are mutually exclusive."
+#
+# func_quote_for_eval ${1+"$@"}
+# my_option_validation_result=$func_quote_for_eval_result
+# }
+# func_add_hook func_validate_options my_option_validation
+#
+# You'll alse need to manually amend $usage_message to reflect the extra
+# options you parse. It's preferable to append if you can, so that
+# multiple option parsing hooks can be added safely.
+
+
+# func_options [ARG]...
+# ---------------------
+# All the functions called inside func_options are hookable. See the
+# individual implementations for details.
+func_hookable func_options
+func_options ()
+{
+ $debug_cmd
+
+ func_options_prep ${1+"$@"}
+ eval func_parse_options \
+ ${func_options_prep_result+"$func_options_prep_result"}
+ eval func_validate_options \
+ ${func_parse_options_result+"$func_parse_options_result"}
+
+ eval func_run_hooks func_options \
+ ${func_validate_options_result+"$func_validate_options_result"}
+
+ # save modified positional parameters for caller
+ func_options_result=$func_run_hooks_result
}
-# func_quote_for_eval arg
-# Aesthetically quote ARG to be evaled later.
-# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT
-# is double-quoted, suitable for a subsequent eval, whereas
-# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters
-# which are still active within double quotes backslashified.
-func_quote_for_eval ()
+# func_options_prep [ARG]...
+# --------------------------
+# All initialisations required before starting the option parse loop.
+# Note that when calling hook functions, we pass through the list of
+# positional parameters. If a hook function modifies that list, and
+# needs to propogate that back to rest of this script, then the complete
+# modified list must be put in 'func_run_hooks_result' before
+# returning.
+func_hookable func_options_prep
+func_options_prep ()
{
- case $1 in
- *[\\\`\"\$]*)
- func_quote_for_eval_unquoted_result=`$ECHO "$1" | $SED "$sed_quote_subst"` ;;
- *)
- func_quote_for_eval_unquoted_result="$1" ;;
- esac
+ $debug_cmd
- case $func_quote_for_eval_unquoted_result in
- # Double-quote args containing shell metacharacters to delay
- # word splitting, command substitution and and variable
- # expansion for a subsequent eval.
- # Many Bourne shells cannot handle close brackets correctly
- # in scan sets, so we specify it separately.
- *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
- func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\""
- ;;
- *)
- func_quote_for_eval_result="$func_quote_for_eval_unquoted_result"
- esac
+ # Option defaults:
+ opt_verbose=false
+ opt_warning_types=
+
+ func_run_hooks func_options_prep ${1+"$@"}
+
+ # save modified positional parameters for caller
+ func_options_prep_result=$func_run_hooks_result
}
-# func_quote_for_expand arg
-# Aesthetically quote ARG to be evaled later; same as above,
-# but do not quote variable references.
-func_quote_for_expand ()
+# func_parse_options [ARG]...
+# ---------------------------
+# The main option parsing loop.
+func_hookable func_parse_options
+func_parse_options ()
{
- case $1 in
- *[\\\`\"]*)
- my_arg=`$ECHO "$1" | $SED \
- -e "$double_quote_subst" -e "$sed_double_backslash"` ;;
- *)
- my_arg="$1" ;;
- esac
+ $debug_cmd
- case $my_arg in
- # Double-quote args containing shell metacharacters to delay
- # word splitting and command substitution for a subsequent eval.
- # Many Bourne shells cannot handle close brackets correctly
- # in scan sets, so we specify it separately.
- *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
- my_arg="\"$my_arg\""
- ;;
- esac
+ func_parse_options_result=
- func_quote_for_expand_result="$my_arg"
-}
+ # this just eases exit handling
+ while test $# -gt 0; do
+ # Defer to hook functions for initial option parsing, so they
+ # get priority in the event of reusing an option name.
+ func_run_hooks func_parse_options ${1+"$@"}
+ # Adjust func_parse_options positional parameters to match
+ eval set dummy "$func_run_hooks_result"; shift
-# func_show_eval cmd [fail_exp]
-# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is
-# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
-# is given, then evaluate it.
-func_show_eval ()
-{
- my_cmd="$1"
- my_fail_exp="${2-:}"
+ # Break out of the loop if we already parsed every option.
+ test $# -gt 0 || break
- ${opt_silent-false} || {
- func_quote_for_expand "$my_cmd"
- eval "func_echo $func_quote_for_expand_result"
- }
+ _G_opt=$1
+ shift
+ case $_G_opt in
+ --debug|-x) debug_cmd='set -x'
+ func_echo "enabling shell trace mode"
+ $debug_cmd
+ ;;
+
+ --no-warnings|--no-warning|--no-warn)
+ set dummy --warnings none ${1+"$@"}
+ shift
+ ;;
- if ${opt_dry_run-false}; then :; else
- eval "$my_cmd"
- my_status=$?
- if test "$my_status" -eq 0; then :; else
- eval "(exit $my_status); $my_fail_exp"
- fi
- fi
+ --warnings|--warning|-W)
+ test $# = 0 && func_missing_arg $_G_opt && break
+ case " $warning_categories $1" in
+ *" $1 "*)
+ # trailing space prevents matching last $1 above
+ func_append_uniq opt_warning_types " $1"
+ ;;
+ *all)
+ opt_warning_types=$warning_categories
+ ;;
+ *none)
+ opt_warning_types=none
+ warning_func=:
+ ;;
+ *error)
+ opt_warning_types=$warning_categories
+ warning_func=func_fatal_error
+ ;;
+ *)
+ func_fatal_error \
+ "unsupported warning category: '$1'"
+ ;;
+ esac
+ shift
+ ;;
+
+ --verbose|-v) opt_verbose=: ;;
+ --version) func_version ;;
+ -\?|-h) func_usage ;;
+ --help) func_help ;;
+
+ # Separate optargs to long options (plugins may need this):
+ --*=*) func_split_equals "$_G_opt"
+ set dummy "$func_split_equals_lhs" \
+ "$func_split_equals_rhs" ${1+"$@"}
+ shift
+ ;;
+
+ # Separate optargs to short options:
+ -W*)
+ func_split_short_opt "$_G_opt"
+ set dummy "$func_split_short_opt_name" \
+ "$func_split_short_opt_arg" ${1+"$@"}
+ shift
+ ;;
+
+ # Separate non-argument short options:
+ -\?*|-h*|-v*|-x*)
+ func_split_short_opt "$_G_opt"
+ set dummy "$func_split_short_opt_name" \
+ "-$func_split_short_opt_arg" ${1+"$@"}
+ shift
+ ;;
+
+ --) break ;;
+ -*) func_fatal_help "unrecognised option: '$_G_opt'" ;;
+ *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
+ esac
+ done
+
+ # save modified positional parameters for caller
+ func_quote_for_eval ${1+"$@"}
+ func_parse_options_result=$func_quote_for_eval_result
}
-# func_show_eval_locale cmd [fail_exp]
-# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is
-# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
-# is given, then evaluate it. Use the saved locale for evaluation.
-func_show_eval_locale ()
+# func_validate_options [ARG]...
+# ------------------------------
+# Perform any sanity checks on option settings and/or unconsumed
+# arguments.
+func_hookable func_validate_options
+func_validate_options ()
{
- my_cmd="$1"
- my_fail_exp="${2-:}"
+ $debug_cmd
- ${opt_silent-false} || {
- func_quote_for_expand "$my_cmd"
- eval "func_echo $func_quote_for_expand_result"
- }
+ # Display all warnings if -W was not given.
+ test -n "$opt_warning_types" || opt_warning_types=" $warning_categories"
- if ${opt_dry_run-false}; then :; else
- eval "$lt_user_locale
- $my_cmd"
- my_status=$?
- eval "$lt_safe_locale"
- if test "$my_status" -eq 0; then :; else
- eval "(exit $my_status); $my_fail_exp"
- fi
- fi
-}
+ func_run_hooks func_validate_options ${1+"$@"}
-# func_tr_sh
-# Turn $1 into a string suitable for a shell variable name.
-# Result is stored in $func_tr_sh_result. All characters
-# not in the set a-zA-Z0-9_ are replaced with '_'. Further,
-# if $1 begins with a digit, a '_' is prepended as well.
-func_tr_sh ()
-{
- case $1 in
- [0-9]* | *[!a-zA-Z0-9_]*)
- func_tr_sh_result=`$ECHO "$1" | $SED 's/^\([0-9]\)/_\1/; s/[^a-zA-Z0-9_]/_/g'`
- ;;
- * )
- func_tr_sh_result=$1
- ;;
- esac
+ # Bail if the options were screwed!
+ $exit_cmd $EXIT_FAILURE
+
+ # save modified positional parameters for caller
+ func_validate_options_result=$func_run_hooks_result
}
-# func_version
-# Echo version message to standard output and exit.
-func_version ()
-{
- $opt_debug
- $SED -n '/(C)/!b go
- :more
- /\./!{
- N
- s/\n# / /
- b more
- }
- :go
- /^# '$PROGRAM' (GNU /,/# warranty; / {
- s/^# //
- s/^# *$//
- s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/
- p
- }' < "$progpath"
- exit $?
-}
+## ----------------- ##
+## Helper functions. ##
+## ----------------- ##
-# func_usage
-# Echo short help message to standard output and exit.
-func_usage ()
+# This section contains the helper functions used by the rest of the
+# hookable option parser framework in ascii-betical order.
+
+
+# func_fatal_help ARG...
+# ----------------------
+# Echo program name prefixed message to standard error, followed by
+# a help hint, and exit.
+func_fatal_help ()
{
- $opt_debug
+ $debug_cmd
- $SED -n '/^# Usage:/,/^# *.*--help/ {
- s/^# //
- s/^# *$//
- s/\$progname/'$progname'/
- p
- }' < "$progpath"
- echo
- $ECHO "run \`$progname --help | more' for full usage"
- exit $?
+ eval \$ECHO \""Usage: $usage"\"
+ eval \$ECHO \""$fatal_help"\"
+ func_error ${1+"$@"}
+ exit $EXIT_FAILURE
}
-# func_help [NOEXIT]
-# Echo long help message to standard output and exit,
-# unless 'noexit' is passed as argument.
+
+# func_help
+# ---------
+# Echo long help message to standard output and exit.
func_help ()
{
- $opt_debug
-
- $SED -n '/^# Usage:/,/# Report bugs to/ {
- :print
- s/^# //
- s/^# *$//
- s*\$progname*'$progname'*
- s*\$host*'"$host"'*
- s*\$SHELL*'"$SHELL"'*
- s*\$LTCC*'"$LTCC"'*
- s*\$LTCFLAGS*'"$LTCFLAGS"'*
- s*\$LD*'"$LD"'*
- s/\$with_gnu_ld/'"$with_gnu_ld"'/
- s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/
- s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/
- p
- d
- }
- /^# .* home page:/b print
- /^# General help using/b print
- ' < "$progpath"
- ret=$?
- if test -z "$1"; then
- exit $ret
- fi
+ $debug_cmd
+
+ func_usage_message
+ $ECHO "$long_help_message"
+ exit 0
}
-# func_missing_arg argname
+
+# func_missing_arg ARGNAME
+# ------------------------
# Echo program name prefixed message to standard error and set global
# exit_cmd.
func_missing_arg ()
{
- $opt_debug
+ $debug_cmd
- func_error "missing argument for $1."
+ func_error "Missing argument for '$1'."
exit_cmd=exit
}
-# func_split_short_opt shortopt
+# func_split_equals STRING
+# ------------------------
+# Set func_split_equals_lhs and func_split_equals_rhs shell variables after
+# splitting STRING at the '=' sign.
+test -z "$_G_HAVE_XSI_OPS" \
+ && (eval 'x=a/b/c;
+ test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
+ && _G_HAVE_XSI_OPS=yes
+
+if test yes = "$_G_HAVE_XSI_OPS"
+then
+ # This is an XSI compatible shell, allowing a faster implementation...
+ eval 'func_split_equals ()
+ {
+ $debug_cmd
+
+ func_split_equals_lhs=${1%%=*}
+ func_split_equals_rhs=${1#*=}
+ test "x$func_split_equals_lhs" = "x$1" \
+ && func_split_equals_rhs=
+ }'
+else
+ # ...otherwise fall back to using expr, which is often a shell builtin.
+ func_split_equals ()
+ {
+ $debug_cmd
+
+ func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'`
+ func_split_equals_rhs=
+ test "x$func_split_equals_lhs" = "x$1" \
+ || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'`
+ }
+fi #func_split_equals
+
+
+# func_split_short_opt SHORTOPT
+# -----------------------------
# Set func_split_short_opt_name and func_split_short_opt_arg shell
# variables after splitting SHORTOPT after the 2nd character.
-func_split_short_opt ()
+if test yes = "$_G_HAVE_XSI_OPS"
+then
+ # This is an XSI compatible shell, allowing a faster implementation...
+ eval 'func_split_short_opt ()
+ {
+ $debug_cmd
+
+ func_split_short_opt_arg=${1#??}
+ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}
+ }'
+else
+ # ...otherwise fall back to using expr, which is often a shell builtin.
+ func_split_short_opt ()
+ {
+ $debug_cmd
+
+ func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'`
+ func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'`
+ }
+fi #func_split_short_opt
+
+
+# func_usage
+# ----------
+# Echo short help message to standard output and exit.
+func_usage ()
{
- my_sed_short_opt='1s/^\(..\).*$/\1/;q'
- my_sed_short_rest='1s/^..\(.*\)$/\1/;q'
+ $debug_cmd
- func_split_short_opt_name=`$ECHO "$1" | $SED "$my_sed_short_opt"`
- func_split_short_opt_arg=`$ECHO "$1" | $SED "$my_sed_short_rest"`
-} # func_split_short_opt may be replaced by extended shell implementation
+ func_usage_message
+ $ECHO "Run '$progname --help |${PAGER-more}' for full usage"
+ exit 0
+}
-# func_split_long_opt longopt
-# Set func_split_long_opt_name and func_split_long_opt_arg shell
-# variables after splitting LONGOPT at the `=' sign.
-func_split_long_opt ()
+# func_usage_message
+# ------------------
+# Echo short help message to standard output.
+func_usage_message ()
{
- my_sed_long_opt='1s/^\(--[^=]*\)=.*/\1/;q'
- my_sed_long_arg='1s/^--[^=]*=//'
+ $debug_cmd
- func_split_long_opt_name=`$ECHO "$1" | $SED "$my_sed_long_opt"`
- func_split_long_opt_arg=`$ECHO "$1" | $SED "$my_sed_long_arg"`
-} # func_split_long_opt may be replaced by extended shell implementation
+ eval \$ECHO \""Usage: $usage"\"
+ echo
+ $SED -n 's|^# ||
+ /^Written by/{
+ x;p;x
+ }
+ h
+ /^Written by/q' < "$progpath"
+ echo
+ eval \$ECHO \""$usage_message"\"
+}
-exit_cmd=:
+# func_version
+# ------------
+# Echo version message to standard output and exit.
+func_version ()
+{
+ $debug_cmd
+ printf '%s\n' "$progname $scriptversion"
+ $SED -n '
+ /(C)/!b go
+ :more
+ /\./!{
+ N
+ s|\n# | |
+ b more
+ }
+ :go
+ /^# Written by /,/# warranty; / {
+ s|^# ||
+ s|^# *$||
+ s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
+ p
+ }
+ /^# Written by / {
+ s|^# ||
+ p
+ }
+ /^warranty; /q' < "$progpath"
+ exit $?
+}
-magic="%%%MAGIC variable%%%"
-magic_exe="%%%MAGIC EXE variable%%%"
+# Local variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
+# time-stamp-time-zone: "UTC"
+# End:
-# Global variables.
-nonopt=
-preserve_args=
-lo2o="s/\\.lo\$/.${objext}/"
-o2lo="s/\\.${objext}\$/.lo/"
-extracted_archives=
-extracted_serial=0
+# Set a version string.
+scriptversion='(GNU libtool) 2.4.6'
-# If this variable is set in any of the actions, the command in it
-# will be execed at the end. This prevents here-documents from being
-# left over by shells.
-exec_cmd=
-# func_append var value
-# Append VALUE to the end of shell variable VAR.
-func_append ()
+# func_echo ARG...
+# ----------------
+# Libtool also displays the current mode in messages, so override
+# funclib.sh func_echo with this custom definition.
+func_echo ()
{
- eval "${1}=\$${1}\${2}"
-} # func_append may be replaced by extended shell implementation
+ $debug_cmd
-# func_append_quoted var value
-# Quote VALUE and append to the end of shell variable VAR, separated
-# by a space.
-func_append_quoted ()
-{
- func_quote_for_eval "${2}"
- eval "${1}=\$${1}\\ \$func_quote_for_eval_result"
-} # func_append_quoted may be replaced by extended shell implementation
+ _G_message=$*
+ func_echo_IFS=$IFS
+ IFS=$nl
+ for _G_line in $_G_message; do
+ IFS=$func_echo_IFS
+ $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line"
+ done
+ IFS=$func_echo_IFS
+}
-# func_arith arithmetic-term...
-func_arith ()
+
+# func_warning ARG...
+# -------------------
+# Libtool warnings are not categorized, so override funclib.sh
+# func_warning with this simpler definition.
+func_warning ()
{
- func_arith_result=`expr "${@}"`
-} # func_arith may be replaced by extended shell implementation
+ $debug_cmd
+ $warning_func ${1+"$@"}
+}
-# func_len string
-# STRING may not start with a hyphen.
-func_len ()
-{
- func_len_result=`expr "${1}" : ".*" 2>/dev/null || echo $max_cmd_len`
-} # func_len may be replaced by extended shell implementation
+## ---------------- ##
+## Options parsing. ##
+## ---------------- ##
+
+# Hook in the functions to make sure our own options are parsed during
+# the option parsing loop.
+
+usage='$progpath [OPTION]... [MODE-ARG]...'
+
+# Short help message in response to '-h'.
+usage_message="Options:
+ --config show all configuration variables
+ --debug enable verbose shell tracing
+ -n, --dry-run display commands without modifying any files
+ --features display basic configuration information and exit
+ --mode=MODE use operation mode MODE
+ --no-warnings equivalent to '-Wnone'
+ --preserve-dup-deps don't remove duplicate dependency libraries
+ --quiet, --silent don't print informational messages
+ --tag=TAG use configuration variables from tag TAG
+ -v, --verbose print more informational messages than default
+ --version print version information
+ -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all]
+ -h, --help, --help-all print short, long, or detailed help message
+"
-# func_lo2o object
-func_lo2o ()
+# Additional text appended to 'usage_message' in response to '--help'.
+func_help ()
{
- func_lo2o_result=`$ECHO "${1}" | $SED "$lo2o"`
-} # func_lo2o may be replaced by extended shell implementation
+ $debug_cmd
+
+ func_usage_message
+ $ECHO "$long_help_message
+
+MODE must be one of the following:
+
+ clean remove files from the build directory
+ compile compile a source file into a libtool object
+ execute automatically set library path, then run a program
+ finish complete the installation of libtool libraries
+ install install libraries or executables
+ link create a library or an executable
+ uninstall remove libraries from an installed directory
+
+MODE-ARGS vary depending on the MODE. When passed as first option,
+'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that.
+Try '$progname --help --mode=MODE' for a more detailed description of MODE.
+
+When reporting a bug, please describe a test case to reproduce it and
+include the following information:
+
+ host-triplet: $host
+ shell: $SHELL
+ compiler: $LTCC
+ compiler flags: $LTCFLAGS
+ linker: $LD (gnu? $with_gnu_ld)
+ version: $progname (GNU libtool) 2.4.6
+ automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
+ autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q`
+
+Report bugs to <bug-libtool at gnu.org>.
+GNU libtool home page: <http://www.gnu.org/s/libtool/>.
+General help using GNU software: <http://www.gnu.org/gethelp/>."
+ exit 0
+}
-# func_xform libobj-or-source
-func_xform ()
-{
- func_xform_result=`$ECHO "${1}" | $SED 's/\.[^.]*$/.lo/'`
-} # func_xform may be replaced by extended shell implementation
+# func_lo2o OBJECT-NAME
+# ---------------------
+# Transform OBJECT-NAME from a '.lo' suffix to the platform specific
+# object suffix.
+
+lo2o=s/\\.lo\$/.$objext/
+o2lo=s/\\.$objext\$/.lo/
+
+if test yes = "$_G_HAVE_XSI_OPS"; then
+ eval 'func_lo2o ()
+ {
+ case $1 in
+ *.lo) func_lo2o_result=${1%.lo}.$objext ;;
+ * ) func_lo2o_result=$1 ;;
+ esac
+ }'
+
+ # func_xform LIBOBJ-OR-SOURCE
+ # ---------------------------
+ # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise)
+ # suffix to a '.lo' libtool-object suffix.
+ eval 'func_xform ()
+ {
+ func_xform_result=${1%.*}.lo
+ }'
+else
+ # ...otherwise fall back to using sed.
+ func_lo2o ()
+ {
+ func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"`
+ }
+
+ func_xform ()
+ {
+ func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'`
+ }
+fi
-# func_fatal_configuration arg...
+# func_fatal_configuration ARG...
+# -------------------------------
# Echo program name prefixed message to standard error, followed by
# a configuration failure hint, and exit.
func_fatal_configuration ()
{
- func_error ${1+"$@"}
- func_error "See the $PACKAGE documentation for more information."
- func_fatal_error "Fatal configuration error."
+ func__fatal_error ${1+"$@"} \
+ "See the $PACKAGE documentation for more information." \
+ "Fatal configuration error."
}
# func_config
+# -----------
# Display the configuration for all the tags in this script.
func_config ()
{
@@ -915,17 +2149,19 @@ func_config ()
exit $?
}
+
# func_features
+# -------------
# Display the features supported by this script.
func_features ()
{
echo "host: $host"
- if test "$build_libtool_libs" = yes; then
+ if test yes = "$build_libtool_libs"; then
echo "enable shared libraries"
else
echo "disable shared libraries"
fi
- if test "$build_old_libs" = yes; then
+ if test yes = "$build_old_libs"; then
echo "enable static libraries"
else
echo "disable static libraries"
@@ -934,314 +2170,350 @@ func_features ()
exit $?
}
-# func_enable_tag tagname
+
+# func_enable_tag TAGNAME
+# -----------------------
# Verify that TAGNAME is valid, and either flag an error and exit, or
# enable the TAGNAME tag. We also add TAGNAME to the global $taglist
# variable here.
func_enable_tag ()
{
- # Global variable:
- tagname="$1"
+ # Global variable:
+ tagname=$1
- re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
- re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
- sed_extractcf="/$re_begincf/,/$re_endcf/p"
+ re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
+ re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
+ sed_extractcf=/$re_begincf/,/$re_endcf/p
- # Validate tagname.
- case $tagname in
- *[!-_A-Za-z0-9,/]*)
- func_fatal_error "invalid tag name: $tagname"
- ;;
- esac
+ # Validate tagname.
+ case $tagname in
+ *[!-_A-Za-z0-9,/]*)
+ func_fatal_error "invalid tag name: $tagname"
+ ;;
+ esac
- # Don't test for the "default" C tag, as we know it's
- # there but not specially marked.
- case $tagname in
- CC) ;;
+ # Don't test for the "default" C tag, as we know it's
+ # there but not specially marked.
+ case $tagname in
+ CC) ;;
*)
- if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
- taglist="$taglist $tagname"
-
- # Evaluate the configuration. Be careful to quote the path
- # and the sed script, to avoid splitting on whitespace, but
- # also don't use non-portable quotes within backquotes within
- # quotes we have to do it in 2 steps:
- extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
- eval "$extractedcf"
- else
- func_error "ignoring unknown tag $tagname"
- fi
- ;;
- esac
+ if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
+ taglist="$taglist $tagname"
+
+ # Evaluate the configuration. Be careful to quote the path
+ # and the sed script, to avoid splitting on whitespace, but
+ # also don't use non-portable quotes within backquotes within
+ # quotes we have to do it in 2 steps:
+ extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
+ eval "$extractedcf"
+ else
+ func_error "ignoring unknown tag $tagname"
+ fi
+ ;;
+ esac
}
+
# func_check_version_match
+# ------------------------
# Ensure that we are using m4 macros, and libtool script from the same
# release of libtool.
func_check_version_match ()
{
- if test "$package_revision" != "$macro_revision"; then
- if test "$VERSION" != "$macro_version"; then
- if test -z "$macro_version"; then
- cat >&2 <<_LT_EOF
+ if test "$package_revision" != "$macro_revision"; then
+ if test "$VERSION" != "$macro_version"; then
+ if test -z "$macro_version"; then
+ cat >&2 <<_LT_EOF
$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
$progname: definition of this LT_INIT comes from an older release.
$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
$progname: and run autoconf again.
_LT_EOF
- else
- cat >&2 <<_LT_EOF
+ else
+ cat >&2 <<_LT_EOF
$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
$progname: definition of this LT_INIT comes from $PACKAGE $macro_version.
$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
$progname: and run autoconf again.
_LT_EOF
- fi
- else
- cat >&2 <<_LT_EOF
+ fi
+ else
+ cat >&2 <<_LT_EOF
$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision,
$progname: but the definition of this LT_INIT comes from revision $macro_revision.
$progname: You should recreate aclocal.m4 with macros from revision $package_revision
$progname: of $PACKAGE $VERSION and run autoconf again.
_LT_EOF
- fi
+ fi
- exit $EXIT_MISMATCH
- fi
+ exit $EXIT_MISMATCH
+ fi
}
-# Shorthand for --mode=foo, only valid as the first argument
-case $1 in
-clean|clea|cle|cl)
- shift; set dummy --mode clean ${1+"$@"}; shift
- ;;
-compile|compil|compi|comp|com|co|c)
- shift; set dummy --mode compile ${1+"$@"}; shift
- ;;
-execute|execut|execu|exec|exe|ex|e)
- shift; set dummy --mode execute ${1+"$@"}; shift
- ;;
-finish|finis|fini|fin|fi|f)
- shift; set dummy --mode finish ${1+"$@"}; shift
- ;;
-install|instal|insta|inst|ins|in|i)
- shift; set dummy --mode install ${1+"$@"}; shift
- ;;
-link|lin|li|l)
- shift; set dummy --mode link ${1+"$@"}; shift
- ;;
-uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
- shift; set dummy --mode uninstall ${1+"$@"}; shift
- ;;
-esac
+# libtool_options_prep [ARG]...
+# -----------------------------
+# Preparation for options parsed by libtool.
+libtool_options_prep ()
+{
+ $debug_mode
+ # Option defaults:
+ opt_config=false
+ opt_dlopen=
+ opt_dry_run=false
+ opt_help=false
+ opt_mode=
+ opt_preserve_dup_deps=false
+ opt_quiet=false
+ nonopt=
+ preserve_args=
-# Option defaults:
-opt_debug=:
-opt_dry_run=false
-opt_config=false
-opt_preserve_dup_deps=false
-opt_features=false
-opt_finish=false
-opt_help=false
-opt_help_all=false
-opt_silent=:
-opt_warning=:
-opt_verbose=:
-opt_silent=false
-opt_verbose=false
+ # Shorthand for --mode=foo, only valid as the first argument
+ case $1 in
+ clean|clea|cle|cl)
+ shift; set dummy --mode clean ${1+"$@"}; shift
+ ;;
+ compile|compil|compi|comp|com|co|c)
+ shift; set dummy --mode compile ${1+"$@"}; shift
+ ;;
+ execute|execut|execu|exec|exe|ex|e)
+ shift; set dummy --mode execute ${1+"$@"}; shift
+ ;;
+ finish|finis|fini|fin|fi|f)
+ shift; set dummy --mode finish ${1+"$@"}; shift
+ ;;
+ install|instal|insta|inst|ins|in|i)
+ shift; set dummy --mode install ${1+"$@"}; shift
+ ;;
+ link|lin|li|l)
+ shift; set dummy --mode link ${1+"$@"}; shift
+ ;;
+ uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
+ shift; set dummy --mode uninstall ${1+"$@"}; shift
+ ;;
+ esac
+
+ # Pass back the list of options.
+ func_quote_for_eval ${1+"$@"}
+ libtool_options_prep_result=$func_quote_for_eval_result
+}
+func_add_hook func_options_prep libtool_options_prep
-# Parse options once, thoroughly. This comes as soon as possible in the
-# script to make things like `--version' happen as quickly as we can.
+# libtool_parse_options [ARG]...
+# ---------------------------------
+# Provide handling for libtool specific options.
+libtool_parse_options ()
{
- # this just eases exit handling
- while test $# -gt 0; do
- opt="$1"
- shift
- case $opt in
- --debug|-x) opt_debug='set -x'
- func_echo "enabling shell trace mode"
- $opt_debug
- ;;
- --dry-run|--dryrun|-n)
- opt_dry_run=:
- ;;
- --config)
- opt_config=:
-func_config
- ;;
- --dlopen|-dlopen)
- optarg="$1"
- opt_dlopen="${opt_dlopen+$opt_dlopen
-}$optarg"
- shift
- ;;
- --preserve-dup-deps)
- opt_preserve_dup_deps=:
- ;;
- --features)
- opt_features=:
-func_features
- ;;
- --finish)
- opt_finish=:
-set dummy --mode finish ${1+"$@"}; shift
- ;;
- --help)
- opt_help=:
- ;;
- --help-all)
- opt_help_all=:
-opt_help=': help-all'
- ;;
- --mode)
- test $# = 0 && func_missing_arg $opt && break
- optarg="$1"
- opt_mode="$optarg"
-case $optarg in
- # Valid mode arguments:
- clean|compile|execute|finish|install|link|relink|uninstall) ;;
-
- # Catch anything else as an error
- *) func_error "invalid argument for $opt"
- exit_cmd=exit
- break
- ;;
-esac
- shift
- ;;
- --no-silent|--no-quiet)
- opt_silent=false
-func_append preserve_args " $opt"
- ;;
- --no-warning|--no-warn)
- opt_warning=false
-func_append preserve_args " $opt"
- ;;
- --no-verbose)
- opt_verbose=false
-func_append preserve_args " $opt"
- ;;
- --silent|--quiet)
- opt_silent=:
-func_append preserve_args " $opt"
- opt_verbose=false
- ;;
- --verbose|-v)
- opt_verbose=:
-func_append preserve_args " $opt"
-opt_silent=false
- ;;
- --tag)
- test $# = 0 && func_missing_arg $opt && break
- optarg="$1"
- opt_tag="$optarg"
-func_append preserve_args " $opt $optarg"
-func_enable_tag "$optarg"
- shift
- ;;
-
- -\?|-h) func_usage ;;
- --help) func_help ;;
- --version) func_version ;;
-
- # Separate optargs to long options:
- --*=*)
- func_split_long_opt "$opt"
- set dummy "$func_split_long_opt_name" "$func_split_long_opt_arg" ${1+"$@"}
- shift
- ;;
-
- # Separate non-argument short options:
- -\?*|-h*|-n*|-v*)
- func_split_short_opt "$opt"
- set dummy "$func_split_short_opt_name" "-$func_split_short_opt_arg" ${1+"$@"}
- shift
- ;;
-
- --) break ;;
- -*) func_fatal_help "unrecognized option \`$opt'" ;;
- *) set dummy "$opt" ${1+"$@"}; shift; break ;;
- esac
- done
+ $debug_cmd
- # Validate options:
+ # Perform our own loop to consume as many options as possible in
+ # each iteration.
+ while test $# -gt 0; do
+ _G_opt=$1
+ shift
+ case $_G_opt in
+ --dry-run|--dryrun|-n)
+ opt_dry_run=:
+ ;;
+
+ --config) func_config ;;
+
+ --dlopen|-dlopen)
+ opt_dlopen="${opt_dlopen+$opt_dlopen
+}$1"
+ shift
+ ;;
+
+ --preserve-dup-deps)
+ opt_preserve_dup_deps=: ;;
+
+ --features) func_features ;;
+
+ --finish) set dummy --mode finish ${1+"$@"}; shift ;;
+
+ --help) opt_help=: ;;
+
+ --help-all) opt_help=': help-all' ;;
+
+ --mode) test $# = 0 && func_missing_arg $_G_opt && break
+ opt_mode=$1
+ case $1 in
+ # Valid mode arguments:
+ clean|compile|execute|finish|install|link|relink|uninstall) ;;
+
+ # Catch anything else as an error
+ *) func_error "invalid argument for $_G_opt"
+ exit_cmd=exit
+ break
+ ;;
+ esac
+ shift
+ ;;
+
+ --no-silent|--no-quiet)
+ opt_quiet=false
+ func_append preserve_args " $_G_opt"
+ ;;
+
+ --no-warnings|--no-warning|--no-warn)
+ opt_warning=false
+ func_append preserve_args " $_G_opt"
+ ;;
+
+ --no-verbose)
+ opt_verbose=false
+ func_append preserve_args " $_G_opt"
+ ;;
+
+ --silent|--quiet)
+ opt_quiet=:
+ opt_verbose=false
+ func_append preserve_args " $_G_opt"
+ ;;
+
+ --tag) test $# = 0 && func_missing_arg $_G_opt && break
+ opt_tag=$1
+ func_append preserve_args " $_G_opt $1"
+ func_enable_tag "$1"
+ shift
+ ;;
+
+ --verbose|-v) opt_quiet=false
+ opt_verbose=:
+ func_append preserve_args " $_G_opt"
+ ;;
+
+ # An option not handled by this hook function:
+ *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
+ esac
+ done
- # save first non-option argument
- if test "$#" -gt 0; then
- nonopt="$opt"
- shift
- fi
- # preserve --debug
- test "$opt_debug" = : || func_append preserve_args " --debug"
+ # save modified positional parameters for caller
+ func_quote_for_eval ${1+"$@"}
+ libtool_parse_options_result=$func_quote_for_eval_result
+}
+func_add_hook func_parse_options libtool_parse_options
- case $host in
- *cygwin* | *mingw* | *pw32* | *cegcc*)
- # don't eliminate duplications in $postdeps and $predeps
- opt_duplicate_compiler_generated_deps=:
- ;;
- *)
- opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps
- ;;
- esac
- $opt_help || {
- # Sanity checks first:
- func_check_version_match
- if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
- func_fatal_configuration "not configured to build any kind of library"
+# libtool_validate_options [ARG]...
+# ---------------------------------
+# Perform any sanity checks on option settings and/or unconsumed
+# arguments.
+libtool_validate_options ()
+{
+ # save first non-option argument
+ if test 0 -lt $#; then
+ nonopt=$1
+ shift
fi
- # Darwin sucks
- eval std_shrext=\"$shrext_cmds\"
+ # preserve --debug
+ test : = "$debug_cmd" || func_append preserve_args " --debug"
- # Only execute mode is allowed to have -dlopen flags.
- if test -n "$opt_dlopen" && test "$opt_mode" != execute; then
- func_error "unrecognized option \`-dlopen'"
- $ECHO "$help" 1>&2
- exit $EXIT_FAILURE
- fi
+ case $host in
+ # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
+ # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
+ *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*)
+ # don't eliminate duplications in $postdeps and $predeps
+ opt_duplicate_compiler_generated_deps=:
+ ;;
+ *)
+ opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps
+ ;;
+ esac
- # Change the help message to a mode-specific one.
- generic_help="$help"
- help="Try \`$progname --help --mode=$opt_mode' for more information."
- }
+ $opt_help || {
+ # Sanity checks first:
+ func_check_version_match
+
+ test yes != "$build_libtool_libs" \
+ && test yes != "$build_old_libs" \
+ && func_fatal_configuration "not configured to build any kind of library"
+
+ # Darwin sucks
+ eval std_shrext=\"$shrext_cmds\"
+
+ # Only execute mode is allowed to have -dlopen flags.
+ if test -n "$opt_dlopen" && test execute != "$opt_mode"; then
+ func_error "unrecognized option '-dlopen'"
+ $ECHO "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ # Change the help message to a mode-specific one.
+ generic_help=$help
+ help="Try '$progname --help --mode=$opt_mode' for more information."
+ }
- # Bail if the options were screwed
- $exit_cmd $EXIT_FAILURE
+ # Pass back the unparsed argument list
+ func_quote_for_eval ${1+"$@"}
+ libtool_validate_options_result=$func_quote_for_eval_result
}
+func_add_hook func_validate_options libtool_validate_options
+# Process options as early as possible so that --help and --version
+# can return quickly.
+func_options ${1+"$@"}
+eval set dummy "$func_options_result"; shift
+
## ----------- ##
## Main. ##
## ----------- ##
+magic='%%%MAGIC variable%%%'
+magic_exe='%%%MAGIC EXE variable%%%'
+
+# Global variables.
+extracted_archives=
+extracted_serial=0
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end. This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+
+# A function that is used when there is no print builtin or printf.
+func_fallback_echo ()
+{
+ eval 'cat <<_LTECHO_EOF
+$1
+_LTECHO_EOF'
+}
+
+# func_generated_by_libtool
+# True iff stdin has been generated by Libtool. This function is only
+# a basic sanity check; it will hardly flush out determined imposters.
+func_generated_by_libtool_p ()
+{
+ $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
+}
+
# func_lalib_p file
-# True iff FILE is a libtool `.la' library or `.lo' object file.
+# True iff FILE is a libtool '.la' library or '.lo' object file.
# This function is only a basic sanity check; it will hardly flush out
# determined imposters.
func_lalib_p ()
{
test -f "$1" &&
- $SED -e 4q "$1" 2>/dev/null \
- | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
+ $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p
}
# func_lalib_unsafe_p file
-# True iff FILE is a libtool `.la' library or `.lo' object file.
+# True iff FILE is a libtool '.la' library or '.lo' object file.
# This function implements the same check as func_lalib_p without
# resorting to external programs. To this end, it redirects stdin and
# closes it afterwards, without saving the original file descriptor.
# As a safety measure, use it only where a negative result would be
-# fatal anyway. Works if `file' does not exist.
+# fatal anyway. Works if 'file' does not exist.
func_lalib_unsafe_p ()
{
lalib_p=no
@@ -1249,13 +2521,13 @@ func_lalib_unsafe_p ()
for lalib_p_l in 1 2 3 4
do
read lalib_p_line
- case "$lalib_p_line" in
+ case $lalib_p_line in
\#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;;
esac
done
exec 0<&5 5<&-
fi
- test "$lalib_p" = yes
+ test yes = "$lalib_p"
}
# func_ltwrapper_script_p file
@@ -1264,7 +2536,8 @@ func_lalib_unsafe_p ()
# determined imposters.
func_ltwrapper_script_p ()
{
- func_lalib_p "$1"
+ test -f "$1" &&
+ $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p
}
# func_ltwrapper_executable_p file
@@ -1289,7 +2562,7 @@ func_ltwrapper_scriptname ()
{
func_dirname_and_basename "$1" "" "."
func_stripname '' '.exe' "$func_basename_result"
- func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper"
+ func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper
}
# func_ltwrapper_p file
@@ -1308,11 +2581,13 @@ func_ltwrapper_p ()
# FAIL_CMD may read-access the current command in variable CMD!
func_execute_cmds ()
{
- $opt_debug
+ $debug_cmd
+
save_ifs=$IFS; IFS='~'
for cmd in $1; do
- IFS=$save_ifs
+ IFS=$sp$nl
eval cmd=\"$cmd\"
+ IFS=$save_ifs
func_show_eval "$cmd" "${2-:}"
done
IFS=$save_ifs
@@ -1324,10 +2599,11 @@ func_execute_cmds ()
# Note that it is not necessary on cygwin/mingw to append a dot to
# FILE even if both FILE and FILE.exe exist: automatic-append-.exe
# behavior happens only for exec(3), not for open(2)! Also, sourcing
-# `FILE.' does not work on cygwin managed mounts.
+# 'FILE.' does not work on cygwin managed mounts.
func_source ()
{
- $opt_debug
+ $debug_cmd
+
case $1 in
*/* | *\\*) . "$1" ;;
*) . "./$1" ;;
@@ -1354,10 +2630,10 @@ func_resolve_sysroot ()
# store the result into func_replace_sysroot_result.
func_replace_sysroot ()
{
- case "$lt_sysroot:$1" in
+ case $lt_sysroot:$1 in
?*:"$lt_sysroot"*)
func_stripname "$lt_sysroot" '' "$1"
- func_replace_sysroot_result="=$func_stripname_result"
+ func_replace_sysroot_result='='$func_stripname_result
;;
*)
# Including no sysroot.
@@ -1374,7 +2650,8 @@ func_replace_sysroot ()
# arg is usually of the form 'gcc ...'
func_infer_tag ()
{
- $opt_debug
+ $debug_cmd
+
if test -n "$available_tags" && test -z "$tagname"; then
CC_quoted=
for arg in $CC; do
@@ -1393,7 +2670,7 @@ func_infer_tag ()
for z in $available_tags; do
if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
# Evaluate the configuration.
- eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+ eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
CC_quoted=
for arg in $CC; do
# Double-quote args containing other shell metacharacters.
@@ -1418,7 +2695,7 @@ func_infer_tag ()
# line option must be used.
if test -z "$tagname"; then
func_echo "unable to infer tagged configuration"
- func_fatal_error "specify a tag with \`--tag'"
+ func_fatal_error "specify a tag with '--tag'"
# else
# func_verbose "using $tagname tagged configuration"
fi
@@ -1434,15 +2711,15 @@ func_infer_tag ()
# but don't create it if we're doing a dry run.
func_write_libtool_object ()
{
- write_libobj=${1}
- if test "$build_libtool_libs" = yes; then
- write_lobj=\'${2}\'
+ write_libobj=$1
+ if test yes = "$build_libtool_libs"; then
+ write_lobj=\'$2\'
else
write_lobj=none
fi
- if test "$build_old_libs" = yes; then
- write_oldobj=\'${3}\'
+ if test yes = "$build_old_libs"; then
+ write_oldobj=\'$3\'
else
write_oldobj=none
fi
@@ -1450,7 +2727,7 @@ func_write_libtool_object ()
$opt_dry_run || {
cat >${write_libobj}T <<EOF
# $write_libobj - a libtool object file
-# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
#
# Please DO NOT delete this file!
# It is necessary for linking the library.
@@ -1462,7 +2739,7 @@ pic_object=$write_lobj
non_pic_object=$write_oldobj
EOF
- $MV "${write_libobj}T" "${write_libobj}"
+ $MV "${write_libobj}T" "$write_libobj"
}
}
@@ -1482,8 +2759,9 @@ EOF
# be empty on error (or when ARG is empty)
func_convert_core_file_wine_to_w32 ()
{
- $opt_debug
- func_convert_core_file_wine_to_w32_result="$1"
+ $debug_cmd
+
+ func_convert_core_file_wine_to_w32_result=$1
if test -n "$1"; then
# Unfortunately, winepath does not exit with a non-zero error code, so we
# are forced to check the contents of stdout. On the other hand, if the
@@ -1491,9 +2769,9 @@ func_convert_core_file_wine_to_w32 ()
# *an error message* to stdout. So we must check for both error code of
# zero AND non-empty stdout, which explains the odd construction:
func_convert_core_file_wine_to_w32_tmp=`winepath -w "$1" 2>/dev/null`
- if test "$?" -eq 0 && test -n "${func_convert_core_file_wine_to_w32_tmp}"; then
+ if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then
func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" |
- $SED -e "$lt_sed_naive_backslashify"`
+ $SED -e "$sed_naive_backslashify"`
else
func_convert_core_file_wine_to_w32_result=
fi
@@ -1514,18 +2792,19 @@ func_convert_core_file_wine_to_w32 ()
# are convertible, then the result may be empty.
func_convert_core_path_wine_to_w32 ()
{
- $opt_debug
+ $debug_cmd
+
# unfortunately, winepath doesn't convert paths, only file names
- func_convert_core_path_wine_to_w32_result=""
+ func_convert_core_path_wine_to_w32_result=
if test -n "$1"; then
oldIFS=$IFS
IFS=:
for func_convert_core_path_wine_to_w32_f in $1; do
IFS=$oldIFS
func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f"
- if test -n "$func_convert_core_file_wine_to_w32_result" ; then
+ if test -n "$func_convert_core_file_wine_to_w32_result"; then
if test -z "$func_convert_core_path_wine_to_w32_result"; then
- func_convert_core_path_wine_to_w32_result="$func_convert_core_file_wine_to_w32_result"
+ func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result
else
func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result"
fi
@@ -1554,7 +2833,8 @@ func_convert_core_path_wine_to_w32 ()
# environment variable; do not put it in $PATH.
func_cygpath ()
{
- $opt_debug
+ $debug_cmd
+
if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then
func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null`
if test "$?" -ne 0; then
@@ -1563,7 +2843,7 @@ func_cygpath ()
fi
else
func_cygpath_result=
- func_error "LT_CYGPATH is empty or specifies non-existent file: \`$LT_CYGPATH'"
+ func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'"
fi
}
#end: func_cygpath
@@ -1574,10 +2854,11 @@ func_cygpath ()
# result in func_convert_core_msys_to_w32_result.
func_convert_core_msys_to_w32 ()
{
- $opt_debug
+ $debug_cmd
+
# awkward: cmd appends spaces to result
func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null |
- $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"`
+ $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"`
}
#end: func_convert_core_msys_to_w32
@@ -1588,13 +2869,14 @@ func_convert_core_msys_to_w32 ()
# func_to_host_file_result to ARG1).
func_convert_file_check ()
{
- $opt_debug
- if test -z "$2" && test -n "$1" ; then
+ $debug_cmd
+
+ if test -z "$2" && test -n "$1"; then
func_error "Could not determine host file name corresponding to"
- func_error " \`$1'"
+ func_error " '$1'"
func_error "Continuing, but uninstalled executables may not work."
# Fallback:
- func_to_host_file_result="$1"
+ func_to_host_file_result=$1
fi
}
# end func_convert_file_check
@@ -1606,10 +2888,11 @@ func_convert_file_check ()
# func_to_host_file_result to a simplistic fallback value (see below).
func_convert_path_check ()
{
- $opt_debug
+ $debug_cmd
+
if test -z "$4" && test -n "$3"; then
func_error "Could not determine the host path corresponding to"
- func_error " \`$3'"
+ func_error " '$3'"
func_error "Continuing, but uninstalled executables may not work."
# Fallback. This is a deliberately simplistic "conversion" and
# should not be "improved". See libtool.info.
@@ -1618,7 +2901,7 @@ func_convert_path_check ()
func_to_host_path_result=`echo "$3" |
$SED -e "$lt_replace_pathsep_chars"`
else
- func_to_host_path_result="$3"
+ func_to_host_path_result=$3
fi
fi
}
@@ -1630,9 +2913,10 @@ func_convert_path_check ()
# and appending REPL if ORIG matches BACKPAT.
func_convert_path_front_back_pathsep ()
{
- $opt_debug
+ $debug_cmd
+
case $4 in
- $1 ) func_to_host_path_result="$3$func_to_host_path_result"
+ $1 ) func_to_host_path_result=$3$func_to_host_path_result
;;
esac
case $4 in
@@ -1646,7 +2930,7 @@ func_convert_path_front_back_pathsep ()
##################################################
# $build to $host FILE NAME CONVERSION FUNCTIONS #
##################################################
-# invoked via `$to_host_file_cmd ARG'
+# invoked via '$to_host_file_cmd ARG'
#
# In each case, ARG is the path to be converted from $build to $host format.
# Result will be available in $func_to_host_file_result.
@@ -1657,7 +2941,8 @@ func_convert_path_front_back_pathsep ()
# in func_to_host_file_result.
func_to_host_file ()
{
- $opt_debug
+ $debug_cmd
+
$to_host_file_cmd "$1"
}
# end func_to_host_file
@@ -1669,7 +2954,8 @@ func_to_host_file ()
# in (the comma separated) LAZY, no conversion takes place.
func_to_tool_file ()
{
- $opt_debug
+ $debug_cmd
+
case ,$2, in
*,"$to_tool_file_cmd",*)
func_to_tool_file_result=$1
@@ -1687,7 +2973,7 @@ func_to_tool_file ()
# Copy ARG to func_to_host_file_result.
func_convert_file_noop ()
{
- func_to_host_file_result="$1"
+ func_to_host_file_result=$1
}
# end func_convert_file_noop
@@ -1698,11 +2984,12 @@ func_convert_file_noop ()
# func_to_host_file_result.
func_convert_file_msys_to_w32 ()
{
- $opt_debug
- func_to_host_file_result="$1"
+ $debug_cmd
+
+ func_to_host_file_result=$1
if test -n "$1"; then
func_convert_core_msys_to_w32 "$1"
- func_to_host_file_result="$func_convert_core_msys_to_w32_result"
+ func_to_host_file_result=$func_convert_core_msys_to_w32_result
fi
func_convert_file_check "$1" "$func_to_host_file_result"
}
@@ -1714,8 +3001,9 @@ func_convert_file_msys_to_w32 ()
# func_to_host_file_result.
func_convert_file_cygwin_to_w32 ()
{
- $opt_debug
- func_to_host_file_result="$1"
+ $debug_cmd
+
+ func_to_host_file_result=$1
if test -n "$1"; then
# because $build is cygwin, we call "the" cygpath in $PATH; no need to use
# LT_CYGPATH in this case.
@@ -1731,11 +3019,12 @@ func_convert_file_cygwin_to_w32 ()
# and a working winepath. Returns result in func_to_host_file_result.
func_convert_file_nix_to_w32 ()
{
- $opt_debug
- func_to_host_file_result="$1"
+ $debug_cmd
+
+ func_to_host_file_result=$1
if test -n "$1"; then
func_convert_core_file_wine_to_w32 "$1"
- func_to_host_file_result="$func_convert_core_file_wine_to_w32_result"
+ func_to_host_file_result=$func_convert_core_file_wine_to_w32_result
fi
func_convert_file_check "$1" "$func_to_host_file_result"
}
@@ -1747,12 +3036,13 @@ func_convert_file_nix_to_w32 ()
# Returns result in func_to_host_file_result.
func_convert_file_msys_to_cygwin ()
{
- $opt_debug
- func_to_host_file_result="$1"
+ $debug_cmd
+
+ func_to_host_file_result=$1
if test -n "$1"; then
func_convert_core_msys_to_w32 "$1"
func_cygpath -u "$func_convert_core_msys_to_w32_result"
- func_to_host_file_result="$func_cygpath_result"
+ func_to_host_file_result=$func_cygpath_result
fi
func_convert_file_check "$1" "$func_to_host_file_result"
}
@@ -1765,13 +3055,14 @@ func_convert_file_msys_to_cygwin ()
# in func_to_host_file_result.
func_convert_file_nix_to_cygwin ()
{
- $opt_debug
- func_to_host_file_result="$1"
+ $debug_cmd
+
+ func_to_host_file_result=$1
if test -n "$1"; then
# convert from *nix to w32, then use cygpath to convert from w32 to cygwin.
func_convert_core_file_wine_to_w32 "$1"
func_cygpath -u "$func_convert_core_file_wine_to_w32_result"
- func_to_host_file_result="$func_cygpath_result"
+ func_to_host_file_result=$func_cygpath_result
fi
func_convert_file_check "$1" "$func_to_host_file_result"
}
@@ -1781,7 +3072,7 @@ func_convert_file_nix_to_cygwin ()
#############################################
# $build to $host PATH CONVERSION FUNCTIONS #
#############################################
-# invoked via `$to_host_path_cmd ARG'
+# invoked via '$to_host_path_cmd ARG'
#
# In each case, ARG is the path to be converted from $build to $host format.
# The result will be available in $func_to_host_path_result.
@@ -1805,10 +3096,11 @@ func_convert_file_nix_to_cygwin ()
to_host_path_cmd=
func_init_to_host_path_cmd ()
{
- $opt_debug
+ $debug_cmd
+
if test -z "$to_host_path_cmd"; then
func_stripname 'func_convert_file_' '' "$to_host_file_cmd"
- to_host_path_cmd="func_convert_path_${func_stripname_result}"
+ to_host_path_cmd=func_convert_path_$func_stripname_result
fi
}
@@ -1818,7 +3110,8 @@ func_init_to_host_path_cmd ()
# in func_to_host_path_result.
func_to_host_path ()
{
- $opt_debug
+ $debug_cmd
+
func_init_to_host_path_cmd
$to_host_path_cmd "$1"
}
@@ -1829,7 +3122,7 @@ func_to_host_path ()
# Copy ARG to func_to_host_path_result.
func_convert_path_noop ()
{
- func_to_host_path_result="$1"
+ func_to_host_path_result=$1
}
# end func_convert_path_noop
@@ -1840,8 +3133,9 @@ func_convert_path_noop ()
# func_to_host_path_result.
func_convert_path_msys_to_w32 ()
{
- $opt_debug
- func_to_host_path_result="$1"
+ $debug_cmd
+
+ func_to_host_path_result=$1
if test -n "$1"; then
# Remove leading and trailing path separator characters from ARG. MSYS
# behavior is inconsistent here; cygpath turns them into '.;' and ';.';
@@ -1849,7 +3143,7 @@ func_convert_path_msys_to_w32 ()
func_stripname : : "$1"
func_to_host_path_tmp1=$func_stripname_result
func_convert_core_msys_to_w32 "$func_to_host_path_tmp1"
- func_to_host_path_result="$func_convert_core_msys_to_w32_result"
+ func_to_host_path_result=$func_convert_core_msys_to_w32_result
func_convert_path_check : ";" \
"$func_to_host_path_tmp1" "$func_to_host_path_result"
func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
@@ -1863,8 +3157,9 @@ func_convert_path_msys_to_w32 ()
# func_to_host_file_result.
func_convert_path_cygwin_to_w32 ()
{
- $opt_debug
- func_to_host_path_result="$1"
+ $debug_cmd
+
+ func_to_host_path_result=$1
if test -n "$1"; then
# See func_convert_path_msys_to_w32:
func_stripname : : "$1"
@@ -1883,14 +3178,15 @@ func_convert_path_cygwin_to_w32 ()
# a working winepath. Returns result in func_to_host_file_result.
func_convert_path_nix_to_w32 ()
{
- $opt_debug
- func_to_host_path_result="$1"
+ $debug_cmd
+
+ func_to_host_path_result=$1
if test -n "$1"; then
# See func_convert_path_msys_to_w32:
func_stripname : : "$1"
func_to_host_path_tmp1=$func_stripname_result
func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1"
- func_to_host_path_result="$func_convert_core_path_wine_to_w32_result"
+ func_to_host_path_result=$func_convert_core_path_wine_to_w32_result
func_convert_path_check : ";" \
"$func_to_host_path_tmp1" "$func_to_host_path_result"
func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
@@ -1904,15 +3200,16 @@ func_convert_path_nix_to_w32 ()
# Returns result in func_to_host_file_result.
func_convert_path_msys_to_cygwin ()
{
- $opt_debug
- func_to_host_path_result="$1"
+ $debug_cmd
+
+ func_to_host_path_result=$1
if test -n "$1"; then
# See func_convert_path_msys_to_w32:
func_stripname : : "$1"
func_to_host_path_tmp1=$func_stripname_result
func_convert_core_msys_to_w32 "$func_to_host_path_tmp1"
func_cygpath -u -p "$func_convert_core_msys_to_w32_result"
- func_to_host_path_result="$func_cygpath_result"
+ func_to_host_path_result=$func_cygpath_result
func_convert_path_check : : \
"$func_to_host_path_tmp1" "$func_to_host_path_result"
func_convert_path_front_back_pathsep ":*" "*:" : "$1"
@@ -1927,8 +3224,9 @@ func_convert_path_msys_to_cygwin ()
# func_to_host_file_result.
func_convert_path_nix_to_cygwin ()
{
- $opt_debug
- func_to_host_path_result="$1"
+ $debug_cmd
+
+ func_to_host_path_result=$1
if test -n "$1"; then
# Remove leading and trailing path separator characters from
# ARG. msys behavior is inconsistent here, cygpath turns them
@@ -1937,7 +3235,7 @@ func_convert_path_nix_to_cygwin ()
func_to_host_path_tmp1=$func_stripname_result
func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1"
func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result"
- func_to_host_path_result="$func_cygpath_result"
+ func_to_host_path_result=$func_cygpath_result
func_convert_path_check : : \
"$func_to_host_path_tmp1" "$func_to_host_path_result"
func_convert_path_front_back_pathsep ":*" "*:" : "$1"
@@ -1946,13 +3244,31 @@ func_convert_path_nix_to_cygwin ()
# end func_convert_path_nix_to_cygwin
+# func_dll_def_p FILE
+# True iff FILE is a Windows DLL '.def' file.
+# Keep in sync with _LT_DLL_DEF_P in libtool.m4
+func_dll_def_p ()
+{
+ $debug_cmd
+
+ func_dll_def_p_tmp=`$SED -n \
+ -e 's/^[ ]*//' \
+ -e '/^\(;.*\)*$/d' \
+ -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \
+ -e q \
+ "$1"`
+ test DEF = "$func_dll_def_p_tmp"
+}
+
+
# func_mode_compile arg...
func_mode_compile ()
{
- $opt_debug
+ $debug_cmd
+
# Get the compilation command and the source file.
base_compile=
- srcfile="$nonopt" # always keep a non-empty value in "srcfile"
+ srcfile=$nonopt # always keep a non-empty value in "srcfile"
suppress_opt=yes
suppress_output=
arg_mode=normal
@@ -1965,12 +3281,12 @@ func_mode_compile ()
case $arg_mode in
arg )
# do not "continue". Instead, add this to base_compile
- lastarg="$arg"
+ lastarg=$arg
arg_mode=normal
;;
target )
- libobj="$arg"
+ libobj=$arg
arg_mode=normal
continue
;;
@@ -1980,7 +3296,7 @@ func_mode_compile ()
case $arg in
-o)
test -n "$libobj" && \
- func_fatal_error "you cannot specify \`-o' more than once"
+ func_fatal_error "you cannot specify '-o' more than once"
arg_mode=target
continue
;;
@@ -2009,12 +3325,12 @@ func_mode_compile ()
func_stripname '-Wc,' '' "$arg"
args=$func_stripname_result
lastarg=
- save_ifs="$IFS"; IFS=','
+ save_ifs=$IFS; IFS=,
for arg in $args; do
- IFS="$save_ifs"
+ IFS=$save_ifs
func_append_quoted lastarg "$arg"
done
- IFS="$save_ifs"
+ IFS=$save_ifs
func_stripname ' ' '' "$lastarg"
lastarg=$func_stripname_result
@@ -2027,8 +3343,8 @@ func_mode_compile ()
# Accept the current argument as the source file.
# The previous "srcfile" becomes the current argument.
#
- lastarg="$srcfile"
- srcfile="$arg"
+ lastarg=$srcfile
+ srcfile=$arg
;;
esac # case $arg
;;
@@ -2043,13 +3359,13 @@ func_mode_compile ()
func_fatal_error "you must specify an argument for -Xcompile"
;;
target)
- func_fatal_error "you must specify a target with \`-o'"
+ func_fatal_error "you must specify a target with '-o'"
;;
*)
# Get the name of the library object.
test -z "$libobj" && {
func_basename "$srcfile"
- libobj="$func_basename_result"
+ libobj=$func_basename_result
}
;;
esac
@@ -2069,7 +3385,7 @@ func_mode_compile ()
case $libobj in
*.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;;
*)
- func_fatal_error "cannot determine name of library object from \`$libobj'"
+ func_fatal_error "cannot determine name of library object from '$libobj'"
;;
esac
@@ -2078,8 +3394,8 @@ func_mode_compile ()
for arg in $later; do
case $arg in
-shared)
- test "$build_libtool_libs" != yes && \
- func_fatal_configuration "can not build a shared library"
+ test yes = "$build_libtool_libs" \
+ || func_fatal_configuration "cannot build a shared library"
build_old_libs=no
continue
;;
@@ -2105,17 +3421,17 @@ func_mode_compile ()
func_quote_for_eval "$libobj"
test "X$libobj" != "X$func_quote_for_eval_result" \
&& $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \
- && func_warning "libobj name \`$libobj' may not contain shell special characters."
+ && func_warning "libobj name '$libobj' may not contain shell special characters."
func_dirname_and_basename "$obj" "/" ""
- objname="$func_basename_result"
- xdir="$func_dirname_result"
- lobj=${xdir}$objdir/$objname
+ objname=$func_basename_result
+ xdir=$func_dirname_result
+ lobj=$xdir$objdir/$objname
test -z "$base_compile" && \
func_fatal_help "you must specify a compilation command"
# Delete any leftover library objects.
- if test "$build_old_libs" = yes; then
+ if test yes = "$build_old_libs"; then
removelist="$obj $lobj $libobj ${libobj}T"
else
removelist="$lobj $libobj ${libobj}T"
@@ -2127,16 +3443,16 @@ func_mode_compile ()
pic_mode=default
;;
esac
- if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+ if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then
# non-PIC code in shared libraries is not supported
pic_mode=default
fi
# Calculate the filename of the output object if compiler does
# not support -o with -c
- if test "$compiler_c_o" = no; then
- output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.${objext}
- lockfile="$output_obj.lock"
+ if test no = "$compiler_c_o"; then
+ output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext
+ lockfile=$output_obj.lock
else
output_obj=
need_locks=no
@@ -2145,12 +3461,12 @@ func_mode_compile ()
# Lock this critical section if it is needed
# We use this script file to make the link, it avoids creating a new file
- if test "$need_locks" = yes; then
+ if test yes = "$need_locks"; then
until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
func_echo "Waiting for $lockfile to be removed"
sleep 2
done
- elif test "$need_locks" = warn; then
+ elif test warn = "$need_locks"; then
if test -f "$lockfile"; then
$ECHO "\
*** ERROR, $lockfile exists and contains:
@@ -2158,7 +3474,7 @@ func_mode_compile ()
This indicates that another process is trying to use the same
temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together. If you
+your compiler does not support '-c' and '-o' together. If you
repeat this compilation, it may succeed, by chance, but you had better
avoid parallel builds (make -j) in this platform, or get a better
compiler."
@@ -2180,11 +3496,11 @@ compiler."
qsrcfile=$func_quote_for_eval_result
# Only build a PIC object if we are building libtool libraries.
- if test "$build_libtool_libs" = yes; then
+ if test yes = "$build_libtool_libs"; then
# Without this assignment, base_compile gets emptied.
fbsd_hideous_sh_bug=$base_compile
- if test "$pic_mode" != no; then
+ if test no != "$pic_mode"; then
command="$base_compile $qsrcfile $pic_flag"
else
# Don't build PIC code
@@ -2201,7 +3517,7 @@ compiler."
func_show_eval_locale "$command" \
'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE'
- if test "$need_locks" = warn &&
+ if test warn = "$need_locks" &&
test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
$ECHO "\
*** ERROR, $lockfile contains:
@@ -2212,7 +3528,7 @@ $srcfile
This indicates that another process is trying to use the same
temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together. If you
+your compiler does not support '-c' and '-o' together. If you
repeat this compilation, it may succeed, by chance, but you had better
avoid parallel builds (make -j) in this platform, or get a better
compiler."
@@ -2228,20 +3544,20 @@ compiler."
fi
# Allow error messages only from the first compilation.
- if test "$suppress_opt" = yes; then
+ if test yes = "$suppress_opt"; then
suppress_output=' >/dev/null 2>&1'
fi
fi
# Only build a position-dependent object if we build old libraries.
- if test "$build_old_libs" = yes; then
- if test "$pic_mode" != yes; then
+ if test yes = "$build_old_libs"; then
+ if test yes != "$pic_mode"; then
# Don't build PIC code
command="$base_compile $qsrcfile$pie_flag"
else
command="$base_compile $qsrcfile $pic_flag"
fi
- if test "$compiler_c_o" = yes; then
+ if test yes = "$compiler_c_o"; then
func_append command " -o $obj"
fi
@@ -2250,7 +3566,7 @@ compiler."
func_show_eval_locale "$command" \
'$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE'
- if test "$need_locks" = warn &&
+ if test warn = "$need_locks" &&
test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
$ECHO "\
*** ERROR, $lockfile contains:
@@ -2261,7 +3577,7 @@ $srcfile
This indicates that another process is trying to use the same
temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together. If you
+your compiler does not support '-c' and '-o' together. If you
repeat this compilation, it may succeed, by chance, but you had better
avoid parallel builds (make -j) in this platform, or get a better
compiler."
@@ -2281,7 +3597,7 @@ compiler."
func_write_libtool_object "$libobj" "$objdir/$objname" "$objname"
# Unlock the critical section if it was locked
- if test "$need_locks" != no; then
+ if test no != "$need_locks"; then
removelist=$lockfile
$RM "$lockfile"
fi
@@ -2291,7 +3607,7 @@ compiler."
}
$opt_help || {
- test "$opt_mode" = compile && func_mode_compile ${1+"$@"}
+ test compile = "$opt_mode" && func_mode_compile ${1+"$@"}
}
func_mode_help ()
@@ -2311,7 +3627,7 @@ func_mode_help ()
Remove files from the build directory.
RM is the name of the program to use to delete files associated with each FILE
-(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed
to RM.
If FILE is a libtool library, object or program, all the files associated
@@ -2330,16 +3646,16 @@ This mode accepts the following additional options:
-no-suppress do not suppress compiler output for multiple passes
-prefer-pic try to build PIC objects only
-prefer-non-pic try to build non-PIC objects only
- -shared do not build a \`.o' file suitable for static linking
- -static only build a \`.o' file suitable for static linking
+ -shared do not build a '.o' file suitable for static linking
+ -static only build a '.o' file suitable for static linking
-Wc,FLAG pass FLAG directly to the compiler
-COMPILE-COMMAND is a command to be used in creating a \`standard' object file
+COMPILE-COMMAND is a command to be used in creating a 'standard' object file
from the given SOURCEFILE.
The output file name is determined by removing the directory component from
-SOURCEFILE, then substituting the C source code suffix \`.c' with the
-library object suffix, \`.lo'."
+SOURCEFILE, then substituting the C source code suffix '.c' with the
+library object suffix, '.lo'."
;;
execute)
@@ -2352,7 +3668,7 @@ This mode accepts the following additional options:
-dlopen FILE add the directory containing FILE to the library path
-This mode sets the library path environment variable according to \`-dlopen'
+This mode sets the library path environment variable according to '-dlopen'
flags.
If any of the ARGS are libtool executable wrappers, then they are translated
@@ -2371,7 +3687,7 @@ Complete the installation of libtool libraries.
Each LIBDIR is a directory that contains libtool libraries.
The commands that this mode executes may require superuser privileges. Use
-the \`--dry-run' option if you just want to see what would be executed."
+the '--dry-run' option if you just want to see what would be executed."
;;
install)
@@ -2381,7 +3697,7 @@ the \`--dry-run' option if you just want to see what would be executed."
Install executables or libraries.
INSTALL-COMMAND is the installation command. The first component should be
-either the \`install' or \`cp' program.
+either the 'install' or 'cp' program.
The following components of INSTALL-COMMAND are treated specially:
@@ -2407,7 +3723,7 @@ The following components of LINK-COMMAND are treated specially:
-avoid-version do not add a version suffix if possible
-bindir BINDIR specify path to binaries directory (for systems where
libraries must be found in the PATH setting at runtime)
- -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime
+ -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime
-dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols
-export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
-export-symbols SYMFILE
@@ -2421,7 +3737,8 @@ The following components of LINK-COMMAND are treated specially:
-no-install link a not-installable executable
-no-undefined declare that a library does not refer to external symbols
-o OUTPUT-FILE create OUTPUT-FILE from the specified objects
- -objectlist FILE Use a list of object files found in FILE to specify objects
+ -objectlist FILE use a list of object files found in FILE to specify objects
+ -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes)
-precious-files-regex REGEX
don't remove output files matching REGEX
-release RELEASE specify package release information
@@ -2441,20 +3758,20 @@ The following components of LINK-COMMAND are treated specially:
-Xlinker FLAG pass linker-specific FLAG directly to the linker
-XCClinker FLAG pass link-specific FLAG to the compiler driver (CC)
-All other options (arguments beginning with \`-') are ignored.
+All other options (arguments beginning with '-') are ignored.
-Every other argument is treated as a filename. Files ending in \`.la' are
+Every other argument is treated as a filename. Files ending in '.la' are
treated as uninstalled libtool libraries, other files are standard or library
object files.
-If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
-only library objects (\`.lo' files) may be specified, and \`-rpath' is
+If the OUTPUT-FILE ends in '.la', then a libtool library is created,
+only library objects ('.lo' files) may be specified, and '-rpath' is
required, except when creating a convenience library.
-If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
-using \`ar' and \`ranlib', or on Windows using \`lib'.
+If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created
+using 'ar' and 'ranlib', or on Windows using 'lib'.
-If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
+If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file
is created, otherwise an executable program is created."
;;
@@ -2465,7 +3782,7 @@ is created, otherwise an executable program is created."
Remove libraries from an installation directory.
RM is the name of the program to use to delete files associated with each FILE
-(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed
to RM.
If FILE is a libtool library, all the files associated with it are deleted.
@@ -2473,17 +3790,17 @@ Otherwise, only FILE itself is deleted using RM."
;;
*)
- func_fatal_help "invalid operation mode \`$opt_mode'"
+ func_fatal_help "invalid operation mode '$opt_mode'"
;;
esac
echo
- $ECHO "Try \`$progname --help' for more information about other modes."
+ $ECHO "Try '$progname --help' for more information about other modes."
}
# Now that we've collected a possible --mode arg, show help if necessary
if $opt_help; then
- if test "$opt_help" = :; then
+ if test : = "$opt_help"; then
func_mode_help
else
{
@@ -2491,7 +3808,7 @@ if $opt_help; then
for opt_mode in compile link execute install finish uninstall clean; do
func_mode_help
done
- } | sed -n '1p; 2,$s/^Usage:/ or: /p'
+ } | $SED -n '1p; 2,$s/^Usage:/ or: /p'
{
func_help noexit
for opt_mode in compile link execute install finish uninstall clean; do
@@ -2499,7 +3816,7 @@ if $opt_help; then
func_mode_help
done
} |
- sed '1d
+ $SED '1d
/^When reporting/,/^Report/{
H
d
@@ -2516,16 +3833,17 @@ fi
# func_mode_execute arg...
func_mode_execute ()
{
- $opt_debug
+ $debug_cmd
+
# The first argument is the command name.
- cmd="$nonopt"
+ cmd=$nonopt
test -z "$cmd" && \
func_fatal_help "you must specify a COMMAND"
# Handle -dlopen flags immediately.
for file in $opt_dlopen; do
test -f "$file" \
- || func_fatal_help "\`$file' is not a file"
+ || func_fatal_help "'$file' is not a file"
dir=
case $file in
@@ -2535,7 +3853,7 @@ func_mode_execute ()
# Check to see that this really is a libtool archive.
func_lalib_unsafe_p "$file" \
- || func_fatal_help "\`$lib' is not a valid libtool archive"
+ || func_fatal_help "'$lib' is not a valid libtool archive"
# Read the libtool library.
dlname=
@@ -2546,18 +3864,18 @@ func_mode_execute ()
if test -z "$dlname"; then
# Warn if it was a shared library.
test -n "$library_names" && \
- func_warning "\`$file' was not linked with \`-export-dynamic'"
+ func_warning "'$file' was not linked with '-export-dynamic'"
continue
fi
func_dirname "$file" "" "."
- dir="$func_dirname_result"
+ dir=$func_dirname_result
if test -f "$dir/$objdir/$dlname"; then
func_append dir "/$objdir"
else
if test ! -f "$dir/$dlname"; then
- func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'"
+ func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'"
fi
fi
;;
@@ -2565,18 +3883,18 @@ func_mode_execute ()
*.lo)
# Just add the directory containing the .lo file.
func_dirname "$file" "" "."
- dir="$func_dirname_result"
+ dir=$func_dirname_result
;;
*)
- func_warning "\`-dlopen' is ignored for non-libtool libraries and objects"
+ func_warning "'-dlopen' is ignored for non-libtool libraries and objects"
continue
;;
esac
# Get the absolute pathname.
absdir=`cd "$dir" && pwd`
- test -n "$absdir" && dir="$absdir"
+ test -n "$absdir" && dir=$absdir
# Now add the directory to shlibpath_var.
if eval "test -z \"\$$shlibpath_var\""; then
@@ -2588,7 +3906,7 @@ func_mode_execute ()
# This variable tells wrapper scripts just to set shlibpath_var
# rather than running their programs.
- libtool_execute_magic="$magic"
+ libtool_execute_magic=$magic
# Check if any of the arguments is a wrapper script.
args=
@@ -2601,12 +3919,12 @@ func_mode_execute ()
if func_ltwrapper_script_p "$file"; then
func_source "$file"
# Transform arg to wrapped name.
- file="$progdir/$program"
+ file=$progdir/$program
elif func_ltwrapper_executable_p "$file"; then
func_ltwrapper_scriptname "$file"
func_source "$func_ltwrapper_scriptname_result"
# Transform arg to wrapped name.
- file="$progdir/$program"
+ file=$progdir/$program
fi
;;
esac
@@ -2614,7 +3932,15 @@ func_mode_execute ()
func_append_quoted args "$file"
done
- if test "X$opt_dry_run" = Xfalse; then
+ if $opt_dry_run; then
+ # Display what would be done.
+ if test -n "$shlibpath_var"; then
+ eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
+ echo "export $shlibpath_var"
+ fi
+ $ECHO "$cmd$args"
+ exit $EXIT_SUCCESS
+ else
if test -n "$shlibpath_var"; then
# Export the shlibpath_var.
eval "export $shlibpath_var"
@@ -2631,25 +3957,18 @@ func_mode_execute ()
done
# Now prepare to actually exec the command.
- exec_cmd="\$cmd$args"
- else
- # Display what would be done.
- if test -n "$shlibpath_var"; then
- eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
- echo "export $shlibpath_var"
- fi
- $ECHO "$cmd$args"
- exit $EXIT_SUCCESS
+ exec_cmd=\$cmd$args
fi
}
-test "$opt_mode" = execute && func_mode_execute ${1+"$@"}
+test execute = "$opt_mode" && func_mode_execute ${1+"$@"}
# func_mode_finish arg...
func_mode_finish ()
{
- $opt_debug
+ $debug_cmd
+
libs=
libdirs=
admincmds=
@@ -2663,11 +3982,11 @@ func_mode_finish ()
if func_lalib_unsafe_p "$opt"; then
func_append libs " $opt"
else
- func_warning "\`$opt' is not a valid libtool archive"
+ func_warning "'$opt' is not a valid libtool archive"
fi
else
- func_fatal_error "invalid argument \`$opt'"
+ func_fatal_error "invalid argument '$opt'"
fi
done
@@ -2682,12 +4001,12 @@ func_mode_finish ()
# Remove sysroot references
if $opt_dry_run; then
for lib in $libs; do
- echo "removing references to $lt_sysroot and \`=' prefixes from $lib"
+ echo "removing references to $lt_sysroot and '=' prefixes from $lib"
done
else
tmpdir=`func_mktempdir`
for lib in $libs; do
- sed -e "${sysroot_cmd} s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \
+ $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \
> $tmpdir/tmp-la
mv -f $tmpdir/tmp-la $lib
done
@@ -2712,7 +4031,7 @@ func_mode_finish ()
fi
# Exit here if they wanted silent mode.
- $opt_silent && exit $EXIT_SUCCESS
+ $opt_quiet && exit $EXIT_SUCCESS
if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
echo "----------------------------------------------------------------------"
@@ -2723,27 +4042,27 @@ func_mode_finish ()
echo
echo "If you ever happen to want to link against installed libraries"
echo "in a given directory, LIBDIR, you must either use libtool, and"
- echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
+ echo "specify the full pathname of the library, or use the '-LLIBDIR'"
echo "flag during linking and do at least one of the following:"
if test -n "$shlibpath_var"; then
- echo " - add LIBDIR to the \`$shlibpath_var' environment variable"
+ echo " - add LIBDIR to the '$shlibpath_var' environment variable"
echo " during execution"
fi
if test -n "$runpath_var"; then
- echo " - add LIBDIR to the \`$runpath_var' environment variable"
+ echo " - add LIBDIR to the '$runpath_var' environment variable"
echo " during linking"
fi
if test -n "$hardcode_libdir_flag_spec"; then
libdir=LIBDIR
eval flag=\"$hardcode_libdir_flag_spec\"
- $ECHO " - use the \`$flag' linker flag"
+ $ECHO " - use the '$flag' linker flag"
fi
if test -n "$admincmds"; then
$ECHO " - have your system administrator run these commands:$admincmds"
fi
if test -f /etc/ld.so.conf; then
- echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+ echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'"
fi
echo
@@ -2762,18 +4081,20 @@ func_mode_finish ()
exit $EXIT_SUCCESS
}
-test "$opt_mode" = finish && func_mode_finish ${1+"$@"}
+test finish = "$opt_mode" && func_mode_finish ${1+"$@"}
# func_mode_install arg...
func_mode_install ()
{
- $opt_debug
+ $debug_cmd
+
# There may be an optional sh(1) argument at the beginning of
# install_prog (especially on Windows NT).
- if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
+ if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" ||
# Allow the use of GNU shtool's install command.
- case $nonopt in *shtool*) :;; *) false;; esac; then
+ case $nonopt in *shtool*) :;; *) false;; esac
+ then
# Aesthetically quote it.
func_quote_for_eval "$nonopt"
install_prog="$func_quote_for_eval_result "
@@ -2800,7 +4121,7 @@ func_mode_install ()
opts=
prev=
install_type=
- isdir=no
+ isdir=false
stripme=
no_mode=:
for arg
@@ -2813,7 +4134,7 @@ func_mode_install ()
fi
case $arg in
- -d) isdir=yes ;;
+ -d) isdir=: ;;
-f)
if $install_cp; then :; else
prev=$arg
@@ -2831,7 +4152,7 @@ func_mode_install ()
*)
# If the previous option needed an argument, then skip it.
if test -n "$prev"; then
- if test "x$prev" = x-m && test -n "$install_override_mode"; then
+ if test X-m = "X$prev" && test -n "$install_override_mode"; then
arg2=$install_override_mode
no_mode=false
fi
@@ -2856,7 +4177,7 @@ func_mode_install ()
func_fatal_help "you must specify an install program"
test -n "$prev" && \
- func_fatal_help "the \`$prev' option requires an argument"
+ func_fatal_help "the '$prev' option requires an argument"
if test -n "$install_override_mode" && $no_mode; then
if $install_cp; then :; else
@@ -2878,19 +4199,19 @@ func_mode_install ()
dest=$func_stripname_result
# Check to see that the destination is a directory.
- test -d "$dest" && isdir=yes
- if test "$isdir" = yes; then
- destdir="$dest"
+ test -d "$dest" && isdir=:
+ if $isdir; then
+ destdir=$dest
destname=
else
func_dirname_and_basename "$dest" "" "."
- destdir="$func_dirname_result"
- destname="$func_basename_result"
+ destdir=$func_dirname_result
+ destname=$func_basename_result
# Not a directory, so check to see that there is only one file specified.
set dummy $files; shift
test "$#" -gt 1 && \
- func_fatal_help "\`$dest' is not a directory"
+ func_fatal_help "'$dest' is not a directory"
fi
case $destdir in
[\\/]* | [A-Za-z]:[\\/]*) ;;
@@ -2899,7 +4220,7 @@ func_mode_install ()
case $file in
*.lo) ;;
*)
- func_fatal_help "\`$destdir' must be an absolute directory name"
+ func_fatal_help "'$destdir' must be an absolute directory name"
;;
esac
done
@@ -2908,7 +4229,7 @@ func_mode_install ()
# This variable tells wrapper scripts just to set variables rather
# than running their programs.
- libtool_install_magic="$magic"
+ libtool_install_magic=$magic
staticlibs=
future_libdirs=
@@ -2928,7 +4249,7 @@ func_mode_install ()
# Check to see that this really is a libtool archive.
func_lalib_unsafe_p "$file" \
- || func_fatal_help "\`$file' is not a valid libtool archive"
+ || func_fatal_help "'$file' is not a valid libtool archive"
library_names=
old_library=
@@ -2950,7 +4271,7 @@ func_mode_install ()
fi
func_dirname "$file" "/" ""
- dir="$func_dirname_result"
+ dir=$func_dirname_result
func_append dir "$objdir"
if test -n "$relink_command"; then
@@ -2964,7 +4285,7 @@ func_mode_install ()
# are installed into $libdir/../bin (currently, that works fine)
# but it's something to keep an eye on.
test "$inst_prefix_dir" = "$destdir" && \
- func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir"
+ func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir"
if test -n "$inst_prefix_dir"; then
# Stick the inst_prefix_dir data into the link command.
@@ -2973,29 +4294,36 @@ func_mode_install ()
relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"`
fi
- func_warning "relinking \`$file'"
+ func_warning "relinking '$file'"
func_show_eval "$relink_command" \
- 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"'
+ 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"'
fi
# See the names of the shared library.
set dummy $library_names; shift
if test -n "$1"; then
- realname="$1"
+ realname=$1
shift
- srcname="$realname"
- test -n "$relink_command" && srcname="$realname"T
+ srcname=$realname
+ test -n "$relink_command" && srcname=${realname}T
# Install the shared library and build the symlinks.
func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \
'exit $?'
- tstripme="$stripme"
+ tstripme=$stripme
case $host_os in
cygwin* | mingw* | pw32* | cegcc*)
case $realname in
*.dll.a)
- tstripme=""
+ tstripme=
+ ;;
+ esac
+ ;;
+ os2*)
+ case $realname in
+ *_dll.a)
+ tstripme=
;;
esac
;;
@@ -3006,7 +4334,7 @@ func_mode_install ()
if test "$#" -gt 0; then
# Delete the old symlinks, and create new ones.
- # Try `ln -sf' first, because the `ln' binary might depend on
+ # Try 'ln -sf' first, because the 'ln' binary might depend on
# the symlink we replace! Solaris /bin/ln does not understand -f,
# so we also need to try rm && ln -s.
for linkname
@@ -3017,14 +4345,14 @@ func_mode_install ()
fi
# Do each command in the postinstall commands.
- lib="$destdir/$realname"
+ lib=$destdir/$realname
func_execute_cmds "$postinstall_cmds" 'exit $?'
fi
# Install the pseudo-library for information purposes.
func_basename "$file"
- name="$func_basename_result"
- instname="$dir/$name"i
+ name=$func_basename_result
+ instname=$dir/${name}i
func_show_eval "$install_prog $instname $destdir/$name" 'exit $?'
# Maybe install the static library, too.
@@ -3036,11 +4364,11 @@ func_mode_install ()
# Figure out destination file name, if it wasn't already specified.
if test -n "$destname"; then
- destfile="$destdir/$destname"
+ destfile=$destdir/$destname
else
func_basename "$file"
- destfile="$func_basename_result"
- destfile="$destdir/$destfile"
+ destfile=$func_basename_result
+ destfile=$destdir/$destfile
fi
# Deduce the name of the destination old-style object file.
@@ -3050,11 +4378,11 @@ func_mode_install ()
staticdest=$func_lo2o_result
;;
*.$objext)
- staticdest="$destfile"
+ staticdest=$destfile
destfile=
;;
*)
- func_fatal_help "cannot copy a libtool object to \`$destfile'"
+ func_fatal_help "cannot copy a libtool object to '$destfile'"
;;
esac
@@ -3063,7 +4391,7 @@ func_mode_install ()
func_show_eval "$install_prog $file $destfile" 'exit $?'
# Install the old object if enabled.
- if test "$build_old_libs" = yes; then
+ if test yes = "$build_old_libs"; then
# Deduce the name of the old-style object file.
func_lo2o "$file"
staticobj=$func_lo2o_result
@@ -3075,23 +4403,23 @@ func_mode_install ()
*)
# Figure out destination file name, if it wasn't already specified.
if test -n "$destname"; then
- destfile="$destdir/$destname"
+ destfile=$destdir/$destname
else
func_basename "$file"
- destfile="$func_basename_result"
- destfile="$destdir/$destfile"
+ destfile=$func_basename_result
+ destfile=$destdir/$destfile
fi
# If the file is missing, and there is a .exe on the end, strip it
# because it is most likely a libtool script we actually want to
# install
- stripped_ext=""
+ stripped_ext=
case $file in
*.exe)
if test ! -f "$file"; then
func_stripname '' '.exe' "$file"
file=$func_stripname_result
- stripped_ext=".exe"
+ stripped_ext=.exe
fi
;;
esac
@@ -3119,19 +4447,19 @@ func_mode_install ()
# Check the variables that should have been set.
test -z "$generated_by_libtool_version" && \
- func_fatal_error "invalid libtool wrapper script \`$wrapper'"
+ func_fatal_error "invalid libtool wrapper script '$wrapper'"
- finalize=yes
+ finalize=:
for lib in $notinst_deplibs; do
# Check to see that each library is installed.
libdir=
if test -f "$lib"; then
func_source "$lib"
fi
- libfile="$libdir/"`$ECHO "$lib" | $SED 's%^.*/%%g'` ### testsuite: skip nested quoting test
+ libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'`
if test -n "$libdir" && test ! -f "$libfile"; then
- func_warning "\`$lib' has not been installed in \`$libdir'"
- finalize=no
+ func_warning "'$lib' has not been installed in '$libdir'"
+ finalize=false
fi
done
@@ -3139,29 +4467,29 @@ func_mode_install ()
func_source "$wrapper"
outputname=
- if test "$fast_install" = no && test -n "$relink_command"; then
+ if test no = "$fast_install" && test -n "$relink_command"; then
$opt_dry_run || {
- if test "$finalize" = yes; then
+ if $finalize; then
tmpdir=`func_mktempdir`
func_basename "$file$stripped_ext"
- file="$func_basename_result"
- outputname="$tmpdir/$file"
+ file=$func_basename_result
+ outputname=$tmpdir/$file
# Replace the output file specification.
relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'`
- $opt_silent || {
+ $opt_quiet || {
func_quote_for_expand "$relink_command"
eval "func_echo $func_quote_for_expand_result"
}
if eval "$relink_command"; then :
else
- func_error "error: relink \`$file' with the above command before installing it"
+ func_error "error: relink '$file' with the above command before installing it"
$opt_dry_run || ${RM}r "$tmpdir"
continue
fi
- file="$outputname"
+ file=$outputname
else
- func_warning "cannot relink \`$file'"
+ func_warning "cannot relink '$file'"
fi
}
else
@@ -3198,10 +4526,10 @@ func_mode_install ()
for file in $staticlibs; do
func_basename "$file"
- name="$func_basename_result"
+ name=$func_basename_result
# Set up the ranlib parameters.
- oldlib="$destdir/$name"
+ oldlib=$destdir/$name
func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
tool_oldlib=$func_to_tool_file_result
@@ -3216,18 +4544,18 @@ func_mode_install ()
done
test -n "$future_libdirs" && \
- func_warning "remember to run \`$progname --finish$future_libdirs'"
+ func_warning "remember to run '$progname --finish$future_libdirs'"
if test -n "$current_libdirs"; then
# Maybe just do a dry run.
$opt_dry_run && current_libdirs=" -n$current_libdirs"
- exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
+ exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs'
else
exit $EXIT_SUCCESS
fi
}
-test "$opt_mode" = install && func_mode_install ${1+"$@"}
+test install = "$opt_mode" && func_mode_install ${1+"$@"}
# func_generate_dlsyms outputname originator pic_p
@@ -3235,16 +4563,17 @@ test "$opt_mode" = install && func_mode_install ${1+"$@"}
# a dlpreopen symbol table.
func_generate_dlsyms ()
{
- $opt_debug
- my_outputname="$1"
- my_originator="$2"
- my_pic_p="${3-no}"
- my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'`
+ $debug_cmd
+
+ my_outputname=$1
+ my_originator=$2
+ my_pic_p=${3-false}
+ my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'`
my_dlsyms=
- if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
if test -n "$NM" && test -n "$global_symbol_pipe"; then
- my_dlsyms="${my_outputname}S.c"
+ my_dlsyms=${my_outputname}S.c
else
func_error "not configured to extract global symbols from dlpreopened files"
fi
@@ -3255,7 +4584,7 @@ func_generate_dlsyms ()
"") ;;
*.c)
# Discover the nlist of each of the dlfiles.
- nlist="$output_objdir/${my_outputname}.nm"
+ nlist=$output_objdir/$my_outputname.nm
func_show_eval "$RM $nlist ${nlist}S ${nlist}T"
@@ -3263,34 +4592,36 @@ func_generate_dlsyms ()
func_verbose "creating $output_objdir/$my_dlsyms"
$opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\
-/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */
-/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */
+/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */
+/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */
#ifdef __cplusplus
extern \"C\" {
#endif
-#if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4))
+#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4))
#pragma GCC diagnostic ignored \"-Wstrict-prototypes\"
#endif
/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE)
-/* DATA imports from DLLs on WIN32 con't be const, because runtime
+#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
+/* DATA imports from DLLs on WIN32 can't be const, because runtime
relocations are performed -- see ld's documentation on pseudo-relocs. */
# define LT_DLSYM_CONST
-#elif defined(__osf__)
+#elif defined __osf__
/* This system does not cope well with relocations in const data. */
# define LT_DLSYM_CONST
#else
# define LT_DLSYM_CONST const
#endif
+#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0)
+
/* External symbol declarations for the compiler. */\
"
- if test "$dlself" = yes; then
- func_verbose "generating symbol list for \`$output'"
+ if test yes = "$dlself"; then
+ func_verbose "generating symbol list for '$output'"
$opt_dry_run || echo ': @PROGRAM@ ' > "$nlist"
@@ -3298,7 +4629,7 @@ extern \"C\" {
progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP`
for progfile in $progfiles; do
func_to_tool_file "$progfile" func_convert_file_msys_to_w32
- func_verbose "extracting global C symbols from \`$func_to_tool_file_result'"
+ func_verbose "extracting global C symbols from '$func_to_tool_file_result'"
$opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'"
done
@@ -3318,10 +4649,10 @@ extern \"C\" {
# Prepare the list of exported symbols
if test -z "$export_symbols"; then
- export_symbols="$output_objdir/$outputname.exp"
+ export_symbols=$output_objdir/$outputname.exp
$opt_dry_run || {
$RM $export_symbols
- eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+ eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
case $host in
*cygwin* | *mingw* | *cegcc* )
eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
@@ -3331,7 +4662,7 @@ extern \"C\" {
}
else
$opt_dry_run || {
- eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+ eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
eval '$MV "$nlist"T "$nlist"'
case $host in
@@ -3345,22 +4676,22 @@ extern \"C\" {
fi
for dlprefile in $dlprefiles; do
- func_verbose "extracting global C symbols from \`$dlprefile'"
+ func_verbose "extracting global C symbols from '$dlprefile'"
func_basename "$dlprefile"
- name="$func_basename_result"
+ name=$func_basename_result
case $host in
*cygwin* | *mingw* | *cegcc* )
# if an import library, we need to obtain dlname
if func_win32_import_lib_p "$dlprefile"; then
func_tr_sh "$dlprefile"
eval "curr_lafile=\$libfile_$func_tr_sh_result"
- dlprefile_dlbasename=""
+ dlprefile_dlbasename=
if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then
# Use subshell, to avoid clobbering current variable values
dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"`
- if test -n "$dlprefile_dlname" ; then
+ if test -n "$dlprefile_dlname"; then
func_basename "$dlprefile_dlname"
- dlprefile_dlbasename="$func_basename_result"
+ dlprefile_dlbasename=$func_basename_result
else
# no lafile. user explicitly requested -dlpreopen <import library>.
$sharedlib_from_linklib_cmd "$dlprefile"
@@ -3368,7 +4699,7 @@ extern \"C\" {
fi
fi
$opt_dry_run || {
- if test -n "$dlprefile_dlbasename" ; then
+ if test -n "$dlprefile_dlbasename"; then
eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"'
else
func_warning "Could not compute DLL name from $name"
@@ -3424,6 +4755,11 @@ extern \"C\" {
echo '/* NONE */' >> "$output_objdir/$my_dlsyms"
fi
+ func_show_eval '$RM "${nlist}I"'
+ if test -n "$global_symbol_to_import"; then
+ eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I'
+ fi
+
echo >> "$output_objdir/$my_dlsyms" "\
/* The mapping between symbol names and symbols. */
@@ -3432,11 +4768,30 @@ typedef struct {
void *address;
} lt_dlsymlist;
extern LT_DLSYM_CONST lt_dlsymlist
-lt_${my_prefix}_LTX_preloaded_symbols[];
+lt_${my_prefix}_LTX_preloaded_symbols[];\
+"
+
+ if test -s "$nlist"I; then
+ echo >> "$output_objdir/$my_dlsyms" "\
+static void lt_syminit(void)
+{
+ LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols;
+ for (; symbol->name; ++symbol)
+ {"
+ $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms"
+ echo >> "$output_objdir/$my_dlsyms" "\
+ }
+}"
+ fi
+ echo >> "$output_objdir/$my_dlsyms" "\
LT_DLSYM_CONST lt_dlsymlist
lt_${my_prefix}_LTX_preloaded_symbols[] =
-{\
- { \"$my_originator\", (void *) 0 },"
+{ {\"$my_originator\", (void *) 0},"
+
+ if test -s "$nlist"I; then
+ echo >> "$output_objdir/$my_dlsyms" "\
+ {\"@INIT@\", (void *) <_syminit},"
+ fi
case $need_lib_prefix in
no)
@@ -3478,9 +4833,7 @@ static const void *lt_preloaded_setup() {
*-*-hpux*)
pic_flag_for_symtable=" $pic_flag" ;;
*)
- if test "X$my_pic_p" != Xno; then
- pic_flag_for_symtable=" $pic_flag"
- fi
+ $my_pic_p && pic_flag_for_symtable=" $pic_flag"
;;
esac
;;
@@ -3497,10 +4850,10 @@ static const void *lt_preloaded_setup() {
func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?'
# Clean up the generated files.
- func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"'
+ func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"'
# Transform the symbol file into the correct name.
- symfileobj="$output_objdir/${my_outputname}S.$objext"
+ symfileobj=$output_objdir/${my_outputname}S.$objext
case $host in
*cygwin* | *mingw* | *cegcc* )
if test -f "$output_objdir/$my_outputname.def"; then
@@ -3518,7 +4871,7 @@ static const void *lt_preloaded_setup() {
esac
;;
*)
- func_fatal_error "unknown suffix for \`$my_dlsyms'"
+ func_fatal_error "unknown suffix for '$my_dlsyms'"
;;
esac
else
@@ -3532,6 +4885,32 @@ static const void *lt_preloaded_setup() {
fi
}
+# func_cygming_gnu_implib_p ARG
+# This predicate returns with zero status (TRUE) if
+# ARG is a GNU/binutils-style import library. Returns
+# with nonzero status (FALSE) otherwise.
+func_cygming_gnu_implib_p ()
+{
+ $debug_cmd
+
+ func_to_tool_file "$1" func_convert_file_msys_to_w32
+ func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'`
+ test -n "$func_cygming_gnu_implib_tmp"
+}
+
+# func_cygming_ms_implib_p ARG
+# This predicate returns with zero status (TRUE) if
+# ARG is an MS-style import library. Returns
+# with nonzero status (FALSE) otherwise.
+func_cygming_ms_implib_p ()
+{
+ $debug_cmd
+
+ func_to_tool_file "$1" func_convert_file_msys_to_w32
+ func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'`
+ test -n "$func_cygming_ms_implib_tmp"
+}
+
# func_win32_libid arg
# return the library type of file 'arg'
#
@@ -3541,8 +4920,9 @@ static const void *lt_preloaded_setup() {
# Despite the name, also deal with 64 bit binaries.
func_win32_libid ()
{
- $opt_debug
- win32_libid_type="unknown"
+ $debug_cmd
+
+ win32_libid_type=unknown
win32_fileres=`file -L $1 2>/dev/null`
case $win32_fileres in
*ar\ archive\ import\ library*) # definitely import
@@ -3552,16 +4932,29 @@ func_win32_libid ()
# Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD.
if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
$EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then
- func_to_tool_file "$1" func_convert_file_msys_to_w32
- win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" |
- $SED -n -e '
+ case $nm_interface in
+ "MS dumpbin")
+ if func_cygming_ms_implib_p "$1" ||
+ func_cygming_gnu_implib_p "$1"
+ then
+ win32_nmres=import
+ else
+ win32_nmres=
+ fi
+ ;;
+ *)
+ func_to_tool_file "$1" func_convert_file_msys_to_w32
+ win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" |
+ $SED -n -e '
1,100{
/ I /{
- s,.*,import,
+ s|.*|import|
p
q
}
}'`
+ ;;
+ esac
case $win32_nmres in
import*) win32_libid_type="x86 archive import";;
*) win32_libid_type="x86 archive static";;
@@ -3593,7 +4986,8 @@ func_win32_libid ()
# $sharedlib_from_linklib_result
func_cygming_dll_for_implib ()
{
- $opt_debug
+ $debug_cmd
+
sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"`
}
@@ -3610,7 +5004,8 @@ func_cygming_dll_for_implib ()
# specified import library.
func_cygming_dll_for_implib_fallback_core ()
{
- $opt_debug
+ $debug_cmd
+
match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"`
$OBJDUMP -s --section "$1" "$2" 2>/dev/null |
$SED '/^Contents of section '"$match_literal"':/{
@@ -3646,8 +5041,8 @@ func_cygming_dll_for_implib_fallback_core ()
/./p' |
# we now have a list, one entry per line, of the stringified
# contents of the appropriate section of all members of the
- # archive which possess that section. Heuristic: eliminate
- # all those which have a first or second character that is
+ # archive that possess that section. Heuristic: eliminate
+ # all those that have a first or second character that is
# a '.' (that is, objdump's representation of an unprintable
# character.) This should work for all archives with less than
# 0x302f exports -- but will fail for DLLs whose name actually
@@ -3658,30 +5053,6 @@ func_cygming_dll_for_implib_fallback_core ()
$SED -e '/^\./d;/^.\./d;q'
}
-# func_cygming_gnu_implib_p ARG
-# This predicate returns with zero status (TRUE) if
-# ARG is a GNU/binutils-style import library. Returns
-# with nonzero status (FALSE) otherwise.
-func_cygming_gnu_implib_p ()
-{
- $opt_debug
- func_to_tool_file "$1" func_convert_file_msys_to_w32
- func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'`
- test -n "$func_cygming_gnu_implib_tmp"
-}
-
-# func_cygming_ms_implib_p ARG
-# This predicate returns with zero status (TRUE) if
-# ARG is an MS-style import library. Returns
-# with nonzero status (FALSE) otherwise.
-func_cygming_ms_implib_p ()
-{
- $opt_debug
- func_to_tool_file "$1" func_convert_file_msys_to_w32
- func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'`
- test -n "$func_cygming_ms_implib_tmp"
-}
-
# func_cygming_dll_for_implib_fallback ARG
# Platform-specific function to extract the
# name of the DLL associated with the specified
@@ -3695,16 +5066,17 @@ func_cygming_ms_implib_p ()
# $sharedlib_from_linklib_result
func_cygming_dll_for_implib_fallback ()
{
- $opt_debug
- if func_cygming_gnu_implib_p "$1" ; then
+ $debug_cmd
+
+ if func_cygming_gnu_implib_p "$1"; then
# binutils import library
sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"`
- elif func_cygming_ms_implib_p "$1" ; then
+ elif func_cygming_ms_implib_p "$1"; then
# ms-generated import library
sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"`
else
# unknown
- sharedlib_from_linklib_result=""
+ sharedlib_from_linklib_result=
fi
}
@@ -3712,10 +5084,11 @@ func_cygming_dll_for_implib_fallback ()
# func_extract_an_archive dir oldlib
func_extract_an_archive ()
{
- $opt_debug
- f_ex_an_ar_dir="$1"; shift
- f_ex_an_ar_oldlib="$1"
- if test "$lock_old_archive_extraction" = yes; then
+ $debug_cmd
+
+ f_ex_an_ar_dir=$1; shift
+ f_ex_an_ar_oldlib=$1
+ if test yes = "$lock_old_archive_extraction"; then
lockfile=$f_ex_an_ar_oldlib.lock
until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
func_echo "Waiting for $lockfile to be removed"
@@ -3724,7 +5097,7 @@ func_extract_an_archive ()
fi
func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \
'stat=$?; rm -f "$lockfile"; exit $stat'
- if test "$lock_old_archive_extraction" = yes; then
+ if test yes = "$lock_old_archive_extraction"; then
$opt_dry_run || rm -f "$lockfile"
fi
if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
@@ -3738,22 +5111,23 @@ func_extract_an_archive ()
# func_extract_archives gentop oldlib ...
func_extract_archives ()
{
- $opt_debug
- my_gentop="$1"; shift
+ $debug_cmd
+
+ my_gentop=$1; shift
my_oldlibs=${1+"$@"}
- my_oldobjs=""
- my_xlib=""
- my_xabs=""
- my_xdir=""
+ my_oldobjs=
+ my_xlib=
+ my_xabs=
+ my_xdir=
for my_xlib in $my_oldlibs; do
# Extract the objects.
case $my_xlib in
- [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+ [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;;
*) my_xabs=`pwd`"/$my_xlib" ;;
esac
func_basename "$my_xlib"
- my_xlib="$func_basename_result"
+ my_xlib=$func_basename_result
my_xlib_u=$my_xlib
while :; do
case " $extracted_archives " in
@@ -3765,7 +5139,7 @@ func_extract_archives ()
esac
done
extracted_archives="$extracted_archives $my_xlib_u"
- my_xdir="$my_gentop/$my_xlib_u"
+ my_xdir=$my_gentop/$my_xlib_u
func_mkdir_p "$my_xdir"
@@ -3778,22 +5152,23 @@ func_extract_archives ()
cd $my_xdir || exit $?
darwin_archive=$my_xabs
darwin_curdir=`pwd`
- darwin_base_archive=`basename "$darwin_archive"`
+ func_basename "$darwin_archive"
+ darwin_base_archive=$func_basename_result
darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true`
if test -n "$darwin_arches"; then
darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'`
darwin_arch=
func_verbose "$darwin_base_archive has multiple architectures $darwin_arches"
- for darwin_arch in $darwin_arches ; do
- func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
- $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
- cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
- func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+ for darwin_arch in $darwin_arches; do
+ func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch"
+ $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive"
+ cd "unfat-$$/$darwin_base_archive-$darwin_arch"
+ func_extract_an_archive "`pwd`" "$darwin_base_archive"
cd "$darwin_curdir"
- $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+ $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive"
done # $darwin_arches
## Okay now we've a bunch of thin objects, gotta fatten them up :)
- darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u`
+ darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u`
darwin_file=
darwin_files=
for darwin_file in $darwin_filelist; do
@@ -3815,7 +5190,7 @@ func_extract_archives ()
my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP`
done
- func_extract_archives_result="$my_oldobjs"
+ func_extract_archives_result=$my_oldobjs
}
@@ -3830,7 +5205,7 @@ func_extract_archives ()
#
# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
# variable will take. If 'yes', then the emitted script
-# will assume that the directory in which it is stored is
+# will assume that the directory where it is stored is
# the $objdir directory. This is a cygwin/mingw-specific
# behavior.
func_emit_wrapper ()
@@ -3841,7 +5216,7 @@ func_emit_wrapper ()
#! $SHELL
# $output - temporary wrapper script for $objdir/$outputname
-# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
#
# The $output program cannot be directly executed until all the libtool
# libraries that it depends on are installed.
@@ -3898,9 +5273,9 @@ _LTECHO_EOF'
# Very basic option parsing. These options are (a) specific to
# the libtool wrapper, (b) are identical between the wrapper
-# /script/ and the wrapper /executable/ which is used only on
+# /script/ and the wrapper /executable/ that is used only on
# windows platforms, and (c) all begin with the string "--lt-"
-# (application programs are unlikely to have options which match
+# (application programs are unlikely to have options that match
# this pattern).
#
# There are only two supported options: --lt-debug and
@@ -3933,7 +5308,7 @@ func_parse_lt_options ()
# Print the debug banner immediately:
if test -n \"\$lt_option_debug\"; then
- echo \"${outputname}:${output}:\${LINENO}: libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\" 1>&2
+ echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2
fi
}
@@ -3944,7 +5319,7 @@ func_lt_dump_args ()
lt_dump_args_N=1;
for lt_arg
do
- \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[\$lt_dump_args_N]: \$lt_arg\"
+ \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\"
lt_dump_args_N=\`expr \$lt_dump_args_N + 1\`
done
}
@@ -3958,7 +5333,7 @@ func_exec_program_core ()
*-*-mingw | *-*-os2* | *-cegcc*)
$ECHO "\
if test -n \"\$lt_option_debug\"; then
- \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir\\\\\$program\" 1>&2
+ \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2
func_lt_dump_args \${1+\"\$@\"} 1>&2
fi
exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
@@ -3968,7 +5343,7 @@ func_exec_program_core ()
*)
$ECHO "\
if test -n \"\$lt_option_debug\"; then
- \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir/\$program\" 1>&2
+ \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2
func_lt_dump_args \${1+\"\$@\"} 1>&2
fi
exec \"\$progdir/\$program\" \${1+\"\$@\"}
@@ -4043,13 +5418,13 @@ func_exec_program ()
test -n \"\$absdir\" && thisdir=\"\$absdir\"
"
- if test "$fast_install" = yes; then
+ if test yes = "$fast_install"; then
$ECHO "\
program=lt-'$outputname'$exeext
progdir=\"\$thisdir/$objdir\"
if test ! -f \"\$progdir/\$program\" ||
- { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
+ { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\
test \"X\$file\" != \"X\$progdir/\$program\"; }; then
file=\"\$\$-\$program\"
@@ -4066,7 +5441,7 @@ func_exec_program ()
if test -n \"\$relink_command\"; then
if relink_command_output=\`eval \$relink_command 2>&1\`; then :
else
- $ECHO \"\$relink_command_output\" >&2
+ \$ECHO \"\$relink_command_output\" >&2
$RM \"\$progdir/\$file\"
exit 1
fi
@@ -4101,7 +5476,7 @@ func_exec_program ()
fi
# Export our shlibpath_var if we have one.
- if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
$ECHO "\
# Add our own library path to $shlibpath_var
$shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
@@ -4121,7 +5496,7 @@ func_exec_program ()
fi
else
# The program doesn't exist.
- \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
+ \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2
\$ECHO \"This script is just a wrapper for \$program.\" 1>&2
\$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
exit 1
@@ -4140,7 +5515,7 @@ func_emit_cwrapperexe_src ()
cat <<EOF
/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
- Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+ Generated by $PROGRAM (GNU $PACKAGE) $VERSION
The $output program cannot be directly executed until all the libtool
libraries that it depends on are installed.
@@ -4175,47 +5550,45 @@ EOF
#include <fcntl.h>
#include <sys/stat.h>
+#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0)
+
/* declarations of non-ANSI functions */
-#if defined(__MINGW32__)
+#if defined __MINGW32__
# ifdef __STRICT_ANSI__
int _putenv (const char *);
# endif
-#elif defined(__CYGWIN__)
+#elif defined __CYGWIN__
# ifdef __STRICT_ANSI__
char *realpath (const char *, char *);
int putenv (char *);
int setenv (const char *, const char *, int);
# endif
-/* #elif defined (other platforms) ... */
+/* #elif defined other_platform || defined ... */
#endif
/* portability defines, excluding path handling macros */
-#if defined(_MSC_VER)
+#if defined _MSC_VER
# define setmode _setmode
# define stat _stat
# define chmod _chmod
# define getcwd _getcwd
# define putenv _putenv
# define S_IXUSR _S_IEXEC
-# ifndef _INTPTR_T_DEFINED
-# define _INTPTR_T_DEFINED
-# define intptr_t int
-# endif
-#elif defined(__MINGW32__)
+#elif defined __MINGW32__
# define setmode _setmode
# define stat _stat
# define chmod _chmod
# define getcwd _getcwd
# define putenv _putenv
-#elif defined(__CYGWIN__)
+#elif defined __CYGWIN__
# define HAVE_SETENV
# define FOPEN_WB "wb"
-/* #elif defined (other platforms) ... */
+/* #elif defined other platforms ... */
#endif
-#if defined(PATH_MAX)
+#if defined PATH_MAX
# define LT_PATHMAX PATH_MAX
-#elif defined(MAXPATHLEN)
+#elif defined MAXPATHLEN
# define LT_PATHMAX MAXPATHLEN
#else
# define LT_PATHMAX 1024
@@ -4234,8 +5607,8 @@ int setenv (const char *, const char *, int);
# define PATH_SEPARATOR ':'
#endif
-#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
- defined (__OS2__)
+#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \
+ defined __OS2__
# define HAVE_DOS_BASED_FILE_SYSTEM
# define FOPEN_WB "wb"
# ifndef DIR_SEPARATOR_2
@@ -4268,10 +5641,10 @@ int setenv (const char *, const char *, int);
#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type)))
#define XFREE(stale) do { \
- if (stale) { free ((void *) stale); stale = 0; } \
+ if (stale) { free (stale); stale = 0; } \
} while (0)
-#if defined(LT_DEBUGWRAPPER)
+#if defined LT_DEBUGWRAPPER
static int lt_debug = 1;
#else
static int lt_debug = 0;
@@ -4300,11 +5673,16 @@ void lt_dump_script (FILE *f);
EOF
cat <<EOF
-volatile const char * MAGIC_EXE = "$magic_exe";
+#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 5)
+# define externally_visible volatile
+#else
+# define externally_visible __attribute__((externally_visible)) volatile
+#endif
+externally_visible const char * MAGIC_EXE = "$magic_exe";
const char * LIB_PATH_VARNAME = "$shlibpath_var";
EOF
- if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
func_to_host_path "$temp_rpath"
cat <<EOF
const char * LIB_PATH_VALUE = "$func_to_host_path_result";
@@ -4328,7 +5706,7 @@ const char * EXE_PATH_VALUE = "";
EOF
fi
- if test "$fast_install" = yes; then
+ if test yes = "$fast_install"; then
cat <<EOF
const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */
EOF
@@ -4357,12 +5735,12 @@ main (int argc, char *argv[])
char *actual_cwrapper_name;
char *target_name;
char *lt_argv_zero;
- intptr_t rval = 127;
+ int rval = 127;
int i;
program_name = (char *) xstrdup (base_name (argv[0]));
- newargz = XMALLOC (char *, argc + 1);
+ newargz = XMALLOC (char *, (size_t) argc + 1);
/* very simple arg parsing; don't want to rely on getopt
* also, copy all non cwrapper options to newargz, except
@@ -4371,10 +5749,10 @@ main (int argc, char *argv[])
newargc=0;
for (i = 1; i < argc; i++)
{
- if (strcmp (argv[i], dumpscript_opt) == 0)
+ if (STREQ (argv[i], dumpscript_opt))
{
EOF
- case "$host" in
+ case $host in
*mingw* | *cygwin* )
# make stdout use "unix" line endings
echo " setmode(1,_O_BINARY);"
@@ -4385,12 +5763,12 @@ EOF
lt_dump_script (stdout);
return 0;
}
- if (strcmp (argv[i], debug_opt) == 0)
+ if (STREQ (argv[i], debug_opt))
{
lt_debug = 1;
continue;
}
- if (strcmp (argv[i], ltwrapper_option_prefix) == 0)
+ if (STREQ (argv[i], ltwrapper_option_prefix))
{
/* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
namespace, but it is not one of the ones we know about and
@@ -4413,7 +5791,7 @@ EOF
EOF
cat <<EOF
/* The GNU banner must be the first non-error debug message */
- lt_debugprintf (__FILE__, __LINE__, "libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\n");
+ lt_debugprintf (__FILE__, __LINE__, "libtool wrapper (GNU $PACKAGE) $VERSION\n");
EOF
cat <<"EOF"
lt_debugprintf (__FILE__, __LINE__, "(main) argv[0]: %s\n", argv[0]);
@@ -4524,7 +5902,7 @@ EOF
cat <<"EOF"
/* execv doesn't actually work on mingw as expected on unix */
newargz = prepare_spawn (newargz);
- rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
+ rval = (int) _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
if (rval == -1)
{
/* failed to start process */
@@ -4569,7 +5947,7 @@ base_name (const char *name)
{
const char *base;
-#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+#if defined HAVE_DOS_BASED_FILE_SYSTEM
/* Skip over the disk name in MSDOS pathnames. */
if (isalpha ((unsigned char) name[0]) && name[1] == ':')
name += 2;
@@ -4628,7 +6006,7 @@ find_executable (const char *wrapper)
const char *p_next;
/* static buffer for getcwd */
char tmp[LT_PATHMAX + 1];
- int tmp_len;
+ size_t tmp_len;
char *concat_name;
lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n",
@@ -4638,7 +6016,7 @@ find_executable (const char *wrapper)
return NULL;
/* Absolute path? */
-#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+#if defined HAVE_DOS_BASED_FILE_SYSTEM
if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':')
{
concat_name = xstrdup (wrapper);
@@ -4656,7 +6034,7 @@ find_executable (const char *wrapper)
return concat_name;
XFREE (concat_name);
}
-#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+#if defined HAVE_DOS_BASED_FILE_SYSTEM
}
#endif
@@ -4679,7 +6057,7 @@ find_executable (const char *wrapper)
for (q = p; *q; q++)
if (IS_PATH_SEPARATOR (*q))
break;
- p_len = q - p;
+ p_len = (size_t) (q - p);
p_next = (*q == '\0' ? q : q + 1);
if (p_len == 0)
{
@@ -4798,7 +6176,7 @@ strendzap (char *str, const char *pat)
if (patlen <= len)
{
str += len - patlen;
- if (strcmp (str, pat) == 0)
+ if (STREQ (str, pat))
*str = '\0';
}
return str;
@@ -4863,7 +6241,7 @@ lt_setenv (const char *name, const char *value)
char *str = xstrdup (value);
setenv (name, str, 1);
#else
- int len = strlen (name) + 1 + strlen (value) + 1;
+ size_t len = strlen (name) + 1 + strlen (value) + 1;
char *str = XMALLOC (char, len);
sprintf (str, "%s=%s", name, value);
if (putenv (str) != EXIT_SUCCESS)
@@ -4880,8 +6258,8 @@ lt_extend_str (const char *orig_value, const char *add, int to_end)
char *new_value;
if (orig_value && *orig_value)
{
- int orig_value_len = strlen (orig_value);
- int add_len = strlen (add);
+ size_t orig_value_len = strlen (orig_value);
+ size_t add_len = strlen (add);
new_value = XMALLOC (char, add_len + orig_value_len + 1);
if (to_end)
{
@@ -4912,10 +6290,10 @@ lt_update_exe_path (const char *name, const char *value)
{
char *new_value = lt_extend_str (getenv (name), value, 0);
/* some systems can't cope with a ':'-terminated path #' */
- int len = strlen (new_value);
- while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
+ size_t len = strlen (new_value);
+ while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
{
- new_value[len-1] = '\0';
+ new_value[--len] = '\0';
}
lt_setenv (name, new_value);
XFREE (new_value);
@@ -5082,27 +6460,47 @@ EOF
# True if ARG is an import lib, as indicated by $file_magic_cmd
func_win32_import_lib_p ()
{
- $opt_debug
+ $debug_cmd
+
case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in
*import*) : ;;
*) false ;;
esac
}
+# func_suncc_cstd_abi
+# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!!
+# Several compiler flags select an ABI that is incompatible with the
+# Cstd library. Avoid specifying it if any are in CXXFLAGS.
+func_suncc_cstd_abi ()
+{
+ $debug_cmd
+
+ case " $compile_command " in
+ *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*)
+ suncc_use_cstd_abi=no
+ ;;
+ *)
+ suncc_use_cstd_abi=yes
+ ;;
+ esac
+}
+
# func_mode_link arg...
func_mode_link ()
{
- $opt_debug
+ $debug_cmd
+
case $host in
*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
# It is impossible to link a dll without this setting, and
# we shouldn't force the makefile maintainer to figure out
- # which system we are compiling for in order to pass an extra
+ # what system we are compiling for in order to pass an extra
# flag for every libtool invocation.
# allow_undefined=no
# FIXME: Unfortunately, there are problems with the above when trying
- # to make a dll which has undefined symbols, in which case not
+ # to make a dll that has undefined symbols, in which case not
# even a static library is built. For now, we need to specify
# -no-undefined on the libtool link line when we can be certain
# that all symbols are satisfied, otherwise we get a static library.
@@ -5146,10 +6544,11 @@ func_mode_link ()
module=no
no_install=no
objs=
+ os2dllname=
non_pic_objects=
precious_files_regex=
prefer_static_libs=no
- preload=no
+ preload=false
prev=
prevarg=
release=
@@ -5161,7 +6560,7 @@ func_mode_link ()
vinfo=
vinfo_number=no
weak_libs=
- single_module="${wl}-single_module"
+ single_module=$wl-single_module
func_infer_tag $base_compile
# We need to know -static, to get the right output filenames.
@@ -5169,15 +6568,15 @@ func_mode_link ()
do
case $arg in
-shared)
- test "$build_libtool_libs" != yes && \
- func_fatal_configuration "can not build a shared library"
+ test yes != "$build_libtool_libs" \
+ && func_fatal_configuration "cannot build a shared library"
build_old_libs=no
break
;;
-all-static | -static | -static-libtool-libs)
case $arg in
-all-static)
- if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
+ if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then
func_warning "complete static linking is impossible in this configuration"
fi
if test -n "$link_static_flag"; then
@@ -5210,7 +6609,7 @@ func_mode_link ()
# Go through the arguments, transforming them on the way.
while test "$#" -gt 0; do
- arg="$1"
+ arg=$1
shift
func_quote_for_eval "$arg"
qarg=$func_quote_for_eval_unquoted_result
@@ -5227,21 +6626,21 @@ func_mode_link ()
case $prev in
bindir)
- bindir="$arg"
+ bindir=$arg
prev=
continue
;;
dlfiles|dlprefiles)
- if test "$preload" = no; then
+ $preload || {
# Add the symbol object into the linking commands.
func_append compile_command " @SYMFILE@"
func_append finalize_command " @SYMFILE@"
- preload=yes
- fi
+ preload=:
+ }
case $arg in
*.la | *.lo) ;; # We handle these cases below.
force)
- if test "$dlself" = no; then
+ if test no = "$dlself"; then
dlself=needless
export_dynamic=yes
fi
@@ -5249,9 +6648,9 @@ func_mode_link ()
continue
;;
self)
- if test "$prev" = dlprefiles; then
+ if test dlprefiles = "$prev"; then
dlself=yes
- elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
+ elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then
dlself=yes
else
dlself=needless
@@ -5261,7 +6660,7 @@ func_mode_link ()
continue
;;
*)
- if test "$prev" = dlfiles; then
+ if test dlfiles = "$prev"; then
func_append dlfiles " $arg"
else
func_append dlprefiles " $arg"
@@ -5272,14 +6671,14 @@ func_mode_link ()
esac
;;
expsyms)
- export_symbols="$arg"
+ export_symbols=$arg
test -f "$arg" \
- || func_fatal_error "symbol file \`$arg' does not exist"
+ || func_fatal_error "symbol file '$arg' does not exist"
prev=
continue
;;
expsyms_regex)
- export_symbols_regex="$arg"
+ export_symbols_regex=$arg
prev=
continue
;;
@@ -5297,7 +6696,13 @@ func_mode_link ()
continue
;;
inst_prefix)
- inst_prefix_dir="$arg"
+ inst_prefix_dir=$arg
+ prev=
+ continue
+ ;;
+ mllvm)
+ # Clang does not use LLVM to link, so we can simply discard any
+ # '-mllvm $arg' options when doing the link step.
prev=
continue
;;
@@ -5321,21 +6726,21 @@ func_mode_link ()
if test -z "$pic_object" ||
test -z "$non_pic_object" ||
- test "$pic_object" = none &&
- test "$non_pic_object" = none; then
- func_fatal_error "cannot find name of object for \`$arg'"
+ test none = "$pic_object" &&
+ test none = "$non_pic_object"; then
+ func_fatal_error "cannot find name of object for '$arg'"
fi
# Extract subdirectory from the argument.
func_dirname "$arg" "/" ""
- xdir="$func_dirname_result"
+ xdir=$func_dirname_result
- if test "$pic_object" != none; then
+ if test none != "$pic_object"; then
# Prepend the subdirectory the object is found in.
- pic_object="$xdir$pic_object"
+ pic_object=$xdir$pic_object
- if test "$prev" = dlfiles; then
- if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ if test dlfiles = "$prev"; then
+ if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then
func_append dlfiles " $pic_object"
prev=
continue
@@ -5346,7 +6751,7 @@ func_mode_link ()
fi
# CHECK ME: I think I busted this. -Ossama
- if test "$prev" = dlprefiles; then
+ if test dlprefiles = "$prev"; then
# Preload the old-style object.
func_append dlprefiles " $pic_object"
prev=
@@ -5354,23 +6759,23 @@ func_mode_link ()
# A PIC object.
func_append libobjs " $pic_object"
- arg="$pic_object"
+ arg=$pic_object
fi
# Non-PIC object.
- if test "$non_pic_object" != none; then
+ if test none != "$non_pic_object"; then
# Prepend the subdirectory the object is found in.
- non_pic_object="$xdir$non_pic_object"
+ non_pic_object=$xdir$non_pic_object
# A standard non-PIC object
func_append non_pic_objects " $non_pic_object"
- if test -z "$pic_object" || test "$pic_object" = none ; then
- arg="$non_pic_object"
+ if test -z "$pic_object" || test none = "$pic_object"; then
+ arg=$non_pic_object
fi
else
# If the PIC object exists, use it instead.
# $xdir was prepended to $pic_object above.
- non_pic_object="$pic_object"
+ non_pic_object=$pic_object
func_append non_pic_objects " $non_pic_object"
fi
else
@@ -5378,7 +6783,7 @@ func_mode_link ()
if $opt_dry_run; then
# Extract subdirectory from the argument.
func_dirname "$arg" "/" ""
- xdir="$func_dirname_result"
+ xdir=$func_dirname_result
func_lo2o "$arg"
pic_object=$xdir$objdir/$func_lo2o_result
@@ -5386,24 +6791,29 @@ func_mode_link ()
func_append libobjs " $pic_object"
func_append non_pic_objects " $non_pic_object"
else
- func_fatal_error "\`$arg' is not a valid libtool object"
+ func_fatal_error "'$arg' is not a valid libtool object"
fi
fi
done
else
- func_fatal_error "link input file \`$arg' does not exist"
+ func_fatal_error "link input file '$arg' does not exist"
fi
arg=$save_arg
prev=
continue
;;
+ os2dllname)
+ os2dllname=$arg
+ prev=
+ continue
+ ;;
precious_regex)
- precious_files_regex="$arg"
+ precious_files_regex=$arg
prev=
continue
;;
release)
- release="-$arg"
+ release=-$arg
prev=
continue
;;
@@ -5415,7 +6825,7 @@ func_mode_link ()
func_fatal_error "only absolute run-paths are allowed"
;;
esac
- if test "$prev" = rpath; then
+ if test rpath = "$prev"; then
case "$rpath " in
*" $arg "*) ;;
*) func_append rpath " $arg" ;;
@@ -5430,7 +6840,7 @@ func_mode_link ()
continue
;;
shrext)
- shrext_cmds="$arg"
+ shrext_cmds=$arg
prev=
continue
;;
@@ -5470,7 +6880,7 @@ func_mode_link ()
esac
fi # test -n "$prev"
- prevarg="$arg"
+ prevarg=$arg
case $arg in
-all-static)
@@ -5484,7 +6894,7 @@ func_mode_link ()
-allow-undefined)
# FIXME: remove this flag sometime in the future.
- func_fatal_error "\`-allow-undefined' must not be used because it is the default"
+ func_fatal_error "'-allow-undefined' must not be used because it is the default"
;;
-avoid-version)
@@ -5516,7 +6926,7 @@ func_mode_link ()
if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
func_fatal_error "more than one -exported-symbols argument is not allowed"
fi
- if test "X$arg" = "X-export-symbols"; then
+ if test X-export-symbols = "X$arg"; then
prev=expsyms
else
prev=expsyms_regex
@@ -5550,9 +6960,9 @@ func_mode_link ()
func_stripname "-L" '' "$arg"
if test -z "$func_stripname_result"; then
if test "$#" -gt 0; then
- func_fatal_error "require no space between \`-L' and \`$1'"
+ func_fatal_error "require no space between '-L' and '$1'"
else
- func_fatal_error "need path for \`-L' option"
+ func_fatal_error "need path for '-L' option"
fi
fi
func_resolve_sysroot "$func_stripname_result"
@@ -5563,8 +6973,8 @@ func_mode_link ()
*)
absdir=`cd "$dir" && pwd`
test -z "$absdir" && \
- func_fatal_error "cannot determine absolute directory name of \`$dir'"
- dir="$absdir"
+ func_fatal_error "cannot determine absolute directory name of '$dir'"
+ dir=$absdir
;;
esac
case "$deplibs " in
@@ -5599,7 +7009,7 @@ func_mode_link ()
;;
-l*)
- if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
+ if test X-lc = "X$arg" || test X-lm = "X$arg"; then
case $host in
*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*)
# These systems don't actually have a C or math library (as such)
@@ -5607,11 +7017,11 @@ func_mode_link ()
;;
*-*-os2*)
# These systems don't actually have a C library (as such)
- test "X$arg" = "X-lc" && continue
+ test X-lc = "X$arg" && continue
;;
- *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
# Do not include libc due to us having libc/libc_r.
- test "X$arg" = "X-lc" && continue
+ test X-lc = "X$arg" && continue
;;
*-*-rhapsody* | *-*-darwin1.[012])
# Rhapsody C and math libraries are in the System framework
@@ -5620,16 +7030,16 @@ func_mode_link ()
;;
*-*-sco3.2v5* | *-*-sco5v6*)
# Causes problems with __ctype
- test "X$arg" = "X-lc" && continue
+ test X-lc = "X$arg" && continue
;;
*-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
# Compiler inserts libc in the correct place for threads to work
- test "X$arg" = "X-lc" && continue
+ test X-lc = "X$arg" && continue
;;
esac
- elif test "X$arg" = "X-lc_r"; then
+ elif test X-lc_r = "X$arg"; then
case $host in
- *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
# Do not include libc_r directly, use -pthread flag.
continue
;;
@@ -5639,6 +7049,11 @@ func_mode_link ()
continue
;;
+ -mllvm)
+ prev=mllvm
+ continue
+ ;;
+
-module)
module=yes
continue
@@ -5668,7 +7083,7 @@ func_mode_link ()
;;
-multi_module)
- single_module="${wl}-multi_module"
+ single_module=$wl-multi_module
continue
;;
@@ -5682,8 +7097,8 @@ func_mode_link ()
*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
# The PATH hackery in wrapper scripts is required on Windows
# and Darwin in order for the loader to find any dlls it needs.
- func_warning "\`-no-install' is ignored for $host"
- func_warning "assuming \`-no-fast-install' instead"
+ func_warning "'-no-install' is ignored for $host"
+ func_warning "assuming '-no-fast-install' instead"
fast_install=no
;;
*) no_install=yes ;;
@@ -5701,6 +7116,11 @@ func_mode_link ()
continue
;;
+ -os2dllname)
+ prev=os2dllname
+ continue
+ ;;
+
-o) prev=output ;;
-precious-files-regex)
@@ -5788,14 +7208,14 @@ func_mode_link ()
func_stripname '-Wc,' '' "$arg"
args=$func_stripname_result
arg=
- save_ifs="$IFS"; IFS=','
+ save_ifs=$IFS; IFS=,
for flag in $args; do
- IFS="$save_ifs"
+ IFS=$save_ifs
func_quote_for_eval "$flag"
func_append arg " $func_quote_for_eval_result"
func_append compiler_flags " $func_quote_for_eval_result"
done
- IFS="$save_ifs"
+ IFS=$save_ifs
func_stripname ' ' '' "$arg"
arg=$func_stripname_result
;;
@@ -5804,15 +7224,15 @@ func_mode_link ()
func_stripname '-Wl,' '' "$arg"
args=$func_stripname_result
arg=
- save_ifs="$IFS"; IFS=','
+ save_ifs=$IFS; IFS=,
for flag in $args; do
- IFS="$save_ifs"
+ IFS=$save_ifs
func_quote_for_eval "$flag"
func_append arg " $wl$func_quote_for_eval_result"
func_append compiler_flags " $wl$func_quote_for_eval_result"
func_append linker_flags " $func_quote_for_eval_result"
done
- IFS="$save_ifs"
+ IFS=$save_ifs
func_stripname ' ' '' "$arg"
arg=$func_stripname_result
;;
@@ -5835,7 +7255,7 @@ func_mode_link ()
# -msg_* for osf cc
-msg_*)
func_quote_for_eval "$arg"
- arg="$func_quote_for_eval_result"
+ arg=$func_quote_for_eval_result
;;
# Flags to be passed through unchanged, with rationale:
@@ -5847,25 +7267,49 @@ func_mode_link ()
# -m*, -t[45]*, -txscale* architecture-specific flags for GCC
# -F/path path to uninstalled frameworks, gcc on darwin
# -p, -pg, --coverage, -fprofile-* profiling flags for GCC
+ # -fstack-protector* stack protector flags for GCC
# @file GCC response files
# -tp=* Portland pgcc target processor selection
# --sysroot=* for sysroot support
- # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
+ # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
+ # -specs=* GCC specs files
+ # -stdlib=* select c++ std lib with clang
+ # -fsanitize=* Clang/GCC memory and address sanitizer
-64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
-t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
- -O*|-flto*|-fwhopr*|-fuse-linker-plugin)
+ -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
+ -specs=*|-fsanitize=*)
func_quote_for_eval "$arg"
- arg="$func_quote_for_eval_result"
+ arg=$func_quote_for_eval_result
func_append compile_command " $arg"
func_append finalize_command " $arg"
func_append compiler_flags " $arg"
continue
;;
+ -Z*)
+ if test os2 = "`expr $host : '.*\(os2\)'`"; then
+ # OS/2 uses -Zxxx to specify OS/2-specific options
+ compiler_flags="$compiler_flags $arg"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ case $arg in
+ -Zlinker | -Zstack)
+ prev=xcompiler
+ ;;
+ esac
+ continue
+ else
+ # Otherwise treat like 'Some other compiler flag' below
+ func_quote_for_eval "$arg"
+ arg=$func_quote_for_eval_result
+ fi
+ ;;
+
# Some other compiler flag.
-* | +*)
func_quote_for_eval "$arg"
- arg="$func_quote_for_eval_result"
+ arg=$func_quote_for_eval_result
;;
*.$objext)
@@ -5886,21 +7330,21 @@ func_mode_link ()
if test -z "$pic_object" ||
test -z "$non_pic_object" ||
- test "$pic_object" = none &&
- test "$non_pic_object" = none; then
- func_fatal_error "cannot find name of object for \`$arg'"
+ test none = "$pic_object" &&
+ test none = "$non_pic_object"; then
+ func_fatal_error "cannot find name of object for '$arg'"
fi
# Extract subdirectory from the argument.
func_dirname "$arg" "/" ""
- xdir="$func_dirname_result"
+ xdir=$func_dirname_result
- if test "$pic_object" != none; then
+ test none = "$pic_object" || {
# Prepend the subdirectory the object is found in.
- pic_object="$xdir$pic_object"
+ pic_object=$xdir$pic_object
- if test "$prev" = dlfiles; then
- if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ if test dlfiles = "$prev"; then
+ if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then
func_append dlfiles " $pic_object"
prev=
continue
@@ -5911,7 +7355,7 @@ func_mode_link ()
fi
# CHECK ME: I think I busted this. -Ossama
- if test "$prev" = dlprefiles; then
+ if test dlprefiles = "$prev"; then
# Preload the old-style object.
func_append dlprefiles " $pic_object"
prev=
@@ -5919,23 +7363,23 @@ func_mode_link ()
# A PIC object.
func_append libobjs " $pic_object"
- arg="$pic_object"
- fi
+ arg=$pic_object
+ }
# Non-PIC object.
- if test "$non_pic_object" != none; then
+ if test none != "$non_pic_object"; then
# Prepend the subdirectory the object is found in.
- non_pic_object="$xdir$non_pic_object"
+ non_pic_object=$xdir$non_pic_object
# A standard non-PIC object
func_append non_pic_objects " $non_pic_object"
- if test -z "$pic_object" || test "$pic_object" = none ; then
- arg="$non_pic_object"
+ if test -z "$pic_object" || test none = "$pic_object"; then
+ arg=$non_pic_object
fi
else
# If the PIC object exists, use it instead.
# $xdir was prepended to $pic_object above.
- non_pic_object="$pic_object"
+ non_pic_object=$pic_object
func_append non_pic_objects " $non_pic_object"
fi
else
@@ -5943,7 +7387,7 @@ func_mode_link ()
if $opt_dry_run; then
# Extract subdirectory from the argument.
func_dirname "$arg" "/" ""
- xdir="$func_dirname_result"
+ xdir=$func_dirname_result
func_lo2o "$arg"
pic_object=$xdir$objdir/$func_lo2o_result
@@ -5951,7 +7395,7 @@ func_mode_link ()
func_append libobjs " $pic_object"
func_append non_pic_objects " $non_pic_object"
else
- func_fatal_error "\`$arg' is not a valid libtool object"
+ func_fatal_error "'$arg' is not a valid libtool object"
fi
fi
;;
@@ -5967,11 +7411,11 @@ func_mode_link ()
# A libtool-controlled library.
func_resolve_sysroot "$arg"
- if test "$prev" = dlfiles; then
+ if test dlfiles = "$prev"; then
# This library was specified with -dlopen.
func_append dlfiles " $func_resolve_sysroot_result"
prev=
- elif test "$prev" = dlprefiles; then
+ elif test dlprefiles = "$prev"; then
# The library was specified with -dlpreopen.
func_append dlprefiles " $func_resolve_sysroot_result"
prev=
@@ -5986,7 +7430,7 @@ func_mode_link ()
# Unknown arguments in both finalize_command and compile_command need
# to be aesthetically quoted because they are evaled later.
func_quote_for_eval "$arg"
- arg="$func_quote_for_eval_result"
+ arg=$func_quote_for_eval_result
;;
esac # arg
@@ -5998,9 +7442,9 @@ func_mode_link ()
done # argument parsing loop
test -n "$prev" && \
- func_fatal_help "the \`$prevarg' option requires an argument"
+ func_fatal_help "the '$prevarg' option requires an argument"
- if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
+ if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then
eval arg=\"$export_dynamic_flag_spec\"
func_append compile_command " $arg"
func_append finalize_command " $arg"
@@ -6009,20 +7453,23 @@ func_mode_link ()
oldlibs=
# calculate the name of the file, without its directory
func_basename "$output"
- outputname="$func_basename_result"
- libobjs_save="$libobjs"
+ outputname=$func_basename_result
+ libobjs_save=$libobjs
if test -n "$shlibpath_var"; then
# get the directories listed in $shlibpath_var
- eval shlib_search_path=\`\$ECHO \"\${$shlibpath_var}\" \| \$SED \'s/:/ /g\'\`
+ eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\`
else
shlib_search_path=
fi
eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+ # Definition is injected by LT_CONFIG during libtool generation.
+ func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH"
+
func_dirname "$output" "/" ""
- output_objdir="$func_dirname_result$objdir"
+ output_objdir=$func_dirname_result$objdir
func_to_tool_file "$output_objdir/"
tool_output_objdir=$func_to_tool_file_result
# Create the object directory.
@@ -6045,7 +7492,7 @@ func_mode_link ()
# Find all interdependent deplibs by searching for libraries
# that are linked more than once (e.g. -la -lb -la)
for deplib in $deplibs; do
- if $opt_preserve_dup_deps ; then
+ if $opt_preserve_dup_deps; then
case "$libs " in
*" $deplib "*) func_append specialdeplibs " $deplib" ;;
esac
@@ -6053,7 +7500,7 @@ func_mode_link ()
func_append libs " $deplib"
done
- if test "$linkmode" = lib; then
+ if test lib = "$linkmode"; then
libs="$predeps $libs $compiler_lib_search_path $postdeps"
# Compute libraries that are listed more than once in $predeps
@@ -6085,7 +7532,7 @@ func_mode_link ()
case $file in
*.la) ;;
*)
- func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file"
+ func_fatal_help "libraries can '-dlopen' only libtool libraries: $file"
;;
esac
done
@@ -6093,7 +7540,7 @@ func_mode_link ()
prog)
compile_deplibs=
finalize_deplibs=
- alldeplibs=no
+ alldeplibs=false
newdlfiles=
newdlprefiles=
passes="conv scan dlopen dlpreopen link"
@@ -6105,32 +7552,32 @@ func_mode_link ()
for pass in $passes; do
# The preopen pass in lib mode reverses $deplibs; put it back here
# so that -L comes before libs that need it for instance...
- if test "$linkmode,$pass" = "lib,link"; then
+ if test lib,link = "$linkmode,$pass"; then
## FIXME: Find the place where the list is rebuilt in the wrong
## order, and fix it there properly
tmp_deplibs=
for deplib in $deplibs; do
tmp_deplibs="$deplib $tmp_deplibs"
done
- deplibs="$tmp_deplibs"
+ deplibs=$tmp_deplibs
fi
- if test "$linkmode,$pass" = "lib,link" ||
- test "$linkmode,$pass" = "prog,scan"; then
- libs="$deplibs"
+ if test lib,link = "$linkmode,$pass" ||
+ test prog,scan = "$linkmode,$pass"; then
+ libs=$deplibs
deplibs=
fi
- if test "$linkmode" = prog; then
+ if test prog = "$linkmode"; then
case $pass in
- dlopen) libs="$dlfiles" ;;
- dlpreopen) libs="$dlprefiles" ;;
+ dlopen) libs=$dlfiles ;;
+ dlpreopen) libs=$dlprefiles ;;
link)
libs="$deplibs %DEPLIBS%"
test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
;;
esac
fi
- if test "$linkmode,$pass" = "lib,dlpreopen"; then
+ if test lib,dlpreopen = "$linkmode,$pass"; then
# Collect and forward deplibs of preopened libtool libs
for lib in $dlprefiles; do
# Ignore non-libtool-libs
@@ -6151,26 +7598,26 @@ func_mode_link ()
esac
done
done
- libs="$dlprefiles"
+ libs=$dlprefiles
fi
- if test "$pass" = dlopen; then
+ if test dlopen = "$pass"; then
# Collect dlpreopened libraries
- save_deplibs="$deplibs"
+ save_deplibs=$deplibs
deplibs=
fi
for deplib in $libs; do
lib=
- found=no
+ found=false
case $deplib in
-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
|-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
- if test "$linkmode,$pass" = "prog,link"; then
+ if test prog,link = "$linkmode,$pass"; then
compile_deplibs="$deplib $compile_deplibs"
finalize_deplibs="$deplib $finalize_deplibs"
else
func_append compiler_flags " $deplib"
- if test "$linkmode" = lib ; then
+ if test lib = "$linkmode"; then
case "$new_inherited_linker_flags " in
*" $deplib "*) ;;
* ) func_append new_inherited_linker_flags " $deplib" ;;
@@ -6180,13 +7627,13 @@ func_mode_link ()
continue
;;
-l*)
- if test "$linkmode" != lib && test "$linkmode" != prog; then
- func_warning "\`-l' is ignored for archives/objects"
+ if test lib != "$linkmode" && test prog != "$linkmode"; then
+ func_warning "'-l' is ignored for archives/objects"
continue
fi
func_stripname '-l' '' "$deplib"
name=$func_stripname_result
- if test "$linkmode" = lib; then
+ if test lib = "$linkmode"; then
searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path"
else
searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path"
@@ -6194,31 +7641,22 @@ func_mode_link ()
for searchdir in $searchdirs; do
for search_ext in .la $std_shrext .so .a; do
# Search the libtool library
- lib="$searchdir/lib${name}${search_ext}"
+ lib=$searchdir/lib$name$search_ext
if test -f "$lib"; then
- if test "$search_ext" = ".la"; then
- found=yes
+ if test .la = "$search_ext"; then
+ found=:
else
- found=no
+ found=false
fi
break 2
fi
done
done
- if test "$found" != yes; then
- # deplib doesn't seem to be a libtool library
- if test "$linkmode,$pass" = "prog,link"; then
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- deplibs="$deplib $deplibs"
- test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
- fi
- continue
- else # deplib is a libtool library
+ if $found; then
+ # deplib is a libtool library
# If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
# We need to do some special things here, and not later.
- if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ if test yes = "$allow_libtool_libs_with_static_runtimes"; then
case " $predeps $postdeps " in
*" $deplib "*)
if func_lalib_p "$lib"; then
@@ -6226,19 +7664,19 @@ func_mode_link ()
old_library=
func_source "$lib"
for l in $old_library $library_names; do
- ll="$l"
+ ll=$l
done
- if test "X$ll" = "X$old_library" ; then # only static version available
- found=no
+ if test "X$ll" = "X$old_library"; then # only static version available
+ found=false
func_dirname "$lib" "" "."
- ladir="$func_dirname_result"
+ ladir=$func_dirname_result
lib=$ladir/$old_library
- if test "$linkmode,$pass" = "prog,link"; then
+ if test prog,link = "$linkmode,$pass"; then
compile_deplibs="$deplib $compile_deplibs"
finalize_deplibs="$deplib $finalize_deplibs"
else
deplibs="$deplib $deplibs"
- test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs"
fi
continue
fi
@@ -6247,15 +7685,25 @@ func_mode_link ()
*) ;;
esac
fi
+ else
+ # deplib doesn't seem to be a libtool library
+ if test prog,link = "$linkmode,$pass"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
fi
;; # -l
*.ltframework)
- if test "$linkmode,$pass" = "prog,link"; then
+ if test prog,link = "$linkmode,$pass"; then
compile_deplibs="$deplib $compile_deplibs"
finalize_deplibs="$deplib $finalize_deplibs"
else
deplibs="$deplib $deplibs"
- if test "$linkmode" = lib ; then
+ if test lib = "$linkmode"; then
case "$new_inherited_linker_flags " in
*" $deplib "*) ;;
* ) func_append new_inherited_linker_flags " $deplib" ;;
@@ -6268,18 +7716,18 @@ func_mode_link ()
case $linkmode in
lib)
deplibs="$deplib $deplibs"
- test "$pass" = conv && continue
+ test conv = "$pass" && continue
newdependency_libs="$deplib $newdependency_libs"
func_stripname '-L' '' "$deplib"
func_resolve_sysroot "$func_stripname_result"
func_append newlib_search_path " $func_resolve_sysroot_result"
;;
prog)
- if test "$pass" = conv; then
+ if test conv = "$pass"; then
deplibs="$deplib $deplibs"
continue
fi
- if test "$pass" = scan; then
+ if test scan = "$pass"; then
deplibs="$deplib $deplibs"
else
compile_deplibs="$deplib $compile_deplibs"
@@ -6290,13 +7738,13 @@ func_mode_link ()
func_append newlib_search_path " $func_resolve_sysroot_result"
;;
*)
- func_warning "\`-L' is ignored for archives/objects"
+ func_warning "'-L' is ignored for archives/objects"
;;
esac # linkmode
continue
;; # -L
-R*)
- if test "$pass" = link; then
+ if test link = "$pass"; then
func_stripname '-R' '' "$deplib"
func_resolve_sysroot "$func_stripname_result"
dir=$func_resolve_sysroot_result
@@ -6314,7 +7762,7 @@ func_mode_link ()
lib=$func_resolve_sysroot_result
;;
*.$libext)
- if test "$pass" = conv; then
+ if test conv = "$pass"; then
deplibs="$deplib $deplibs"
continue
fi
@@ -6325,21 +7773,26 @@ func_mode_link ()
case " $dlpreconveniencelibs " in
*" $deplib "*) ;;
*)
- valid_a_lib=no
+ valid_a_lib=false
case $deplibs_check_method in
match_pattern*)
set dummy $deplibs_check_method; shift
match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \
| $EGREP "$match_pattern_regex" > /dev/null; then
- valid_a_lib=yes
+ valid_a_lib=:
fi
;;
pass_all)
- valid_a_lib=yes
+ valid_a_lib=:
;;
esac
- if test "$valid_a_lib" != yes; then
+ if $valid_a_lib; then
+ echo
+ $ECHO "*** Warning: Linking the shared library $output against the"
+ $ECHO "*** static library $deplib is not portable!"
+ deplibs="$deplib $deplibs"
+ else
echo
$ECHO "*** Warning: Trying to link with static lib archive $deplib."
echo "*** I have the capability to make that library automatically link in when"
@@ -6347,18 +7800,13 @@ func_mode_link ()
echo "*** shared version of the library, which you do not appear to have"
echo "*** because the file extensions .$libext of this argument makes me believe"
echo "*** that it is just a static archive that I should not use here."
- else
- echo
- $ECHO "*** Warning: Linking the shared library $output against the"
- $ECHO "*** static library $deplib is not portable!"
- deplibs="$deplib $deplibs"
fi
;;
esac
continue
;;
prog)
- if test "$pass" != link; then
+ if test link != "$pass"; then
deplibs="$deplib $deplibs"
else
compile_deplibs="$deplib $compile_deplibs"
@@ -6369,10 +7817,10 @@ func_mode_link ()
esac # linkmode
;; # *.$libext
*.lo | *.$objext)
- if test "$pass" = conv; then
+ if test conv = "$pass"; then
deplibs="$deplib $deplibs"
- elif test "$linkmode" = prog; then
- if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+ elif test prog = "$linkmode"; then
+ if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then
# If there is no dlopen support or we're linking statically,
# we need to preload.
func_append newdlprefiles " $deplib"
@@ -6385,22 +7833,20 @@ func_mode_link ()
continue
;;
%DEPLIBS%)
- alldeplibs=yes
+ alldeplibs=:
continue
;;
esac # case $deplib
- if test "$found" = yes || test -f "$lib"; then :
- else
- func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'"
- fi
+ $found || test -f "$lib" \
+ || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'"
# Check to see that this really is a libtool archive.
func_lalib_unsafe_p "$lib" \
- || func_fatal_error "\`$lib' is not a valid libtool archive"
+ || func_fatal_error "'$lib' is not a valid libtool archive"
func_dirname "$lib" "" "."
- ladir="$func_dirname_result"
+ ladir=$func_dirname_result
dlname=
dlopen=
@@ -6430,19 +7876,19 @@ func_mode_link ()
done
fi
dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- if test "$linkmode,$pass" = "lib,link" ||
- test "$linkmode,$pass" = "prog,scan" ||
- { test "$linkmode" != prog && test "$linkmode" != lib; }; then
+ if test lib,link = "$linkmode,$pass" ||
+ test prog,scan = "$linkmode,$pass" ||
+ { test prog != "$linkmode" && test lib != "$linkmode"; }; then
test -n "$dlopen" && func_append dlfiles " $dlopen"
test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen"
fi
- if test "$pass" = conv; then
+ if test conv = "$pass"; then
# Only check for convenience libraries
deplibs="$lib $deplibs"
if test -z "$libdir"; then
if test -z "$old_library"; then
- func_fatal_error "cannot find name of link library for \`$lib'"
+ func_fatal_error "cannot find name of link library for '$lib'"
fi
# It is a libtool convenience library, so add in its objects.
func_append convenience " $ladir/$objdir/$old_library"
@@ -6450,15 +7896,15 @@ func_mode_link ()
tmp_libs=
for deplib in $dependency_libs; do
deplibs="$deplib $deplibs"
- if $opt_preserve_dup_deps ; then
+ if $opt_preserve_dup_deps; then
case "$tmp_libs " in
*" $deplib "*) func_append specialdeplibs " $deplib" ;;
esac
fi
func_append tmp_libs " $deplib"
done
- elif test "$linkmode" != prog && test "$linkmode" != lib; then
- func_fatal_error "\`$lib' is not a convenience library"
+ elif test prog != "$linkmode" && test lib != "$linkmode"; then
+ func_fatal_error "'$lib' is not a convenience library"
fi
continue
fi # $pass = conv
@@ -6467,26 +7913,26 @@ func_mode_link ()
# Get the name of the library we link against.
linklib=
if test -n "$old_library" &&
- { test "$prefer_static_libs" = yes ||
- test "$prefer_static_libs,$installed" = "built,no"; }; then
+ { test yes = "$prefer_static_libs" ||
+ test built,no = "$prefer_static_libs,$installed"; }; then
linklib=$old_library
else
for l in $old_library $library_names; do
- linklib="$l"
+ linklib=$l
done
fi
if test -z "$linklib"; then
- func_fatal_error "cannot find name of link library for \`$lib'"
+ func_fatal_error "cannot find name of link library for '$lib'"
fi
# This library was specified with -dlopen.
- if test "$pass" = dlopen; then
- if test -z "$libdir"; then
- func_fatal_error "cannot -dlopen a convenience library: \`$lib'"
- fi
+ if test dlopen = "$pass"; then
+ test -z "$libdir" \
+ && func_fatal_error "cannot -dlopen a convenience library: '$lib'"
if test -z "$dlname" ||
- test "$dlopen_support" != yes ||
- test "$build_libtool_libs" = no; then
+ test yes != "$dlopen_support" ||
+ test no = "$build_libtool_libs"
+ then
# If there is no dlname, no dlopen support or we're linking
# statically, we need to preload. We also need to preload any
# dependent libraries so libltdl's deplib preloader doesn't
@@ -6500,40 +7946,40 @@ func_mode_link ()
# We need an absolute path.
case $ladir in
- [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
+ [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;;
*)
abs_ladir=`cd "$ladir" && pwd`
if test -z "$abs_ladir"; then
- func_warning "cannot determine absolute directory name of \`$ladir'"
+ func_warning "cannot determine absolute directory name of '$ladir'"
func_warning "passing it literally to the linker, although it might fail"
- abs_ladir="$ladir"
+ abs_ladir=$ladir
fi
;;
esac
func_basename "$lib"
- laname="$func_basename_result"
+ laname=$func_basename_result
# Find the relevant object directory and library name.
- if test "X$installed" = Xyes; then
+ if test yes = "$installed"; then
if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
- func_warning "library \`$lib' was moved."
- dir="$ladir"
- absdir="$abs_ladir"
- libdir="$abs_ladir"
+ func_warning "library '$lib' was moved."
+ dir=$ladir
+ absdir=$abs_ladir
+ libdir=$abs_ladir
else
- dir="$lt_sysroot$libdir"
- absdir="$lt_sysroot$libdir"
+ dir=$lt_sysroot$libdir
+ absdir=$lt_sysroot$libdir
fi
- test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
+ test yes = "$hardcode_automatic" && avoidtemprpath=yes
else
if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
- dir="$ladir"
- absdir="$abs_ladir"
+ dir=$ladir
+ absdir=$abs_ladir
# Remove this search path later
func_append notinst_path " $abs_ladir"
else
- dir="$ladir/$objdir"
- absdir="$abs_ladir/$objdir"
+ dir=$ladir/$objdir
+ absdir=$abs_ladir/$objdir
# Remove this search path later
func_append notinst_path " $abs_ladir"
fi
@@ -6542,11 +7988,11 @@ func_mode_link ()
name=$func_stripname_result
# This library was specified with -dlpreopen.
- if test "$pass" = dlpreopen; then
- if test -z "$libdir" && test "$linkmode" = prog; then
- func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'"
+ if test dlpreopen = "$pass"; then
+ if test -z "$libdir" && test prog = "$linkmode"; then
+ func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'"
fi
- case "$host" in
+ case $host in
# special handling for platforms with PE-DLLs.
*cygwin* | *mingw* | *cegcc* )
# Linker will automatically link against shared library if both
@@ -6590,9 +8036,9 @@ func_mode_link ()
if test -z "$libdir"; then
# Link the convenience library
- if test "$linkmode" = lib; then
+ if test lib = "$linkmode"; then
deplibs="$dir/$old_library $deplibs"
- elif test "$linkmode,$pass" = "prog,link"; then
+ elif test prog,link = "$linkmode,$pass"; then
compile_deplibs="$dir/$old_library $compile_deplibs"
finalize_deplibs="$dir/$old_library $finalize_deplibs"
else
@@ -6602,14 +8048,14 @@ func_mode_link ()
fi
- if test "$linkmode" = prog && test "$pass" != link; then
+ if test prog = "$linkmode" && test link != "$pass"; then
func_append newlib_search_path " $ladir"
deplibs="$lib $deplibs"
- linkalldeplibs=no
- if test "$link_all_deplibs" != no || test -z "$library_names" ||
- test "$build_libtool_libs" = no; then
- linkalldeplibs=yes
+ linkalldeplibs=false
+ if test no != "$link_all_deplibs" || test -z "$library_names" ||
+ test no = "$build_libtool_libs"; then
+ linkalldeplibs=:
fi
tmp_libs=
@@ -6621,14 +8067,14 @@ func_mode_link ()
;;
esac
# Need to link against all dependency_libs?
- if test "$linkalldeplibs" = yes; then
+ if $linkalldeplibs; then
deplibs="$deplib $deplibs"
else
# Need to hardcode shared library paths
# or/and link against static libraries
newdependency_libs="$deplib $newdependency_libs"
fi
- if $opt_preserve_dup_deps ; then
+ if $opt_preserve_dup_deps; then
case "$tmp_libs " in
*" $deplib "*) func_append specialdeplibs " $deplib" ;;
esac
@@ -6638,15 +8084,15 @@ func_mode_link ()
continue
fi # $linkmode = prog...
- if test "$linkmode,$pass" = "prog,link"; then
+ if test prog,link = "$linkmode,$pass"; then
if test -n "$library_names" &&
- { { test "$prefer_static_libs" = no ||
- test "$prefer_static_libs,$installed" = "built,yes"; } ||
+ { { test no = "$prefer_static_libs" ||
+ test built,yes = "$prefer_static_libs,$installed"; } ||
test -z "$old_library"; }; then
# We need to hardcode the library path
- if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
+ if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then
# Make sure the rpath contains only unique directories.
- case "$temp_rpath:" in
+ case $temp_rpath: in
*"$absdir:"*) ;;
*) func_append temp_rpath "$absdir:" ;;
esac
@@ -6675,9 +8121,9 @@ func_mode_link ()
esac
fi # $linkmode,$pass = prog,link...
- if test "$alldeplibs" = yes &&
- { test "$deplibs_check_method" = pass_all ||
- { test "$build_libtool_libs" = yes &&
+ if $alldeplibs &&
+ { test pass_all = "$deplibs_check_method" ||
+ { test yes = "$build_libtool_libs" &&
test -n "$library_names"; }; }; then
# We only need to search for static libraries
continue
@@ -6686,19 +8132,19 @@ func_mode_link ()
link_static=no # Whether the deplib will be linked statically
use_static_libs=$prefer_static_libs
- if test "$use_static_libs" = built && test "$installed" = yes; then
+ if test built = "$use_static_libs" && test yes = "$installed"; then
use_static_libs=no
fi
if test -n "$library_names" &&
- { test "$use_static_libs" = no || test -z "$old_library"; }; then
+ { test no = "$use_static_libs" || test -z "$old_library"; }; then
case $host in
- *cygwin* | *mingw* | *cegcc*)
+ *cygwin* | *mingw* | *cegcc* | *os2*)
# No point in relinking DLLs because paths are not encoded
func_append notinst_deplibs " $lib"
need_relink=no
;;
*)
- if test "$installed" = no; then
+ if test no = "$installed"; then
func_append notinst_deplibs " $lib"
need_relink=yes
fi
@@ -6708,24 +8154,24 @@ func_mode_link ()
# Warn about portability, can't link against -module's on some
# systems (darwin). Don't bleat about dlopened modules though!
- dlopenmodule=""
+ dlopenmodule=
for dlpremoduletest in $dlprefiles; do
if test "X$dlpremoduletest" = "X$lib"; then
- dlopenmodule="$dlpremoduletest"
+ dlopenmodule=$dlpremoduletest
break
fi
done
- if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then
+ if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then
echo
- if test "$linkmode" = prog; then
+ if test prog = "$linkmode"; then
$ECHO "*** Warning: Linking the executable $output against the loadable module"
else
$ECHO "*** Warning: Linking the shared library $output against the loadable module"
fi
$ECHO "*** $linklib is not portable!"
fi
- if test "$linkmode" = lib &&
- test "$hardcode_into_libs" = yes; then
+ if test lib = "$linkmode" &&
+ test yes = "$hardcode_into_libs"; then
# Hardcode the library path.
# Skip directories that are in the system default run-time
# search path.
@@ -6753,43 +8199,43 @@ func_mode_link ()
# figure out the soname
set dummy $library_names
shift
- realname="$1"
+ realname=$1
shift
libname=`eval "\\$ECHO \"$libname_spec\""`
# use dlname if we got it. it's perfectly good, no?
if test -n "$dlname"; then
- soname="$dlname"
+ soname=$dlname
elif test -n "$soname_spec"; then
# bleh windows
case $host in
- *cygwin* | mingw* | *cegcc*)
+ *cygwin* | mingw* | *cegcc* | *os2*)
func_arith $current - $age
major=$func_arith_result
- versuffix="-$major"
+ versuffix=-$major
;;
esac
eval soname=\"$soname_spec\"
else
- soname="$realname"
+ soname=$realname
fi
# Make a new name for the extract_expsyms_cmds to use
- soroot="$soname"
+ soroot=$soname
func_basename "$soroot"
- soname="$func_basename_result"
+ soname=$func_basename_result
func_stripname 'lib' '.dll' "$soname"
newlib=libimp-$func_stripname_result.a
# If the library has no export list, then create one now
if test -f "$output_objdir/$soname-def"; then :
else
- func_verbose "extracting exported symbol list from \`$soname'"
+ func_verbose "extracting exported symbol list from '$soname'"
func_execute_cmds "$extract_expsyms_cmds" 'exit $?'
fi
# Create $newlib
if test -f "$output_objdir/$newlib"; then :; else
- func_verbose "generating import library for \`$soname'"
+ func_verbose "generating import library for '$soname'"
func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?'
fi
# make sure the library variables are pointing to the new library
@@ -6797,58 +8243,58 @@ func_mode_link ()
linklib=$newlib
fi # test -n "$old_archive_from_expsyms_cmds"
- if test "$linkmode" = prog || test "$opt_mode" != relink; then
+ if test prog = "$linkmode" || test relink != "$opt_mode"; then
add_shlibpath=
add_dir=
add=
lib_linked=yes
case $hardcode_action in
immediate | unsupported)
- if test "$hardcode_direct" = no; then
- add="$dir/$linklib"
+ if test no = "$hardcode_direct"; then
+ add=$dir/$linklib
case $host in
- *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;;
- *-*-sysv4*uw2*) add_dir="-L$dir" ;;
+ *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;;
+ *-*-sysv4*uw2*) add_dir=-L$dir ;;
*-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
- *-*-unixware7*) add_dir="-L$dir" ;;
+ *-*-unixware7*) add_dir=-L$dir ;;
*-*-darwin* )
- # if the lib is a (non-dlopened) module then we can not
+ # if the lib is a (non-dlopened) module then we cannot
# link against it, someone is ignoring the earlier warnings
if /usr/bin/file -L $add 2> /dev/null |
- $GREP ": [^:]* bundle" >/dev/null ; then
+ $GREP ": [^:]* bundle" >/dev/null; then
if test "X$dlopenmodule" != "X$lib"; then
$ECHO "*** Warning: lib $linklib is a module, not a shared library"
- if test -z "$old_library" ; then
+ if test -z "$old_library"; then
echo
echo "*** And there doesn't seem to be a static archive available"
echo "*** The link will probably fail, sorry"
else
- add="$dir/$old_library"
+ add=$dir/$old_library
fi
elif test -n "$old_library"; then
- add="$dir/$old_library"
+ add=$dir/$old_library
fi
fi
esac
- elif test "$hardcode_minus_L" = no; then
+ elif test no = "$hardcode_minus_L"; then
case $host in
- *-*-sunos*) add_shlibpath="$dir" ;;
+ *-*-sunos*) add_shlibpath=$dir ;;
esac
- add_dir="-L$dir"
- add="-l$name"
- elif test "$hardcode_shlibpath_var" = no; then
- add_shlibpath="$dir"
- add="-l$name"
+ add_dir=-L$dir
+ add=-l$name
+ elif test no = "$hardcode_shlibpath_var"; then
+ add_shlibpath=$dir
+ add=-l$name
else
lib_linked=no
fi
;;
relink)
- if test "$hardcode_direct" = yes &&
- test "$hardcode_direct_absolute" = no; then
- add="$dir/$linklib"
- elif test "$hardcode_minus_L" = yes; then
- add_dir="-L$absdir"
+ if test yes = "$hardcode_direct" &&
+ test no = "$hardcode_direct_absolute"; then
+ add=$dir/$linklib
+ elif test yes = "$hardcode_minus_L"; then
+ add_dir=-L$absdir
# Try looking first in the location we're being installed to.
if test -n "$inst_prefix_dir"; then
case $libdir in
@@ -6857,10 +8303,10 @@ func_mode_link ()
;;
esac
fi
- add="-l$name"
- elif test "$hardcode_shlibpath_var" = yes; then
- add_shlibpath="$dir"
- add="-l$name"
+ add=-l$name
+ elif test yes = "$hardcode_shlibpath_var"; then
+ add_shlibpath=$dir
+ add=-l$name
else
lib_linked=no
fi
@@ -6868,7 +8314,7 @@ func_mode_link ()
*) lib_linked=no ;;
esac
- if test "$lib_linked" != yes; then
+ if test yes != "$lib_linked"; then
func_fatal_configuration "unsupported hardcode properties"
fi
@@ -6878,15 +8324,15 @@ func_mode_link ()
*) func_append compile_shlibpath "$add_shlibpath:" ;;
esac
fi
- if test "$linkmode" = prog; then
+ if test prog = "$linkmode"; then
test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
test -n "$add" && compile_deplibs="$add $compile_deplibs"
else
test -n "$add_dir" && deplibs="$add_dir $deplibs"
test -n "$add" && deplibs="$add $deplibs"
- if test "$hardcode_direct" != yes &&
- test "$hardcode_minus_L" != yes &&
- test "$hardcode_shlibpath_var" = yes; then
+ if test yes != "$hardcode_direct" &&
+ test yes != "$hardcode_minus_L" &&
+ test yes = "$hardcode_shlibpath_var"; then
case :$finalize_shlibpath: in
*":$libdir:"*) ;;
*) func_append finalize_shlibpath "$libdir:" ;;
@@ -6895,33 +8341,33 @@ func_mode_link ()
fi
fi
- if test "$linkmode" = prog || test "$opt_mode" = relink; then
+ if test prog = "$linkmode" || test relink = "$opt_mode"; then
add_shlibpath=
add_dir=
add=
# Finalize command for both is simple: just hardcode it.
- if test "$hardcode_direct" = yes &&
- test "$hardcode_direct_absolute" = no; then
- add="$libdir/$linklib"
- elif test "$hardcode_minus_L" = yes; then
- add_dir="-L$libdir"
- add="-l$name"
- elif test "$hardcode_shlibpath_var" = yes; then
+ if test yes = "$hardcode_direct" &&
+ test no = "$hardcode_direct_absolute"; then
+ add=$libdir/$linklib
+ elif test yes = "$hardcode_minus_L"; then
+ add_dir=-L$libdir
+ add=-l$name
+ elif test yes = "$hardcode_shlibpath_var"; then
case :$finalize_shlibpath: in
*":$libdir:"*) ;;
*) func_append finalize_shlibpath "$libdir:" ;;
esac
- add="-l$name"
- elif test "$hardcode_automatic" = yes; then
+ add=-l$name
+ elif test yes = "$hardcode_automatic"; then
if test -n "$inst_prefix_dir" &&
- test -f "$inst_prefix_dir$libdir/$linklib" ; then
- add="$inst_prefix_dir$libdir/$linklib"
+ test -f "$inst_prefix_dir$libdir/$linklib"; then
+ add=$inst_prefix_dir$libdir/$linklib
else
- add="$libdir/$linklib"
+ add=$libdir/$linklib
fi
else
# We cannot seem to hardcode it, guess we'll fake it.
- add_dir="-L$libdir"
+ add_dir=-L$libdir
# Try looking first in the location we're being installed to.
if test -n "$inst_prefix_dir"; then
case $libdir in
@@ -6930,10 +8376,10 @@ func_mode_link ()
;;
esac
fi
- add="-l$name"
+ add=-l$name
fi
- if test "$linkmode" = prog; then
+ if test prog = "$linkmode"; then
test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
else
@@ -6941,43 +8387,43 @@ func_mode_link ()
test -n "$add" && deplibs="$add $deplibs"
fi
fi
- elif test "$linkmode" = prog; then
+ elif test prog = "$linkmode"; then
# Here we assume that one of hardcode_direct or hardcode_minus_L
# is not unsupported. This is valid on all known static and
# shared platforms.
- if test "$hardcode_direct" != unsupported; then
- test -n "$old_library" && linklib="$old_library"
+ if test unsupported != "$hardcode_direct"; then
+ test -n "$old_library" && linklib=$old_library
compile_deplibs="$dir/$linklib $compile_deplibs"
finalize_deplibs="$dir/$linklib $finalize_deplibs"
else
compile_deplibs="-l$name -L$dir $compile_deplibs"
finalize_deplibs="-l$name -L$dir $finalize_deplibs"
fi
- elif test "$build_libtool_libs" = yes; then
+ elif test yes = "$build_libtool_libs"; then
# Not a shared library
- if test "$deplibs_check_method" != pass_all; then
+ if test pass_all != "$deplibs_check_method"; then
# We're trying link a shared library against a static one
# but the system doesn't support it.
# Just print a warning and add the library to dependency_libs so
# that the program can be linked against the static library.
echo
- $ECHO "*** Warning: This system can not link to static lib archive $lib."
+ $ECHO "*** Warning: This system cannot link to static lib archive $lib."
echo "*** I have the capability to make that library automatically link in when"
echo "*** you link to this library. But I can only do this if you have a"
echo "*** shared version of the library, which you do not appear to have."
- if test "$module" = yes; then
+ if test yes = "$module"; then
echo "*** But as you try to build a module library, libtool will still create "
echo "*** a static module, that should work as long as the dlopening application"
echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
if test -z "$global_symbol_pipe"; then
echo
echo "*** However, this would only work if libtool was able to extract symbol"
- echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ echo "*** lists from a program, using 'nm' or equivalent, but libtool could"
echo "*** not find such a program. So, this module is probably useless."
- echo "*** \`nm' from GNU binutils and a full rebuild may help."
+ echo "*** 'nm' from GNU binutils and a full rebuild may help."
fi
- if test "$build_old_libs" = no; then
+ if test no = "$build_old_libs"; then
build_libtool_libs=module
build_old_libs=yes
else
@@ -6990,11 +8436,11 @@ func_mode_link ()
fi
fi # link shared/static library?
- if test "$linkmode" = lib; then
+ if test lib = "$linkmode"; then
if test -n "$dependency_libs" &&
- { test "$hardcode_into_libs" != yes ||
- test "$build_old_libs" = yes ||
- test "$link_static" = yes; }; then
+ { test yes != "$hardcode_into_libs" ||
+ test yes = "$build_old_libs" ||
+ test yes = "$link_static"; }; then
# Extract -R from dependency_libs
temp_deplibs=
for libdir in $dependency_libs; do
@@ -7008,12 +8454,12 @@ func_mode_link ()
*) func_append temp_deplibs " $libdir";;
esac
done
- dependency_libs="$temp_deplibs"
+ dependency_libs=$temp_deplibs
fi
func_append newlib_search_path " $absdir"
# Link against this library
- test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
+ test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
# ... and its dependency_libs
tmp_libs=
for deplib in $dependency_libs; do
@@ -7023,7 +8469,7 @@ func_mode_link ()
func_resolve_sysroot "$func_stripname_result";;
*) func_resolve_sysroot "$deplib" ;;
esac
- if $opt_preserve_dup_deps ; then
+ if $opt_preserve_dup_deps; then
case "$tmp_libs " in
*" $func_resolve_sysroot_result "*)
func_append specialdeplibs " $func_resolve_sysroot_result" ;;
@@ -7032,12 +8478,12 @@ func_mode_link ()
func_append tmp_libs " $func_resolve_sysroot_result"
done
- if test "$link_all_deplibs" != no; then
+ if test no != "$link_all_deplibs"; then
# Add the search paths of all dependency libraries
for deplib in $dependency_libs; do
path=
case $deplib in
- -L*) path="$deplib" ;;
+ -L*) path=$deplib ;;
*.la)
func_resolve_sysroot "$deplib"
deplib=$func_resolve_sysroot_result
@@ -7045,12 +8491,12 @@ func_mode_link ()
dir=$func_dirname_result
# We need an absolute path.
case $dir in
- [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
+ [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;;
*)
absdir=`cd "$dir" && pwd`
if test -z "$absdir"; then
- func_warning "cannot determine absolute directory name of \`$dir'"
- absdir="$dir"
+ func_warning "cannot determine absolute directory name of '$dir'"
+ absdir=$dir
fi
;;
esac
@@ -7058,35 +8504,35 @@ func_mode_link ()
case $host in
*-*-darwin*)
depdepl=
- eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
- if test -n "$deplibrary_names" ; then
- for tmp in $deplibrary_names ; do
+ eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+ if test -n "$deplibrary_names"; then
+ for tmp in $deplibrary_names; do
depdepl=$tmp
done
- if test -f "$absdir/$objdir/$depdepl" ; then
- depdepl="$absdir/$objdir/$depdepl"
- darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
+ if test -f "$absdir/$objdir/$depdepl"; then
+ depdepl=$absdir/$objdir/$depdepl
+ darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
if test -z "$darwin_install_name"; then
- darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
+ darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
fi
- func_append compiler_flags " ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}"
- func_append linker_flags " -dylib_file ${darwin_install_name}:${depdepl}"
+ func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl"
+ func_append linker_flags " -dylib_file $darwin_install_name:$depdepl"
path=
fi
fi
;;
*)
- path="-L$absdir/$objdir"
+ path=-L$absdir/$objdir
;;
esac
else
- eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
test -z "$libdir" && \
- func_fatal_error "\`$deplib' is not a valid libtool archive"
+ func_fatal_error "'$deplib' is not a valid libtool archive"
test "$absdir" != "$libdir" && \
- func_warning "\`$deplib' seems to be moved"
+ func_warning "'$deplib' seems to be moved"
- path="-L$absdir"
+ path=-L$absdir
fi
;;
esac
@@ -7098,23 +8544,23 @@ func_mode_link ()
fi # link_all_deplibs != no
fi # linkmode = lib
done # for deplib in $libs
- if test "$pass" = link; then
- if test "$linkmode" = "prog"; then
+ if test link = "$pass"; then
+ if test prog = "$linkmode"; then
compile_deplibs="$new_inherited_linker_flags $compile_deplibs"
finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs"
else
compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
fi
fi
- dependency_libs="$newdependency_libs"
- if test "$pass" = dlpreopen; then
+ dependency_libs=$newdependency_libs
+ if test dlpreopen = "$pass"; then
# Link the dlpreopened libraries before other libraries
for deplib in $save_deplibs; do
deplibs="$deplib $deplibs"
done
fi
- if test "$pass" != dlopen; then
- if test "$pass" != conv; then
+ if test dlopen != "$pass"; then
+ test conv = "$pass" || {
# Make sure lib_search_path contains only unique directories.
lib_search_path=
for dir in $newlib_search_path; do
@@ -7124,12 +8570,12 @@ func_mode_link ()
esac
done
newlib_search_path=
- fi
+ }
- if test "$linkmode,$pass" != "prog,link"; then
- vars="deplibs"
- else
+ if test prog,link = "$linkmode,$pass"; then
vars="compile_deplibs finalize_deplibs"
+ else
+ vars=deplibs
fi
for var in $vars dependency_libs; do
# Add libraries to $var in reverse order
@@ -7187,62 +8633,93 @@ func_mode_link ()
eval $var=\"$tmp_libs\"
done # for var
fi
+
+ # Add Sun CC postdeps if required:
+ test CXX = "$tagname" && {
+ case $host_os in
+ linux*)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*) # Sun C++ 5.9
+ func_suncc_cstd_abi
+
+ if test no != "$suncc_use_cstd_abi"; then
+ func_append postdeps ' -library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+
+ solaris*)
+ func_cc_basename "$CC"
+ case $func_cc_basename_result in
+ CC* | sunCC*)
+ func_suncc_cstd_abi
+
+ if test no != "$suncc_use_cstd_abi"; then
+ func_append postdeps ' -library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ }
+
# Last step: remove runtime libs from dependency_libs
# (they stay in deplibs)
tmp_libs=
- for i in $dependency_libs ; do
+ for i in $dependency_libs; do
case " $predeps $postdeps $compiler_lib_search_path " in
*" $i "*)
- i=""
+ i=
;;
esac
- if test -n "$i" ; then
+ if test -n "$i"; then
func_append tmp_libs " $i"
fi
done
dependency_libs=$tmp_libs
done # for pass
- if test "$linkmode" = prog; then
- dlfiles="$newdlfiles"
+ if test prog = "$linkmode"; then
+ dlfiles=$newdlfiles
fi
- if test "$linkmode" = prog || test "$linkmode" = lib; then
- dlprefiles="$newdlprefiles"
+ if test prog = "$linkmode" || test lib = "$linkmode"; then
+ dlprefiles=$newdlprefiles
fi
case $linkmode in
oldlib)
- if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
- func_warning "\`-dlopen' is ignored for archives"
+ if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
+ func_warning "'-dlopen' is ignored for archives"
fi
case " $deplibs" in
*\ -l* | *\ -L*)
- func_warning "\`-l' and \`-L' are ignored for archives" ;;
+ func_warning "'-l' and '-L' are ignored for archives" ;;
esac
test -n "$rpath" && \
- func_warning "\`-rpath' is ignored for archives"
+ func_warning "'-rpath' is ignored for archives"
test -n "$xrpath" && \
- func_warning "\`-R' is ignored for archives"
+ func_warning "'-R' is ignored for archives"
test -n "$vinfo" && \
- func_warning "\`-version-info/-version-number' is ignored for archives"
+ func_warning "'-version-info/-version-number' is ignored for archives"
test -n "$release" && \
- func_warning "\`-release' is ignored for archives"
+ func_warning "'-release' is ignored for archives"
test -n "$export_symbols$export_symbols_regex" && \
- func_warning "\`-export-symbols' is ignored for archives"
+ func_warning "'-export-symbols' is ignored for archives"
# Now set the variables for building old libraries.
build_libtool_libs=no
- oldlibs="$output"
+ oldlibs=$output
func_append objs "$old_deplibs"
;;
lib)
- # Make sure we only generate libraries of the form `libNAME.la'.
+ # Make sure we only generate libraries of the form 'libNAME.la'.
case $outputname in
lib*)
func_stripname 'lib' '.la' "$outputname"
@@ -7251,10 +8728,10 @@ func_mode_link ()
eval libname=\"$libname_spec\"
;;
*)
- test "$module" = no && \
- func_fatal_help "libtool library \`$output' must begin with \`lib'"
+ test no = "$module" \
+ && func_fatal_help "libtool library '$output' must begin with 'lib'"
- if test "$need_lib_prefix" != no; then
+ if test no != "$need_lib_prefix"; then
# Add the "lib" prefix for modules if required
func_stripname '' '.la' "$outputname"
name=$func_stripname_result
@@ -7268,8 +8745,8 @@ func_mode_link ()
esac
if test -n "$objs"; then
- if test "$deplibs_check_method" != pass_all; then
- func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs"
+ if test pass_all != "$deplibs_check_method"; then
+ func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs"
else
echo
$ECHO "*** Warning: Linking the shared library $output against the non-libtool"
@@ -7278,21 +8755,21 @@ func_mode_link ()
fi
fi
- test "$dlself" != no && \
- func_warning "\`-dlopen self' is ignored for libtool libraries"
+ test no = "$dlself" \
+ || func_warning "'-dlopen self' is ignored for libtool libraries"
set dummy $rpath
shift
- test "$#" -gt 1 && \
- func_warning "ignoring multiple \`-rpath's for a libtool library"
+ test 1 -lt "$#" \
+ && func_warning "ignoring multiple '-rpath's for a libtool library"
- install_libdir="$1"
+ install_libdir=$1
oldlibs=
if test -z "$rpath"; then
- if test "$build_libtool_libs" = yes; then
+ if test yes = "$build_libtool_libs"; then
# Building a libtool convenience library.
- # Some compilers have problems with a `.al' extension so
+ # Some compilers have problems with a '.al' extension so
# convenience libraries should have the same extension an
# archive normally would.
oldlibs="$output_objdir/$libname.$libext $oldlibs"
@@ -7301,20 +8778,20 @@ func_mode_link ()
fi
test -n "$vinfo" && \
- func_warning "\`-version-info/-version-number' is ignored for convenience libraries"
+ func_warning "'-version-info/-version-number' is ignored for convenience libraries"
test -n "$release" && \
- func_warning "\`-release' is ignored for convenience libraries"
+ func_warning "'-release' is ignored for convenience libraries"
else
# Parse the version information argument.
- save_ifs="$IFS"; IFS=':'
+ save_ifs=$IFS; IFS=:
set dummy $vinfo 0 0 0
shift
- IFS="$save_ifs"
+ IFS=$save_ifs
test -n "$7" && \
- func_fatal_help "too many parameters to \`-version-info'"
+ func_fatal_help "too many parameters to '-version-info'"
# convert absolute version numbers to libtool ages
# this retains compatibility with .la files and attempts
@@ -7322,45 +8799,45 @@ func_mode_link ()
case $vinfo_number in
yes)
- number_major="$1"
- number_minor="$2"
- number_revision="$3"
+ number_major=$1
+ number_minor=$2
+ number_revision=$3
#
# There are really only two kinds -- those that
# use the current revision as the major version
# and those that subtract age and use age as
# a minor version. But, then there is irix
- # which has an extra 1 added just for fun
+ # that has an extra 1 added just for fun
#
case $version_type in
# correct linux to gnu/linux during the next big refactor
- darwin|linux|osf|windows|none)
+ darwin|freebsd-elf|linux|osf|windows|none)
func_arith $number_major + $number_minor
current=$func_arith_result
- age="$number_minor"
- revision="$number_revision"
+ age=$number_minor
+ revision=$number_revision
;;
- freebsd-aout|freebsd-elf|qnx|sunos)
- current="$number_major"
- revision="$number_minor"
- age="0"
+ freebsd-aout|qnx|sunos)
+ current=$number_major
+ revision=$number_minor
+ age=0
;;
irix|nonstopux)
func_arith $number_major + $number_minor
current=$func_arith_result
- age="$number_minor"
- revision="$number_minor"
+ age=$number_minor
+ revision=$number_minor
lt_irix_increment=no
;;
*)
- func_fatal_configuration "$modename: unknown library version type \`$version_type'"
+ func_fatal_configuration "$modename: unknown library version type '$version_type'"
;;
esac
;;
no)
- current="$1"
- revision="$2"
- age="$3"
+ current=$1
+ revision=$2
+ age=$3
;;
esac
@@ -7368,30 +8845,30 @@ func_mode_link ()
case $current in
0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
*)
- func_error "CURRENT \`$current' must be a nonnegative integer"
- func_fatal_error "\`$vinfo' is not valid version information"
+ func_error "CURRENT '$current' must be a nonnegative integer"
+ func_fatal_error "'$vinfo' is not valid version information"
;;
esac
case $revision in
0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
*)
- func_error "REVISION \`$revision' must be a nonnegative integer"
- func_fatal_error "\`$vinfo' is not valid version information"
+ func_error "REVISION '$revision' must be a nonnegative integer"
+ func_fatal_error "'$vinfo' is not valid version information"
;;
esac
case $age in
0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
*)
- func_error "AGE \`$age' must be a nonnegative integer"
- func_fatal_error "\`$vinfo' is not valid version information"
+ func_error "AGE '$age' must be a nonnegative integer"
+ func_fatal_error "'$vinfo' is not valid version information"
;;
esac
if test "$age" -gt "$current"; then
- func_error "AGE \`$age' is greater than the current interface number \`$current'"
- func_fatal_error "\`$vinfo' is not valid version information"
+ func_error "AGE '$age' is greater than the current interface number '$current'"
+ func_fatal_error "'$vinfo' is not valid version information"
fi
# Calculate the version variables.
@@ -7406,26 +8883,36 @@ func_mode_link ()
# verstring for coding it into the library header
func_arith $current - $age
major=.$func_arith_result
- versuffix="$major.$age.$revision"
+ versuffix=$major.$age.$revision
# Darwin ld doesn't like 0 for these options...
func_arith $current + 1
minor_current=$func_arith_result
- xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
+ xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision"
verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
+ # On Darwin other compilers
+ case $CC in
+ nagfor*)
+ verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision"
+ ;;
+ *)
+ verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
+ ;;
+ esac
;;
freebsd-aout)
- major=".$current"
- versuffix=".$current.$revision";
+ major=.$current
+ versuffix=.$current.$revision
;;
freebsd-elf)
- major=".$current"
- versuffix=".$current"
+ func_arith $current - $age
+ major=.$func_arith_result
+ versuffix=$major.$age.$revision
;;
irix | nonstopux)
- if test "X$lt_irix_increment" = "Xno"; then
+ if test no = "$lt_irix_increment"; then
func_arith $current - $age
else
func_arith $current - $age + 1
@@ -7436,69 +8923,74 @@ func_mode_link ()
nonstopux) verstring_prefix=nonstopux ;;
*) verstring_prefix=sgi ;;
esac
- verstring="$verstring_prefix$major.$revision"
+ verstring=$verstring_prefix$major.$revision
# Add in all the interfaces that we are compatible with.
loop=$revision
- while test "$loop" -ne 0; do
+ while test 0 -ne "$loop"; do
func_arith $revision - $loop
iface=$func_arith_result
func_arith $loop - 1
loop=$func_arith_result
- verstring="$verstring_prefix$major.$iface:$verstring"
+ verstring=$verstring_prefix$major.$iface:$verstring
done
- # Before this point, $major must not contain `.'.
+ # Before this point, $major must not contain '.'.
major=.$major
- versuffix="$major.$revision"
+ versuffix=$major.$revision
;;
linux) # correct to gnu/linux during the next big refactor
func_arith $current - $age
major=.$func_arith_result
- versuffix="$major.$age.$revision"
+ versuffix=$major.$age.$revision
;;
osf)
func_arith $current - $age
major=.$func_arith_result
- versuffix=".$current.$age.$revision"
- verstring="$current.$age.$revision"
+ versuffix=.$current.$age.$revision
+ verstring=$current.$age.$revision
# Add in all the interfaces that we are compatible with.
loop=$age
- while test "$loop" -ne 0; do
+ while test 0 -ne "$loop"; do
func_arith $current - $loop
iface=$func_arith_result
func_arith $loop - 1
loop=$func_arith_result
- verstring="$verstring:${iface}.0"
+ verstring=$verstring:$iface.0
done
# Make executables depend on our current version.
- func_append verstring ":${current}.0"
+ func_append verstring ":$current.0"
;;
qnx)
- major=".$current"
- versuffix=".$current"
+ major=.$current
+ versuffix=.$current
+ ;;
+
+ sco)
+ major=.$current
+ versuffix=.$current
;;
sunos)
- major=".$current"
- versuffix=".$current.$revision"
+ major=.$current
+ versuffix=.$current.$revision
;;
windows)
# Use '-' rather than '.', since we only want one
- # extension on DOS 8.3 filesystems.
+ # extension on DOS 8.3 file systems.
func_arith $current - $age
major=$func_arith_result
- versuffix="-$major"
+ versuffix=-$major
;;
*)
- func_fatal_configuration "unknown library version type \`$version_type'"
+ func_fatal_configuration "unknown library version type '$version_type'"
;;
esac
@@ -7512,42 +9004,45 @@ func_mode_link ()
verstring=
;;
*)
- verstring="0.0"
+ verstring=0.0
;;
esac
- if test "$need_version" = no; then
+ if test no = "$need_version"; then
versuffix=
else
- versuffix=".0.0"
+ versuffix=.0.0
fi
fi
# Remove version info from name if versioning should be avoided
- if test "$avoid_version" = yes && test "$need_version" = no; then
+ if test yes,no = "$avoid_version,$need_version"; then
major=
versuffix=
- verstring=""
+ verstring=
fi
# Check to see if the archive will have undefined symbols.
- if test "$allow_undefined" = yes; then
- if test "$allow_undefined_flag" = unsupported; then
- func_warning "undefined symbols not allowed in $host shared libraries"
- build_libtool_libs=no
- build_old_libs=yes
+ if test yes = "$allow_undefined"; then
+ if test unsupported = "$allow_undefined_flag"; then
+ if test yes = "$build_old_libs"; then
+ func_warning "undefined symbols not allowed in $host shared libraries; building static only"
+ build_libtool_libs=no
+ else
+ func_fatal_error "can't build $host shared library unless -no-undefined is specified"
+ fi
fi
else
# Don't allow undefined symbols.
- allow_undefined_flag="$no_undefined_flag"
+ allow_undefined_flag=$no_undefined_flag
fi
fi
- func_generate_dlsyms "$libname" "$libname" "yes"
+ func_generate_dlsyms "$libname" "$libname" :
func_append libobjs " $symfileobj"
- test "X$libobjs" = "X " && libobjs=
+ test " " = "$libobjs" && libobjs=
- if test "$opt_mode" != relink; then
+ if test relink != "$opt_mode"; then
# Remove our outputs, but don't remove object files since they
# may have been created when compiling PIC objects.
removelist=
@@ -7556,8 +9051,8 @@ func_mode_link ()
case $p in
*.$objext | *.gcno)
;;
- $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
- if test "X$precious_files_regex" != "X"; then
+ $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*)
+ if test -n "$precious_files_regex"; then
if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
then
continue
@@ -7573,11 +9068,11 @@ func_mode_link ()
fi
# Now set the variables for building old libraries.
- if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
+ if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then
func_append oldlibs " $output_objdir/$libname.$libext"
# Transform .lo files to .o files.
- oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; $lo2o" | $NL2SP`
+ oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP`
fi
# Eliminate all temporary directories.
@@ -7598,13 +9093,13 @@ func_mode_link ()
*) func_append finalize_rpath " $libdir" ;;
esac
done
- if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+ if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then
dependency_libs="$temp_xrpath $dependency_libs"
fi
fi
# Make sure dlfiles contains only unique files that won't be dlpreopened
- old_dlfiles="$dlfiles"
+ old_dlfiles=$dlfiles
dlfiles=
for lib in $old_dlfiles; do
case " $dlprefiles $dlfiles " in
@@ -7614,7 +9109,7 @@ func_mode_link ()
done
# Make sure dlprefiles contains only unique files
- old_dlprefiles="$dlprefiles"
+ old_dlprefiles=$dlprefiles
dlprefiles=
for lib in $old_dlprefiles; do
case "$dlprefiles " in
@@ -7623,7 +9118,7 @@ func_mode_link ()
esac
done
- if test "$build_libtool_libs" = yes; then
+ if test yes = "$build_libtool_libs"; then
if test -n "$rpath"; then
case $host in
*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*)
@@ -7647,7 +9142,7 @@ func_mode_link ()
;;
*)
# Add libc to deplibs on all other systems if necessary.
- if test "$build_libtool_need_lc" = "yes"; then
+ if test yes = "$build_libtool_need_lc"; then
func_append deplibs " -lc"
fi
;;
@@ -7663,9 +9158,9 @@ func_mode_link ()
# I'm not sure if I'm treating the release correctly. I think
# release should show up in the -l (ie -lgmp5) so we don't want to
# add it in twice. Is that correct?
- release=""
- versuffix=""
- major=""
+ release=
+ versuffix=
+ major=
newdeplibs=
droppeddeps=no
case $deplibs_check_method in
@@ -7694,20 +9189,20 @@ EOF
-l*)
func_stripname -l '' "$i"
name=$func_stripname_result
- if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ if test yes = "$allow_libtool_libs_with_static_runtimes"; then
case " $predeps $postdeps " in
*" $i "*)
func_append newdeplibs " $i"
- i=""
+ i=
;;
esac
fi
- if test -n "$i" ; then
+ if test -n "$i"; then
libname=`eval "\\$ECHO \"$libname_spec\""`
deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
set dummy $deplib_matches; shift
deplib_match=$1
- if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then
func_append newdeplibs " $i"
else
droppeddeps=yes
@@ -7737,20 +9232,20 @@ EOF
$opt_dry_run || $RM conftest
if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
ldd_output=`ldd conftest`
- if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ if test yes = "$allow_libtool_libs_with_static_runtimes"; then
case " $predeps $postdeps " in
*" $i "*)
func_append newdeplibs " $i"
- i=""
+ i=
;;
esac
fi
- if test -n "$i" ; then
+ if test -n "$i"; then
libname=`eval "\\$ECHO \"$libname_spec\""`
deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
set dummy $deplib_matches; shift
deplib_match=$1
- if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then
func_append newdeplibs " $i"
else
droppeddeps=yes
@@ -7787,24 +9282,24 @@ EOF
-l*)
func_stripname -l '' "$a_deplib"
name=$func_stripname_result
- if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ if test yes = "$allow_libtool_libs_with_static_runtimes"; then
case " $predeps $postdeps " in
*" $a_deplib "*)
func_append newdeplibs " $a_deplib"
- a_deplib=""
+ a_deplib=
;;
esac
fi
- if test -n "$a_deplib" ; then
+ if test -n "$a_deplib"; then
libname=`eval "\\$ECHO \"$libname_spec\""`
if test -n "$file_magic_glob"; then
libnameglob=`func_echo_all "$libname" | $SED -e $file_magic_glob`
else
libnameglob=$libname
fi
- test "$want_nocaseglob" = yes && nocaseglob=`shopt -p nocaseglob`
+ test yes = "$want_nocaseglob" && nocaseglob=`shopt -p nocaseglob`
for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
- if test "$want_nocaseglob" = yes; then
+ if test yes = "$want_nocaseglob"; then
shopt -s nocaseglob
potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null`
$nocaseglob
@@ -7822,25 +9317,25 @@ EOF
# We might still enter an endless loop, since a link
# loop can be closed while we follow links,
# but so what?
- potlib="$potent_lib"
+ potlib=$potent_lib
while test -h "$potlib" 2>/dev/null; do
- potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
+ potliblink=`ls -ld $potlib | $SED 's/.* -> //'`
case $potliblink in
- [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
- *) potlib=`$ECHO "$potlib" | $SED 's,[^/]*$,,'`"$potliblink";;
+ [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;;
+ *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";;
esac
done
if eval $file_magic_cmd \"\$potlib\" 2>/dev/null |
$SED -e 10q |
$EGREP "$file_magic_regex" > /dev/null; then
func_append newdeplibs " $a_deplib"
- a_deplib=""
+ a_deplib=
break 2
fi
done
done
fi
- if test -n "$a_deplib" ; then
+ if test -n "$a_deplib"; then
droppeddeps=yes
echo
$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
@@ -7848,7 +9343,7 @@ EOF
echo "*** you link to this library. But I can only do this if you have a"
echo "*** shared version of the library, which you do not appear to have"
echo "*** because I did check the linker path looking for a file starting"
- if test -z "$potlib" ; then
+ if test -z "$potlib"; then
$ECHO "*** with $libname but no candidates were found. (...for file magic test)"
else
$ECHO "*** with $libname and none of the candidates passed a file format test"
@@ -7871,30 +9366,30 @@ EOF
-l*)
func_stripname -l '' "$a_deplib"
name=$func_stripname_result
- if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ if test yes = "$allow_libtool_libs_with_static_runtimes"; then
case " $predeps $postdeps " in
*" $a_deplib "*)
func_append newdeplibs " $a_deplib"
- a_deplib=""
+ a_deplib=
;;
esac
fi
- if test -n "$a_deplib" ; then
+ if test -n "$a_deplib"; then
libname=`eval "\\$ECHO \"$libname_spec\""`
for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
for potent_lib in $potential_libs; do
- potlib="$potent_lib" # see symlink-check above in file_magic test
+ potlib=$potent_lib # see symlink-check above in file_magic test
if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \
$EGREP "$match_pattern_regex" > /dev/null; then
func_append newdeplibs " $a_deplib"
- a_deplib=""
+ a_deplib=
break 2
fi
done
done
fi
- if test -n "$a_deplib" ; then
+ if test -n "$a_deplib"; then
droppeddeps=yes
echo
$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
@@ -7902,7 +9397,7 @@ EOF
echo "*** you link to this library. But I can only do this if you have a"
echo "*** shared version of the library, which you do not appear to have"
echo "*** because I did check the linker path looking for a file starting"
- if test -z "$potlib" ; then
+ if test -z "$potlib"; then
$ECHO "*** with $libname but no candidates were found. (...for regex pattern test)"
else
$ECHO "*** with $libname and none of the candidates passed a file format test"
@@ -7918,18 +9413,18 @@ EOF
done # Gone through all deplibs.
;;
none | unknown | *)
- newdeplibs=""
+ newdeplibs=
tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'`
- if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
- for i in $predeps $postdeps ; do
+ if test yes = "$allow_libtool_libs_with_static_runtimes"; then
+ for i in $predeps $postdeps; do
# can't use Xsed below, because $i might contain '/'
- tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s,$i,,"`
+ tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"`
done
fi
case $tmp_deplibs in
*[!\ \ ]*)
echo
- if test "X$deplibs_check_method" = "Xnone"; then
+ if test none = "$deplibs_check_method"; then
echo "*** Warning: inter-library dependencies are not supported in this platform."
else
echo "*** Warning: inter-library dependencies are not known to be supported."
@@ -7953,8 +9448,8 @@ EOF
;;
esac
- if test "$droppeddeps" = yes; then
- if test "$module" = yes; then
+ if test yes = "$droppeddeps"; then
+ if test yes = "$module"; then
echo
echo "*** Warning: libtool could not satisfy all declared inter-library"
$ECHO "*** dependencies of module $libname. Therefore, libtool will create"
@@ -7963,12 +9458,12 @@ EOF
if test -z "$global_symbol_pipe"; then
echo
echo "*** However, this would only work if libtool was able to extract symbol"
- echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ echo "*** lists from a program, using 'nm' or equivalent, but libtool could"
echo "*** not find such a program. So, this module is probably useless."
- echo "*** \`nm' from GNU binutils and a full rebuild may help."
+ echo "*** 'nm' from GNU binutils and a full rebuild may help."
fi
- if test "$build_old_libs" = no; then
- oldlibs="$output_objdir/$libname.$libext"
+ if test no = "$build_old_libs"; then
+ oldlibs=$output_objdir/$libname.$libext
build_libtool_libs=module
build_old_libs=yes
else
@@ -7979,14 +9474,14 @@ EOF
echo "*** automatically added whenever a program is linked with this library"
echo "*** or is declared to -dlopen it."
- if test "$allow_undefined" = no; then
+ if test no = "$allow_undefined"; then
echo
echo "*** Since this library must not contain undefined symbols,"
echo "*** because either the platform does not support them or"
echo "*** it was explicitly requested with -no-undefined,"
echo "*** libtool will only create a static version of it."
- if test "$build_old_libs" = no; then
- oldlibs="$output_objdir/$libname.$libext"
+ if test no = "$build_old_libs"; then
+ oldlibs=$output_objdir/$libname.$libext
build_libtool_libs=module
build_old_libs=yes
else
@@ -8032,7 +9527,7 @@ EOF
*) func_append new_libs " $deplib" ;;
esac
done
- deplibs="$new_libs"
+ deplibs=$new_libs
# All the library-specific variables (install_libdir is set above).
library_names=
@@ -8040,25 +9535,25 @@ EOF
dlname=
# Test again, we may have decided not to build it any more
- if test "$build_libtool_libs" = yes; then
- # Remove ${wl} instances when linking with ld.
+ if test yes = "$build_libtool_libs"; then
+ # Remove $wl instances when linking with ld.
# FIXME: should test the right _cmds variable.
case $archive_cmds in
*\$LD\ *) wl= ;;
esac
- if test "$hardcode_into_libs" = yes; then
+ if test yes = "$hardcode_into_libs"; then
# Hardcode the library paths
hardcode_libdirs=
dep_rpath=
- rpath="$finalize_rpath"
- test "$opt_mode" != relink && rpath="$compile_rpath$rpath"
+ rpath=$finalize_rpath
+ test relink = "$opt_mode" || rpath=$compile_rpath$rpath
for libdir in $rpath; do
if test -n "$hardcode_libdir_flag_spec"; then
if test -n "$hardcode_libdir_separator"; then
func_replace_sysroot "$libdir"
libdir=$func_replace_sysroot_result
if test -z "$hardcode_libdirs"; then
- hardcode_libdirs="$libdir"
+ hardcode_libdirs=$libdir
else
# Just accumulate the unique libdirs.
case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
@@ -8083,7 +9578,7 @@ EOF
# Substitute the hardcoded libdirs into the rpath.
if test -n "$hardcode_libdir_separator" &&
test -n "$hardcode_libdirs"; then
- libdir="$hardcode_libdirs"
+ libdir=$hardcode_libdirs
eval "dep_rpath=\"$hardcode_libdir_flag_spec\""
fi
if test -n "$runpath_var" && test -n "$perm_rpath"; then
@@ -8097,8 +9592,8 @@ EOF
test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
fi
- shlibpath="$finalize_shlibpath"
- test "$opt_mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
+ shlibpath=$finalize_shlibpath
+ test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath
if test -n "$shlibpath"; then
eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
fi
@@ -8108,19 +9603,19 @@ EOF
eval library_names=\"$library_names_spec\"
set dummy $library_names
shift
- realname="$1"
+ realname=$1
shift
if test -n "$soname_spec"; then
eval soname=\"$soname_spec\"
else
- soname="$realname"
+ soname=$realname
fi
if test -z "$dlname"; then
dlname=$soname
fi
- lib="$output_objdir/$realname"
+ lib=$output_objdir/$realname
linknames=
for link
do
@@ -8134,7 +9629,7 @@ EOF
delfiles=
if test -n "$export_symbols" && test -n "$include_expsyms"; then
$opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp"
- export_symbols="$output_objdir/$libname.uexp"
+ export_symbols=$output_objdir/$libname.uexp
func_append delfiles " $export_symbols"
fi
@@ -8143,31 +9638,31 @@ EOF
cygwin* | mingw* | cegcc*)
if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
# exporting using user supplied symfile
- if test "x`$SED 1q $export_symbols`" != xEXPORTS; then
+ func_dll_def_p "$export_symbols" || {
# and it's NOT already a .def file. Must figure out
# which of the given symbols are data symbols and tag
# them as such. So, trigger use of export_symbols_cmds.
# export_symbols gets reassigned inside the "prepare
# the list of exported symbols" if statement, so the
# include_expsyms logic still works.
- orig_export_symbols="$export_symbols"
+ orig_export_symbols=$export_symbols
export_symbols=
always_export_symbols=yes
- fi
+ }
fi
;;
esac
# Prepare the list of exported symbols
if test -z "$export_symbols"; then
- if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
- func_verbose "generating symbol list for \`$libname.la'"
- export_symbols="$output_objdir/$libname.exp"
+ if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then
+ func_verbose "generating symbol list for '$libname.la'"
+ export_symbols=$output_objdir/$libname.exp
$opt_dry_run || $RM $export_symbols
cmds=$export_symbols_cmds
- save_ifs="$IFS"; IFS='~'
+ save_ifs=$IFS; IFS='~'
for cmd1 in $cmds; do
- IFS="$save_ifs"
+ IFS=$save_ifs
# Take the normal branch if the nm_file_list_spec branch
# doesn't work or if tool conversion is not needed.
case $nm_file_list_spec~$to_tool_file_cmd in
@@ -8181,7 +9676,7 @@ EOF
try_normal_branch=no
;;
esac
- if test "$try_normal_branch" = yes \
+ if test yes = "$try_normal_branch" \
&& { test "$len" -lt "$max_cmd_len" \
|| test "$max_cmd_len" -le -1; }
then
@@ -8192,7 +9687,7 @@ EOF
output_la=$func_basename_result
save_libobjs=$libobjs
save_output=$output
- output=${output_objdir}/${output_la}.nm
+ output=$output_objdir/$output_la.nm
func_to_tool_file "$output"
libobjs=$nm_file_list_spec$func_to_tool_file_result
func_append delfiles " $output"
@@ -8215,8 +9710,8 @@ EOF
break
fi
done
- IFS="$save_ifs"
- if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then
+ IFS=$save_ifs
+ if test -n "$export_symbols_regex" && test : != "$skipped_export"; then
func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
fi
@@ -8224,16 +9719,16 @@ EOF
fi
if test -n "$export_symbols" && test -n "$include_expsyms"; then
- tmp_export_symbols="$export_symbols"
- test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+ tmp_export_symbols=$export_symbols
+ test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols
$opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"'
fi
- if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then
+ if test : != "$skipped_export" && test -n "$orig_export_symbols"; then
# The given exports_symbols file has to be filtered, so filter it.
- func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+ func_verbose "filter symbol list for '$libname.la' to tag DATA exports"
# FIXME: $output_objdir/$libname.filter potentially contains lots of
- # 's' commands which not all seds can handle. GNU sed should be fine
+ # 's' commands, which not all seds can handle. GNU sed should be fine
# though. Also, the filter scales superlinearly with the number of
# global variables. join(1) would be nice here, but unfortunately
# isn't a blessed tool.
@@ -8252,11 +9747,11 @@ EOF
;;
esac
done
- deplibs="$tmp_deplibs"
+ deplibs=$tmp_deplibs
if test -n "$convenience"; then
if test -n "$whole_archive_flag_spec" &&
- test "$compiler_needs_object" = yes &&
+ test yes = "$compiler_needs_object" &&
test -z "$libobjs"; then
# extract the archives, so we have objects to list.
# TODO: could optimize this to just extract one archive.
@@ -8267,7 +9762,7 @@ EOF
eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
test "X$libobjs" = "X " && libobjs=
else
- gentop="$output_objdir/${outputname}x"
+ gentop=$output_objdir/${outputname}x
func_append generated " $gentop"
func_extract_archives $gentop $convenience
@@ -8276,18 +9771,18 @@ EOF
fi
fi
- if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
+ if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then
eval flag=\"$thread_safe_flag_spec\"
func_append linker_flags " $flag"
fi
# Make a backup of the uninstalled library when relinking
- if test "$opt_mode" = relink; then
+ if test relink = "$opt_mode"; then
$opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $?
fi
# Do each of the archive commands.
- if test "$module" = yes && test -n "$module_cmds" ; then
+ if test yes = "$module" && test -n "$module_cmds"; then
if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
eval test_cmds=\"$module_expsym_cmds\"
cmds=$module_expsym_cmds
@@ -8305,7 +9800,7 @@ EOF
fi
fi
- if test "X$skipped_export" != "X:" &&
+ if test : != "$skipped_export" &&
func_len " $test_cmds" &&
len=$func_len_result &&
test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
@@ -8338,8 +9833,8 @@ EOF
last_robj=
k=1
- if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then
- output=${output_objdir}/${output_la}.lnkscript
+ if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then
+ output=$output_objdir/$output_la.lnkscript
func_verbose "creating GNU ld script: $output"
echo 'INPUT (' > $output
for obj in $save_libobjs
@@ -8351,14 +9846,14 @@ EOF
func_append delfiles " $output"
func_to_tool_file "$output"
output=$func_to_tool_file_result
- elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then
- output=${output_objdir}/${output_la}.lnk
+ elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then
+ output=$output_objdir/$output_la.lnk
func_verbose "creating linker input file list: $output"
: > $output
set x $save_libobjs
shift
firstobj=
- if test "$compiler_needs_object" = yes; then
+ if test yes = "$compiler_needs_object"; then
firstobj="$1 "
shift
fi
@@ -8373,7 +9868,7 @@ EOF
else
if test -n "$save_libobjs"; then
func_verbose "creating reloadable object files..."
- output=$output_objdir/$output_la-${k}.$objext
+ output=$output_objdir/$output_la-$k.$objext
eval test_cmds=\"$reload_cmds\"
func_len " $test_cmds"
len0=$func_len_result
@@ -8385,13 +9880,13 @@ EOF
func_len " $obj"
func_arith $len + $func_len_result
len=$func_arith_result
- if test "X$objlist" = X ||
+ if test -z "$objlist" ||
test "$len" -lt "$max_cmd_len"; then
func_append objlist " $obj"
else
# The command $test_cmds is almost too long, add a
# command to the queue.
- if test "$k" -eq 1 ; then
+ if test 1 -eq "$k"; then
# The first file doesn't have a previous command to add.
reload_objs=$objlist
eval concat_cmds=\"$reload_cmds\"
@@ -8401,10 +9896,10 @@ EOF
reload_objs="$objlist $last_robj"
eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\"
fi
- last_robj=$output_objdir/$output_la-${k}.$objext
+ last_robj=$output_objdir/$output_la-$k.$objext
func_arith $k + 1
k=$func_arith_result
- output=$output_objdir/$output_la-${k}.$objext
+ output=$output_objdir/$output_la-$k.$objext
objlist=" $obj"
func_len " $last_robj"
func_arith $len0 + $func_len_result
@@ -8416,9 +9911,9 @@ EOF
# files will link in the last one created.
test -z "$concat_cmds" || concat_cmds=$concat_cmds~
reload_objs="$objlist $last_robj"
- eval concat_cmds=\"\${concat_cmds}$reload_cmds\"
+ eval concat_cmds=\"\$concat_cmds$reload_cmds\"
if test -n "$last_robj"; then
- eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\"
+ eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
fi
func_append delfiles " $output"
@@ -8426,9 +9921,9 @@ EOF
output=
fi
- if ${skipped_export-false}; then
- func_verbose "generating symbol list for \`$libname.la'"
- export_symbols="$output_objdir/$libname.exp"
+ ${skipped_export-false} && {
+ func_verbose "generating symbol list for '$libname.la'"
+ export_symbols=$output_objdir/$libname.exp
$opt_dry_run || $RM $export_symbols
libobjs=$output
# Append the command to create the export file.
@@ -8437,16 +9932,16 @@ EOF
if test -n "$last_robj"; then
eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
fi
- fi
+ }
test -n "$save_libobjs" &&
func_verbose "creating a temporary reloadable object file: $output"
# Loop through the commands generated above and execute them.
- save_ifs="$IFS"; IFS='~'
+ save_ifs=$IFS; IFS='~'
for cmd in $concat_cmds; do
- IFS="$save_ifs"
- $opt_silent || {
+ IFS=$save_ifs
+ $opt_quiet || {
func_quote_for_expand "$cmd"
eval "func_echo $func_quote_for_expand_result"
}
@@ -8454,7 +9949,7 @@ EOF
lt_exit=$?
# Restore the uninstalled library and exit
- if test "$opt_mode" = relink; then
+ if test relink = "$opt_mode"; then
( cd "$output_objdir" && \
$RM "${realname}T" && \
$MV "${realname}U" "$realname" )
@@ -8463,7 +9958,7 @@ EOF
exit $lt_exit
}
done
- IFS="$save_ifs"
+ IFS=$save_ifs
if test -n "$export_symbols_regex" && ${skipped_export-false}; then
func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
@@ -8471,18 +9966,18 @@ EOF
fi
fi
- if ${skipped_export-false}; then
+ ${skipped_export-false} && {
if test -n "$export_symbols" && test -n "$include_expsyms"; then
- tmp_export_symbols="$export_symbols"
- test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+ tmp_export_symbols=$export_symbols
+ test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols
$opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"'
fi
if test -n "$orig_export_symbols"; then
# The given exports_symbols file has to be filtered, so filter it.
- func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+ func_verbose "filter symbol list for '$libname.la' to tag DATA exports"
# FIXME: $output_objdir/$libname.filter potentially contains lots of
- # 's' commands which not all seds can handle. GNU sed should be fine
+ # 's' commands, which not all seds can handle. GNU sed should be fine
# though. Also, the filter scales superlinearly with the number of
# global variables. join(1) would be nice here, but unfortunately
# isn't a blessed tool.
@@ -8491,7 +9986,7 @@ EOF
export_symbols=$output_objdir/$libname.def
$opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
fi
- fi
+ }
libobjs=$output
# Restore the value of output.
@@ -8505,7 +10000,7 @@ EOF
# value of $libobjs for piecewise linking.
# Do each of the archive commands.
- if test "$module" = yes && test -n "$module_cmds" ; then
+ if test yes = "$module" && test -n "$module_cmds"; then
if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
cmds=$module_expsym_cmds
else
@@ -8527,7 +10022,7 @@ EOF
# Add any objects from preloaded convenience libraries
if test -n "$dlprefiles"; then
- gentop="$output_objdir/${outputname}x"
+ gentop=$output_objdir/${outputname}x
func_append generated " $gentop"
func_extract_archives $gentop $dlprefiles
@@ -8535,11 +10030,12 @@ EOF
test "X$libobjs" = "X " && libobjs=
fi
- save_ifs="$IFS"; IFS='~'
+ save_ifs=$IFS; IFS='~'
for cmd in $cmds; do
- IFS="$save_ifs"
+ IFS=$sp$nl
eval cmd=\"$cmd\"
- $opt_silent || {
+ IFS=$save_ifs
+ $opt_quiet || {
func_quote_for_expand "$cmd"
eval "func_echo $func_quote_for_expand_result"
}
@@ -8547,7 +10043,7 @@ EOF
lt_exit=$?
# Restore the uninstalled library and exit
- if test "$opt_mode" = relink; then
+ if test relink = "$opt_mode"; then
( cd "$output_objdir" && \
$RM "${realname}T" && \
$MV "${realname}U" "$realname" )
@@ -8556,10 +10052,10 @@ EOF
exit $lt_exit
}
done
- IFS="$save_ifs"
+ IFS=$save_ifs
# Restore the uninstalled library and exit
- if test "$opt_mode" = relink; then
+ if test relink = "$opt_mode"; then
$opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $?
if test -n "$convenience"; then
@@ -8579,39 +10075,39 @@ EOF
done
# If -module or -export-dynamic was specified, set the dlname.
- if test "$module" = yes || test "$export_dynamic" = yes; then
+ if test yes = "$module" || test yes = "$export_dynamic"; then
# On all known operating systems, these are identical.
- dlname="$soname"
+ dlname=$soname
fi
fi
;;
obj)
- if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
- func_warning "\`-dlopen' is ignored for objects"
+ if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
+ func_warning "'-dlopen' is ignored for objects"
fi
case " $deplibs" in
*\ -l* | *\ -L*)
- func_warning "\`-l' and \`-L' are ignored for objects" ;;
+ func_warning "'-l' and '-L' are ignored for objects" ;;
esac
test -n "$rpath" && \
- func_warning "\`-rpath' is ignored for objects"
+ func_warning "'-rpath' is ignored for objects"
test -n "$xrpath" && \
- func_warning "\`-R' is ignored for objects"
+ func_warning "'-R' is ignored for objects"
test -n "$vinfo" && \
- func_warning "\`-version-info' is ignored for objects"
+ func_warning "'-version-info' is ignored for objects"
test -n "$release" && \
- func_warning "\`-release' is ignored for objects"
+ func_warning "'-release' is ignored for objects"
case $output in
*.lo)
test -n "$objs$old_deplibs" && \
- func_fatal_error "cannot build library object \`$output' from non-libtool objects"
+ func_fatal_error "cannot build library object '$output' from non-libtool objects"
libobj=$output
func_lo2o "$libobj"
@@ -8619,7 +10115,7 @@ EOF
;;
*)
libobj=
- obj="$output"
+ obj=$output
;;
esac
@@ -8632,17 +10128,19 @@ EOF
# the extraction.
reload_conv_objs=
gentop=
- # reload_cmds runs $LD directly, so let us get rid of
- # -Wl from whole_archive_flag_spec and hope we can get by with
- # turning comma into space..
- wl=
-
+ # if reload_cmds runs $LD directly, get rid of -Wl from
+ # whole_archive_flag_spec and hope we can get by with turning comma
+ # into space.
+ case $reload_cmds in
+ *\$LD[\ \$]*) wl= ;;
+ esac
if test -n "$convenience"; then
if test -n "$whole_archive_flag_spec"; then
eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
- reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'`
+ test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'`
+ reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags
else
- gentop="$output_objdir/${obj}x"
+ gentop=$output_objdir/${obj}x
func_append generated " $gentop"
func_extract_archives $gentop $convenience
@@ -8651,12 +10149,12 @@ EOF
fi
# If we're not building shared, we need to use non_pic_objs
- test "$build_libtool_libs" != yes && libobjs="$non_pic_objects"
+ test yes = "$build_libtool_libs" || libobjs=$non_pic_objects
# Create the old-style object.
- reload_objs="$objs$old_deplibs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; /\.lib$/d; $lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
+ reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs
- output="$obj"
+ output=$obj
func_execute_cmds "$reload_cmds" 'exit $?'
# Exit if we aren't doing a library object file.
@@ -8668,7 +10166,7 @@ EOF
exit $EXIT_SUCCESS
fi
- if test "$build_libtool_libs" != yes; then
+ test yes = "$build_libtool_libs" || {
if test -n "$gentop"; then
func_show_eval '${RM}r "$gentop"'
fi
@@ -8678,12 +10176,12 @@ EOF
# $show "echo timestamp > $libobj"
# $opt_dry_run || eval "echo timestamp > $libobj" || exit $?
exit $EXIT_SUCCESS
- fi
+ }
- if test -n "$pic_flag" || test "$pic_mode" != default; then
+ if test -n "$pic_flag" || test default != "$pic_mode"; then
# Only do commands if we really have different PIC objects.
reload_objs="$libobjs $reload_conv_objs"
- output="$libobj"
+ output=$libobj
func_execute_cmds "$reload_cmds" 'exit $?'
fi
@@ -8700,16 +10198,14 @@ EOF
output=$func_stripname_result.exe;;
esac
test -n "$vinfo" && \
- func_warning "\`-version-info' is ignored for programs"
+ func_warning "'-version-info' is ignored for programs"
test -n "$release" && \
- func_warning "\`-release' is ignored for programs"
+ func_warning "'-release' is ignored for programs"
- test "$preload" = yes \
- && test "$dlopen_support" = unknown \
- && test "$dlopen_self" = unknown \
- && test "$dlopen_self_static" = unknown && \
- func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support."
+ $preload \
+ && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \
+ && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support."
case $host in
*-*-rhapsody* | *-*-darwin1.[012])
@@ -8723,11 +10219,11 @@ EOF
*-*-darwin*)
# Don't allow lazy linking, it breaks C++ global constructors
# But is supposedly fixed on 10.4 or later (yay!).
- if test "$tagname" = CXX ; then
+ if test CXX = "$tagname"; then
case ${MACOSX_DEPLOYMENT_TARGET-10.0} in
10.[0123])
- func_append compile_command " ${wl}-bind_at_load"
- func_append finalize_command " ${wl}-bind_at_load"
+ func_append compile_command " $wl-bind_at_load"
+ func_append finalize_command " $wl-bind_at_load"
;;
esac
fi
@@ -8763,7 +10259,7 @@ EOF
*) func_append new_libs " $deplib" ;;
esac
done
- compile_deplibs="$new_libs"
+ compile_deplibs=$new_libs
func_append compile_command " $compile_deplibs"
@@ -8787,7 +10283,7 @@ EOF
if test -n "$hardcode_libdir_flag_spec"; then
if test -n "$hardcode_libdir_separator"; then
if test -z "$hardcode_libdirs"; then
- hardcode_libdirs="$libdir"
+ hardcode_libdirs=$libdir
else
# Just accumulate the unique libdirs.
case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
@@ -8810,7 +10306,7 @@ EOF
fi
case $host in
*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
- testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'`
+ testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'`
case :$dllsearchpath: in
*":$libdir:"*) ;;
::) dllsearchpath=$libdir;;
@@ -8827,10 +10323,10 @@ EOF
# Substitute the hardcoded libdirs into the rpath.
if test -n "$hardcode_libdir_separator" &&
test -n "$hardcode_libdirs"; then
- libdir="$hardcode_libdirs"
+ libdir=$hardcode_libdirs
eval rpath=\" $hardcode_libdir_flag_spec\"
fi
- compile_rpath="$rpath"
+ compile_rpath=$rpath
rpath=
hardcode_libdirs=
@@ -8838,7 +10334,7 @@ EOF
if test -n "$hardcode_libdir_flag_spec"; then
if test -n "$hardcode_libdir_separator"; then
if test -z "$hardcode_libdirs"; then
- hardcode_libdirs="$libdir"
+ hardcode_libdirs=$libdir
else
# Just accumulate the unique libdirs.
case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
@@ -8863,45 +10359,43 @@ EOF
# Substitute the hardcoded libdirs into the rpath.
if test -n "$hardcode_libdir_separator" &&
test -n "$hardcode_libdirs"; then
- libdir="$hardcode_libdirs"
+ libdir=$hardcode_libdirs
eval rpath=\" $hardcode_libdir_flag_spec\"
fi
- finalize_rpath="$rpath"
+ finalize_rpath=$rpath
- if test -n "$libobjs" && test "$build_old_libs" = yes; then
+ if test -n "$libobjs" && test yes = "$build_old_libs"; then
# Transform all the library objects into standard objects.
compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP`
finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP`
fi
- func_generate_dlsyms "$outputname" "@PROGRAM@" "no"
+ func_generate_dlsyms "$outputname" "@PROGRAM@" false
# template prelinking step
if test -n "$prelink_cmds"; then
func_execute_cmds "$prelink_cmds" 'exit $?'
fi
- wrappers_required=yes
+ wrappers_required=:
case $host in
*cegcc* | *mingw32ce*)
# Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway.
- wrappers_required=no
+ wrappers_required=false
;;
*cygwin* | *mingw* )
- if test "$build_libtool_libs" != yes; then
- wrappers_required=no
- fi
+ test yes = "$build_libtool_libs" || wrappers_required=false
;;
*)
- if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
- wrappers_required=no
+ if test no = "$need_relink" || test yes != "$build_libtool_libs"; then
+ wrappers_required=false
fi
;;
esac
- if test "$wrappers_required" = no; then
+ $wrappers_required || {
# Replace the output file specification.
compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'`
- link_command="$compile_command$compile_rpath"
+ link_command=$compile_command$compile_rpath
# We have no uninstalled library dependencies, so finalize right now.
exit_status=0
@@ -8914,12 +10408,12 @@ EOF
fi
# Delete the generated files.
- if test -f "$output_objdir/${outputname}S.${objext}"; then
- func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"'
+ if test -f "$output_objdir/${outputname}S.$objext"; then
+ func_show_eval '$RM "$output_objdir/${outputname}S.$objext"'
fi
exit $exit_status
- fi
+ }
if test -n "$compile_shlibpath$finalize_shlibpath"; then
compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
@@ -8949,9 +10443,9 @@ EOF
fi
fi
- if test "$no_install" = yes; then
+ if test yes = "$no_install"; then
# We don't need to create a wrapper script.
- link_command="$compile_var$compile_command$compile_rpath"
+ link_command=$compile_var$compile_command$compile_rpath
# Replace the output file specification.
link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'`
# Delete the old output file.
@@ -8968,27 +10462,28 @@ EOF
exit $EXIT_SUCCESS
fi
- if test "$hardcode_action" = relink; then
- # Fast installation is not supported
- link_command="$compile_var$compile_command$compile_rpath"
- relink_command="$finalize_var$finalize_command$finalize_rpath"
+ case $hardcode_action,$fast_install in
+ relink,*)
+ # Fast installation is not supported
+ link_command=$compile_var$compile_command$compile_rpath
+ relink_command=$finalize_var$finalize_command$finalize_rpath
- func_warning "this platform does not like uninstalled shared libraries"
- func_warning "\`$output' will be relinked during installation"
- else
- if test "$fast_install" != no; then
- link_command="$finalize_var$compile_command$finalize_rpath"
- if test "$fast_install" = yes; then
- relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'`
- else
- # fast_install is set to needless
- relink_command=
- fi
- else
- link_command="$compile_var$compile_command$compile_rpath"
- relink_command="$finalize_var$finalize_command$finalize_rpath"
- fi
- fi
+ func_warning "this platform does not like uninstalled shared libraries"
+ func_warning "'$output' will be relinked during installation"
+ ;;
+ *,yes)
+ link_command=$finalize_var$compile_command$finalize_rpath
+ relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'`
+ ;;
+ *,no)
+ link_command=$compile_var$compile_command$compile_rpath
+ relink_command=$finalize_var$finalize_command$finalize_rpath
+ ;;
+ *,needless)
+ link_command=$finalize_var$compile_command$finalize_rpath
+ relink_command=
+ ;;
+ esac
# Replace the output file specification.
link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
@@ -9045,8 +10540,8 @@ EOF
func_dirname_and_basename "$output" "" "."
output_name=$func_basename_result
output_path=$func_dirname_result
- cwrappersource="$output_path/$objdir/lt-$output_name.c"
- cwrapper="$output_path/$output_name.exe"
+ cwrappersource=$output_path/$objdir/lt-$output_name.c
+ cwrapper=$output_path/$output_name.exe
$RM $cwrappersource $cwrapper
trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
@@ -9067,7 +10562,7 @@ EOF
trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15
$opt_dry_run || {
# note: this script will not be executed, so do not chmod.
- if test "x$build" = "x$host" ; then
+ if test "x$build" = "x$host"; then
$cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result
else
func_emit_wrapper no > $func_ltwrapper_scriptname_result
@@ -9090,25 +10585,27 @@ EOF
# See if we need to build an old-fashioned archive.
for oldlib in $oldlibs; do
- if test "$build_libtool_libs" = convenience; then
- oldobjs="$libobjs_save $symfileobj"
- addlibs="$convenience"
- build_libtool_libs=no
- else
- if test "$build_libtool_libs" = module; then
- oldobjs="$libobjs_save"
+ case $build_libtool_libs in
+ convenience)
+ oldobjs="$libobjs_save $symfileobj"
+ addlibs=$convenience
build_libtool_libs=no
- else
+ ;;
+ module)
+ oldobjs=$libobjs_save
+ addlibs=$old_convenience
+ build_libtool_libs=no
+ ;;
+ *)
oldobjs="$old_deplibs $non_pic_objects"
- if test "$preload" = yes && test -f "$symfileobj"; then
- func_append oldobjs " $symfileobj"
- fi
- fi
- addlibs="$old_convenience"
- fi
+ $preload && test -f "$symfileobj" \
+ && func_append oldobjs " $symfileobj"
+ addlibs=$old_convenience
+ ;;
+ esac
if test -n "$addlibs"; then
- gentop="$output_objdir/${outputname}x"
+ gentop=$output_objdir/${outputname}x
func_append generated " $gentop"
func_extract_archives $gentop $addlibs
@@ -9116,13 +10613,13 @@ EOF
fi
# Do each command in the archive commands.
- if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
+ if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then
cmds=$old_archive_from_new_cmds
else
# Add any objects from preloaded convenience libraries
if test -n "$dlprefiles"; then
- gentop="$output_objdir/${outputname}x"
+ gentop=$output_objdir/${outputname}x
func_append generated " $gentop"
func_extract_archives $gentop $dlprefiles
@@ -9143,7 +10640,7 @@ EOF
:
else
echo "copying selected object files to avoid basename conflicts..."
- gentop="$output_objdir/${outputname}x"
+ gentop=$output_objdir/${outputname}x
func_append generated " $gentop"
func_mkdir_p "$gentop"
save_oldobjs=$oldobjs
@@ -9152,7 +10649,7 @@ EOF
for obj in $save_oldobjs
do
func_basename "$obj"
- objbase="$func_basename_result"
+ objbase=$func_basename_result
case " $oldobjs " in
" ") oldobjs=$obj ;;
*[\ /]"$objbase "*)
@@ -9221,18 +10718,18 @@ EOF
else
# the above command should be used before it gets too long
oldobjs=$objlist
- if test "$obj" = "$last_oldobj" ; then
+ if test "$obj" = "$last_oldobj"; then
RANLIB=$save_RANLIB
fi
test -z "$concat_cmds" || concat_cmds=$concat_cmds~
- eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
+ eval concat_cmds=\"\$concat_cmds$old_archive_cmds\"
objlist=
len=$len0
fi
done
RANLIB=$save_RANLIB
oldobjs=$objlist
- if test "X$oldobjs" = "X" ; then
+ if test -z "$oldobjs"; then
eval cmds=\"\$concat_cmds\"
else
eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
@@ -9249,7 +10746,7 @@ EOF
case $output in
*.la)
old_library=
- test "$build_old_libs" = yes && old_library="$libname.$libext"
+ test yes = "$build_old_libs" && old_library=$libname.$libext
func_verbose "creating $output"
# Preserve any variables that may affect compiler behavior
@@ -9264,31 +10761,31 @@ EOF
fi
done
# Quote the link command for shipping.
- relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+ relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
- if test "$hardcode_automatic" = yes ; then
+ if test yes = "$hardcode_automatic"; then
relink_command=
fi
# Only create the output if not a dry run.
$opt_dry_run || {
for installed in no yes; do
- if test "$installed" = yes; then
+ if test yes = "$installed"; then
if test -z "$install_libdir"; then
break
fi
- output="$output_objdir/$outputname"i
+ output=$output_objdir/${outputname}i
# Replace all uninstalled libtool libraries with the installed ones
newdependency_libs=
for deplib in $dependency_libs; do
case $deplib in
*.la)
func_basename "$deplib"
- name="$func_basename_result"
+ name=$func_basename_result
func_resolve_sysroot "$deplib"
- eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result`
+ eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result`
test -z "$libdir" && \
- func_fatal_error "\`$deplib' is not a valid libtool archive"
+ func_fatal_error "'$deplib' is not a valid libtool archive"
func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name"
;;
-L*)
@@ -9304,23 +10801,23 @@ EOF
*) func_append newdependency_libs " $deplib" ;;
esac
done
- dependency_libs="$newdependency_libs"
+ dependency_libs=$newdependency_libs
newdlfiles=
for lib in $dlfiles; do
case $lib in
*.la)
func_basename "$lib"
- name="$func_basename_result"
- eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ name=$func_basename_result
+ eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
test -z "$libdir" && \
- func_fatal_error "\`$lib' is not a valid libtool archive"
+ func_fatal_error "'$lib' is not a valid libtool archive"
func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name"
;;
*) func_append newdlfiles " $lib" ;;
esac
done
- dlfiles="$newdlfiles"
+ dlfiles=$newdlfiles
newdlprefiles=
for lib in $dlprefiles; do
case $lib in
@@ -9330,34 +10827,34 @@ EOF
# didn't already link the preopened objects directly into
# the library:
func_basename "$lib"
- name="$func_basename_result"
- eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ name=$func_basename_result
+ eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
test -z "$libdir" && \
- func_fatal_error "\`$lib' is not a valid libtool archive"
+ func_fatal_error "'$lib' is not a valid libtool archive"
func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name"
;;
esac
done
- dlprefiles="$newdlprefiles"
+ dlprefiles=$newdlprefiles
else
newdlfiles=
for lib in $dlfiles; do
case $lib in
- [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;;
*) abs=`pwd`"/$lib" ;;
esac
func_append newdlfiles " $abs"
done
- dlfiles="$newdlfiles"
+ dlfiles=$newdlfiles
newdlprefiles=
for lib in $dlprefiles; do
case $lib in
- [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;;
*) abs=`pwd`"/$lib" ;;
esac
func_append newdlprefiles " $abs"
done
- dlprefiles="$newdlprefiles"
+ dlprefiles=$newdlprefiles
fi
$RM $output
# place dlname in correct position for cygwin
@@ -9373,10 +10870,9 @@ EOF
case $host,$output,$installed,$module,$dlname in
*cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll)
# If a -bindir argument was supplied, place the dll there.
- if test "x$bindir" != x ;
- then
+ if test -n "$bindir"; then
func_relative_path "$install_libdir" "$bindir"
- tdlname=$func_relative_path_result$dlname
+ tdlname=$func_relative_path_result/$dlname
else
# Otherwise fall back on heuristic.
tdlname=../bin/$dlname
@@ -9385,7 +10881,7 @@ EOF
esac
$ECHO > $output "\
# $outputname - a libtool library file
-# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
#
# Please DO NOT delete this file!
# It is necessary for linking the library.
@@ -9399,7 +10895,7 @@ library_names='$library_names'
# The name of the static archive.
old_library='$old_library'
-# Linker flags that can not go in dependency_libs.
+# Linker flags that cannot go in dependency_libs.
inherited_linker_flags='$new_inherited_linker_flags'
# Libraries that this one depends upon.
@@ -9425,7 +10921,7 @@ dlpreopen='$dlprefiles'
# Directory that this library needs to be installed in:
libdir='$install_libdir'"
- if test "$installed" = no && test "$need_relink" = yes; then
+ if test no,yes = "$installed,$need_relink"; then
$ECHO >> $output "\
relink_command=\"$relink_command\""
fi
@@ -9440,27 +10936,29 @@ relink_command=\"$relink_command\""
exit $EXIT_SUCCESS
}
-{ test "$opt_mode" = link || test "$opt_mode" = relink; } &&
- func_mode_link ${1+"$@"}
+if test link = "$opt_mode" || test relink = "$opt_mode"; then
+ func_mode_link ${1+"$@"}
+fi
# func_mode_uninstall arg...
func_mode_uninstall ()
{
- $opt_debug
- RM="$nonopt"
+ $debug_cmd
+
+ RM=$nonopt
files=
- rmforce=
+ rmforce=false
exit_status=0
# This variable tells wrapper scripts just to set variables rather
# than running their programs.
- libtool_install_magic="$magic"
+ libtool_install_magic=$magic
for arg
do
case $arg in
- -f) func_append RM " $arg"; rmforce=yes ;;
+ -f) func_append RM " $arg"; rmforce=: ;;
-*) func_append RM " $arg" ;;
*) func_append files " $arg" ;;
esac
@@ -9473,18 +10971,18 @@ func_mode_uninstall ()
for file in $files; do
func_dirname "$file" "" "."
- dir="$func_dirname_result"
- if test "X$dir" = X.; then
- odir="$objdir"
+ dir=$func_dirname_result
+ if test . = "$dir"; then
+ odir=$objdir
else
- odir="$dir/$objdir"
+ odir=$dir/$objdir
fi
func_basename "$file"
- name="$func_basename_result"
- test "$opt_mode" = uninstall && odir="$dir"
+ name=$func_basename_result
+ test uninstall = "$opt_mode" && odir=$dir
# Remember odir for removal later, being careful to avoid duplicates
- if test "$opt_mode" = clean; then
+ if test clean = "$opt_mode"; then
case " $rmdirs " in
*" $odir "*) ;;
*) func_append rmdirs " $odir" ;;
@@ -9499,11 +10997,11 @@ func_mode_uninstall ()
elif test -d "$file"; then
exit_status=1
continue
- elif test "$rmforce" = yes; then
+ elif $rmforce; then
continue
fi
- rmfiles="$file"
+ rmfiles=$file
case $name in
*.la)
@@ -9517,7 +11015,7 @@ func_mode_uninstall ()
done
test -n "$old_library" && func_append rmfiles " $odir/$old_library"
- case "$opt_mode" in
+ case $opt_mode in
clean)
case " $library_names " in
*" $dlname "*) ;;
@@ -9528,12 +11026,12 @@ func_mode_uninstall ()
uninstall)
if test -n "$library_names"; then
# Do each command in the postuninstall commands.
- func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+ func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1'
fi
if test -n "$old_library"; then
# Do each command in the old_postuninstall commands.
- func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+ func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1'
fi
# FIXME: should reinstall the best remaining shared library.
;;
@@ -9549,21 +11047,19 @@ func_mode_uninstall ()
func_source $dir/$name
# Add PIC object to the list of files to remove.
- if test -n "$pic_object" &&
- test "$pic_object" != none; then
+ if test -n "$pic_object" && test none != "$pic_object"; then
func_append rmfiles " $dir/$pic_object"
fi
# Add non-PIC object to the list of files to remove.
- if test -n "$non_pic_object" &&
- test "$non_pic_object" != none; then
+ if test -n "$non_pic_object" && test none != "$non_pic_object"; then
func_append rmfiles " $dir/$non_pic_object"
fi
fi
;;
*)
- if test "$opt_mode" = clean ; then
+ if test clean = "$opt_mode"; then
noexename=$name
case $file in
*.exe)
@@ -9590,12 +11086,12 @@ func_mode_uninstall ()
# note $name still contains .exe if it was in $file originally
# as does the version of $file that was added into $rmfiles
- func_append rmfiles " $odir/$name $odir/${name}S.${objext}"
- if test "$fast_install" = yes && test -n "$relink_command"; then
+ func_append rmfiles " $odir/$name $odir/${name}S.$objext"
+ if test yes = "$fast_install" && test -n "$relink_command"; then
func_append rmfiles " $odir/lt-$name"
fi
- if test "X$noexename" != "X$name" ; then
- func_append rmfiles " $odir/lt-${noexename}.c"
+ if test "X$noexename" != "X$name"; then
+ func_append rmfiles " $odir/lt-$noexename.c"
fi
fi
fi
@@ -9604,7 +11100,7 @@ func_mode_uninstall ()
func_show_eval "$RM $rmfiles" 'exit_status=1'
done
- # Try to remove the ${objdir}s in the directories where we deleted files
+ # Try to remove the $objdir's in the directories where we deleted files
for dir in $rmdirs; do
if test -d "$dir"; then
func_show_eval "rmdir $dir >/dev/null 2>&1"
@@ -9614,16 +11110,17 @@ func_mode_uninstall ()
exit $exit_status
}
-{ test "$opt_mode" = uninstall || test "$opt_mode" = clean; } &&
- func_mode_uninstall ${1+"$@"}
+if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then
+ func_mode_uninstall ${1+"$@"}
+fi
test -z "$opt_mode" && {
- help="$generic_help"
+ help=$generic_help
func_fatal_help "you must specify a MODE"
}
test -z "$exec_cmd" && \
- func_fatal_help "invalid operation mode \`$opt_mode'"
+ func_fatal_help "invalid operation mode '$opt_mode'"
if test -n "$exec_cmd"; then
eval exec "$exec_cmd"
@@ -9634,7 +11131,7 @@ exit $exit_status
# The TAGs below are defined such that we never get into a situation
-# in which we disable both kinds of libraries. Given conflicting
+# where we disable both kinds of libraries. Given conflicting
# choices, we go for a static library, that is the most portable,
# since we can't tell whether shared libraries were disabled because
# the user asked for that or because the platform doesn't support
@@ -9657,5 +11154,3 @@ build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
# mode:shell-script
# sh-indentation:2
# End:
-# vi:sw=2
-
diff --git a/m4/config/libtool.m4 b/m4/config/libtool.m4
index 02b4bbe..10ab284 100644
--- a/m4/config/libtool.m4
+++ b/m4/config/libtool.m4
@@ -1,8 +1,6 @@
# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
#
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
-# Foundation, Inc.
+# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is free software; the Free Software Foundation gives
@@ -10,36 +8,30 @@
# modifications, as long as this notice is preserved.
m4_define([_LT_COPYING], [dnl
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
-# Foundation, Inc.
-# Written by Gordon Matzigkeit, 1996
-#
-# This file is part of GNU Libtool.
-#
-# GNU Libtool is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
+# Copyright (C) 2014 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions. There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of of the License, or
+# (at your option) any later version.
#
-# As a special exception to the GNU General Public License,
-# if you distribute this file as part of a program or library that
-# is built using GNU Libtool, you may include this file under the
-# same distribution terms that you use for the rest of that program.
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program or library that is built
+# using GNU Libtool, you may include this file under the same
+# distribution terms that you use for the rest of that program.
#
-# GNU Libtool is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with GNU Libtool; see the file COPYING. If not, a copy
-# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
-# obtained by writing to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
])
-# serial 57 LT_INIT
+# serial 58 LT_INIT
# LT_PREREQ(VERSION)
@@ -67,7 +59,7 @@ esac
# LT_INIT([OPTIONS])
# ------------------
AC_DEFUN([LT_INIT],
-[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT
+[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
AC_BEFORE([$0], [LT_LANG])dnl
AC_BEFORE([$0], [LT_OUTPUT])dnl
@@ -91,7 +83,7 @@ dnl Parse OPTIONS
_LT_SET_OPTIONS([$0], [$1])
# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS="$ltmain"
+LIBTOOL_DEPS=$ltmain
# Always use our own libtool.
LIBTOOL='$(SHELL) $(top_builddir)/libtool'
@@ -111,26 +103,43 @@ dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
+# _LT_PREPARE_CC_BASENAME
+# -----------------------
+m4_defun([_LT_PREPARE_CC_BASENAME], [
+# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+func_cc_basename ()
+{
+ for cc_temp in @S|@*""; do
+ case $cc_temp in
+ compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
+ distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+ done
+ func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
+}
+])# _LT_PREPARE_CC_BASENAME
+
+
# _LT_CC_BASENAME(CC)
# -------------------
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME,
+# but that macro is also expanded into generated libtool script, which
+# arranges for $SED and $ECHO to be set by different means.
m4_defun([_LT_CC_BASENAME],
-[for cc_temp in $1""; do
- case $cc_temp in
- compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
- distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
- \-*) ;;
- *) break;;
- esac
-done
-cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
+[m4_require([_LT_PREPARE_CC_BASENAME])dnl
+AC_REQUIRE([_LT_DECL_SED])dnl
+AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
+func_cc_basename $1
+cc_basename=$func_cc_basename_result
])
# _LT_FILEUTILS_DEFAULTS
# ----------------------
# It is okay to use these file commands and assume they have been set
-# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'.
+# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'.
m4_defun([_LT_FILEUTILS_DEFAULTS],
[: ${CP="cp -f"}
: ${MV="mv -f"}
@@ -177,15 +186,16 @@ m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
m4_require([_LT_CMD_OLD_ARCHIVE])dnl
m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
m4_require([_LT_WITH_SYSROOT])dnl
+m4_require([_LT_CMD_TRUNCATE])dnl
_LT_CONFIG_LIBTOOL_INIT([
-# See if we are running on zsh, and set the options which allow our
+# See if we are running on zsh, and set the options that allow our
# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}" ; then
+if test -n "\${ZSH_VERSION+set}"; then
setopt NO_GLOB_SUBST
fi
])
-if test -n "${ZSH_VERSION+set}" ; then
+if test -n "${ZSH_VERSION+set}"; then
setopt NO_GLOB_SUBST
fi
@@ -198,7 +208,7 @@ aix3*)
# AIX sometimes has problems with the GCC collect2 program. For some
# reason, if we set the COLLECT_NAMES environment variable, the problems
# vanish in a puff of smoke.
- if test "X${COLLECT_NAMES+set}" != Xset; then
+ if test set != "${COLLECT_NAMES+set}"; then
COLLECT_NAMES=
export COLLECT_NAMES
fi
@@ -209,14 +219,14 @@ esac
ofile=libtool
can_build_shared=yes
-# All known linkers require a `.a' archive for static linking (except MSVC,
+# All known linkers require a '.a' archive for static linking (except MSVC,
# which needs '.lib').
libext=a
-with_gnu_ld="$lt_cv_prog_gnu_ld"
+with_gnu_ld=$lt_cv_prog_gnu_ld
-old_CC="$CC"
-old_CFLAGS="$CFLAGS"
+old_CC=$CC
+old_CFLAGS=$CFLAGS
# Set sane defaults for various variables
test -z "$CC" && CC=cc
@@ -269,14 +279,14 @@ no_glob_subst='s/\*/\\\*/g'
# _LT_PROG_LTMAIN
# ---------------
-# Note that this code is called both from `configure', and `config.status'
+# Note that this code is called both from 'configure', and 'config.status'
# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably,
-# `config.status' has no value for ac_aux_dir unless we are using Automake,
+# 'config.status' has no value for ac_aux_dir unless we are using Automake,
# so we pass a copy along to make sure it has a sensible value anyway.
m4_defun([_LT_PROG_LTMAIN],
[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
-ltmain="$ac_aux_dir/ltmain.sh"
+ltmain=$ac_aux_dir/ltmain.sh
])# _LT_PROG_LTMAIN
@@ -286,7 +296,7 @@ ltmain="$ac_aux_dir/ltmain.sh"
# So that we can recreate a full libtool script including additional
# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
-# in macros and then make a single call at the end using the `libtool'
+# in macros and then make a single call at the end using the 'libtool'
# label.
@@ -421,8 +431,8 @@ m4_define([_lt_decl_all_varnames],
# _LT_CONFIG_STATUS_DECLARE([VARNAME])
# ------------------------------------
-# Quote a variable value, and forward it to `config.status' so that its
-# declaration there will have the same value as in `configure'. VARNAME
+# Quote a variable value, and forward it to 'config.status' so that its
+# declaration there will have the same value as in 'configure'. VARNAME
# must have a single quote delimited value for this to work.
m4_define([_LT_CONFIG_STATUS_DECLARE],
[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
@@ -446,7 +456,7 @@ m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
# Output comment and list of tags supported by the script
m4_defun([_LT_LIBTOOL_TAGS],
[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
-available_tags="_LT_TAGS"dnl
+available_tags='_LT_TAGS'dnl
])
@@ -474,7 +484,7 @@ m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
# _LT_LIBTOOL_CONFIG_VARS
# -----------------------
# Produce commented declarations of non-tagged libtool config variables
-# suitable for insertion in the LIBTOOL CONFIG section of the `libtool'
+# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool'
# script. Tagged libtool config variables (even for the LIBTOOL CONFIG
# section) are produced by _LT_LIBTOOL_TAG_VARS.
m4_defun([_LT_LIBTOOL_CONFIG_VARS],
@@ -500,8 +510,8 @@ m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of
# variables for single and double quote escaping we saved from calls
# to _LT_DECL, we can put quote escaped variables declarations
-# into `config.status', and then the shell code to quote escape them in
-# for loops in `config.status'. Finally, any additional code accumulated
+# into 'config.status', and then the shell code to quote escape them in
+# for loops in 'config.status'. Finally, any additional code accumulated
# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
m4_defun([_LT_CONFIG_COMMANDS],
[AC_PROVIDE_IFELSE([LT_OUTPUT],
@@ -547,7 +557,7 @@ for var in lt_decl_all_varnames([[ \
]], lt_decl_quote_varnames); do
case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
*[[\\\\\\\`\\"\\\$]]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
;;
*)
eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
@@ -560,7 +570,7 @@ for var in lt_decl_all_varnames([[ \
]], lt_decl_dquote_varnames); do
case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
*[[\\\\\\\`\\"\\\$]]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
;;
*)
eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
@@ -576,7 +586,7 @@ _LT_OUTPUT_LIBTOOL_INIT
# Generate a child script FILE with all initialization necessary to
# reuse the environment learned by the parent script, and make the
# file executable. If COMMENT is supplied, it is inserted after the
-# `#!' sequence but before initialization text begins. After this
+# '#!' sequence but before initialization text begins. After this
# macro, additional text can be appended to FILE to form the body of
# the child script. The macro ends with non-zero status if the
# file could not be fully written (such as if the disk is full).
@@ -598,7 +608,7 @@ AS_SHELL_SANITIZE
_AS_PREPARE
exec AS_MESSAGE_FD>&1
_ASEOF
-test $lt_write_fail = 0 && chmod +x $1[]dnl
+test 0 = "$lt_write_fail" && chmod +x $1[]dnl
m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
# LT_OUTPUT
@@ -621,7 +631,7 @@ exec AS_MESSAGE_LOG_FD>>config.log
} >&AS_MESSAGE_LOG_FD
lt_cl_help="\
-\`$as_me' creates a local libtool stub from the current configuration,
+'$as_me' creates a local libtool stub from the current configuration,
for use in further configure time tests before the real libtool is
generated.
@@ -643,7 +653,7 @@ Copyright (C) 2011 Free Software Foundation, Inc.
This config.lt script is free software; the Free Software Foundation
gives unlimited permision to copy, distribute and modify it."
-while test $[#] != 0
+while test 0 != $[#]
do
case $[1] in
--version | --v* | -V )
@@ -656,10 +666,10 @@ do
lt_cl_silent=: ;;
-*) AC_MSG_ERROR([unrecognized option: $[1]
-Try \`$[0] --help' for more information.]) ;;
+Try '$[0] --help' for more information.]) ;;
*) AC_MSG_ERROR([unrecognized argument: $[1]
-Try \`$[0] --help' for more information.]) ;;
+Try '$[0] --help' for more information.]) ;;
esac
shift
done
@@ -685,7 +695,7 @@ chmod +x "$CONFIG_LT"
# open by configure. Here we exec the FD to /dev/null, effectively closing
# config.log, so it can be properly (re)opened and appended to by config.lt.
lt_cl_success=:
-test "$silent" = yes &&
+test yes = "$silent" &&
lt_config_lt_args="$lt_config_lt_args --quiet"
exec AS_MESSAGE_LOG_FD>/dev/null
$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
@@ -705,27 +715,31 @@ m4_defun([_LT_CONFIG],
_LT_CONFIG_SAVE_COMMANDS([
m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
m4_if(_LT_TAG, [C], [
- # See if we are running on zsh, and set the options which allow our
+ # See if we are running on zsh, and set the options that allow our
# commands through without removal of \ escapes.
- if test -n "${ZSH_VERSION+set}" ; then
+ if test -n "${ZSH_VERSION+set}"; then
setopt NO_GLOB_SUBST
fi
- cfgfile="${ofile}T"
+ cfgfile=${ofile}T
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
$RM "$cfgfile"
cat <<_LT_EOF >> "$cfgfile"
#! $SHELL
-
-# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
-# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Generated automatically by $as_me ($PACKAGE) $VERSION
# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-#
+
+# Provide generalized library-building support services.
+# Written by Gordon Matzigkeit, 1996
+
_LT_COPYING
_LT_LIBTOOL_TAGS
+# Configured defaults for sys_lib_dlsearch_path munging.
+: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
+
# ### BEGIN LIBTOOL CONFIG
_LT_LIBTOOL_CONFIG_VARS
_LT_LIBTOOL_TAG_VARS
@@ -733,13 +747,24 @@ _LT_LIBTOOL_TAG_VARS
_LT_EOF
+ cat <<'_LT_EOF' >> "$cfgfile"
+
+# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
+
+_LT_PREPARE_MUNGE_PATH_LIST
+_LT_PREPARE_CC_BASENAME
+
+# ### END FUNCTIONS SHARED WITH CONFIGURE
+
+_LT_EOF
+
case $host_os in
aix3*)
cat <<\_LT_EOF >> "$cfgfile"
# AIX sometimes has problems with the GCC collect2 program. For some
# reason, if we set the COLLECT_NAMES environment variable, the problems
# vanish in a puff of smoke.
-if test "X${COLLECT_NAMES+set}" != Xset; then
+if test set != "${COLLECT_NAMES+set}"; then
COLLECT_NAMES=
export COLLECT_NAMES
fi
@@ -756,8 +781,6 @@ _LT_EOF
sed '$q' "$ltmain" >> "$cfgfile" \
|| (rm -f "$cfgfile"; exit 1)
- _LT_PROG_REPLACE_SHELLFNS
-
mv -f "$cfgfile" "$ofile" ||
(rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
chmod +x "$ofile"
@@ -775,7 +798,6 @@ _LT_EOF
[m4_if([$1], [], [
PACKAGE='$PACKAGE'
VERSION='$VERSION'
- TIMESTAMP='$TIMESTAMP'
RM='$RM'
ofile='$ofile'], [])
])dnl /_LT_CONFIG_SAVE_COMMANDS
@@ -974,7 +996,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
[lt_cv_apple_cc_single_mod=no
- if test -z "${LT_MULTI_MODULE}"; then
+ if test -z "$LT_MULTI_MODULE"; then
# By default we will add the -single_module flag. You can override
# by either setting the environment variable LT_MULTI_MODULE
# non-empty at configure time, or by adding -multi_module to the
@@ -992,7 +1014,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
cat conftest.err >&AS_MESSAGE_LOG_FD
# Otherwise, if the output was created with a 0 exit code from
# the compiler, it worked.
- elif test -f libconftest.dylib && test $_lt_result -eq 0; then
+ elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
lt_cv_apple_cc_single_mod=yes
else
cat conftest.err >&AS_MESSAGE_LOG_FD
@@ -1010,7 +1032,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
[lt_cv_ld_exported_symbols_list=yes],
[lt_cv_ld_exported_symbols_list=no])
- LDFLAGS="$save_LDFLAGS"
+ LDFLAGS=$save_LDFLAGS
])
AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
@@ -1032,7 +1054,7 @@ _LT_EOF
_lt_result=$?
if test -s conftest.err && $GREP force_load conftest.err; then
cat conftest.err >&AS_MESSAGE_LOG_FD
- elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then
+ elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
lt_cv_ld_force_load=yes
else
cat conftest.err >&AS_MESSAGE_LOG_FD
@@ -1042,32 +1064,32 @@ _LT_EOF
])
case $host_os in
rhapsody* | darwin1.[[012]])
- _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+ _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
darwin1.*)
- _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
darwin*) # darwin 5.x on
# if running on 10.5 or later, the deployment target defaults
# to the OS version, if on x86, and 10.4, the deployment
# target defaults to 10.4. Don't you love it?
case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
- _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
- 10.[[012]]*)
- _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+ 10.[[012]][[,.]]*)
+ _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
10.*)
- _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
esac
;;
esac
- if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+ if test yes = "$lt_cv_apple_cc_single_mod"; then
_lt_dar_single_mod='$single_module'
fi
- if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
- _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+ if test yes = "$lt_cv_ld_exported_symbols_list"; then
+ _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
else
- _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
fi
- if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then
+ if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
_lt_dsymutil='~$DSYMUTIL $lib || :'
else
_lt_dsymutil=
@@ -1087,29 +1109,29 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_automatic, $1)=yes
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
- if test "$lt_cv_ld_force_load" = "yes"; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+ if test yes = "$lt_cv_ld_force_load"; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
[FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes])
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=''
fi
_LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined"
+ _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined
case $cc_basename in
- ifort*) _lt_dar_can_shared=yes ;;
+ ifort*|nagfor*) _lt_dar_can_shared=yes ;;
*) _lt_dar_can_shared=$GCC ;;
esac
- if test "$_lt_dar_can_shared" = "yes"; then
+ if test yes = "$_lt_dar_can_shared"; then
output_verbose_link_cmd=func_echo_all
- _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
- _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
- _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
- _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+ _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
+ _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+ _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
m4_if([$1], [CXX],
-[ if test "$lt_cv_apple_cc_single_mod" != "yes"; then
- _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}"
- _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}"
+[ if test yes != "$lt_cv_apple_cc_single_mod"; then
+ _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
fi
],[])
else
@@ -1129,7 +1151,7 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
# Allow to override them for all tags through lt_cv_aix_libpath.
m4_defun([_LT_SYS_MODULE_PATH_AIX],
[m4_require([_LT_DECL_SED])dnl
-if test "${lt_cv_aix_libpath+set}" = set; then
+if test set = "${lt_cv_aix_libpath+set}"; then
aix_libpath=$lt_cv_aix_libpath
else
AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
@@ -1147,7 +1169,7 @@ else
_LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
fi],[])
if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
- _LT_TAGVAR([lt_cv_aix_libpath_], [$1])="/usr/lib:/lib"
+ _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib
fi
])
aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
@@ -1167,8 +1189,8 @@ m4_define([_LT_SHELL_INIT],
# -----------------------
# Find how we can fake an echo command that does not interpret backslash.
# In particular, with Autoconf 2.60 or later we add some code to the start
-# of the generated configure script which will find a shell with a builtin
-# printf (which we can use as an echo command).
+# of the generated configure script that will find a shell with a builtin
+# printf (that we can use as an echo command).
m4_defun([_LT_PROG_ECHO_BACKSLASH],
[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
@@ -1196,10 +1218,10 @@ fi
# Invoke $ECHO with all args, space-separated.
func_echo_all ()
{
- $ECHO "$*"
+ $ECHO "$*"
}
-case "$ECHO" in
+case $ECHO in
printf*) AC_MSG_RESULT([printf]) ;;
print*) AC_MSG_RESULT([print -r]) ;;
*) AC_MSG_RESULT([cat]) ;;
@@ -1225,16 +1247,17 @@ _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
AC_DEFUN([_LT_WITH_SYSROOT],
[AC_MSG_CHECKING([for sysroot])
AC_ARG_WITH([sysroot],
-[ --with-sysroot[=DIR] Search for dependent libraries within DIR
- (or the compiler's sysroot if not specified).],
+[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
+ [Search for dependent libraries within DIR (or the compiler's sysroot
+ if not specified).])],
[], [with_sysroot=no])
dnl lt_sysroot will always be passed unquoted. We quote it here
dnl in case the user passed a directory name.
lt_sysroot=
-case ${with_sysroot} in #(
+case $with_sysroot in #(
yes)
- if test "$GCC" = yes; then
+ if test yes = "$GCC"; then
lt_sysroot=`$CC --print-sysroot 2>/dev/null`
fi
;; #(
@@ -1244,14 +1267,14 @@ case ${with_sysroot} in #(
no|'')
;; #(
*)
- AC_MSG_RESULT([${with_sysroot}])
+ AC_MSG_RESULT([$with_sysroot])
AC_MSG_ERROR([The sysroot must be an absolute path.])
;;
esac
AC_MSG_RESULT([${lt_sysroot:-no}])
_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
-[dependent libraries, and in which our libraries should be installed.])])
+[dependent libraries, and where our libraries should be installed.])])
# _LT_ENABLE_LOCK
# ---------------
@@ -1259,31 +1282,33 @@ m4_defun([_LT_ENABLE_LOCK],
[AC_ARG_ENABLE([libtool-lock],
[AS_HELP_STRING([--disable-libtool-lock],
[avoid locking (might break parallel builds)])])
-test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+test no = "$enable_libtool_lock" || enable_libtool_lock=yes
# Some flags need to be propagated to the compiler or linker for good
# libtool support.
case $host in
ia64-*-hpux*)
- # Find out which ABI we are using.
+ # Find out what ABI is being produced by ac_compile, and set mode
+ # options accordingly.
echo 'int i;' > conftest.$ac_ext
if AC_TRY_EVAL(ac_compile); then
case `/usr/bin/file conftest.$ac_objext` in
*ELF-32*)
- HPUX_IA64_MODE="32"
+ HPUX_IA64_MODE=32
;;
*ELF-64*)
- HPUX_IA64_MODE="64"
+ HPUX_IA64_MODE=64
;;
esac
fi
rm -rf conftest*
;;
*-*-irix6*)
- # Find out which ABI we are using.
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly.
echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
if AC_TRY_EVAL(ac_compile); then
- if test "$lt_cv_prog_gnu_ld" = yes; then
+ if test yes = "$lt_cv_prog_gnu_ld"; then
case `/usr/bin/file conftest.$ac_objext` in
*32-bit*)
LD="${LD-ld} -melf32bsmip"
@@ -1312,9 +1337,46 @@ ia64-*-hpux*)
rm -rf conftest*
;;
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+mips64*-*linux*)
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly.
+ echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ emul=elf
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ emul="${emul}32"
+ ;;
+ *64-bit*)
+ emul="${emul}64"
+ ;;
+ esac
+ case `/usr/bin/file conftest.$ac_objext` in
+ *MSB*)
+ emul="${emul}btsmip"
+ ;;
+ *LSB*)
+ emul="${emul}ltsmip"
+ ;;
+ esac
+ case `/usr/bin/file conftest.$ac_objext` in
+ *N32*)
+ emul="${emul}n32"
+ ;;
+ esac
+ LD="${LD-ld} -m $emul"
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
- # Find out which ABI we are using.
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly. Note that the listed cases only cover the
+ # situations where additional linker options are needed (such as when
+ # doing 32-bit compilation for a host where ld defaults to 64-bit, or
+ # vice versa); the common cases where no linker options are needed do
+ # not appear in the list.
echo 'int i;' > conftest.$ac_ext
if AC_TRY_EVAL(ac_compile); then
case `/usr/bin/file conftest.o` in
@@ -1333,7 +1395,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
;;
esac
;;
- ppc64-*linux*|powerpc64-*linux*)
+ powerpc64le-*linux*)
+ LD="${LD-ld} -m elf32lppclinux"
+ ;;
+ powerpc64-*linux*)
LD="${LD-ld} -m elf32ppclinux"
;;
s390x-*linux*)
@@ -1352,7 +1417,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
x86_64-*linux*)
LD="${LD-ld} -m elf_x86_64"
;;
- ppc*-*linux*|powerpc*-*linux*)
+ powerpcle-*linux*)
+ LD="${LD-ld} -m elf64lppc"
+ ;;
+ powerpc-*linux*)
LD="${LD-ld} -m elf64ppc"
;;
s390*-*linux*|s390*-*tpf*)
@@ -1370,19 +1438,20 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
*-*-sco3.2v5*)
# On SCO OpenServer 5, we need -belf to get full-featured binaries.
- SAVE_CFLAGS="$CFLAGS"
+ SAVE_CFLAGS=$CFLAGS
CFLAGS="$CFLAGS -belf"
AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
[AC_LANG_PUSH(C)
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
AC_LANG_POP])
- if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ if test yes != "$lt_cv_cc_needs_belf"; then
# this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
- CFLAGS="$SAVE_CFLAGS"
+ CFLAGS=$SAVE_CFLAGS
fi
;;
*-*solaris*)
- # Find out which ABI we are using.
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly.
echo 'int i;' > conftest.$ac_ext
if AC_TRY_EVAL(ac_compile); then
case `/usr/bin/file conftest.o` in
@@ -1390,7 +1459,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
case $lt_cv_prog_gnu_ld in
yes*)
case $host in
- i?86-*-solaris*)
+ i?86-*-solaris*|x86_64-*-solaris*)
LD="${LD-ld} -m elf_x86_64"
;;
sparc*-*-solaris*)
@@ -1399,7 +1468,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
esac
# GNU ld 2.21 introduced _sol2 emulations. Use them if available.
if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
- LD="${LD-ld}_sol2"
+ LD=${LD-ld}_sol2
fi
;;
*)
@@ -1415,7 +1484,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
;;
esac
-need_locks="$enable_libtool_lock"
+need_locks=$enable_libtool_lock
])# _LT_ENABLE_LOCK
@@ -1434,11 +1503,11 @@ AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
[echo conftest.$ac_objext > conftest.lst
lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
AC_TRY_EVAL([lt_ar_try])
- if test "$ac_status" -eq 0; then
+ if test 0 -eq "$ac_status"; then
# Ensure the archiver fails upon bogus file names.
rm -f conftest.$ac_objext libconftest.a
AC_TRY_EVAL([lt_ar_try])
- if test "$ac_status" -ne 0; then
+ if test 0 -ne "$ac_status"; then
lt_cv_ar_at_file=@
fi
fi
@@ -1446,7 +1515,7 @@ AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
])
])
-if test "x$lt_cv_ar_at_file" = xno; then
+if test no = "$lt_cv_ar_at_file"; then
archiver_list_spec=
else
archiver_list_spec=$lt_cv_ar_at_file
@@ -1477,7 +1546,7 @@ old_postuninstall_cmds=
if test -n "$RANLIB"; then
case $host_os in
- openbsd*)
+ bitrig* | openbsd*)
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
;;
*)
@@ -1513,7 +1582,7 @@ AC_CACHE_CHECK([$1], [$2],
[$2=no
m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$3"
+ lt_compiler_flag="$3" ## exclude from sc_useless_quotes_in_assignment
# Insert the option either (1) after the last *FLAGS variable, or
# (2) before a word containing "conftest.", or (3) at the end.
# Note that $ac_compile itself does not contain backslashes and begins
@@ -1540,7 +1609,7 @@ AC_CACHE_CHECK([$1], [$2],
$RM conftest*
])
-if test x"[$]$2" = xyes; then
+if test yes = "[$]$2"; then
m4_if([$5], , :, [$5])
else
m4_if([$6], , :, [$6])
@@ -1562,7 +1631,7 @@ AC_DEFUN([_LT_LINKER_OPTION],
m4_require([_LT_DECL_SED])dnl
AC_CACHE_CHECK([$1], [$2],
[$2=no
- save_LDFLAGS="$LDFLAGS"
+ save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS $3"
echo "$lt_simple_link_test_code" > conftest.$ac_ext
if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
@@ -1581,10 +1650,10 @@ AC_CACHE_CHECK([$1], [$2],
fi
fi
$RM -r conftest*
- LDFLAGS="$save_LDFLAGS"
+ LDFLAGS=$save_LDFLAGS
])
-if test x"[$]$2" = xyes; then
+if test yes = "[$]$2"; then
m4_if([$4], , :, [$4])
else
m4_if([$5], , :, [$5])
@@ -1605,7 +1674,7 @@ AC_DEFUN([LT_CMD_MAX_LEN],
AC_MSG_CHECKING([the maximum length of command line arguments])
AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
i=0
- teststring="ABCD"
+ teststring=ABCD
case $build_os in
msdosdjgpp*)
@@ -1645,7 +1714,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
lt_cv_sys_max_cmd_len=8192;
;;
- netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
# This has been around since 386BSD, at least. Likely further.
if test -x /sbin/sysctl; then
lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
@@ -1696,22 +1765,22 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
*)
lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
if test -n "$lt_cv_sys_max_cmd_len" && \
- test undefined != "$lt_cv_sys_max_cmd_len"; then
+ test undefined != "$lt_cv_sys_max_cmd_len"; then
lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
else
# Make teststring a little bigger before we do anything with it.
# a 1K string should be a reasonable start.
- for i in 1 2 3 4 5 6 7 8 ; do
+ for i in 1 2 3 4 5 6 7 8; do
teststring=$teststring$teststring
done
SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
# If test is not a shell built-in, we'll probably end up computing a
# maximum length that is only half of the actual maximum length, but
# we can't tell.
- while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \
+ while { test X`env echo "$teststring$teststring" 2>/dev/null` \
= "X$teststring$teststring"; } >/dev/null 2>&1 &&
- test $i != 17 # 1/2 MB should be enough
+ test 17 != "$i" # 1/2 MB should be enough
do
i=`expr $i + 1`
teststring=$teststring$teststring
@@ -1727,7 +1796,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
;;
esac
])
-if test -n $lt_cv_sys_max_cmd_len ; then
+if test -n "$lt_cv_sys_max_cmd_len"; then
AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
else
AC_MSG_RESULT(none)
@@ -1755,7 +1824,7 @@ m4_defun([_LT_HEADER_DLFCN],
# ----------------------------------------------------------------
m4_defun([_LT_TRY_DLOPEN_SELF],
[m4_require([_LT_HEADER_DLFCN])dnl
-if test "$cross_compiling" = yes; then :
+if test yes = "$cross_compiling"; then :
[$4]
else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
@@ -1802,9 +1871,9 @@ else
# endif
#endif
-/* When -fvisbility=hidden is used, assume the code has been annotated
+/* When -fvisibility=hidden is used, assume the code has been annotated
correspondingly for the symbols needed. */
-#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
int fnord () __attribute__((visibility("default")));
#endif
@@ -1830,7 +1899,7 @@ int main ()
return status;
}]
_LT_EOF
- if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
+ if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
(./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
lt_status=$?
case x$lt_status in
@@ -1851,7 +1920,7 @@ rm -fr conftest*
# ------------------
AC_DEFUN([LT_SYS_DLOPEN_SELF],
[m4_require([_LT_HEADER_DLFCN])dnl
-if test "x$enable_dlopen" != xyes; then
+if test yes != "$enable_dlopen"; then
enable_dlopen=unknown
enable_dlopen_self=unknown
enable_dlopen_self_static=unknown
@@ -1861,44 +1930,52 @@ else
case $host_os in
beos*)
- lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen=load_add_on
lt_cv_dlopen_libs=
lt_cv_dlopen_self=yes
;;
mingw* | pw32* | cegcc*)
- lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen=LoadLibrary
lt_cv_dlopen_libs=
;;
cygwin*)
- lt_cv_dlopen="dlopen"
+ lt_cv_dlopen=dlopen
lt_cv_dlopen_libs=
;;
darwin*)
- # if libdl is installed we need to link against it
+ # if libdl is installed we need to link against it
AC_CHECK_LIB([dl], [dlopen],
- [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[
- lt_cv_dlopen="dyld"
+ [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
+ lt_cv_dlopen=dyld
lt_cv_dlopen_libs=
lt_cv_dlopen_self=yes
])
;;
+ tpf*)
+ # Don't try to run any link tests for TPF. We know it's impossible
+ # because TPF is a cross-compiler, and we know how we open DSOs.
+ lt_cv_dlopen=dlopen
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=no
+ ;;
+
*)
AC_CHECK_FUNC([shl_load],
- [lt_cv_dlopen="shl_load"],
+ [lt_cv_dlopen=shl_load],
[AC_CHECK_LIB([dld], [shl_load],
- [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"],
+ [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
[AC_CHECK_FUNC([dlopen],
- [lt_cv_dlopen="dlopen"],
+ [lt_cv_dlopen=dlopen],
[AC_CHECK_LIB([dl], [dlopen],
- [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],
+ [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
[AC_CHECK_LIB([svld], [dlopen],
- [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
+ [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
[AC_CHECK_LIB([dld], [dld_link],
- [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"])
+ [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
])
])
])
@@ -1907,21 +1984,21 @@ else
;;
esac
- if test "x$lt_cv_dlopen" != xno; then
- enable_dlopen=yes
- else
+ if test no = "$lt_cv_dlopen"; then
enable_dlopen=no
+ else
+ enable_dlopen=yes
fi
case $lt_cv_dlopen in
dlopen)
- save_CPPFLAGS="$CPPFLAGS"
- test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+ save_CPPFLAGS=$CPPFLAGS
+ test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
- save_LDFLAGS="$LDFLAGS"
+ save_LDFLAGS=$LDFLAGS
wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
- save_LIBS="$LIBS"
+ save_LIBS=$LIBS
LIBS="$lt_cv_dlopen_libs $LIBS"
AC_CACHE_CHECK([whether a program can dlopen itself],
@@ -1931,7 +2008,7 @@ else
lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
])
- if test "x$lt_cv_dlopen_self" = xyes; then
+ if test yes = "$lt_cv_dlopen_self"; then
wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
lt_cv_dlopen_self_static, [dnl
@@ -1941,9 +2018,9 @@ else
])
fi
- CPPFLAGS="$save_CPPFLAGS"
- LDFLAGS="$save_LDFLAGS"
- LIBS="$save_LIBS"
+ CPPFLAGS=$save_CPPFLAGS
+ LDFLAGS=$save_LDFLAGS
+ LIBS=$save_LIBS
;;
esac
@@ -2035,8 +2112,8 @@ m4_defun([_LT_COMPILER_FILE_LOCKS],
m4_require([_LT_FILEUTILS_DEFAULTS])dnl
_LT_COMPILER_C_O([$1])
-hard_links="nottested"
-if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then
+hard_links=nottested
+if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then
# do not overwrite the value of need_locks provided by the user
AC_MSG_CHECKING([if we can lock with hard links])
hard_links=yes
@@ -2046,8 +2123,8 @@ if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" !=
ln conftest.a conftest.b 2>&5 || hard_links=no
ln conftest.a conftest.b 2>/dev/null && hard_links=no
AC_MSG_RESULT([$hard_links])
- if test "$hard_links" = no; then
- AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe])
+ if test no = "$hard_links"; then
+ AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe])
need_locks=warn
fi
else
@@ -2074,8 +2151,8 @@ objdir=$lt_cv_objdir
_LT_DECL([], [objdir], [0],
[The name of the directory that contains temporary libtool files])dnl
m4_pattern_allow([LT_OBJDIR])dnl
-AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/",
- [Define to the sub-directory in which libtool stores uninstalled libraries.])
+AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/",
+ [Define to the sub-directory where libtool stores uninstalled libraries.])
])# _LT_CHECK_OBJDIR
@@ -2087,15 +2164,15 @@ m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
_LT_TAGVAR(hardcode_action, $1)=
if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
test -n "$_LT_TAGVAR(runpath_var, $1)" ||
- test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then
+ test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then
# We can hardcode non-existent directories.
- if test "$_LT_TAGVAR(hardcode_direct, $1)" != no &&
+ if test no != "$_LT_TAGVAR(hardcode_direct, $1)" &&
# If the only mechanism to avoid hardcoding is shlibpath_var, we
# have to relink, otherwise we might link with an installed library
# when we should be linking with a yet-to-be-installed one
- ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no &&
- test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then
+ ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" &&
+ test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then
# Linking always hardcodes the temporary library directory.
_LT_TAGVAR(hardcode_action, $1)=relink
else
@@ -2109,12 +2186,12 @@ else
fi
AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
-if test "$_LT_TAGVAR(hardcode_action, $1)" = relink ||
- test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then
+if test relink = "$_LT_TAGVAR(hardcode_action, $1)" ||
+ test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then
# Fast installation is not supported
enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
- test "$enable_shared" = no; then
+elif test yes = "$shlibpath_overrides_runpath" ||
+ test no = "$enable_shared"; then
# Fast installation is not necessary
enable_fast_install=needless
fi
@@ -2138,7 +2215,7 @@ else
# FIXME - insert some real tests, host_os isn't really good enough
case $host_os in
darwin*)
- if test -n "$STRIP" ; then
+ if test -n "$STRIP"; then
striplib="$STRIP -x"
old_striplib="$STRIP -S"
AC_MSG_RESULT([yes])
@@ -2156,6 +2233,47 @@ _LT_DECL([], [striplib], [1])
])# _LT_CMD_STRIPLIB
+# _LT_PREPARE_MUNGE_PATH_LIST
+# ---------------------------
+# Make sure func_munge_path_list() is defined correctly.
+m4_defun([_LT_PREPARE_MUNGE_PATH_LIST],
+[[# func_munge_path_list VARIABLE PATH
+# -----------------------------------
+# VARIABLE is name of variable containing _space_ separated list of
+# directories to be munged by the contents of PATH, which is string
+# having a format:
+# "DIR[:DIR]:"
+# string "DIR[ DIR]" will be prepended to VARIABLE
+# ":DIR[:DIR]"
+# string "DIR[ DIR]" will be appended to VARIABLE
+# "DIRP[:DIRP]::[DIRA:]DIRA"
+# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
+# "DIRA[ DIRA]" will be appended to VARIABLE
+# "DIR[:DIR]"
+# VARIABLE will be replaced by "DIR[ DIR]"
+func_munge_path_list ()
+{
+ case x at S|@2 in
+ x)
+ ;;
+ *:)
+ eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
+ ;;
+ x:*)
+ eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
+ ;;
+ *::*)
+ eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
+ eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
+ ;;
+ *)
+ eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
+ ;;
+ esac
+}
+]])# _LT_PREPARE_PATH_LIST
+
+
# _LT_SYS_DYNAMIC_LINKER([TAG])
# -----------------------------
# PORTME Fill in your ld.so characteristics
@@ -2166,17 +2284,18 @@ m4_require([_LT_FILEUTILS_DEFAULTS])dnl
m4_require([_LT_DECL_OBJDUMP])dnl
m4_require([_LT_DECL_SED])dnl
m4_require([_LT_CHECK_SHELL_FEATURES])dnl
+m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl
AC_MSG_CHECKING([dynamic linker characteristics])
m4_if([$1],
[], [
-if test "$GCC" = yes; then
+if test yes = "$GCC"; then
case $host_os in
- darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
- *) lt_awk_arg="/^libraries:/" ;;
+ darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
+ *) lt_awk_arg='/^libraries:/' ;;
esac
case $host_os in
- mingw* | cegcc*) lt_sed_strip_eq="s,=\([[A-Za-z]]:\),\1,g" ;;
- *) lt_sed_strip_eq="s,=/,/,g" ;;
+ mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
+ *) lt_sed_strip_eq='s|=/|/|g' ;;
esac
lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
case $lt_search_path_spec in
@@ -2192,28 +2311,35 @@ if test "$GCC" = yes; then
;;
esac
# Ok, now we have the path, separated by spaces, we can step through it
- # and add multilib dir if necessary.
+ # and add multilib dir if necessary...
lt_tmp_lt_search_path_spec=
- lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ # ...but if some path component already ends with the multilib dir we assume
+ # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
+ case "$lt_multi_os_dir; $lt_search_path_spec " in
+ "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
+ lt_multi_os_dir=
+ ;;
+ esac
for lt_sys_path in $lt_search_path_spec; do
- if test -d "$lt_sys_path/$lt_multi_os_dir"; then
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
- else
+ if test -d "$lt_sys_path$lt_multi_os_dir"; then
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
+ elif test -n "$lt_multi_os_dir"; then
test -d "$lt_sys_path" && \
lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
fi
done
lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS=" "; FS="/|\n";} {
- lt_foo="";
- lt_count=0;
+BEGIN {RS = " "; FS = "/|\n";} {
+ lt_foo = "";
+ lt_count = 0;
for (lt_i = NF; lt_i > 0; lt_i--) {
if ($lt_i != "" && $lt_i != ".") {
if ($lt_i == "..") {
lt_count++;
} else {
if (lt_count == 0) {
- lt_foo="/" $lt_i lt_foo;
+ lt_foo = "/" $lt_i lt_foo;
} else {
lt_count--;
}
@@ -2227,7 +2353,7 @@ BEGIN {RS=" "; FS="/|\n";} {
# for these hosts.
case $host_os in
mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
- $SED 's,/\([[A-Za-z]]:\),\1,g'` ;;
+ $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
esac
sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
else
@@ -2236,7 +2362,7 @@ fi])
library_names_spec=
libname_spec='lib$name'
soname_spec=
-shrext_cmds=".so"
+shrext_cmds=.so
postinstall_cmds=
postuninstall_cmds=
finish_cmds=
@@ -2253,14 +2379,17 @@ hardcode_into_libs=no
# flags to be left without arguments
need_version=unknown
+AC_ARG_VAR([LT_SYS_LIBRARY_PATH],
+[User-defined run-time library search path.])
+
case $host_os in
aix3*)
version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
shlibpath_var=LIBPATH
# AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='${libname}${release}${shared_ext}$major'
+ soname_spec='$libname$release$shared_ext$major'
;;
aix[[4-9]]*)
@@ -2268,41 +2397,91 @@ aix[[4-9]]*)
need_lib_prefix=no
need_version=no
hardcode_into_libs=yes
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# AIX 5 supports IA64
- library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
shlibpath_var=LD_LIBRARY_PATH
else
# With GCC up to 2.95.x, collect2 would create an import file
# for dependence libraries. The import file would start with
- # the line `#! .'. This would cause the generated library to
- # depend on `.', always an invalid library. This was fixed in
+ # the line '#! .'. This would cause the generated library to
+ # depend on '.', always an invalid library. This was fixed in
# development snapshots of GCC prior to 3.0.
case $host_os in
aix4 | aix4.[[01]] | aix4.[[01]].*)
if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
echo ' yes '
- echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+ echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
:
else
can_build_shared=no
fi
;;
esac
- # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # Using Import Files as archive members, it is possible to support
+ # filename-based versioning of shared library archives on AIX. While
+ # this would work for both with and without runtime linking, it will
+ # prevent static linking of such archives. So we do filename-based
+ # shared library versioning with .so extension only, which is used
+ # when both runtime linking and shared linking is enabled.
+ # Unfortunately, runtime linking may impact performance, so we do
+ # not want this to be the default eventually. Also, we use the
+ # versioned .so libs for executables only if there is the -brtl
+ # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
+ # To allow for filename-based versioning support, we need to create
+ # libNAME.so.V as an archive file, containing:
+ # *) an Import File, referring to the versioned filename of the
+ # archive as well as the shared archive member, telling the
+ # bitwidth (32 or 64) of that shared object, and providing the
+ # list of exported symbols of that shared object, eventually
+ # decorated with the 'weak' keyword
+ # *) the shared object with the F_LOADONLY flag set, to really avoid
+ # it being seen by the linker.
+ # At run time we better use the real file rather than another symlink,
+ # but for link time we create the symlink libNAME.so -> libNAME.so.V
+
+ case $with_aix_soname,$aix_use_runtimelinking in
+ # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
# soname into executable. Probably we can add versioning support to
# collect2, so additional links can be useful in future.
- if test "$aix_use_runtimelinking" = yes; then
+ aix,yes) # traditional libtool
+ dynamic_linker='AIX unversionable lib.so'
# If using run time linking (on AIX 4.2 or later) use lib<name>.so
# instead of lib<name>.a to let people know that these are not
# typical AIX shared libraries.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- else
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ ;;
+ aix,no) # traditional AIX only
+ dynamic_linker='AIX lib.a[(]lib.so.V[)]'
# We preserve .a as extension for shared libraries through AIX4.2
# and later when we are not doing run time linking.
- library_names_spec='${libname}${release}.a $libname.a'
- soname_spec='${libname}${release}${shared_ext}$major'
- fi
+ library_names_spec='$libname$release.a $libname.a'
+ soname_spec='$libname$release$shared_ext$major'
+ ;;
+ svr4,*) # full svr4 only
+ dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]"
+ library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+ # We do not specify a path in Import Files, so LIBPATH fires.
+ shlibpath_overrides_runpath=yes
+ ;;
+ *,yes) # both, prefer svr4
+ dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]"
+ library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+ # unpreferred sharedlib libNAME.a needs extra handling
+ postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
+ postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
+ # We do not specify a path in Import Files, so LIBPATH fires.
+ shlibpath_overrides_runpath=yes
+ ;;
+ *,no) # both, prefer aix
+ dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]"
+ library_names_spec='$libname$release.a $libname.a'
+ soname_spec='$libname$release$shared_ext$major'
+ # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
+ postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
+ postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
+ ;;
+ esac
shlibpath_var=LIBPATH
fi
;;
@@ -2312,18 +2491,18 @@ amigaos*)
powerpc)
# Since July 2007 AmigaOS4 officially supports .so libraries.
# When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
;;
m68k)
library_names_spec='$libname.ixlibrary $libname.a'
# Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
;;
esac
;;
beos*)
- library_names_spec='${libname}${shared_ext}'
+ library_names_spec='$libname$shared_ext'
dynamic_linker="$host_os ld.so"
shlibpath_var=LIBRARY_PATH
;;
@@ -2331,8 +2510,8 @@ beos*)
bsdi[[45]]*)
version_type=linux # correct to gnu/linux during the next big refactor
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
shlibpath_var=LD_LIBRARY_PATH
sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
@@ -2344,7 +2523,7 @@ bsdi[[45]]*)
cygwin* | mingw* | pw32* | cegcc*)
version_type=windows
- shrext_cmds=".dll"
+ shrext_cmds=.dll
need_version=no
need_lib_prefix=no
@@ -2353,8 +2532,8 @@ cygwin* | mingw* | pw32* | cegcc*)
# gcc
library_names_spec='$libname.dll.a'
# DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \${file}`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ postinstall_cmds='base_file=`basename \$file`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
dldir=$destdir/`dirname \$dlpath`~
test -d \$dldir || mkdir -p \$dldir~
$install_prog $dir/$dlname \$dldir/$dlname~
@@ -2370,17 +2549,17 @@ cygwin* | mingw* | pw32* | cegcc*)
case $host_os in
cygwin*)
# Cygwin DLLs use 'cyg' prefix rather than 'lib'
- soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
m4_if([$1], [],[
sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
;;
mingw* | cegcc*)
# MinGW DLLs use traditional 'lib' prefix
- soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
;;
pw32*)
# pw32 DLLs use 'pw' prefix rather than 'lib'
- library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
;;
esac
dynamic_linker='Win32 ld.exe'
@@ -2389,8 +2568,8 @@ m4_if([$1], [],[
*,cl*)
# Native MSVC
libname_spec='$name'
- soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
- library_names_spec='${libname}.dll.lib'
+ soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
+ library_names_spec='$libname.dll.lib'
case $build_os in
mingw*)
@@ -2417,7 +2596,7 @@ m4_if([$1], [],[
sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
;;
*)
- sys_lib_search_path_spec="$LIB"
+ sys_lib_search_path_spec=$LIB
if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
# It is most probably a Windows format PATH.
sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
@@ -2430,8 +2609,8 @@ m4_if([$1], [],[
esac
# DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \${file}`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ postinstall_cmds='base_file=`basename \$file`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
dldir=$destdir/`dirname \$dlpath`~
test -d \$dldir || mkdir -p \$dldir~
$install_prog $dir/$dlname \$dldir/$dlname'
@@ -2444,7 +2623,7 @@ m4_if([$1], [],[
*)
# Assume MSVC wrapper
- library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
dynamic_linker='Win32 ld.exe'
;;
esac
@@ -2457,8 +2636,8 @@ darwin* | rhapsody*)
version_type=darwin
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
- soname_spec='${libname}${release}${major}$shared_ext'
+ library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
+ soname_spec='$libname$release$major$shared_ext'
shlibpath_overrides_runpath=yes
shlibpath_var=DYLD_LIBRARY_PATH
shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
@@ -2471,8 +2650,8 @@ dgux*)
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
;;
@@ -2490,12 +2669,13 @@ freebsd* | dragonfly*)
version_type=freebsd-$objformat
case $version_type in
freebsd-elf*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
need_version=no
need_lib_prefix=no
;;
freebsd-*)
- library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
need_version=yes
;;
esac
@@ -2525,10 +2705,10 @@ haiku*)
need_lib_prefix=no
need_version=no
dynamic_linker="$host_os runtime_loader"
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LIBRARY_PATH
- shlibpath_overrides_runpath=yes
+ shlibpath_overrides_runpath=no
sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
hardcode_into_libs=yes
;;
@@ -2546,14 +2726,15 @@ hpux9* | hpux10* | hpux11*)
dynamic_linker="$host_os dld.so"
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- if test "X$HPUX_IA64_MODE" = X32; then
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ if test 32 = "$HPUX_IA64_MODE"; then
sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ sys_lib_dlsearch_path_spec=/usr/lib/hpux32
else
sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ sys_lib_dlsearch_path_spec=/usr/lib/hpux64
fi
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
;;
hppa*64*)
shrext_cmds='.sl'
@@ -2561,8 +2742,8 @@ hpux9* | hpux10* | hpux11*)
dynamic_linker="$host_os dld.sl"
shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
;;
@@ -2571,8 +2752,8 @@ hpux9* | hpux10* | hpux11*)
dynamic_linker="$host_os dld.sl"
shlibpath_var=SHLIB_PATH
shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
;;
esac
# HP-UX runs *really* slowly unless shared libraries are mode 555, ...
@@ -2585,8 +2766,8 @@ interix[[3-9]]*)
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
@@ -2597,7 +2778,7 @@ irix5* | irix6* | nonstopux*)
case $host_os in
nonstopux*) version_type=nonstopux ;;
*)
- if test "$lt_cv_prog_gnu_ld" = yes; then
+ if test yes = "$lt_cv_prog_gnu_ld"; then
version_type=linux # correct to gnu/linux during the next big refactor
else
version_type=irix
@@ -2605,8 +2786,8 @@ irix5* | irix6* | nonstopux*)
esac
need_lib_prefix=no
need_version=no
- soname_spec='${libname}${release}${shared_ext}$major'
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='$libname$release$shared_ext$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
case $host_os in
irix5* | nonstopux*)
libsuff= shlibsuff=
@@ -2625,8 +2806,8 @@ irix5* | irix6* | nonstopux*)
esac
shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
- sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
+ sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
hardcode_into_libs=yes
;;
@@ -2635,13 +2816,33 @@ linux*oldld* | linux*aout* | linux*coff*)
dynamic_linker=no
;;
+linux*android*)
+ version_type=none # Android doesn't support versioned libraries.
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='$libname$release$shared_ext'
+ soname_spec='$libname$release$shared_ext'
+ finish_cmds=
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ dynamic_linker='Android linker'
+ # Don't embed -rpath directories since the linker doesn't support them.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ ;;
+
# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
@@ -2666,7 +2867,12 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
# before this can be enabled.
hardcode_into_libs=yes
- # Append ld.so.conf contents to the search path
+ # Ideally, we could use ldconfig to report *all* directores which are
+ # searched for libraries, however this is still not possible. Aside from not
+ # being certain /sbin/ldconfig is available, command
+ # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
+ # even though it is searched at run-time. Try to do the best guess by
+ # appending ld.so.conf contents (and includes) to the search path.
if test -f /etc/ld.so.conf; then
lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
@@ -2698,12 +2904,12 @@ netbsd*)
need_lib_prefix=no
need_version=no
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
dynamic_linker='NetBSD (a.out) ld.so'
else
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
dynamic_linker='NetBSD ld.elf_so'
fi
shlibpath_var=LD_LIBRARY_PATH
@@ -2713,7 +2919,7 @@ netbsd*)
newsos6)
version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
;;
@@ -2722,58 +2928,68 @@ newsos6)
version_type=qnx
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
dynamic_linker='ldqnx.so'
;;
-openbsd*)
+openbsd* | bitrig*)
version_type=sunos
- sys_lib_dlsearch_path_spec="/usr/lib"
+ sys_lib_dlsearch_path_spec=/usr/lib
need_lib_prefix=no
- # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
- case $host_os in
- openbsd3.3 | openbsd3.3.*) need_version=yes ;;
- *) need_version=no ;;
- esac
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
- case $host_os in
- openbsd2.[[89]] | openbsd2.[[89]].*)
- shlibpath_overrides_runpath=no
- ;;
- *)
- shlibpath_overrides_runpath=yes
- ;;
- esac
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+ need_version=no
else
- shlibpath_overrides_runpath=yes
+ need_version=yes
fi
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
;;
os2*)
libname_spec='$name'
- shrext_cmds=".dll"
+ version_type=windows
+ shrext_cmds=.dll
+ need_version=no
need_lib_prefix=no
- library_names_spec='$libname${shared_ext} $libname.a'
+ # OS/2 can only load a DLL with a base name of 8 characters or less.
+ soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
+ v=$($ECHO $release$versuffix | tr -d .-);
+ n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
+ $ECHO $n$v`$shared_ext'
+ library_names_spec='${libname}_dll.$libext'
dynamic_linker='OS/2 ld.exe'
- shlibpath_var=LIBPATH
+ shlibpath_var=BEGINLIBPATH
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ postinstall_cmds='base_file=`basename \$file`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
;;
osf3* | osf4* | osf5*)
version_type=osf
need_lib_prefix=no
need_version=no
- soname_spec='${libname}${release}${shared_ext}$major'
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='$libname$release$shared_ext$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
shlibpath_var=LD_LIBRARY_PATH
sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
;;
rdos*)
@@ -2784,8 +3000,8 @@ solaris*)
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
hardcode_into_libs=yes
@@ -2795,11 +3011,11 @@ solaris*)
sunos4*)
version_type=sunos
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
- if test "$with_gnu_ld" = yes; then
+ if test yes = "$with_gnu_ld"; then
need_lib_prefix=no
fi
need_version=yes
@@ -2807,8 +3023,8 @@ sunos4*)
sysv4 | sysv4.3*)
version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
case $host_vendor in
sni)
@@ -2829,24 +3045,24 @@ sysv4 | sysv4.3*)
;;
sysv4*MP*)
- if test -d /usr/nec ;then
+ if test -d /usr/nec; then
version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
- soname_spec='$libname${shared_ext}.$major'
+ library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
+ soname_spec='$libname$shared_ext.$major'
shlibpath_var=LD_LIBRARY_PATH
fi
;;
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- version_type=freebsd-elf
+ version_type=sco
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
hardcode_into_libs=yes
- if test "$with_gnu_ld" = yes; then
+ if test yes = "$with_gnu_ld"; then
sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
else
sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
@@ -2864,7 +3080,7 @@ tpf*)
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
@@ -2872,8 +3088,8 @@ tpf*)
uts4*)
version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
shlibpath_var=LD_LIBRARY_PATH
;;
@@ -2882,20 +3098,30 @@ uts4*)
;;
esac
AC_MSG_RESULT([$dynamic_linker])
-test "$dynamic_linker" = no && can_build_shared=no
+test no = "$dynamic_linker" && can_build_shared=no
variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
+if test yes = "$GCC"; then
variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
fi
-if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
- sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
+ sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
fi
-if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
- sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+
+if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
+ sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
fi
+# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
+configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
+
+# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
+func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
+
+# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
+configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
+
_LT_DECL([], [variables_saved_for_relink], [1],
[Variables whose values should be saved in libtool wrapper scripts and
restored at link time])
@@ -2928,39 +3154,41 @@ _LT_DECL([], [hardcode_into_libs], [0],
[Whether we should hardcode library paths into libraries])
_LT_DECL([], [sys_lib_search_path_spec], [2],
[Compile-time system search path for libraries])
-_LT_DECL([], [sys_lib_dlsearch_path_spec], [2],
- [Run-time system search path for libraries])
+_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2],
+ [Detected run-time system search path for libraries])
+_LT_DECL([], [configure_time_lt_sys_library_path], [2],
+ [Explicit LT_SYS_LIBRARY_PATH set during ./configure time])
])# _LT_SYS_DYNAMIC_LINKER
# _LT_PATH_TOOL_PREFIX(TOOL)
# --------------------------
-# find a file program which can recognize shared library
+# find a file program that can recognize shared library
AC_DEFUN([_LT_PATH_TOOL_PREFIX],
[m4_require([_LT_DECL_EGREP])dnl
AC_MSG_CHECKING([for $1])
AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
[case $MAGIC_CMD in
[[\\/*] | ?:[\\/]*])
- lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
;;
*)
- lt_save_MAGIC_CMD="$MAGIC_CMD"
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ lt_save_MAGIC_CMD=$MAGIC_CMD
+ lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
dnl $ac_dummy forces splitting on constant user-supplied paths.
dnl POSIX.2 word splitting is done only on the output of word expansions,
dnl not every word. This closes a longstanding sh security hole.
ac_dummy="m4_if([$2], , $PATH, [$2])"
for ac_dir in $ac_dummy; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$1; then
- lt_cv_path_MAGIC_CMD="$ac_dir/$1"
+ if test -f "$ac_dir/$1"; then
+ lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
if test -n "$file_magic_test_file"; then
case $deplibs_check_method in
"file_magic "*)
file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
$EGREP "$file_magic_regex" > /dev/null; then
:
@@ -2983,11 +3211,11 @@ _LT_EOF
break
fi
done
- IFS="$lt_save_ifs"
- MAGIC_CMD="$lt_save_MAGIC_CMD"
+ IFS=$lt_save_ifs
+ MAGIC_CMD=$lt_save_MAGIC_CMD
;;
esac])
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if test -n "$MAGIC_CMD"; then
AC_MSG_RESULT($MAGIC_CMD)
else
@@ -3005,7 +3233,7 @@ dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
# _LT_PATH_MAGIC
# --------------
-# find a file program which can recognize a shared library
+# find a file program that can recognize a shared library
m4_defun([_LT_PATH_MAGIC],
[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
if test -z "$lt_cv_path_MAGIC_CMD"; then
@@ -3032,16 +3260,16 @@ m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
AC_ARG_WITH([gnu-ld],
[AS_HELP_STRING([--with-gnu-ld],
[assume the C compiler uses GNU ld @<:@default=no@:>@])],
- [test "$withval" = no || with_gnu_ld=yes],
+ [test no = "$withval" || with_gnu_ld=yes],
[with_gnu_ld=no])dnl
ac_prog=ld
-if test "$GCC" = yes; then
+if test yes = "$GCC"; then
# Check if gcc -print-prog-name=ld gives a path.
AC_MSG_CHECKING([for ld used by $CC])
case $host in
*-*-mingw*)
- # gcc leaves a trailing carriage return which upsets mingw
+ # gcc leaves a trailing carriage return, which upsets mingw
ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
*)
ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
@@ -3055,7 +3283,7 @@ if test "$GCC" = yes; then
while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
done
- test -z "$LD" && LD="$ac_prog"
+ test -z "$LD" && LD=$ac_prog
;;
"")
# If it fails, then pretend we aren't using GCC.
@@ -3066,37 +3294,37 @@ if test "$GCC" = yes; then
with_gnu_ld=unknown
;;
esac
-elif test "$with_gnu_ld" = yes; then
+elif test yes = "$with_gnu_ld"; then
AC_MSG_CHECKING([for GNU ld])
else
AC_MSG_CHECKING([for non-GNU ld])
fi
AC_CACHE_VAL(lt_cv_path_LD,
[if test -z "$LD"; then
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
for ac_dir in $PATH; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
test -z "$ac_dir" && ac_dir=.
if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD="$ac_dir/$ac_prog"
+ lt_cv_path_LD=$ac_dir/$ac_prog
# Check to see if the program is GNU ld. I'd rather use --version,
# but apparently some variants of GNU ld only accept -v.
# Break only if it was the GNU/non-GNU ld that we prefer.
case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
*GNU* | *'with BFD'*)
- test "$with_gnu_ld" != no && break
+ test no != "$with_gnu_ld" && break
;;
*)
- test "$with_gnu_ld" != yes && break
+ test yes != "$with_gnu_ld" && break
;;
esac
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
else
- lt_cv_path_LD="$LD" # Let the user override the test with a path.
+ lt_cv_path_LD=$LD # Let the user override the test with a path.
fi])
-LD="$lt_cv_path_LD"
+LD=$lt_cv_path_LD
if test -n "$LD"; then
AC_MSG_RESULT($LD)
else
@@ -3150,13 +3378,13 @@ esac
reload_cmds='$LD$reload_flag -o $output$reload_objs'
case $host_os in
cygwin* | mingw* | pw32* | cegcc*)
- if test "$GCC" != yes; then
+ if test yes != "$GCC"; then
reload_cmds=false
fi
;;
darwin*)
- if test "$GCC" = yes; then
- reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+ if test yes = "$GCC"; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
else
reload_cmds='$LD$reload_flag -o $output$reload_objs'
fi
@@ -3167,6 +3395,43 @@ _LT_TAGDECL([], [reload_cmds], [2])dnl
])# _LT_CMD_RELOAD
+# _LT_PATH_DD
+# -----------
+# find a working dd
+m4_defun([_LT_PATH_DD],
+[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD],
+[printf 0123456789abcdef0123456789abcdef >conftest.i
+cat conftest.i conftest.i >conftest2.i
+: ${lt_DD:=$DD}
+AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd],
+[if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
+ cmp -s conftest.i conftest.out \
+ && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
+fi])
+rm -f conftest.i conftest2.i conftest.out])
+])# _LT_PATH_DD
+
+
+# _LT_CMD_TRUNCATE
+# ----------------
+# find command to truncate a binary pipe
+m4_defun([_LT_CMD_TRUNCATE],
+[m4_require([_LT_PATH_DD])
+AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin],
+[printf 0123456789abcdef0123456789abcdef >conftest.i
+cat conftest.i conftest.i >conftest2.i
+lt_cv_truncate_bin=
+if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
+ cmp -s conftest.i conftest.out \
+ && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
+fi
+rm -f conftest.i conftest2.i conftest.out
+test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"])
+_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1],
+ [Command to truncate a binary pipe])
+])# _LT_CMD_TRUNCATE
+
+
# _LT_CHECK_MAGIC_METHOD
# ----------------------
# how to check for library dependencies
@@ -3182,13 +3447,13 @@ lt_cv_deplibs_check_method='unknown'
# Need to set the preceding variable on all platforms that support
# interlibrary dependencies.
# 'none' -- dependencies not supported.
-# `unknown' -- same as none, but documents that we really don't know.
+# 'unknown' -- same as none, but documents that we really don't know.
# 'pass_all' -- all dependencies passed with no checks.
# 'test_compile' -- check by making test program.
# 'file_magic [[regex]]' -- check by looking for files in library path
-# which responds to the $file_magic_cmd with a given extended regex.
-# If you have `file' or equivalent on your system and you're not sure
-# whether `pass_all' will *always* work, you probably want this one.
+# that responds to the $file_magic_cmd with a given extended regex.
+# If you have 'file' or equivalent on your system and you're not sure
+# whether 'pass_all' will *always* work, you probably want this one.
case $host_os in
aix[[4-9]]*)
@@ -3215,8 +3480,7 @@ mingw* | pw32*)
# Base MSYS/MinGW do not provide the 'file' command needed by
# func_win32_libid shell function, so use a weaker test based on 'objdump',
# unless we find 'file', for example because we are cross-compiling.
- # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin.
- if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then
+ if ( file / ) >/dev/null 2>&1; then
lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
lt_cv_file_magic_cmd='func_win32_libid'
else
@@ -3312,8 +3576,8 @@ newos6*)
lt_cv_deplibs_check_method=pass_all
;;
-openbsd*)
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+openbsd* | bitrig*)
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
else
lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
@@ -3366,6 +3630,9 @@ sysv4 | sysv4.3*)
tpf*)
lt_cv_deplibs_check_method=pass_all
;;
+os2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
esac
])
@@ -3406,33 +3673,38 @@ AC_DEFUN([LT_PATH_NM],
AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
[if test -n "$NM"; then
# Let the user override the test.
- lt_cv_path_NM="$NM"
+ lt_cv_path_NM=$NM
else
- lt_nm_to_check="${ac_tool_prefix}nm"
+ lt_nm_to_check=${ac_tool_prefix}nm
if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
lt_nm_to_check="$lt_nm_to_check nm"
fi
for lt_tmp_nm in $lt_nm_to_check; do
- lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
test -z "$ac_dir" && ac_dir=.
- tmp_nm="$ac_dir/$lt_tmp_nm"
- if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ tmp_nm=$ac_dir/$lt_tmp_nm
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
# Check to see if the nm accepts a BSD-compat flag.
- # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # Adding the 'sed 1q' prevents false positives on HP-UX, which says:
# nm: unknown option "B" ignored
# Tru64's nm complains that /dev/null is an invalid object file
- case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
- */dev/null* | *'Invalid file or object type'*)
+ # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
+ case $build_os in
+ mingw*) lt_bad_file=conftest.nm/nofile ;;
+ *) lt_bad_file=/dev/null ;;
+ esac
+ case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
+ *$lt_bad_file* | *'Invalid file or object type'*)
lt_cv_path_NM="$tmp_nm -B"
- break
+ break 2
;;
*)
case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
*/dev/null*)
lt_cv_path_NM="$tmp_nm -p"
- break
+ break 2
;;
*)
lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
@@ -3443,21 +3715,21 @@ else
esac
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
done
: ${lt_cv_path_NM=no}
fi])
-if test "$lt_cv_path_NM" != "no"; then
- NM="$lt_cv_path_NM"
+if test no != "$lt_cv_path_NM"; then
+ NM=$lt_cv_path_NM
else
# Didn't find any BSD compatible name lister, look for dumpbin.
if test -n "$DUMPBIN"; then :
# Let the user override the test.
else
AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
- case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in
+ case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
*COFF*)
- DUMPBIN="$DUMPBIN -symbols"
+ DUMPBIN="$DUMPBIN -symbols -headers"
;;
*)
DUMPBIN=:
@@ -3465,8 +3737,8 @@ else
esac
fi
AC_SUBST([DUMPBIN])
- if test "$DUMPBIN" != ":"; then
- NM="$DUMPBIN"
+ if test : != "$DUMPBIN"; then
+ NM=$DUMPBIN
fi
fi
test -z "$NM" && NM=nm
@@ -3512,8 +3784,8 @@ lt_cv_sharedlib_from_linklib_cmd,
case $host_os in
cygwin* | mingw* | pw32* | cegcc*)
- # two different shell functions defined in ltmain.sh
- # decide which to use based on capabilities of $DLLTOOL
+ # two different shell functions defined in ltmain.sh;
+ # decide which one to use based on capabilities of $DLLTOOL
case `$DLLTOOL --help 2>&1` in
*--identify-strict*)
lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
@@ -3525,7 +3797,7 @@ cygwin* | mingw* | pw32* | cegcc*)
;;
*)
# fallback: assume linklib IS sharedlib
- lt_cv_sharedlib_from_linklib_cmd="$ECHO"
+ lt_cv_sharedlib_from_linklib_cmd=$ECHO
;;
esac
])
@@ -3552,13 +3824,28 @@ AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool
lt_cv_path_mainfest_tool=yes
fi
rm -f conftest*])
-if test "x$lt_cv_path_mainfest_tool" != xyes; then
+if test yes != "$lt_cv_path_mainfest_tool"; then
MANIFEST_TOOL=:
fi
_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
])# _LT_PATH_MANIFEST_TOOL
+# _LT_DLL_DEF_P([FILE])
+# ---------------------
+# True iff FILE is a Windows DLL '.def' file.
+# Keep in sync with func_dll_def_p in the libtool script
+AC_DEFUN([_LT_DLL_DEF_P],
+[dnl
+ test DEF = "`$SED -n dnl
+ -e '\''s/^[[ ]]*//'\'' dnl Strip leading whitespace
+ -e '\''/^\(;.*\)*$/d'\'' dnl Delete empty lines and comments
+ -e '\''s/^\(EXPORTS\|LIBRARY\)\([[ ]].*\)*$/DEF/p'\'' dnl
+ -e q dnl Only consider the first "real" line
+ $1`" dnl
+])# _LT_DLL_DEF_P
+
+
# LT_LIB_M
# --------
# check for math library
@@ -3570,11 +3857,11 @@ case $host in
# These system don't have libm, or don't need it
;;
*-ncr-sysv4.3*)
- AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
+ AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
;;
*)
- AC_CHECK_LIB(m, cos, LIBM="-lm")
+ AC_CHECK_LIB(m, cos, LIBM=-lm)
;;
esac
AC_SUBST([LIBM])
@@ -3593,7 +3880,7 @@ m4_defun([_LT_COMPILER_NO_RTTI],
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-if test "$GCC" = yes; then
+if test yes = "$GCC"; then
case $cc_basename in
nvcc*)
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
@@ -3645,7 +3932,7 @@ cygwin* | mingw* | pw32* | cegcc*)
symcode='[[ABCDGISTW]]'
;;
hpux*)
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
symcode='[[ABCDEGRST]]'
fi
;;
@@ -3678,14 +3965,44 @@ case `$NM -V 2>&1` in
symcode='[[ABCDGIRSTW]]' ;;
esac
+if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ # Gets list of data symbols to import.
+ lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
+ # Adjust the below global symbol transforms to fixup imported variables.
+ lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
+ lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
+ lt_c_name_lib_hook="\
+ -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\
+ -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'"
+else
+ # Disable hooks by default.
+ lt_cv_sys_global_symbol_to_import=
+ lt_cdecl_hook=
+ lt_c_name_hook=
+ lt_c_name_lib_hook=
+fi
+
# Transform an extracted symbol line into a proper C declaration.
# Some systems (esp. on ia64) link data and code symbols differently,
# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+lt_cv_sys_global_symbol_to_cdecl="sed -n"\
+$lt_cdecl_hook\
+" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'"
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
+$lt_c_name_hook\
+" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
+
+# Transform an extracted symbol line into symbol name with lib prefix and
+# symbol address.
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
+$lt_c_name_lib_hook\
+" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
+" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'"
# Handle CRLF in mingw tool chain
opt_cr=
@@ -3703,21 +4020,24 @@ for ac_symprfx in "" "_"; do
# Write the raw and C identifiers.
if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Fake it for dumpbin and say T for any non-static function
- # and D for any global variable.
+ # Fake it for dumpbin and say T for any non-static function,
+ # D for any global variable and I for any imported variable.
# Also find C++ and __fastcall symbols from MSVC++,
# which start with @ or ?.
lt_cv_sys_global_symbol_pipe="$AWK ['"\
" {last_section=section; section=\$ 3};"\
" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
+" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
+" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
" \$ 0!~/External *\|/{next};"\
" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
" {if(hide[section]) next};"\
-" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
-" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
-" s[1]~/^[@?]/{print s[1], s[1]; next};"\
-" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
+" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
+" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
+" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
" ' prfx=^$ac_symprfx]"
else
lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
@@ -3757,11 +4077,11 @@ _LT_EOF
if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
cat <<_LT_EOF > conftest.$ac_ext
/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE)
-/* DATA imports from DLLs on WIN32 con't be const, because runtime
+#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
+/* DATA imports from DLLs on WIN32 can't be const, because runtime
relocations are performed -- see ld's documentation on pseudo-relocs. */
# define LT@&t at _DLSYM_CONST
-#elif defined(__osf__)
+#elif defined __osf__
/* This system does not cope well with relocations in const data. */
# define LT@&t at _DLSYM_CONST
#else
@@ -3787,7 +4107,7 @@ lt__PROGRAM__LTX_preloaded_symbols[[]] =
{
{ "@PROGRAM@", (void *) 0 },
_LT_EOF
- $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+ $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
cat <<\_LT_EOF >> conftest.$ac_ext
{0, (void *) 0}
};
@@ -3807,9 +4127,9 @@ _LT_EOF
mv conftest.$ac_objext conftstm.$ac_objext
lt_globsym_save_LIBS=$LIBS
lt_globsym_save_CFLAGS=$CFLAGS
- LIBS="conftstm.$ac_objext"
+ LIBS=conftstm.$ac_objext
CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
- if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then
+ if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then
pipe_works=yes
fi
LIBS=$lt_globsym_save_LIBS
@@ -3830,7 +4150,7 @@ _LT_EOF
rm -rf conftest* conftst*
# Do not use the global_symbol_pipe unless it works.
- if test "$pipe_works" = yes; then
+ if test yes = "$pipe_works"; then
break
else
lt_cv_sys_global_symbol_pipe=
@@ -3857,12 +4177,16 @@ _LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
[Take the output of nm and produce a listing of raw symbols and C names])
_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
[Transform the output of nm in a proper C declaration])
+_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1],
+ [Transform the output of nm into a list of symbols to manually relocate])
_LT_DECL([global_symbol_to_c_name_address],
[lt_cv_sys_global_symbol_to_c_name_address], [1],
[Transform the output of nm in a C name address pair])
_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
[lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
[Transform the output of nm in a C name address pair when lib prefix is needed])
+_LT_DECL([nm_interface], [lt_cv_nm_interface], [1],
+ [The name lister interface])
_LT_DECL([], [nm_file_list_spec], [1],
[Specify filename containing input files for $NM])
]) # _LT_CMD_GLOBAL_SYMBOLS
@@ -3878,17 +4202,18 @@ _LT_TAGVAR(lt_prog_compiler_static, $1)=
m4_if([$1], [CXX], [
# C++ specific cases for pic, static, wl, etc.
- if test "$GXX" = yes; then
+ if test yes = "$GXX"; then
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
case $host_os in
aix*)
# All AIX code is PIC.
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# AIX 5 now supports IA64 processor
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
fi
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
;;
amigaos*)
@@ -3899,8 +4224,8 @@ m4_if([$1], [CXX], [
;;
m68k)
# FIXME: we need at least 68020 code to build shared libraries, but
- # adding the `-m68020' flag to GCC prevents building anything better,
- # like `-m68040'.
+ # adding the '-m68020' flag to GCC prevents building anything better,
+ # like '-m68040'.
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
;;
esac
@@ -3916,6 +4241,11 @@ m4_if([$1], [CXX], [
# (--disable-auto-import) libraries
m4_if([$1], [GCJ], [],
[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ case $host_os in
+ os2*)
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
+ ;;
+ esac
;;
darwin* | rhapsody*)
# PIC is the default on this platform
@@ -3965,7 +4295,7 @@ m4_if([$1], [CXX], [
case $host_os in
aix[[4-9]]*)
# All AIX code is PIC.
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# AIX 5 now supports IA64 processor
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
else
@@ -4006,14 +4336,14 @@ m4_if([$1], [CXX], [
case $cc_basename in
CC*)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
- if test "$host_cpu" != ia64; then
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
+ if test ia64 != "$host_cpu"; then
_LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
fi
;;
aCC*)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
case $host_cpu in
hppa*64*|ia64*)
# +Z the default
@@ -4050,7 +4380,7 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
;;
ecpc* )
- # old Intel C++ for x86_64 which still supported -KPIC.
+ # old Intel C++ for x86_64, which still supported -KPIC.
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
@@ -4195,17 +4525,18 @@ m4_if([$1], [CXX], [
fi
],
[
- if test "$GCC" = yes; then
+ if test yes = "$GCC"; then
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
case $host_os in
aix*)
# All AIX code is PIC.
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# AIX 5 now supports IA64 processor
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
fi
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
;;
amigaos*)
@@ -4216,8 +4547,8 @@ m4_if([$1], [CXX], [
;;
m68k)
# FIXME: we need at least 68020 code to build shared libraries, but
- # adding the `-m68020' flag to GCC prevents building anything better,
- # like `-m68040'.
+ # adding the '-m68020' flag to GCC prevents building anything better,
+ # like '-m68040'.
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
;;
esac
@@ -4234,6 +4565,11 @@ m4_if([$1], [CXX], [
# (--disable-auto-import) libraries
m4_if([$1], [GCJ], [],
[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ case $host_os in
+ os2*)
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
+ ;;
+ esac
;;
darwin* | rhapsody*)
@@ -4304,7 +4640,7 @@ m4_if([$1], [CXX], [
case $host_os in
aix*)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# AIX 5 now supports IA64 processor
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
else
@@ -4312,11 +4648,30 @@ m4_if([$1], [CXX], [
fi
;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ case $cc_basename in
+ nagfor*)
+ # NAG Fortran compiler
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ esac
+ ;;
+
mingw* | cygwin* | pw32* | os2* | cegcc*)
# This hack is so that the source file can tell whether it is being
# built for inclusion in a dll (and should export symbols for example).
m4_if([$1], [GCJ], [],
[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ case $host_os in
+ os2*)
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
+ ;;
+ esac
;;
hpux9* | hpux10* | hpux11*)
@@ -4332,7 +4687,7 @@ m4_if([$1], [CXX], [
;;
esac
# Is there a better lt_prog_compiler_static that works with the bundled CC?
- _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
;;
irix5* | irix6* | nonstopux*)
@@ -4343,7 +4698,7 @@ m4_if([$1], [CXX], [
linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
case $cc_basename in
- # old Intel for x86_64 which still supported -KPIC.
+ # old Intel for x86_64, which still supported -KPIC.
ecc*)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
@@ -4368,6 +4723,12 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
;;
+ tcc*)
+ # Fabrice Bellard et al's Tiny C Compiler
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
# Portland Group compilers (*not* the Pentium gcc compiler,
# which looks to be a dead project)
@@ -4465,7 +4826,7 @@ m4_if([$1], [CXX], [
;;
sysv4*MP*)
- if test -d /usr/nec ;then
+ if test -d /usr/nec; then
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
fi
@@ -4494,7 +4855,7 @@ m4_if([$1], [CXX], [
fi
])
case $host_os in
- # For platforms which do not support PIC, -DPIC is meaningless:
+ # For platforms that do not support PIC, -DPIC is meaningless:
*djgpp*)
_LT_TAGVAR(lt_prog_compiler_pic, $1)=
;;
@@ -4560,17 +4921,21 @@ m4_if([$1], [CXX], [
case $host_os in
aix[[4-9]]*)
# If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to AIX nm, but means don't demangle with GNU nm
- # Also, AIX nm treats weak defined symbols like other global defined
- # symbols, whereas GNU nm marks them as "W".
+ # -C means demangle to GNU nm, but means don't demangle to AIX nm.
+ # Without the "-l" option, or with the "-B" option, AIX nm treats
+ # weak defined symbols like other global defined symbols, whereas
+ # GNU nm marks them as "W".
+ # While the 'weak' keyword is ignored in the Export File, we need
+ # it in the Import File for the 'aix-soname' feature, so we have
+ # to replace the "-B" option with "-P" for AIX nm.
if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
else
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
fi
;;
pw32*)
- _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
+ _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
;;
cygwin* | mingw* | cegcc*)
case $cc_basename in
@@ -4619,9 +4984,9 @@ m4_if([$1], [CXX], [
# included in the symbol list
_LT_TAGVAR(include_expsyms, $1)=
# exclude_expsyms can be an extended regexp of symbols to exclude
- # it will be wrapped by ` (' and `)$', so one must not match beginning or
- # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
- # as well as any symbol that contains `d'.
+ # it will be wrapped by ' (' and ')$', so one must not match beginning or
+ # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
+ # as well as any symbol that contains 'd'.
_LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
# Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
# platforms (ab)use it in PIC code, but their linkers get confused if
@@ -4637,7 +5002,7 @@ dnl Note also adjust exclude_expsyms for C++ above.
# FIXME: the MSVC++ port hasn't been tested in a loooong time
# When not using gcc, we currently assume that we are using
# Microsoft Visual C++.
- if test "$GCC" != yes; then
+ if test yes != "$GCC"; then
with_gnu_ld=no
fi
;;
@@ -4645,7 +5010,7 @@ dnl Note also adjust exclude_expsyms for C++ above.
# we just hope/assume this is gcc and not c89 (= MSVC++)
with_gnu_ld=yes
;;
- openbsd*)
+ openbsd* | bitrig*)
with_gnu_ld=no
;;
linux* | k*bsd*-gnu | gnu*)
@@ -4658,7 +5023,7 @@ dnl Note also adjust exclude_expsyms for C++ above.
# On some targets, GNU ld is compatible enough with the native linker
# that we're better off using the native interface for both.
lt_use_gnu_ld_interface=no
- if test "$with_gnu_ld" = yes; then
+ if test yes = "$with_gnu_ld"; then
case $host_os in
aix*)
# The AIX port of GNU ld has always aspired to compatibility
@@ -4680,24 +5045,24 @@ dnl Note also adjust exclude_expsyms for C++ above.
esac
fi
- if test "$lt_use_gnu_ld_interface" = yes; then
+ if test yes = "$lt_use_gnu_ld_interface"; then
# If archive_cmds runs LD, not CC, wlarc should be empty
- wlarc='${wl}'
+ wlarc='$wl'
# Set some defaults for GNU ld with shared library support. These
# are reset later if shared libraries are not supported. Putting them
# here allows them to be overridden if necessary.
runpath_var=LD_RUN_PATH
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
# ancient GNU ld didn't support --whole-archive et. al.
if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=
fi
supports_anon_versioning=no
- case `$LD -v 2>&1` in
+ case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
*GNU\ gold*) supports_anon_versioning=yes ;;
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
*\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
@@ -4710,7 +5075,7 @@ dnl Note also adjust exclude_expsyms for C++ above.
case $host_os in
aix[[3-9]]*)
# On AIX/PPC, the GNU linker is very broken
- if test "$host_cpu" != ia64; then
+ if test ia64 != "$host_cpu"; then
_LT_TAGVAR(ld_shlibs, $1)=no
cat <<_LT_EOF 1>&2
@@ -4729,7 +5094,7 @@ _LT_EOF
case $host_cpu in
powerpc)
# see comment about AmigaOS4 .so support
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)=''
;;
m68k)
@@ -4745,7 +5110,7 @@ _LT_EOF
_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
# Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
# support --undefined. This deserves some investigation. FIXME
- _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
@@ -4755,7 +5120,7 @@ _LT_EOF
# _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
# as there is no search path for DLLs.
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
_LT_TAGVAR(always_export_symbols, $1)=no
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
@@ -4763,61 +5128,89 @@ _LT_EOF
_LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file (1st line
- # is EXPORTS), use it as is; otherwise, prepend...
- _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file, use it as
+ # is; otherwise, prepend EXPORTS...
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
haiku*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
_LT_TAGVAR(link_all_deplibs, $1)=yes
;;
+ os2*)
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ shrext_cmds=.dll
+ _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ prefix_cmds="$SED"~
+ if test EXPORTS = "`$SED 1q $export_symbols`"; then
+ prefix_cmds="$prefix_cmds -e 1d";
+ fi~
+ prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+ cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ ;;
+
interix[[3-9]]*)
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
# Instead, shared libraries are loaded at an image base (0x10000000 by
# default) and relocated if they conflict, which is a slow very memory
# consuming and fragmenting process. To avoid this, we pick a random,
# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
# time. Moving up from 0x10000000 also allows more sbrk(2) space.
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
;;
gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
tmp_diet=no
- if test "$host_os" = linux-dietlibc; then
+ if test linux-dietlibc = "$host_os"; then
case $cc_basename in
diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
esac
fi
if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
- && test "$tmp_diet" = no
+ && test no = "$tmp_diet"
then
tmp_addflag=' $pic_flag'
tmp_sharedflag='-shared'
case $cc_basename,$host_cpu in
pgcc*) # Portland Group C compiler
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
tmp_addflag=' $pic_flag'
;;
pgf77* | pgf90* | pgf95* | pgfortran*)
# Portland Group f77 and f90 compilers
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
tmp_addflag=' $pic_flag -Mnomain' ;;
ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
tmp_addflag=' -i_dynamic' ;;
@@ -4828,42 +5221,47 @@ _LT_EOF
lf95*) # Lahey Fortran 8.1
_LT_TAGVAR(whole_archive_flag_spec, $1)=
tmp_sharedflag='--shared' ;;
+ nagfor*) # NAGFOR 5.3
+ tmp_sharedflag='-Wl,-shared' ;;
xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
tmp_sharedflag='-qmkshrobj'
tmp_addflag= ;;
nvcc*) # Cuda Compiler Driver 2.2
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
_LT_TAGVAR(compiler_needs_object, $1)=yes
;;
esac
case `$CC -V 2>&1 | sed 5q` in
*Sun\ C*) # Sun C 5.9
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
_LT_TAGVAR(compiler_needs_object, $1)=yes
tmp_sharedflag='-G' ;;
*Sun\ F*) # Sun Fortran 8.3
tmp_sharedflag='-G' ;;
esac
- _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- if test "x$supports_anon_versioning" = xyes; then
+ if test yes = "$supports_anon_versioning"; then
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
fi
case $cc_basename in
+ tcc*)
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
+ ;;
xlf* | bgf* | bgxlf* | mpixlf*)
# IBM XL Fortran 10.1 on PPC cannot create shared libs itself
_LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
_LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
- if test "x$supports_anon_versioning" = xyes; then
+ if test yes = "$supports_anon_versioning"; then
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
fi
;;
esac
@@ -4877,8 +5275,8 @@ _LT_EOF
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
wlarc=
else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
fi
;;
@@ -4896,8 +5294,8 @@ _LT_EOF
_LT_EOF
elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
@@ -4909,7 +5307,7 @@ _LT_EOF
_LT_TAGVAR(ld_shlibs, $1)=no
cat <<_LT_EOF 1>&2
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
*** reliably create shared libraries on SCO systems. Therefore, libtool
*** is disabling shared libraries support. We urge you to upgrade GNU
*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
@@ -4924,9 +5322,9 @@ _LT_EOF
# DT_RUNPATH tag from executables and libraries. But doing so
# requires that you compile everything twice, which is a pain.
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
@@ -4943,15 +5341,15 @@ _LT_EOF
*)
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
esac
- if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then
+ if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then
runpath_var=
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
_LT_TAGVAR(export_dynamic_flag_spec, $1)=
@@ -4967,7 +5365,7 @@ _LT_EOF
# Note: this linker hardcodes the directories in LIBPATH if there
# are no directories specified by -L.
_LT_TAGVAR(hardcode_minus_L, $1)=yes
- if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
# Neither direct hardcoding nor static linking is supported with a
# broken collect2.
_LT_TAGVAR(hardcode_direct, $1)=unsupported
@@ -4975,34 +5373,57 @@ _LT_EOF
;;
aix[[4-9]]*)
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# On IA64, the linker does run time linking by default, so we don't
# have to do anything special.
aix_use_runtimelinking=no
exp_sym_flag='-Bexport'
- no_entry_flag=""
+ no_entry_flag=
else
# If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to AIX nm, but means don't demangle with GNU nm
- # Also, AIX nm treats weak defined symbols like other global
- # defined symbols, whereas GNU nm marks them as "W".
+ # -C means demangle to GNU nm, but means don't demangle to AIX nm.
+ # Without the "-l" option, or with the "-B" option, AIX nm treats
+ # weak defined symbols like other global defined symbols, whereas
+ # GNU nm marks them as "W".
+ # While the 'weak' keyword is ignored in the Export File, we need
+ # it in the Import File for the 'aix-soname' feature, so we have
+ # to replace the "-B" option with "-P" for AIX nm.
if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
else
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
fi
aix_use_runtimelinking=no
# Test if we are trying to use run time linking or normal
# AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # need to do runtime linking.
+ # have runtime linking enabled, and use it for executables.
+ # For shared libraries, we enable/disable runtime linking
+ # depending on the kind of the shared library created -
+ # when "with_aix_soname,aix_use_runtimelinking" is:
+ # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
+ # "aix,yes" lib.so shared, rtl:yes, for executables
+ # lib.a static archive
+ # "both,no" lib.so.V(shr.o) shared, rtl:yes
+ # lib.a(lib.so.V) shared, rtl:no, for executables
+ # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
+ # lib.a(lib.so.V) shared, rtl:no
+ # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
+ # lib.a static archive
case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
for ld_flag in $LDFLAGS; do
- if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
aix_use_runtimelinking=yes
break
fi
done
+ if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
+ # With aix-soname=svr4, we create the lib.so.V shared archives only,
+ # so we don't have lib.a shared libs to link our executables.
+ # We have to force runtime linking in this case.
+ aix_use_runtimelinking=yes
+ LDFLAGS="$LDFLAGS -Wl,-brtl"
+ fi
;;
esac
@@ -5021,13 +5442,21 @@ _LT_EOF
_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
_LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(file_list_spec, $1)='${wl}-f,'
+ _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
+ case $with_aix_soname,$aix_use_runtimelinking in
+ aix,*) ;; # traditional, no import file
+ svr4,* | *,yes) # use import file
+ # The Import File defines what to hardcode.
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=no
+ ;;
+ esac
- if test "$GCC" = yes; then
+ if test yes = "$GCC"; then
case $host_os in aix4.[[012]]|aix4.[[012]].*)
# We only want to do this on AIX 4.2 and lower, the check
# below for broken collect2 doesn't work under 4.3+
- collect2name=`${CC} -print-prog-name=collect2`
+ collect2name=`$CC -print-prog-name=collect2`
if test -f "$collect2name" &&
strings "$collect2name" | $GREP resolve_lib_name >/dev/null
then
@@ -5046,62 +5475,80 @@ _LT_EOF
;;
esac
shared_flag='-shared'
- if test "$aix_use_runtimelinking" = yes; then
- shared_flag="$shared_flag "'${wl}-G'
+ if test yes = "$aix_use_runtimelinking"; then
+ shared_flag="$shared_flag "'$wl-G'
fi
- _LT_TAGVAR(link_all_deplibs, $1)=no
+ # Need to ensure runtime linking is disabled for the traditional
+ # shared library, or the linker may eventually find shared libraries
+ # /with/ Import File - we do not want to mix them.
+ shared_flag_aix='-shared'
+ shared_flag_svr4='-shared $wl-G'
else
# not using gcc
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
# chokes on -Wl,-G. The following line is correct:
shared_flag='-G'
else
- if test "$aix_use_runtimelinking" = yes; then
- shared_flag='${wl}-G'
+ if test yes = "$aix_use_runtimelinking"; then
+ shared_flag='$wl-G'
else
- shared_flag='${wl}-bM:SRE'
+ shared_flag='$wl-bM:SRE'
fi
+ shared_flag_aix='$wl-bM:SRE'
+ shared_flag_svr4='$wl-G'
fi
fi
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
# It seems that -bexpall does not export symbols beginning with
# underscore (_), so it is better to generate a list of symbols to export.
_LT_TAGVAR(always_export_symbols, $1)=yes
- if test "$aix_use_runtimelinking" = yes; then
+ if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
# Warning - without using the other runtime loading flags (-brtl),
# -berok will link without error, but may produce a broken library.
_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
# Determine the default libpath from the value encoded in an
# empty executable.
_LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
else
- if test "$host_cpu" = ia64; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ if test ia64 = "$host_cpu"; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
_LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
- _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
else
# Determine the default libpath from the value encoded in an
# empty executable.
_LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
# Warning - without using the other run time loading flags,
# -berok will link without error, but may produce a broken library.
- _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
- _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
- if test "$with_gnu_ld" = yes; then
+ _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
+ _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
+ if test yes = "$with_gnu_ld"; then
# We only use this code for GNU lds that support --whole-archive.
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
else
# Exported symbols can be pulled into shared objects from archives
_LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
fi
_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
- # This is similar to how AIX traditionally builds its shared libraries.
- _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
+ # -brtl affects multiple linker settings, -berok does not and is overridden later
+ compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
+ if test svr4 != "$with_aix_soname"; then
+ # This is similar to how AIX traditionally builds its shared libraries.
+ _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
+ fi
+ if test aix != "$with_aix_soname"; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 3 [...]
+ else
+ # used by -dlpreopen to get the symbols
+ _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
+ fi
+ _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
fi
fi
;;
@@ -5110,7 +5557,7 @@ _LT_EOF
case $host_cpu in
powerpc)
# see comment about AmigaOS4 .so support
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)=''
;;
m68k)
@@ -5140,16 +5587,17 @@ _LT_EOF
# Tell ltmain to make .lib files, not .a files.
libext=lib
# Tell ltmain to make .dll files, not .so files.
- shrext_cmds=".dll"
+ shrext_cmds=.dll
# FIXME: Setting linknames here is a bad hack.
- _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames='
- _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
- sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp;
- else
- sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
+ _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
+ cp "$export_symbols" "$output_objdir/$soname.def";
+ echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
+ else
+ $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
+ fi~
+ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+ linknames='
# The linker will not automatically build a static lib if we build a DLL.
# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
@@ -5158,18 +5606,18 @@ _LT_EOF
# Don't use ranlib
_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
_LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile="$lt_outputfile.exe"
- lt_tool_outputfile="$lt_tool_outputfile.exe"
- ;;
- esac~
- if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
+ lt_tool_outputfile="@TOOL_OUTPUT@"~
+ case $lt_outputfile in
+ *.exe|*.EXE) ;;
+ *)
+ lt_outputfile=$lt_outputfile.exe
+ lt_tool_outputfile=$lt_tool_outputfile.exe
+ ;;
+ esac~
+ if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
+ $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
+ $RM "$lt_outputfile.manifest";
+ fi'
;;
*)
# Assume MSVC wrapper
@@ -5178,7 +5626,7 @@ _LT_EOF
# Tell ltmain to make .lib files, not .a files.
libext=lib
# Tell ltmain to make .dll files, not .so files.
- shrext_cmds=".dll"
+ shrext_cmds=.dll
# FIXME: Setting linknames here is a bad hack.
_LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
# The linker will automatically build a .lib file if we build a DLL.
@@ -5228,33 +5676,33 @@ _LT_EOF
;;
hpux9*)
- if test "$GCC" = yes; then
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ if test yes = "$GCC"; then
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
else
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
fi
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
_LT_TAGVAR(hardcode_direct, $1)=yes
# hardcode_minus_L: Not really in the search PATH,
# but as the default location of the library.
_LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
;;
hpux10*)
- if test "$GCC" = yes && test "$with_gnu_ld" = no; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ if test yes,no = "$GCC,$with_gnu_ld"; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
else
_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
fi
- if test "$with_gnu_ld" = no; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ if test no = "$with_gnu_ld"; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
# hardcode_minus_L: Not really in the search PATH,
# but as the default location of the library.
_LT_TAGVAR(hardcode_minus_L, $1)=yes
@@ -5262,25 +5710,25 @@ _LT_EOF
;;
hpux11*)
- if test "$GCC" = yes && test "$with_gnu_ld" = no; then
+ if test yes,no = "$GCC,$with_gnu_ld"; then
case $host_cpu in
hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
;;
ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
;;
*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
;;
esac
else
case $host_cpu in
hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
;;
ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
;;
*)
m4_if($1, [], [
@@ -5288,14 +5736,14 @@ _LT_EOF
# (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
_LT_LINKER_OPTION([if $CC understands -b],
_LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
- [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
+ [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
[_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
- [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
+ [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
;;
esac
fi
- if test "$with_gnu_ld" = no; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ if test no = "$with_gnu_ld"; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
case $host_cpu in
@@ -5306,7 +5754,7 @@ _LT_EOF
*)
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
# hardcode_minus_L: Not really in the search PATH,
# but as the default location of the library.
@@ -5317,16 +5765,16 @@ _LT_EOF
;;
irix5* | irix6* | nonstopux*)
- if test "$GCC" = yes; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ if test yes = "$GCC"; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
# Try to use the -exported_symbol ld option, if it does not
# work, assume that -exports_file does not work either and
# implicitly export all symbols.
# This should be the same for all languages, so no per-tag cache variable.
AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
[lt_cv_irix_exported_symbol],
- [save_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+ [save_LDFLAGS=$LDFLAGS
+ LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
AC_LINK_IFELSE(
[AC_LANG_SOURCE(
[AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
@@ -5339,21 +5787,32 @@ _LT_EOF
end]])])],
[lt_cv_irix_exported_symbol=yes],
[lt_cv_irix_exported_symbol=no])
- LDFLAGS="$save_LDFLAGS"])
- if test "$lt_cv_irix_exported_symbol" = yes; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+ LDFLAGS=$save_LDFLAGS])
+ if test yes = "$lt_cv_irix_exported_symbol"; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
fi
+ _LT_TAGVAR(link_all_deplibs, $1)=no
else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
fi
_LT_TAGVAR(archive_cmds_need_lc, $1)='no'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
_LT_TAGVAR(inherit_rpath, $1)=yes
_LT_TAGVAR(link_all_deplibs, $1)=yes
;;
+ linux*)
+ case $cc_basename in
+ tcc*)
+ # Fabrice Bellard et al's Tiny C Compiler
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
@@ -5368,7 +5827,7 @@ _LT_EOF
newsos6)
_LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
_LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
;;
@@ -5376,27 +5835,19 @@ _LT_EOF
*nto* | *qnx*)
;;
- openbsd*)
+ openbsd* | bitrig*)
if test -f /usr/libexec/ld.so; then
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
else
- case $host_os in
- openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
- ;;
- esac
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
fi
else
_LT_TAGVAR(ld_shlibs, $1)=no
@@ -5407,33 +5858,53 @@ _LT_EOF
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
_LT_TAGVAR(hardcode_minus_L, $1)=yes
_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
- _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ shrext_cmds=.dll
+ _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ prefix_cmds="$SED"~
+ if test EXPORTS = "`$SED 1q $export_symbols`"; then
+ prefix_cmds="$prefix_cmds -e 1d";
+ fi~
+ prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+ cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
;;
osf3*)
- if test "$GCC" = yes; then
- _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ if test yes = "$GCC"; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
else
_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
fi
_LT_TAGVAR(archive_cmds_need_lc, $1)='no'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
;;
osf4* | osf5*) # as osf3* with the addition of -msym flag
- if test "$GCC" = yes; then
- _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ if test yes = "$GCC"; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
else
_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+ $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
# Both c and cxx compiler support -rpath directly
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
@@ -5444,24 +5915,24 @@ _LT_EOF
solaris*)
_LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
- if test "$GCC" = yes; then
- wlarc='${wl}'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ if test yes = "$GCC"; then
+ wlarc='$wl'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
else
case `$CC -V 2>&1` in
*"Compilers 5.0"*)
wlarc=''
- _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+ $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
;;
*)
- wlarc='${wl}'
- _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ wlarc='$wl'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
;;
esac
fi
@@ -5471,11 +5942,11 @@ _LT_EOF
solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
*)
# The compiler driver will combine and reorder linker options,
- # but understands `-z linker_flag'. GCC discards it without `$wl',
+ # but understands '-z linker_flag'. GCC discards it without '$wl',
# but is careful enough not to reorder.
# Supported since Solaris 2.6 (maybe 2.5.1?)
- if test "$GCC" = yes; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ if test yes = "$GCC"; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
else
_LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
fi
@@ -5485,10 +5956,10 @@ _LT_EOF
;;
sunos4*)
- if test "x$host_vendor" = xsequent; then
+ if test sequent = "$host_vendor"; then
# Use $CC to link under sequent, because it throws in some extra .o
# files that make .init and .fini sections work.
- _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
else
_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
fi
@@ -5537,43 +6008,43 @@ _LT_EOF
;;
sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
- _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
runpath_var='LD_RUN_PATH'
- if test "$GCC" = yes; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ if test yes = "$GCC"; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
else
- _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
fi
;;
sysv5* | sco3.2v5* | sco5v6*)
- # Note: We can NOT use -z defs as we might desire, because we do not
+ # Note: We CANNOT use -z defs as we might desire, because we do not
# link with -lc, and that would cause any symbols used from libc to
# always be unresolved, which means just about no library would
# ever link correctly. If we're not using GNU ld we use -z text
# though, which does catch some bad symbols but isn't as heavy-handed
# as -z defs.
- _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
- _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+ _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
+ _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
_LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
runpath_var='LD_RUN_PATH'
- if test "$GCC" = yes; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ if test yes = "$GCC"; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
else
- _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
fi
;;
@@ -5588,17 +6059,17 @@ _LT_EOF
;;
esac
- if test x$host_vendor = xsni; then
+ if test sni = "$host_vendor"; then
case $host in
sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym'
;;
esac
fi
fi
])
AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
@@ -5615,7 +6086,7 @@ x|xyes)
# Assume -lc should be added
_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
- if test "$enable_shared" = yes && test "$GCC" = yes; then
+ if test yes,yes = "$GCC,$enable_shared"; then
case $_LT_TAGVAR(archive_cmds, $1) in
*'~'*)
# FIXME: we may have to deal with multi-command sequences.
@@ -5695,12 +6166,12 @@ _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
_LT_TAGDECL([], [hardcode_libdir_separator], [1],
[Whether we need a single "-rpath" flag with a separated argument])
_LT_TAGDECL([], [hardcode_direct], [0],
- [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes
+ [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
DIR into the resulting binary])
_LT_TAGDECL([], [hardcode_direct_absolute], [0],
- [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes
+ [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
DIR into the resulting binary and the resulting library dependency is
- "absolute", i.e impossible to change by setting ${shlibpath_var} if the
+ "absolute", i.e impossible to change by setting $shlibpath_var if the
library is relocated])
_LT_TAGDECL([], [hardcode_minus_L], [0],
[Set to "yes" if using the -LDIR flag during linking hardcodes DIR
@@ -5741,10 +6212,10 @@ dnl [Compiler flag to generate thread safe objects])
# ------------------------
# Ensure that the configuration variables for a C compiler are suitably
# defined. These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to `libtool'.
+# the compiler configuration to 'libtool'.
m4_defun([_LT_LANG_C_CONFIG],
[m4_require([_LT_DECL_EGREP])dnl
-lt_save_CC="$CC"
+lt_save_CC=$CC
AC_LANG_PUSH(C)
# Source file extension for C test sources.
@@ -5784,18 +6255,18 @@ if test -n "$compiler"; then
LT_SYS_DLOPEN_SELF
_LT_CMD_STRIPLIB
- # Report which library types will actually be built
+ # Report what library types will actually be built
AC_MSG_CHECKING([if libtool supports shared libraries])
AC_MSG_RESULT([$can_build_shared])
AC_MSG_CHECKING([whether to build shared libraries])
- test "$can_build_shared" = "no" && enable_shared=no
+ test no = "$can_build_shared" && enable_shared=no
# On AIX, shared libraries and static libraries use the same namespace, and
# are all built from PIC.
case $host_os in
aix3*)
- test "$enable_shared" = yes && enable_static=no
+ test yes = "$enable_shared" && enable_static=no
if test -n "$RANLIB"; then
archive_cmds="$archive_cmds~\$RANLIB \$lib"
postinstall_cmds='$RANLIB $lib'
@@ -5803,8 +6274,12 @@ if test -n "$compiler"; then
;;
aix[[4-9]]*)
- if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
- test "$enable_shared" = yes && enable_static=no
+ if test ia64 != "$host_cpu"; then
+ case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
+ yes,aix,yes) ;; # shared object as lib.so file only
+ yes,svr4,*) ;; # shared object as lib.so archive member only
+ yes,*) enable_static=no ;; # shared object in lib.a archive as well
+ esac
fi
;;
esac
@@ -5812,13 +6287,13 @@ if test -n "$compiler"; then
AC_MSG_CHECKING([whether to build static libraries])
# Make sure either enable_shared or enable_static is yes.
- test "$enable_shared" = yes || enable_static=yes
+ test yes = "$enable_shared" || enable_static=yes
AC_MSG_RESULT([$enable_static])
_LT_CONFIG($1)
fi
AC_LANG_POP
-CC="$lt_save_CC"
+CC=$lt_save_CC
])# _LT_LANG_C_CONFIG
@@ -5826,14 +6301,14 @@ CC="$lt_save_CC"
# --------------------------
# Ensure that the configuration variables for a C++ compiler are suitably
# defined. These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to `libtool'.
+# the compiler configuration to 'libtool'.
m4_defun([_LT_LANG_CXX_CONFIG],
[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
m4_require([_LT_DECL_EGREP])dnl
m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
- ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
- (test "X$CXX" != "Xg++"))) ; then
+if test -n "$CXX" && ( test no != "$CXX" &&
+ ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
+ (test g++ != "$CXX"))); then
AC_PROG_CXXCPP
else
_lt_caught_CXX_error=yes
@@ -5875,7 +6350,7 @@ _LT_TAGVAR(objext, $1)=$objext
# the CXX compiler isn't working. Some variables (like enable_shared)
# are currently assumed to apply to all compilers on this platform,
# and will be corrupted by setting them based on a non-working compiler.
-if test "$_lt_caught_CXX_error" != yes; then
+if test yes != "$_lt_caught_CXX_error"; then
# Code to be used in simple compile tests
lt_simple_compile_test_code="int some_variable = 0;"
@@ -5917,35 +6392,35 @@ if test "$_lt_caught_CXX_error" != yes; then
if test -n "$compiler"; then
# We don't want -fno-exception when compiling C++ code, so set the
# no_builtin_flag separately
- if test "$GXX" = yes; then
+ if test yes = "$GXX"; then
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
else
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
fi
- if test "$GXX" = yes; then
+ if test yes = "$GXX"; then
# Set up default GNU C++ configuration
LT_PATH_LD
# Check if GNU C++ uses GNU ld as the underlying linker, since the
# archiving commands below assume that GNU ld is being used.
- if test "$with_gnu_ld" = yes; then
- _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ if test yes = "$with_gnu_ld"; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
# If archive_cmds runs LD, not CC, wlarc should be empty
# XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
# investigate it a little bit more. (MM)
- wlarc='${wl}'
+ wlarc='$wl'
# ancient GNU ld didn't support --whole-archive et. al.
if eval "`$CC -print-prog-name=ld` --help 2>&1" |
$GREP 'no-whole-archive' > /dev/null; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=
fi
@@ -5981,18 +6456,30 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(ld_shlibs, $1)=no
;;
aix[[4-9]]*)
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# On IA64, the linker does run time linking by default, so we don't
# have to do anything special.
aix_use_runtimelinking=no
exp_sym_flag='-Bexport'
- no_entry_flag=""
+ no_entry_flag=
else
aix_use_runtimelinking=no
# Test if we are trying to use run time linking or normal
# AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # need to do runtime linking.
+ # have runtime linking enabled, and use it for executables.
+ # For shared libraries, we enable/disable runtime linking
+ # depending on the kind of the shared library created -
+ # when "with_aix_soname,aix_use_runtimelinking" is:
+ # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
+ # "aix,yes" lib.so shared, rtl:yes, for executables
+ # lib.a static archive
+ # "both,no" lib.so.V(shr.o) shared, rtl:yes
+ # lib.a(lib.so.V) shared, rtl:no, for executables
+ # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
+ # lib.a(lib.so.V) shared, rtl:no
+ # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
+ # lib.a static archive
case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
for ld_flag in $LDFLAGS; do
case $ld_flag in
@@ -6002,6 +6489,13 @@ if test "$_lt_caught_CXX_error" != yes; then
;;
esac
done
+ if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
+ # With aix-soname=svr4, we create the lib.so.V shared archives only,
+ # so we don't have lib.a shared libs to link our executables.
+ # We have to force runtime linking in this case.
+ aix_use_runtimelinking=yes
+ LDFLAGS="$LDFLAGS -Wl,-brtl"
+ fi
;;
esac
@@ -6020,13 +6514,21 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
_LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(file_list_spec, $1)='${wl}-f,'
+ _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
+ case $with_aix_soname,$aix_use_runtimelinking in
+ aix,*) ;; # no import file
+ svr4,* | *,yes) # use import file
+ # The Import File defines what to hardcode.
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=no
+ ;;
+ esac
- if test "$GXX" = yes; then
+ if test yes = "$GXX"; then
case $host_os in aix4.[[012]]|aix4.[[012]].*)
# We only want to do this on AIX 4.2 and lower, the check
# below for broken collect2 doesn't work under 4.3+
- collect2name=`${CC} -print-prog-name=collect2`
+ collect2name=`$CC -print-prog-name=collect2`
if test -f "$collect2name" &&
strings "$collect2name" | $GREP resolve_lib_name >/dev/null
then
@@ -6044,64 +6546,84 @@ if test "$_lt_caught_CXX_error" != yes; then
fi
esac
shared_flag='-shared'
- if test "$aix_use_runtimelinking" = yes; then
- shared_flag="$shared_flag "'${wl}-G'
+ if test yes = "$aix_use_runtimelinking"; then
+ shared_flag=$shared_flag' $wl-G'
fi
+ # Need to ensure runtime linking is disabled for the traditional
+ # shared library, or the linker may eventually find shared libraries
+ # /with/ Import File - we do not want to mix them.
+ shared_flag_aix='-shared'
+ shared_flag_svr4='-shared $wl-G'
else
# not using gcc
- if test "$host_cpu" = ia64; then
+ if test ia64 = "$host_cpu"; then
# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
# chokes on -Wl,-G. The following line is correct:
shared_flag='-G'
else
- if test "$aix_use_runtimelinking" = yes; then
- shared_flag='${wl}-G'
+ if test yes = "$aix_use_runtimelinking"; then
+ shared_flag='$wl-G'
else
- shared_flag='${wl}-bM:SRE'
+ shared_flag='$wl-bM:SRE'
fi
+ shared_flag_aix='$wl-bM:SRE'
+ shared_flag_svr4='$wl-G'
fi
fi
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
# It seems that -bexpall does not export symbols beginning with
# underscore (_), so it is better to generate a list of symbols to
# export.
_LT_TAGVAR(always_export_symbols, $1)=yes
- if test "$aix_use_runtimelinking" = yes; then
+ if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
# Warning - without using the other runtime loading flags (-brtl),
# -berok will link without error, but may produce a broken library.
- _LT_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # The "-G" linker flag allows undefined symbols.
+ _LT_TAGVAR(no_undefined_flag, $1)='-bernotok'
# Determine the default libpath from the value encoded in an empty
# executable.
_LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
else
- if test "$host_cpu" = ia64; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ if test ia64 = "$host_cpu"; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
_LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
- _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
else
# Determine the default libpath from the value encoded in an
# empty executable.
_LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
# Warning - without using the other run time loading flags,
# -berok will link without error, but may produce a broken library.
- _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
- _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
- if test "$with_gnu_ld" = yes; then
+ _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
+ _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
+ if test yes = "$with_gnu_ld"; then
# We only use this code for GNU lds that support --whole-archive.
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
else
# Exported symbols can be pulled into shared objects from archives
_LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
fi
_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
- # This is similar to how AIX traditionally builds its shared
- # libraries.
- _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
+ # -brtl affects multiple linker settings, -berok does not and is overridden later
+ compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
+ if test svr4 != "$with_aix_soname"; then
+ # This is similar to how AIX traditionally builds its shared
+ # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
+ _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
+ fi
+ if test aix != "$with_aix_soname"; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# [...]
+ else
+ # used by -dlpreopen to get the symbols
+ _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
+ fi
+ _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
fi
fi
;;
@@ -6111,7 +6633,7 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
# Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
# support --undefined. This deserves some investigation. FIXME
- _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
@@ -6139,57 +6661,58 @@ if test "$_lt_caught_CXX_error" != yes; then
# Tell ltmain to make .lib files, not .a files.
libext=lib
# Tell ltmain to make .dll files, not .so files.
- shrext_cmds=".dll"
+ shrext_cmds=.dll
# FIXME: Setting linknames here is a bad hack.
- _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames='
- _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
- $SED -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp;
- else
- $SED -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
+ _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
+ cp "$export_symbols" "$output_objdir/$soname.def";
+ echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
+ else
+ $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
+ fi~
+ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+ linknames='
# The linker will not automatically build a static lib if we build a DLL.
# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
# Don't use ranlib
_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
_LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile="$lt_outputfile.exe"
- lt_tool_outputfile="$lt_tool_outputfile.exe"
- ;;
- esac~
- func_to_tool_file "$lt_outputfile"~
- if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
+ lt_tool_outputfile="@TOOL_OUTPUT@"~
+ case $lt_outputfile in
+ *.exe|*.EXE) ;;
+ *)
+ lt_outputfile=$lt_outputfile.exe
+ lt_tool_outputfile=$lt_tool_outputfile.exe
+ ;;
+ esac~
+ func_to_tool_file "$lt_outputfile"~
+ if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
+ $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
+ $RM "$lt_outputfile.manifest";
+ fi'
;;
*)
# g++
# _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
# as there is no search path for DLLs.
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
_LT_TAGVAR(always_export_symbols, $1)=no
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file (1st line
- # is EXPORTS), use it as is; otherwise, prepend...
- _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file, use it as
+ # is; otherwise, prepend EXPORTS...
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
@@ -6200,6 +6723,34 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_DARWIN_LINKER_FEATURES($1)
;;
+ os2*)
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ shrext_cmds=.dll
+ _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ prefix_cmds="$SED"~
+ if test EXPORTS = "`$SED 1q $export_symbols`"; then
+ prefix_cmds="$prefix_cmds -e 1d";
+ fi~
+ prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+ cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ ;;
+
dgux*)
case $cc_basename in
ec++*)
@@ -6235,14 +6786,14 @@ if test "$_lt_caught_CXX_error" != yes; then
;;
haiku*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
_LT_TAGVAR(link_all_deplibs, $1)=yes
;;
hpux9*)
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
# but as the default
@@ -6254,7 +6805,7 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(ld_shlibs, $1)=no
;;
aCC*)
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
@@ -6263,11 +6814,11 @@ if test "$_lt_caught_CXX_error" != yes; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
- if test "$GXX" = yes; then
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ if test yes = "$GXX"; then
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
else
# FIXME: insert proper C++ library support
_LT_TAGVAR(ld_shlibs, $1)=no
@@ -6277,15 +6828,15 @@ if test "$_lt_caught_CXX_error" != yes; then
;;
hpux10*|hpux11*)
- if test $with_gnu_ld = no; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ if test no = "$with_gnu_ld"; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
case $host_cpu in
hppa*64*|ia64*)
;;
*)
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
;;
esac
fi
@@ -6311,13 +6862,13 @@ if test "$_lt_caught_CXX_error" != yes; then
aCC*)
case $host_cpu in
hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
;;
ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
;;
*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
;;
esac
# Commands to make compiler produce verbose output that lists
@@ -6328,20 +6879,20 @@ if test "$_lt_caught_CXX_error" != yes; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
- if test "$GXX" = yes; then
- if test $with_gnu_ld = no; then
+ if test yes = "$GXX"; then
+ if test no = "$with_gnu_ld"; then
case $host_cpu in
hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
;;
ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
;;
*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
;;
esac
fi
@@ -6356,22 +6907,22 @@ if test "$_lt_caught_CXX_error" != yes; then
interix[[3-9]]*)
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
# Instead, shared libraries are loaded at an image base (0x10000000 by
# default) and relocated if they conflict, which is a slow very memory
# consuming and fragmenting process. To avoid this, we pick a random,
# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
# time. Moving up from 0x10000000 also allows more sbrk(2) space.
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
;;
irix5* | irix6*)
case $cc_basename in
CC*)
# SGI C++
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
# Archives containing C++ object files must be created using
# "CC -ar", where "CC" is the IRIX C++ compiler. This is
@@ -6380,17 +6931,17 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
;;
*)
- if test "$GXX" = yes; then
- if test "$with_gnu_ld" = no; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ if test yes = "$GXX"; then
+ if test no = "$with_gnu_ld"; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
fi
fi
_LT_TAGVAR(link_all_deplibs, $1)=yes
;;
esac
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
_LT_TAGVAR(inherit_rpath, $1)=yes
;;
@@ -6403,8 +6954,8 @@ if test "$_lt_caught_CXX_error" != yes; then
# KCC will only create a shared library if the output file
# ends with ".so" (or ".sl" for HP-UX), so rename the library
# to its proper name (with version) after linking.
- _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+ _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
@@ -6413,10 +6964,10 @@ if test "$_lt_caught_CXX_error" != yes; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
# Archives containing C++ object files must be created using
# "CC -Bstatic", where "CC" is the KAI C++ compiler.
@@ -6430,59 +6981,59 @@ if test "$_lt_caught_CXX_error" != yes; then
# earlier do not add the objects themselves.
case `$CC -V 2>&1` in
*"Version 7."*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
;;
*) # Version 8.0 or newer
tmp_idyn=
case $host_cpu in
ia64*) tmp_idyn=' -i_dynamic';;
esac
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
;;
esac
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
;;
pgCC* | pgcpp*)
# Portland Group C++ compiler
case `$CC -V` in
*pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
_LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
- compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
_LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
- $RANLIB $oldlib'
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
+ $RANLIB $oldlib'
_LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
;;
*) # Version 6 and above use weak symbols
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
;;
esac
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
;;
cxx*)
# Compaq C++
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib $wl-retain-symbols-file $wl$export_symbols'
runpath_var=LD_RUN_PATH
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
@@ -6496,18 +7047,18 @@ if test "$_lt_caught_CXX_error" != yes; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
;;
xl* | mpixl* | bgxl*)
# IBM XL 8.0 on PPC, with GNU ld
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
- _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
- if test "x$supports_anon_versioning" = xyes; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ if test yes = "$supports_anon_versioning"; then
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
fi
;;
*)
@@ -6515,10 +7066,10 @@ if test "$_lt_caught_CXX_error" != yes; then
*Sun\ C*)
# Sun C++ 5.9
_LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
- _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
_LT_TAGVAR(compiler_needs_object, $1)=yes
# Not sure whether something based on
@@ -6576,22 +7127,17 @@ if test "$_lt_caught_CXX_error" != yes; then
_LT_TAGVAR(ld_shlibs, $1)=yes
;;
- openbsd2*)
- # C++ shared libraries are fairly broken
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
- openbsd*)
+ openbsd* | bitrig*)
if test -f /usr/libexec/ld.so; then
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
- _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
fi
output_verbose_link_cmd=func_echo_all
else
@@ -6607,9 +7153,9 @@ if test "$_lt_caught_CXX_error" != yes; then
# KCC will only create a shared library if the output file
# ends with ".so" (or ".sl" for HP-UX), so rename the library
# to its proper name (with version) after linking.
- _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
# Archives containing C++ object files must be created using
@@ -6627,17 +7173,17 @@ if test "$_lt_caught_CXX_error" != yes; then
cxx*)
case $host in
osf3*)
- _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && func_echo_all "${wl}-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
;;
*)
_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
- echo "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~
- $RM $lib.exp'
+ echo "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
+ $RM $lib.exp'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
;;
esac
@@ -6652,21 +7198,21 @@ if test "$_lt_caught_CXX_error" != yes; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
- if test "$GXX" = yes && test "$with_gnu_ld" = no; then
- _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ if test yes,no = "$GXX,$with_gnu_ld"; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
case $host in
osf3*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
;;
*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
;;
esac
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
# Commands to make compiler produce verbose output that lists
@@ -6712,9 +7258,9 @@ if test "$_lt_caught_CXX_error" != yes; then
# Sun C++ 4.2, 5.x and Centerline C++
_LT_TAGVAR(archive_cmds_need_lc,$1)=yes
_LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
- _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+ $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
@@ -6722,7 +7268,7 @@ if test "$_lt_caught_CXX_error" != yes; then
solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
*)
# The compiler driver will combine and reorder linker options,
- # but understands `-z linker_flag'.
+ # but understands '-z linker_flag'.
# Supported since Solaris 2.6 (maybe 2.5.1?)
_LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
;;
@@ -6739,30 +7285,30 @@ if test "$_lt_caught_CXX_error" != yes; then
;;
gcx*)
# Green Hills C++ Compiler
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
# The C++ compiler must be used to create the archive.
_LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
;;
*)
# GNU C++ compiler with Solaris linker
- if test "$GXX" = yes && test "$with_gnu_ld" = no; then
- _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs'
+ if test yes,no = "$GXX,$with_gnu_ld"; then
+ _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs'
if $CC --version | $GREP -v '^2\.7' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+ $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
else
- # g++ 2.7 appears to require `-G' NOT `-shared' on this
+ # g++ 2.7 appears to require '-G' NOT '-shared' on this
# platform.
- _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+ $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
@@ -6770,11 +7316,11 @@ if test "$_lt_caught_CXX_error" != yes; then
output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
fi
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
case $host_os in
solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
*)
- _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
;;
esac
fi
@@ -6783,52 +7329,52 @@ if test "$_lt_caught_CXX_error" != yes; then
;;
sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
- _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
runpath_var='LD_RUN_PATH'
case $cc_basename in
CC*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
;;
*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
;;
esac
;;
sysv5* | sco3.2v5* | sco5v6*)
- # Note: We can NOT use -z defs as we might desire, because we do not
+ # Note: We CANNOT use -z defs as we might desire, because we do not
# link with -lc, and that would cause any symbols used from libc to
# always be unresolved, which means just about no library would
# ever link correctly. If we're not using GNU ld we use -z text
# though, which does catch some bad symbols but isn't as heavy-handed
# as -z defs.
- _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
- _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+ _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
+ _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
_LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
runpath_var='LD_RUN_PATH'
case $cc_basename in
CC*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
_LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
- '"$_LT_TAGVAR(old_archive_cmds, $1)"
+ '"$_LT_TAGVAR(old_archive_cmds, $1)"
_LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
- '"$_LT_TAGVAR(reload_cmds, $1)"
+ '"$_LT_TAGVAR(reload_cmds, $1)"
;;
*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
;;
esac
;;
@@ -6859,10 +7405,10 @@ if test "$_lt_caught_CXX_error" != yes; then
esac
AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
- test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+ test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
- _LT_TAGVAR(GCC, $1)="$GXX"
- _LT_TAGVAR(LD, $1)="$LD"
+ _LT_TAGVAR(GCC, $1)=$GXX
+ _LT_TAGVAR(LD, $1)=$LD
## CAVEAT EMPTOR:
## There is no encapsulation within the following macros, do not change
@@ -6889,7 +7435,7 @@ if test "$_lt_caught_CXX_error" != yes; then
lt_cv_path_LD=$lt_save_path_LD
lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-fi # test "$_lt_caught_CXX_error" != yes
+fi # test yes != "$_lt_caught_CXX_error"
AC_LANG_POP
])# _LT_LANG_CXX_CONFIG
@@ -6911,13 +7457,14 @@ AC_REQUIRE([_LT_DECL_SED])
AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
func_stripname_cnf ()
{
- case ${2} in
- .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;;
- *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;;
+ case @S|@2 in
+ .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;;
+ *) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;;
esac
} # func_stripname_cnf
])# _LT_FUNC_STRIPNAME_CNF
+
# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
# ---------------------------------
# Figure out "hidden" library dependencies from verbose
@@ -7001,13 +7548,13 @@ if AC_TRY_EVAL(ac_compile); then
pre_test_object_deps_done=no
for p in `eval "$output_verbose_link_cmd"`; do
- case ${prev}${p} in
+ case $prev$p in
-L* | -R* | -l*)
# Some compilers place space between "-{L,R}" and the path.
# Remove the space.
- if test $p = "-L" ||
- test $p = "-R"; then
+ if test x-L = "$p" ||
+ test x-R = "$p"; then
prev=$p
continue
fi
@@ -7023,16 +7570,16 @@ if AC_TRY_EVAL(ac_compile); then
case $p in
=*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
esac
- if test "$pre_test_object_deps_done" = no; then
- case ${prev} in
+ if test no = "$pre_test_object_deps_done"; then
+ case $prev in
-L | -R)
# Internal compiler library paths should come after those
# provided the user. The postdeps already come after the
# user supplied libs so there is no need to process them.
if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
- _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}"
+ _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p
else
- _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}"
+ _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p"
fi
;;
# The "-l" case would never come before the object being
@@ -7040,9 +7587,9 @@ if AC_TRY_EVAL(ac_compile); then
esac
else
if test -z "$_LT_TAGVAR(postdeps, $1)"; then
- _LT_TAGVAR(postdeps, $1)="${prev}${p}"
+ _LT_TAGVAR(postdeps, $1)=$prev$p
else
- _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}"
+ _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p"
fi
fi
prev=
@@ -7057,15 +7604,15 @@ if AC_TRY_EVAL(ac_compile); then
continue
fi
- if test "$pre_test_object_deps_done" = no; then
+ if test no = "$pre_test_object_deps_done"; then
if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
- _LT_TAGVAR(predep_objects, $1)="$p"
+ _LT_TAGVAR(predep_objects, $1)=$p
else
_LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
fi
else
if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
- _LT_TAGVAR(postdep_objects, $1)="$p"
+ _LT_TAGVAR(postdep_objects, $1)=$p
else
_LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
fi
@@ -7096,51 +7643,6 @@ interix[[3-9]]*)
_LT_TAGVAR(postdep_objects,$1)=
_LT_TAGVAR(postdeps,$1)=
;;
-
-linux*)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*)
- # Sun C++ 5.9
-
- # The more standards-conforming stlport4 library is
- # incompatible with the Cstd library. Avoid specifying
- # it if it's in CXXFLAGS. Ignore libCrun as
- # -library=stlport4 depends on it.
- case " $CXX $CXXFLAGS " in
- *" -library=stlport4 "*)
- solaris_use_stlport4=yes
- ;;
- esac
-
- if test "$solaris_use_stlport4" != yes; then
- _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
- fi
- ;;
- esac
- ;;
-
-solaris*)
- case $cc_basename in
- CC* | sunCC*)
- # The more standards-conforming stlport4 library is
- # incompatible with the Cstd library. Avoid specifying
- # it if it's in CXXFLAGS. Ignore libCrun as
- # -library=stlport4 depends on it.
- case " $CXX $CXXFLAGS " in
- *" -library=stlport4 "*)
- solaris_use_stlport4=yes
- ;;
- esac
-
- # Adding this requires a known-good setup of shared libraries for
- # Sun compiler versions before 5.6, else PIC objects from an old
- # archive will be linked into the output, leading to subtle bugs.
- if test "$solaris_use_stlport4" != yes; then
- _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
- fi
- ;;
- esac
- ;;
esac
])
@@ -7149,7 +7651,7 @@ case " $_LT_TAGVAR(postdeps, $1) " in
esac
_LT_TAGVAR(compiler_lib_search_dirs, $1)=
if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'`
+ _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'`
fi
_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
[The directories searched by this compiler when creating a shared library])
@@ -7169,10 +7671,10 @@ _LT_TAGDECL([], [compiler_lib_search_path], [1],
# --------------------------
# Ensure that the configuration variables for a Fortran 77 compiler are
# suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to `libtool'.
+# to write the compiler configuration to 'libtool'.
m4_defun([_LT_LANG_F77_CONFIG],
[AC_LANG_PUSH(Fortran 77)
-if test -z "$F77" || test "X$F77" = "Xno"; then
+if test -z "$F77" || test no = "$F77"; then
_lt_disable_F77=yes
fi
@@ -7209,7 +7711,7 @@ _LT_TAGVAR(objext, $1)=$objext
# the F77 compiler isn't working. Some variables (like enable_shared)
# are currently assumed to apply to all compilers on this platform,
# and will be corrupted by setting them based on a non-working compiler.
-if test "$_lt_disable_F77" != yes; then
+if test yes != "$_lt_disable_F77"; then
# Code to be used in simple compile tests
lt_simple_compile_test_code="\
subroutine t
@@ -7231,7 +7733,7 @@ if test "$_lt_disable_F77" != yes; then
_LT_LINKER_BOILERPLATE
# Allow CC to be a program name with arguments.
- lt_save_CC="$CC"
+ lt_save_CC=$CC
lt_save_GCC=$GCC
lt_save_CFLAGS=$CFLAGS
CC=${F77-"f77"}
@@ -7245,21 +7747,25 @@ if test "$_lt_disable_F77" != yes; then
AC_MSG_RESULT([$can_build_shared])
AC_MSG_CHECKING([whether to build shared libraries])
- test "$can_build_shared" = "no" && enable_shared=no
+ test no = "$can_build_shared" && enable_shared=no
# On AIX, shared libraries and static libraries use the same namespace, and
# are all built from PIC.
case $host_os in
aix3*)
- test "$enable_shared" = yes && enable_static=no
+ test yes = "$enable_shared" && enable_static=no
if test -n "$RANLIB"; then
archive_cmds="$archive_cmds~\$RANLIB \$lib"
postinstall_cmds='$RANLIB $lib'
fi
;;
aix[[4-9]]*)
- if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
- test "$enable_shared" = yes && enable_static=no
+ if test ia64 != "$host_cpu"; then
+ case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
+ yes,aix,yes) ;; # shared object as lib.so file only
+ yes,svr4,*) ;; # shared object as lib.so archive member only
+ yes,*) enable_static=no ;; # shared object in lib.a archive as well
+ esac
fi
;;
esac
@@ -7267,11 +7773,11 @@ if test "$_lt_disable_F77" != yes; then
AC_MSG_CHECKING([whether to build static libraries])
# Make sure either enable_shared or enable_static is yes.
- test "$enable_shared" = yes || enable_static=yes
+ test yes = "$enable_shared" || enable_static=yes
AC_MSG_RESULT([$enable_static])
- _LT_TAGVAR(GCC, $1)="$G77"
- _LT_TAGVAR(LD, $1)="$LD"
+ _LT_TAGVAR(GCC, $1)=$G77
+ _LT_TAGVAR(LD, $1)=$LD
## CAVEAT EMPTOR:
## There is no encapsulation within the following macros, do not change
@@ -7288,9 +7794,9 @@ if test "$_lt_disable_F77" != yes; then
fi # test -n "$compiler"
GCC=$lt_save_GCC
- CC="$lt_save_CC"
- CFLAGS="$lt_save_CFLAGS"
-fi # test "$_lt_disable_F77" != yes
+ CC=$lt_save_CC
+ CFLAGS=$lt_save_CFLAGS
+fi # test yes != "$_lt_disable_F77"
AC_LANG_POP
])# _LT_LANG_F77_CONFIG
@@ -7300,11 +7806,11 @@ AC_LANG_POP
# -------------------------
# Ensure that the configuration variables for a Fortran compiler are
# suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to `libtool'.
+# to write the compiler configuration to 'libtool'.
m4_defun([_LT_LANG_FC_CONFIG],
[AC_LANG_PUSH(Fortran)
-if test -z "$FC" || test "X$FC" = "Xno"; then
+if test -z "$FC" || test no = "$FC"; then
_lt_disable_FC=yes
fi
@@ -7341,7 +7847,7 @@ _LT_TAGVAR(objext, $1)=$objext
# the FC compiler isn't working. Some variables (like enable_shared)
# are currently assumed to apply to all compilers on this platform,
# and will be corrupted by setting them based on a non-working compiler.
-if test "$_lt_disable_FC" != yes; then
+if test yes != "$_lt_disable_FC"; then
# Code to be used in simple compile tests
lt_simple_compile_test_code="\
subroutine t
@@ -7363,7 +7869,7 @@ if test "$_lt_disable_FC" != yes; then
_LT_LINKER_BOILERPLATE
# Allow CC to be a program name with arguments.
- lt_save_CC="$CC"
+ lt_save_CC=$CC
lt_save_GCC=$GCC
lt_save_CFLAGS=$CFLAGS
CC=${FC-"f95"}
@@ -7379,21 +7885,25 @@ if test "$_lt_disable_FC" != yes; then
AC_MSG_RESULT([$can_build_shared])
AC_MSG_CHECKING([whether to build shared libraries])
- test "$can_build_shared" = "no" && enable_shared=no
+ test no = "$can_build_shared" && enable_shared=no
# On AIX, shared libraries and static libraries use the same namespace, and
# are all built from PIC.
case $host_os in
aix3*)
- test "$enable_shared" = yes && enable_static=no
+ test yes = "$enable_shared" && enable_static=no
if test -n "$RANLIB"; then
archive_cmds="$archive_cmds~\$RANLIB \$lib"
postinstall_cmds='$RANLIB $lib'
fi
;;
aix[[4-9]]*)
- if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
- test "$enable_shared" = yes && enable_static=no
+ if test ia64 != "$host_cpu"; then
+ case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
+ yes,aix,yes) ;; # shared object as lib.so file only
+ yes,svr4,*) ;; # shared object as lib.so archive member only
+ yes,*) enable_static=no ;; # shared object in lib.a archive as well
+ esac
fi
;;
esac
@@ -7401,11 +7911,11 @@ if test "$_lt_disable_FC" != yes; then
AC_MSG_CHECKING([whether to build static libraries])
# Make sure either enable_shared or enable_static is yes.
- test "$enable_shared" = yes || enable_static=yes
+ test yes = "$enable_shared" || enable_static=yes
AC_MSG_RESULT([$enable_static])
- _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu"
- _LT_TAGVAR(LD, $1)="$LD"
+ _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu
+ _LT_TAGVAR(LD, $1)=$LD
## CAVEAT EMPTOR:
## There is no encapsulation within the following macros, do not change
@@ -7425,7 +7935,7 @@ if test "$_lt_disable_FC" != yes; then
GCC=$lt_save_GCC
CC=$lt_save_CC
CFLAGS=$lt_save_CFLAGS
-fi # test "$_lt_disable_FC" != yes
+fi # test yes != "$_lt_disable_FC"
AC_LANG_POP
])# _LT_LANG_FC_CONFIG
@@ -7435,7 +7945,7 @@ AC_LANG_POP
# --------------------------
# Ensure that the configuration variables for the GNU Java Compiler compiler
# are suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to `libtool'.
+# to write the compiler configuration to 'libtool'.
m4_defun([_LT_LANG_GCJ_CONFIG],
[AC_REQUIRE([LT_PROG_GCJ])dnl
AC_LANG_SAVE
@@ -7469,7 +7979,7 @@ CC=${GCJ-"gcj"}
CFLAGS=$GCJFLAGS
compiler=$CC
_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)="$LD"
+_LT_TAGVAR(LD, $1)=$LD
_LT_CC_BASENAME([$compiler])
# GCJ did not exist at the time GCC didn't implicitly link libc in.
@@ -7506,7 +8016,7 @@ CFLAGS=$lt_save_CFLAGS
# --------------------------
# Ensure that the configuration variables for the GNU Go compiler
# are suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to `libtool'.
+# to write the compiler configuration to 'libtool'.
m4_defun([_LT_LANG_GO_CONFIG],
[AC_REQUIRE([LT_PROG_GO])dnl
AC_LANG_SAVE
@@ -7540,7 +8050,7 @@ CC=${GOC-"gccgo"}
CFLAGS=$GOFLAGS
compiler=$CC
_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)="$LD"
+_LT_TAGVAR(LD, $1)=$LD
_LT_CC_BASENAME([$compiler])
# Go did not exist at the time GCC didn't implicitly link libc in.
@@ -7577,7 +8087,7 @@ CFLAGS=$lt_save_CFLAGS
# -------------------------
# Ensure that the configuration variables for the Windows resource compiler
# are suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to `libtool'.
+# to write the compiler configuration to 'libtool'.
m4_defun([_LT_LANG_RC_CONFIG],
[AC_REQUIRE([LT_PROG_RC])dnl
AC_LANG_SAVE
@@ -7593,7 +8103,7 @@ _LT_TAGVAR(objext, $1)=$objext
lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
# Code to be used in simple link tests
-lt_simple_link_test_code="$lt_simple_compile_test_code"
+lt_simple_link_test_code=$lt_simple_compile_test_code
# ltmain only uses $CC for tagged configurations so make sure $CC is set.
_LT_TAG_COMPILER
@@ -7603,7 +8113,7 @@ _LT_COMPILER_BOILERPLATE
_LT_LINKER_BOILERPLATE
# Allow CC to be a program name with arguments.
-lt_save_CC="$CC"
+lt_save_CC=$CC
lt_save_CFLAGS=$CFLAGS
lt_save_GCC=$GCC
GCC=
@@ -7632,7 +8142,7 @@ AC_DEFUN([LT_PROG_GCJ],
[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
[m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
[AC_CHECK_TOOL(GCJ, gcj,)
- test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2"
+ test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
AC_SUBST(GCJFLAGS)])])[]dnl
])
@@ -7743,7 +8253,7 @@ lt_ac_count=0
# Add /usr/xpg4/bin/sed as it is typically found on Solaris
# along with /bin/sed that truncates output.
for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
- test ! -f $lt_ac_sed && continue
+ test ! -f "$lt_ac_sed" && continue
cat /dev/null > conftest.in
lt_ac_count=0
echo $ECHO_N "0123456789$ECHO_C" >conftest.in
@@ -7760,9 +8270,9 @@ for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
$lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
cmp -s conftest.out conftest.nl || break
# 10000 chars as input seems more than enough
- test $lt_ac_count -gt 10 && break
+ test 10 -lt "$lt_ac_count" && break
lt_ac_count=`expr $lt_ac_count + 1`
- if test $lt_ac_count -gt $lt_ac_max; then
+ if test "$lt_ac_count" -gt "$lt_ac_max"; then
lt_ac_max=$lt_ac_count
lt_cv_path_SED=$lt_ac_sed
fi
@@ -7786,27 +8296,7 @@ dnl AC_DEFUN([LT_AC_PROG_SED], [])
# Find out whether the shell is Bourne or XSI compatible,
# or has some other useful features.
m4_defun([_LT_CHECK_SHELL_FEATURES],
-[AC_MSG_CHECKING([whether the shell understands some XSI constructs])
-# Try some XSI features
-xsi_shell=no
-( _lt_dummy="a/b/c"
- test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \
- = c,a/b,b/c, \
- && eval 'test $(( 1 + 1 )) -eq 2 \
- && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
- && xsi_shell=yes
-AC_MSG_RESULT([$xsi_shell])
-_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell'])
-
-AC_MSG_CHECKING([whether the shell understands "+="])
-lt_shell_append=no
-( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \
- >/dev/null 2>&1 \
- && lt_shell_append=yes
-AC_MSG_RESULT([$lt_shell_append])
-_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append'])
-
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
lt_unset=unset
else
lt_unset=false
@@ -7830,102 +8320,9 @@ _LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
])# _LT_CHECK_SHELL_FEATURES
-# _LT_PROG_FUNCTION_REPLACE (FUNCNAME, REPLACEMENT-BODY)
-# ------------------------------------------------------
-# In `$cfgfile', look for function FUNCNAME delimited by `^FUNCNAME ()$' and
-# '^} FUNCNAME ', and replace its body with REPLACEMENT-BODY.
-m4_defun([_LT_PROG_FUNCTION_REPLACE],
-[dnl {
-sed -e '/^$1 ()$/,/^} # $1 /c\
-$1 ()\
-{\
-m4_bpatsubsts([$2], [$], [\\], [^\([ ]\)], [\\\1])
-} # Extended-shell $1 implementation' "$cfgfile" > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
-test 0 -eq $? || _lt_function_replace_fail=:
-])
-
-
-# _LT_PROG_REPLACE_SHELLFNS
-# -------------------------
-# Replace existing portable implementations of several shell functions with
-# equivalent extended shell implementations where those features are available..
-m4_defun([_LT_PROG_REPLACE_SHELLFNS],
-[if test x"$xsi_shell" = xyes; then
- _LT_PROG_FUNCTION_REPLACE([func_dirname], [dnl
- case ${1} in
- */*) func_dirname_result="${1%/*}${2}" ;;
- * ) func_dirname_result="${3}" ;;
- esac])
-
- _LT_PROG_FUNCTION_REPLACE([func_basename], [dnl
- func_basename_result="${1##*/}"])
-
- _LT_PROG_FUNCTION_REPLACE([func_dirname_and_basename], [dnl
- case ${1} in
- */*) func_dirname_result="${1%/*}${2}" ;;
- * ) func_dirname_result="${3}" ;;
- esac
- func_basename_result="${1##*/}"])
-
- _LT_PROG_FUNCTION_REPLACE([func_stripname], [dnl
- # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
- # positional parameters, so assign one to ordinary parameter first.
- func_stripname_result=${3}
- func_stripname_result=${func_stripname_result#"${1}"}
- func_stripname_result=${func_stripname_result%"${2}"}])
-
- _LT_PROG_FUNCTION_REPLACE([func_split_long_opt], [dnl
- func_split_long_opt_name=${1%%=*}
- func_split_long_opt_arg=${1#*=}])
-
- _LT_PROG_FUNCTION_REPLACE([func_split_short_opt], [dnl
- func_split_short_opt_arg=${1#??}
- func_split_short_opt_name=${1%"$func_split_short_opt_arg"}])
-
- _LT_PROG_FUNCTION_REPLACE([func_lo2o], [dnl
- case ${1} in
- *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
- *) func_lo2o_result=${1} ;;
- esac])
-
- _LT_PROG_FUNCTION_REPLACE([func_xform], [ func_xform_result=${1%.*}.lo])
-
- _LT_PROG_FUNCTION_REPLACE([func_arith], [ func_arith_result=$(( $[*] ))])
-
- _LT_PROG_FUNCTION_REPLACE([func_len], [ func_len_result=${#1}])
-fi
-
-if test x"$lt_shell_append" = xyes; then
- _LT_PROG_FUNCTION_REPLACE([func_append], [ eval "${1}+=\\${2}"])
-
- _LT_PROG_FUNCTION_REPLACE([func_append_quoted], [dnl
- func_quote_for_eval "${2}"
-dnl m4 expansion turns \\\\ into \\, and then the shell eval turns that into \
- eval "${1}+=\\\\ \\$func_quote_for_eval_result"])
-
- # Save a `func_append' function call where possible by direct use of '+='
- sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
- test 0 -eq $? || _lt_function_replace_fail=:
-else
- # Save a `func_append' function call even when '+=' is not available
- sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \
- && mv -f "$cfgfile.tmp" "$cfgfile" \
- || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp")
- test 0 -eq $? || _lt_function_replace_fail=:
-fi
-
-if test x"$_lt_function_replace_fail" = x":"; then
- AC_MSG_WARN([Unable to substitute extended shell functions in $ofile])
-fi
-])
-
# _LT_PATH_CONVERSION_FUNCTIONS
# -----------------------------
-# Determine which file name conversion functions should be used by
+# Determine what file name conversion functions should be used by
# func_to_host_file (and, implicitly, by func_to_host_path). These are needed
# for certain cross-compile configurations and native mingw.
m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
diff --git a/m4/config/ltoptions.m4 b/m4/config/ltoptions.m4
index 5d9acd8..94b0829 100644
--- a/m4/config/ltoptions.m4
+++ b/m4/config/ltoptions.m4
@@ -1,14 +1,14 @@
# Helper functions for option handling. -*- Autoconf -*-
#
-# Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
+# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
+# Foundation, Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
-# serial 7 ltoptions.m4
+# serial 8 ltoptions.m4
# This is to help aclocal find these macros, as it can't see m4_define.
AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
@@ -29,7 +29,7 @@ m4_define([_LT_SET_OPTION],
[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
_LT_MANGLE_DEFUN([$1], [$2]),
- [m4_warning([Unknown $1 option `$2'])])[]dnl
+ [m4_warning([Unknown $1 option '$2'])])[]dnl
])
@@ -75,13 +75,15 @@ m4_if([$1],[LT_INIT],[
dnl
dnl If no reference was made to various pairs of opposing options, then
dnl we run the default mode handler for the pair. For example, if neither
- dnl `shared' nor `disable-shared' was passed, we enable building of shared
+ dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
dnl archives by default:
_LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
_LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
_LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
_LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
- [_LT_ENABLE_FAST_INSTALL])
+ [_LT_ENABLE_FAST_INSTALL])
+ _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
+ [_LT_WITH_AIX_SONAME([aix])])
])
])# _LT_SET_OPTIONS
@@ -112,7 +114,7 @@ AU_DEFUN([AC_LIBTOOL_DLOPEN],
[_LT_SET_OPTION([LT_INIT], [dlopen])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the `dlopen' option into LT_INIT's first parameter.])
+put the 'dlopen' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@@ -148,7 +150,7 @@ AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
_LT_SET_OPTION([LT_INIT], [win32-dll])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the `win32-dll' option into LT_INIT's first parameter.])
+put the 'win32-dll' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@@ -157,9 +159,9 @@ dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
# _LT_ENABLE_SHARED([DEFAULT])
# ----------------------------
-# implement the --enable-shared flag, and supports the `shared' and
-# `disable-shared' LT_INIT options.
-# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+# implement the --enable-shared flag, and supports the 'shared' and
+# 'disable-shared' LT_INIT options.
+# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_SHARED],
[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([shared],
@@ -172,14 +174,14 @@ AC_ARG_ENABLE([shared],
*)
enable_shared=no
# Look at the argument we got. We use all the common list separators.
- lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_shared=yes
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
;;
esac],
[enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
@@ -211,9 +213,9 @@ dnl AC_DEFUN([AM_DISABLE_SHARED], [])
# _LT_ENABLE_STATIC([DEFAULT])
# ----------------------------
-# implement the --enable-static flag, and support the `static' and
-# `disable-static' LT_INIT options.
-# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+# implement the --enable-static flag, and support the 'static' and
+# 'disable-static' LT_INIT options.
+# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_STATIC],
[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([static],
@@ -226,14 +228,14 @@ AC_ARG_ENABLE([static],
*)
enable_static=no
# Look at the argument we got. We use all the common list separators.
- lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_static=yes
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
;;
esac],
[enable_static=]_LT_ENABLE_STATIC_DEFAULT)
@@ -265,9 +267,9 @@ dnl AC_DEFUN([AM_DISABLE_STATIC], [])
# _LT_ENABLE_FAST_INSTALL([DEFAULT])
# ----------------------------------
-# implement the --enable-fast-install flag, and support the `fast-install'
-# and `disable-fast-install' LT_INIT options.
-# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+# implement the --enable-fast-install flag, and support the 'fast-install'
+# and 'disable-fast-install' LT_INIT options.
+# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_FAST_INSTALL],
[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([fast-install],
@@ -280,14 +282,14 @@ AC_ARG_ENABLE([fast-install],
*)
enable_fast_install=no
# Look at the argument we got. We use all the common list separators.
- lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_fast_install=yes
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
;;
esac],
[enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
@@ -304,14 +306,14 @@ AU_DEFUN([AC_ENABLE_FAST_INSTALL],
[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the `fast-install' option into LT_INIT's first parameter.])
+the 'fast-install' option into LT_INIT's first parameter.])
])
AU_DEFUN([AC_DISABLE_FAST_INSTALL],
[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the `disable-fast-install' option into LT_INIT's first parameter.])
+the 'disable-fast-install' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@@ -319,11 +321,64 @@ dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
+# _LT_WITH_AIX_SONAME([DEFAULT])
+# ----------------------------------
+# implement the --with-aix-soname flag, and support the `aix-soname=aix'
+# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
+# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'.
+m4_define([_LT_WITH_AIX_SONAME],
+[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
+shared_archive_member_spec=
+case $host,$enable_shared in
+power*-*-aix[[5-9]]*,yes)
+ AC_MSG_CHECKING([which variant of shared library versioning to provide])
+ AC_ARG_WITH([aix-soname],
+ [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
+ [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
+ [case $withval in
+ aix|svr4|both)
+ ;;
+ *)
+ AC_MSG_ERROR([Unknown argument to --with-aix-soname])
+ ;;
+ esac
+ lt_cv_with_aix_soname=$with_aix_soname],
+ [AC_CACHE_VAL([lt_cv_with_aix_soname],
+ [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
+ with_aix_soname=$lt_cv_with_aix_soname])
+ AC_MSG_RESULT([$with_aix_soname])
+ if test aix != "$with_aix_soname"; then
+ # For the AIX way of multilib, we name the shared archive member
+ # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
+ # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
+ # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
+ # the AIX toolchain works better with OBJECT_MODE set (default 32).
+ if test 64 = "${OBJECT_MODE-32}"; then
+ shared_archive_member_spec=shr_64
+ else
+ shared_archive_member_spec=shr
+ fi
+ fi
+ ;;
+*)
+ with_aix_soname=aix
+ ;;
+esac
+
+_LT_DECL([], [shared_archive_member_spec], [0],
+ [Shared archive member basename, for filename based shared library versioning on AIX])dnl
+])# _LT_WITH_AIX_SONAME
+
+LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
+LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
+LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
+
+
# _LT_WITH_PIC([MODE])
# --------------------
-# implement the --with-pic flag, and support the `pic-only' and `no-pic'
+# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
# LT_INIT options.
-# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
+# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'.
m4_define([_LT_WITH_PIC],
[AC_ARG_WITH([pic],
[AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
@@ -334,19 +389,17 @@ m4_define([_LT_WITH_PIC],
*)
pic_mode=default
# Look at the argument we got. We use all the common list separators.
- lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for lt_pkg in $withval; do
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
if test "X$lt_pkg" = "X$lt_p"; then
pic_mode=yes
fi
done
- IFS="$lt_save_ifs"
+ IFS=$lt_save_ifs
;;
esac],
- [pic_mode=default])
-
-test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
+ [pic_mode=m4_default([$1], [default])])
_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
])# _LT_WITH_PIC
@@ -359,7 +412,7 @@ AU_DEFUN([AC_LIBTOOL_PICMODE],
[_LT_SET_OPTION([LT_INIT], [pic-only])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the `pic-only' option into LT_INIT's first parameter.])
+put the 'pic-only' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
diff --git a/m4/config/ltsugar.m4 b/m4/config/ltsugar.m4
index 9000a05..48bc934 100644
--- a/m4/config/ltsugar.m4
+++ b/m4/config/ltsugar.m4
@@ -1,6 +1,7 @@
# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
#
-# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
+# Foundation, Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
@@ -33,7 +34,7 @@ m4_define([_lt_join],
# ------------
# Manipulate m4 lists.
# These macros are necessary as long as will still need to support
-# Autoconf-2.59 which quotes differently.
+# Autoconf-2.59, which quotes differently.
m4_define([lt_car], [[$1]])
m4_define([lt_cdr],
[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
@@ -44,7 +45,7 @@ m4_define([lt_unquote], $1)
# lt_append(MACRO-NAME, STRING, [SEPARATOR])
# ------------------------------------------
-# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'.
+# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
# Note that neither SEPARATOR nor STRING are expanded; they are appended
# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
# No SEPARATOR is output if MACRO-NAME was previously undefined (different
diff --git a/m4/config/ltversion.m4 b/m4/config/ltversion.m4
index 07a8602..fa04b52 100644
--- a/m4/config/ltversion.m4
+++ b/m4/config/ltversion.m4
@@ -1,6 +1,6 @@
# ltversion.m4 -- version numbers -*- Autoconf -*-
#
-# Copyright (C) 2004 Free Software Foundation, Inc.
+# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
# Written by Scott James Remnant, 2004
#
# This file is free software; the Free Software Foundation gives
@@ -9,15 +9,15 @@
# @configure_input@
-# serial 3337 ltversion.m4
+# serial 4179 ltversion.m4
# This file is part of GNU Libtool
-m4_define([LT_PACKAGE_VERSION], [2.4.2])
-m4_define([LT_PACKAGE_REVISION], [1.3337])
+m4_define([LT_PACKAGE_VERSION], [2.4.6])
+m4_define([LT_PACKAGE_REVISION], [2.4.6])
AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.2'
-macro_revision='1.3337'
+[macro_version='2.4.6'
+macro_revision='2.4.6'
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
_LT_DECL(, macro_revision, 0)
])
diff --git a/m4/config/lt~obsolete.m4 b/m4/config/lt~obsolete.m4
index c573da9..c6b26f8 100644
--- a/m4/config/lt~obsolete.m4
+++ b/m4/config/lt~obsolete.m4
@@ -1,6 +1,7 @@
# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
#
-# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc.
+# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
+# Foundation, Inc.
# Written by Scott James Remnant, 2004.
#
# This file is free software; the Free Software Foundation gives
@@ -11,7 +12,7 @@
# These exist entirely to fool aclocal when bootstrapping libtool.
#
-# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN)
+# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
# which have later been changed to m4_define as they aren't part of the
# exported API, or moved to Autoconf or Automake where they belong.
#
@@ -25,7 +26,7 @@
# included after everything else. This provides aclocal with the
# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
# because those macros already exist, or will be overwritten later.
-# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
+# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
#
# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
# Yes, that means every name once taken will need to remain here until
diff --git a/man/Makefile.in b/man/Makefile.in
index 5f621c2..a473efd 100644
--- a/man/Makefile.in
+++ b/man/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -82,8 +92,6 @@ host_triplet = @host@
@USE_FILE_CONFIG_TRUE@ ipsec.secrets.5
subdir = man
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(srcdir)/ipsec.conf.5.in $(srcdir)/ipsec.secrets.5.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -97,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES = ipsec.conf.5 ipsec.secrets.5
@@ -152,12 +161,15 @@ am__installdirs = "$(DESTDIR)$(man5dir)"
NROFF = nroff
MANS = $(man_MANS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/ipsec.conf.5.in \
+ $(srcdir)/ipsec.secrets.5.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -207,6 +219,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -241,6 +254,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -352,6 +366,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -397,7 +412,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu man/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu man/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -626,6 +640,8 @@ uninstall-man: uninstall-man5
ps ps-am tags-am uninstall uninstall-am uninstall-man \
uninstall-man5
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/missing b/missing
index cdea514..f62bbae 100755
--- a/missing
+++ b/missing
@@ -1,9 +1,9 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
-scriptversion=2012-06-26.16; # UTC
+scriptversion=2013-10-28.13; # UTC
-# Copyright (C) 1996-2013 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pinard at iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
@@ -160,7 +160,7 @@ give_advice ()
;;
autom4te*)
echo "You might have modified some maintainer files that require"
- echo "the 'automa4te' program to be rebuilt."
+ echo "the 'autom4te' program to be rebuilt."
program_details 'autom4te'
;;
bison*|yacc*)
diff --git a/scripts/Makefile.in b/scripts/Makefile.in
index 15e9006..0c73dfa 100644
--- a/scripts/Makefile.in
+++ b/scripts/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -87,8 +97,6 @@ noinst_PROGRAMS = bin2array$(EXEEXT) bin2sql$(EXEEXT) id2sql$(EXEEXT) \
$(am__EXEEXT_1)
@USE_TLS_TRUE at am__append_1 = tls_test
subdir = scripts
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -102,6 +110,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -261,12 +270,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -316,6 +327,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -350,6 +362,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -461,6 +474,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -543,7 +557,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu scripts/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu scripts/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -901,6 +914,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
key2keyid.o : $(top_builddir)/config.status
diff --git a/scripts/timeattack.c b/scripts/timeattack.c
index ef00e8c..e3505dd 100644
--- a/scripts/timeattack.c
+++ b/scripts/timeattack.c
@@ -10,7 +10,7 @@ static void start_timing(struct timespec *start)
clock_gettime(CLOCK_PROCESS_CPUTIME_ID, start);
}
-static u_int64_t end_timing(struct timespec *start)
+static uint64_t end_timing(struct timespec *start)
{
struct timespec end;
@@ -21,12 +21,12 @@ static u_int64_t end_timing(struct timespec *start)
static int intcmp(const void *a, const void *b)
{
- return *(u_int64_t*)a - *(u_int64_t*)b;
+ return *(uint64_t*)a - *(uint64_t*)b;
}
-static u_int64_t median(u_int64_t *m, int count)
+static uint64_t median(uint64_t *m, int count)
{
- qsort(m, count, sizeof(u_int64_t), intcmp);
+ qsort(m, count, sizeof(uint64_t), intcmp);
return m[count / 2];
}
@@ -35,7 +35,7 @@ static bool timeattack(attackfn_t attackfn, void *subj, size_t dlen,
{
struct timespec start;
u_char test[dlen];
- u_int64_t mini, maxi, t[256], m[256][10];
+ uint64_t mini, maxi, t[256], m[256][10];
float fastdist = 0, slowdist = 0;
int i, j, k, l, byte, limit, retry = 0;
int fastest = 0, slowest = 0;
diff --git a/src/Makefile.am b/src/Makefile.am
index a9df10c..938335e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -32,6 +32,10 @@ if USE_LIBPTTLS
SUBDIRS += libpttls
endif
+if USE_LIBTPMTSS
+ SUBDIRS += libtpmtss
+endif
+
if USE_IMCV
SUBDIRS += libimcv
endif
@@ -131,3 +135,7 @@ endif
if USE_AIKGEN
SUBDIRS += aikgen
endif
+
+if USE_AIKPUB2
+ SUBDIRS += aikpub2
+endif
diff --git a/src/Makefile.in b/src/Makefile.in
index 1d012fb..5131738 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,33 +95,34 @@ host_triplet = @host@
@USE_LIBTNCIF_TRUE at am__append_6 = libtncif
@USE_LIBTNCCS_TRUE at am__append_7 = libtnccs
@USE_LIBPTTLS_TRUE at am__append_8 = libpttls
- at USE_IMCV_TRUE@am__append_9 = libimcv
- at USE_LIBCHARON_TRUE@am__append_10 = libcharon
- at USE_FILE_CONFIG_TRUE@am__append_11 = starter
- at USE_IPSEC_SCRIPT_TRUE@am__append_12 = ipsec _copyright
- at USE_CHARON_TRUE@am__append_13 = charon
- at USE_SYSTEMD_TRUE@am__append_14 = charon-systemd
- at USE_NM_TRUE@am__append_15 = charon-nm
- at USE_STROKE_TRUE@am__append_16 = stroke
- at USE_UPDOWN_TRUE@am__append_17 = _updown
- at USE_SCEPCLIENT_TRUE@am__append_18 = scepclient
- at USE_PKI_TRUE@am__append_19 = pki
- at USE_SWANCTL_TRUE@am__append_20 = swanctl
- at USE_CONFTEST_TRUE@am__append_21 = conftest
- at USE_DUMM_TRUE@am__append_22 = dumm
- at USE_FAST_TRUE@am__append_23 = libfast
- at USE_MANAGER_TRUE@am__append_24 = manager
- at USE_MEDSRV_TRUE@am__append_25 = medsrv
- at USE_ATTR_SQL_TRUE@am__append_26 = pool
- at USE_ATTR_SQL_FALSE@@USE_SQL_TRUE at am__append_27 = pool
- at USE_TKM_TRUE@am__append_28 = charon-tkm
- at USE_CMD_TRUE@am__append_29 = charon-cmd
- at USE_SVC_TRUE@am__append_30 = charon-svc
- at USE_LIBPTTLS_TRUE@am__append_31 = pt-tls-client
- at USE_INTEGRITY_TEST_TRUE@am__append_32 = checksum
- at USE_AIKGEN_TRUE@am__append_33 = aikgen
+ at USE_LIBTPMTSS_TRUE@am__append_9 = libtpmtss
+ at USE_IMCV_TRUE@am__append_10 = libimcv
+ at USE_LIBCHARON_TRUE@am__append_11 = libcharon
+ at USE_FILE_CONFIG_TRUE@am__append_12 = starter
+ at USE_IPSEC_SCRIPT_TRUE@am__append_13 = ipsec _copyright
+ at USE_CHARON_TRUE@am__append_14 = charon
+ at USE_SYSTEMD_TRUE@am__append_15 = charon-systemd
+ at USE_NM_TRUE@am__append_16 = charon-nm
+ at USE_STROKE_TRUE@am__append_17 = stroke
+ at USE_UPDOWN_TRUE@am__append_18 = _updown
+ at USE_SCEPCLIENT_TRUE@am__append_19 = scepclient
+ at USE_PKI_TRUE@am__append_20 = pki
+ at USE_SWANCTL_TRUE@am__append_21 = swanctl
+ at USE_CONFTEST_TRUE@am__append_22 = conftest
+ at USE_DUMM_TRUE@am__append_23 = dumm
+ at USE_FAST_TRUE@am__append_24 = libfast
+ at USE_MANAGER_TRUE@am__append_25 = manager
+ at USE_MEDSRV_TRUE@am__append_26 = medsrv
+ at USE_ATTR_SQL_TRUE@am__append_27 = pool
+ at USE_ATTR_SQL_FALSE@@USE_SQL_TRUE at am__append_28 = pool
+ at USE_TKM_TRUE@am__append_29 = charon-tkm
+ at USE_CMD_TRUE@am__append_30 = charon-cmd
+ at USE_SVC_TRUE@am__append_31 = charon-svc
+ at USE_LIBPTTLS_TRUE@am__append_32 = pt-tls-client
+ at USE_INTEGRITY_TEST_TRUE@am__append_33 = checksum
+ at USE_AIKGEN_TRUE@am__append_34 = aikgen
+ at USE_AIKPUB2_TRUE@am__append_35 = aikpub2
subdir = src
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -125,6 +136,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -184,11 +196,12 @@ am__define_uniq_tagged_files = \
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = . include libstrongswan libipsec libsimaka libtls \
- libradius libtncif libtnccs libpttls libimcv libcharon starter \
- ipsec _copyright charon charon-systemd charon-nm stroke \
- _updown scepclient pki swanctl conftest dumm libfast manager \
- medsrv pool charon-tkm charon-cmd charon-svc pt-tls-client \
- checksum aikgen
+ libradius libtncif libtnccs libpttls libtpmtss libimcv \
+ libcharon starter ipsec _copyright charon charon-systemd \
+ charon-nm stroke _updown scepclient pki swanctl conftest dumm \
+ libfast manager medsrv pool charon-tkm charon-cmd charon-svc \
+ pt-tls-client checksum aikgen aikpub2
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -220,6 +233,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -269,6 +283,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -303,6 +318,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -414,6 +430,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -452,7 +469,8 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \
$(am__append_22) $(am__append_23) $(am__append_24) \
$(am__append_25) $(am__append_26) $(am__append_27) \
$(am__append_28) $(am__append_29) $(am__append_30) \
- $(am__append_31) $(am__append_32) $(am__append_33)
+ $(am__append_31) $(am__append_32) $(am__append_33) \
+ $(am__append_34) $(am__append_35)
all: all-recursive
.SUFFIXES:
@@ -468,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -763,6 +780,8 @@ uninstall-am:
mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
ps ps-am tags tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index 432bde5..5f7d50f 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = _copyright$(EXEEXT)
subdir = src/_copyright
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -169,12 +178,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -224,6 +235,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -258,6 +270,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -369,6 +382,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -418,7 +432,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_copyright/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/_copyright/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -734,6 +747,8 @@ uninstall-am: uninstall-ipsecPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index 08fce3e..1d15c0c 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,7 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/_updown
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -93,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -146,12 +156,14 @@ am__can_run_installinfo = \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -201,6 +213,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -235,6 +248,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -346,6 +360,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -392,7 +407,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_updown/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/_updown/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -607,6 +621,8 @@ uninstall-am: uninstall-ipsecSCRIPTS
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-ipsecSCRIPTS
+.PRECIOUS: Makefile
+
_updown : _updown.in
$(AM_V_GEN) \
diff --git a/src/aikgen/Makefile.am b/src/aikgen/Makefile.am
index dc59d20..860a8f7 100644
--- a/src/aikgen/Makefile.am
+++ b/src/aikgen/Makefile.am
@@ -2,14 +2,13 @@ bin_PROGRAMS = aikgen
aikgen_SOURCES = aikgen.c
-aikgen_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-aikgen.o : $(top_builddir)/config.status
+aikgen_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la
-if USE_TROUSERS
- aikgen_LDADD += -ltspi
-endif
+aikgen.o : $(top_builddir)/config.status
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtpmtss \
-DIPSEC_CONFDIR=\"${sysconfdir}\" \
-DPLUGINS=\""${aikgen_plugins}\""
diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in
index 8fb9126..1e2b7dd 100644
--- a/src/aikgen/Makefile.in
+++ b/src/aikgen/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,10 +89,7 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
bin_PROGRAMS = aikgen$(EXEEXT)
- at USE_TROUSERS_TRUE@am__append_1 = -ltspi
subdir = src/aikgen
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -104,10 +112,9 @@ am__installdirs = "$(DESTDIR)$(bindir)"
PROGRAMS = $(bin_PROGRAMS)
am_aikgen_OBJECTS = aikgen.$(OBJEXT)
aikgen_OBJECTS = $(am_aikgen_OBJECTS)
-am__DEPENDENCIES_1 =
aikgen_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__DEPENDENCIES_1)
+ $(top_builddir)/src/libtpmtss/libtpmtss.la
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -172,12 +179,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -227,6 +236,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -261,6 +271,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -372,6 +383,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -402,9 +414,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
aikgen_SOURCES = aikgen.c
aikgen_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__append_1)
+ $(top_builddir)/src/libtpmtss/libtpmtss.la
+
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtpmtss \
-DIPSEC_CONFDIR=\"${sysconfdir}\" \
-DPLUGINS=\""${aikgen_plugins}\""
@@ -424,7 +438,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/aikgen/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/aikgen/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -739,6 +752,9 @@ uninstall-am: uninstall-binPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-binPROGRAMS
+.PRECIOUS: Makefile
+
+
aikgen.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/aikgen/aikgen.c b/src/aikgen/aikgen.c
index 192636a..3e2d444 100644
--- a/src/aikgen/aikgen.c
+++ b/src/aikgen/aikgen.c
@@ -1,38 +1,25 @@
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
- * Copyright (c) 2008 Hal Finney
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
*/
+#include "tpm_tss.h"
+
#include <library.h>
#include <utils/debug.h>
#include <utils/optionsfrom.h>
#include <credentials/certificates/x509.h>
#include <credentials/keys/public_key.h>
-#include <asn1/oid.h>
-#include <asn1/asn1.h>
-
-#include <trousers/tss.h>
-#include <trousers/trousers.h>
#include <syslog.h>
#include <getopt.h>
@@ -44,12 +31,9 @@
/* default name of AIK private key blob */
#define DEFAULT_FILENAME_AIKBLOB AIK_DIR "aikBlob.bin"
-/* default name of AIK private key blob */
+/* default name of AIK public key */
#define DEFAULT_FILENAME_AIKPUBKEY AIK_DIR "aikPub.der"
-/* size in bytes of a TSS AIK public key blob */
-#define AIK_PUBKEY_BLOB_SIZE 284
-
/* logging */
static bool log_to_stderr = TRUE;
static bool log_to_syslog = TRUE;
@@ -64,9 +48,7 @@ public_key_t *ca_pubkey;
chunk_t ca_modulus;
chunk_t aik_pubkey;
chunk_t aik_keyid;
-
-/* TPM context */
-TSS_HCONTEXT hContext;
+tpm_tss_t *tpm;
/**
* logging function for aikgen
@@ -128,12 +110,13 @@ static void init_log(const char *program)
/**
* @brief exit aikgen
*
- * @param status 0 = OK, 1 = general discomfort
+ * @param status 0 = OK, -1 = general discomfort
*/
static void exit_aikgen(err_t message, ...)
{
int status = 0;
+ DESTROY_IF(tpm);
DESTROY_IF(cacert);
DESTROY_IF(ca_pubkey);
free(ca_modulus.ptr);
@@ -141,13 +124,6 @@ static void exit_aikgen(err_t message, ...)
free(aik_keyid.ptr);
options->destroy(options);
- /* clean up TPM context */
- if (hContext)
- {
- Tspi_Context_FreeMemory(hContext, NULL);
- Tspi_Context_Close(hContext);
- }
-
/* print any error message to stderr */
if (message != NULL && *message != '\0')
{
@@ -158,7 +134,7 @@ static void exit_aikgen(err_t message, ...)
vsnprintf(m, sizeof(m), message, args);
va_end(args);
- fprintf(stderr, "error: %s\n", m);
+ fprintf(stderr, "aikgen error: %s\n", m);
status = -1;
}
library_deinit();
@@ -178,7 +154,7 @@ static void usage(const char *message)
" [--aikblob <filename>] [--aikpubkey <filename>] \n"
" [--idreq <filename>] [--force]"
" [--quiet] [--debug <level>]\n"
- " aikgen --help\n"
+ " aikgen --help\n"
"\n"
"Options:\n"
" --cacert (-c) certificate of [privacy] CA\n"
@@ -216,24 +192,7 @@ int main(int argc, char *argv[])
bool force = FALSE;
chunk_t identity_req;
chunk_t aik_blob;
- chunk_t aik_pubkey_blob;
- chunk_t aik_modulus;
- chunk_t aik_exponent;
-
- /* TPM variables */
- TSS_RESULT result;
- TSS_HTPM hTPM;
- TSS_HKEY hSRK;
- TSS_HKEY hPCAKey;
- TSS_HPOLICY hSrkPolicy;
- TSS_HPOLICY hTPMPolicy;
- TSS_HKEY hIdentKey;
- TSS_UUID SRK_UUID = TSS_UUID_SRK;
- BYTE secret[] = TSS_WELL_KNOWN_SECRET;
- BYTE *IdentityReq;
- UINT32 IdentityReqLen;
- BYTE *blob;
- UINT32 blobLen;
+ hasher_t *hasher;
atexit(library_deinit);
if (!library_init(NULL, "aikgen"))
@@ -370,105 +329,29 @@ int main(int argc, char *argv[])
if (ca_pubkey->get_type(ca_pubkey) != KEY_RSA ||
ca_pubkey->get_keysize(ca_pubkey) != 2048)
{
- exit_aikgen("ca public key must be RSA 2048 but is %N %d",
+ exit_aikgen("CA public key must be RSA 2048 but is %N %d",
key_type_names, ca_pubkey->get_type(ca_pubkey),
ca_pubkey->get_keysize(ca_pubkey));
}
if (!ca_pubkey->get_encoding(ca_pubkey, PUBKEY_RSA_MODULUS, &ca_modulus))
{
- exit_aikgen("could not extract RSA modulus from ca public key");
- }
-
- /* initialize TSS context and connect to it */
- result = Tspi_Context_Create(&hContext);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_Context_Create", result);
- }
- result = Tspi_Context_Connect(hContext, NULL);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_Context_Connect", result);
- }
-
- /* get SRK plus SRK policy and set SRK secret */
- result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
- SRK_UUID, &hSRK);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_Context_LoadKeyByUUID for SRK", result);
- }
- result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSrkPolicy);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_GetPolicyObject for SRK", result);
- }
- result = Tspi_Policy_SetSecret(hSrkPolicy, TSS_SECRET_MODE_SHA1, 20, secret);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_Policy_SetSecret for SRK", result);
- }
-
- /* get TPM plus TPM policy and set TPM secret */
- result = Tspi_Context_GetTpmObject (hContext, &hTPM);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_Context_GetTpmObject", result);
- }
- result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_GetPolicyObject for TPM", result);
- }
- result = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_SHA1, 20, secret);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_Policy_SetSecret for TPM", result);
- }
-
- /* create context for a 2048 bit AIK */
- result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
- TSS_KEY_TYPE_IDENTITY | TSS_KEY_SIZE_2048 |
- TSS_KEY_VOLATILE | TSS_KEY_NOT_MIGRATABLE, &hIdentKey);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_Context_CreateObject for key", result);
+ exit_aikgen("could not extract RSA modulus from CA public key");
}
- /* create context for the Privacy CA public key and assign modulus */
- result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
- TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, &hPCAKey);
- if (result != TSS_SUCCESS)
+ /* try to find a TPM 1.2 */
+ tpm = tpm_tss_probe(TPM_VERSION_1_2);
+ if (!tpm)
{
- exit_aikgen("tss 0x%x on Tspi_Context_CreateObject for PCA", result);
- }
- result = Tspi_SetAttribData (hPCAKey, TSS_TSPATTRIB_RSAKEY_INFO,
- TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, ca_modulus.len,
- ca_modulus.ptr);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_SetAttribData for PCA modulus", result);
- }
- result = Tspi_SetAttribUint32(hPCAKey, TSS_TSPATTRIB_KEY_INFO,
- TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TSS_ES_RSAESPKCSV15);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_SetAttribUint32 for PCA "
- "encryption scheme", result);
+ exit_aikgen("no TPM 1.2 found");
}
- /* generate AIK */
- DBG1(DBG_LIB, "Generating identity key...");
- result = Tspi_TPM_CollateIdentityRequest(hTPM, hSRK, hPCAKey, 0, NULL,
- hIdentKey, TSS_ALG_AES, &IdentityReqLen, &IdentityReq);
- if (result != TSS_SUCCESS)
+ if (!tpm->generate_aik(tpm, ca_modulus, &aik_blob, &aik_pubkey,
+ &identity_req))
{
- exit_aikgen("tss 0x%x on Tspi_TPM_CollateIdentityRequest", result);
+ exit_aikgen("could not generate AIK");
}
- identity_req = chunk_create(IdentityReq, IdentityReqLen);
- DBG3(DBG_LIB, "Identity Request: %B", &identity_req);
- /* optionally output identity request encrypted with ca public key */
+ /* optionally output identity request encrypted with CA public key */
if (idreq_filename)
{
if (!chunk_write(identity_req, idreq_filename, 0022, force))
@@ -480,24 +363,7 @@ int main(int argc, char *argv[])
idreq_filename, identity_req.len);
}
- /* load identity key */
- result = Tspi_Key_LoadKey (hIdentKey, hSRK);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_Key_LoadKey for AIK\n", result);
- }
-
- /* output AIK private key in TSS blob format */
- result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB,
- TSS_TSPATTRIB_KEYBLOB_BLOB, &blobLen, &blob);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_GetAttribData for private key blob",
- result);
- }
- aik_blob = chunk_create(blob, blobLen);
- DBG3(DBG_LIB, "AIK private key blob: %B", &aik_blob);
-
+ /* output AIK private key blob */
if (!chunk_write(aik_blob, aikblob_filename, 0022, force))
{
exit_aikgen("could not write AIK blob file '%s': %s",
@@ -506,32 +372,7 @@ int main(int argc, char *argv[])
DBG1(DBG_LIB, "AIK private key blob written to '%s' (%u bytes)",
aikblob_filename, aik_blob.len);
- /* output AIK Public Key in TSS blob format */
- result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB,
- TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobLen, &blob);
- if (result != TSS_SUCCESS)
- {
- exit_aikgen("tss 0x%x on Tspi_GetAttribData for public key blob",
- result);
- }
- aik_pubkey_blob = chunk_create(blob, blobLen);
- DBG3(DBG_LIB, "AIK public key blob: %B", &aik_pubkey_blob);
-
- /* create a trusted AIK public key */
- if (aik_pubkey_blob.len != AIK_PUBKEY_BLOB_SIZE)
- {
- exit_aikgen("AIK public key is not in TSS blob format");
- }
- aik_modulus = chunk_skip(aik_pubkey_blob, AIK_PUBKEY_BLOB_SIZE - 256);
- aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
-
- /* output subjectPublicKeyInfo encoding of AIK public key */
- if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, NULL,
- &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus,
- CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END))
- {
- exit_aikgen("subjectPublicKeyInfo encoding of AIK key failed");
- }
+ /* output AIK public key */
if (!chunk_write(aik_pubkey, aikpubkey_filename, 0022, force))
{
exit_aikgen("could not write AIK public key file '%s': %s",
@@ -541,12 +382,14 @@ int main(int argc, char *argv[])
aikpubkey_filename, aik_pubkey.len);
/* display AIK keyid derived from subjectPublicKeyInfo encoding */
- if (!lib->encoding->encode(lib->encoding, KEYID_PUBKEY_INFO_SHA1, NULL,
- &aik_keyid, CRED_PART_RSA_MODULUS, aik_modulus,
- CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END))
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+ if (!hasher || !hasher->allocate_hash(hasher, aik_pubkey, &aik_keyid))
{
- exit_aikgen("computation of AIK keyid failed");
+ DESTROY_IF(hasher);
+ exit_aikgen("SHA1 hash algorithm not supported, computation of AIK "
+ "keyid failed");
}
+ hasher->destroy(hasher);
DBG1(DBG_LIB, "AIK keyid: %#B", &aik_keyid);
exit_aikgen(NULL);
diff --git a/src/aikpub2/Makefile.am b/src/aikpub2/Makefile.am
new file mode 100644
index 0000000..a9ab138
--- /dev/null
+++ b/src/aikpub2/Makefile.am
@@ -0,0 +1,15 @@
+bin_PROGRAMS = aikpub2
+
+aikpub2_SOURCES = aikpub2.c
+
+aikpub2_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la
+
+aikpub2.o : $(top_builddir)/config.status
+
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtpmtss \
+ -DIPSEC_CONFDIR=\"${sysconfdir}\" \
+ -DPLUGINS=\""${aikgen_plugins}\""
diff --git a/src/aikgen/Makefile.in b/src/aikpub2/Makefile.in
similarity index 93%
copy from src/aikgen/Makefile.in
copy to src/aikpub2/Makefile.in
index 8fb9126..adb40e4 100644
--- a/src/aikgen/Makefile.in
+++ b/src/aikpub2/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,11 +88,8 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-bin_PROGRAMS = aikgen$(EXEEXT)
- at USE_TROUSERS_TRUE@am__append_1 = -ltspi
-subdir = src/aikgen
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
+bin_PROGRAMS = aikpub2$(EXEEXT)
+subdir = src/aikpub2
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,18 +103,18 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__installdirs = "$(DESTDIR)$(bindir)"
PROGRAMS = $(bin_PROGRAMS)
-am_aikgen_OBJECTS = aikgen.$(OBJEXT)
-aikgen_OBJECTS = $(am_aikgen_OBJECTS)
-am__DEPENDENCIES_1 =
-aikgen_DEPENDENCIES = \
+am_aikpub2_OBJECTS = aikpub2.$(OBJEXT)
+aikpub2_OBJECTS = $(am_aikpub2_OBJECTS)
+aikpub2_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__DEPENDENCIES_1)
+ $(top_builddir)/src/libtpmtss/libtpmtss.la
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -146,8 +153,8 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(aikgen_SOURCES)
-DIST_SOURCES = $(aikgen_SOURCES)
+SOURCES = $(aikpub2_SOURCES)
+DIST_SOURCES = $(aikpub2_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -172,12 +179,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -227,6 +236,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -261,6 +271,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -372,6 +383,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -400,11 +412,14 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-aikgen_SOURCES = aikgen.c
-aikgen_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__append_1)
+aikpub2_SOURCES = aikpub2.c
+aikpub2_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la
+
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtpmtss \
-DIPSEC_CONFDIR=\"${sysconfdir}\" \
-DPLUGINS=\""${aikgen_plugins}\""
@@ -421,10 +436,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/aikgen/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/aikpub2/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/aikgen/Makefile
-.PRECIOUS: Makefile
+ $(AUTOMAKE) --gnu src/aikpub2/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -492,9 +506,9 @@ clean-binPROGRAMS:
echo " rm -f" $$list; \
rm -f $$list
-aikgen$(EXEEXT): $(aikgen_OBJECTS) $(aikgen_DEPENDENCIES) $(EXTRA_aikgen_DEPENDENCIES)
- @rm -f aikgen$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(aikgen_OBJECTS) $(aikgen_LDADD) $(LIBS)
+aikpub2$(EXEEXT): $(aikpub2_OBJECTS) $(aikpub2_DEPENDENCIES) $(EXTRA_aikpub2_DEPENDENCIES)
+ @rm -f aikpub2$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(aikpub2_OBJECTS) $(aikpub2_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -502,7 +516,7 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/aikgen.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/aikpub2.Po at am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -739,7 +753,10 @@ uninstall-am: uninstall-binPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-binPROGRAMS
-aikgen.o : $(top_builddir)/config.status
+.PRECIOUS: Makefile
+
+
+aikpub2.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/aikpub2/aikpub2.c b/src/aikpub2/aikpub2.c
new file mode 100644
index 0000000..fea58ed
--- /dev/null
+++ b/src/aikpub2/aikpub2.c
@@ -0,0 +1,305 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tpm_tss.h"
+
+#include <library.h>
+#include <utils/debug.h>
+#include <utils/optionsfrom.h>
+
+#include <syslog.h>
+#include <getopt.h>
+#include <errno.h>
+
+/* default directory where AIK keys are stored */
+#define AIK_DIR IPSEC_CONFDIR "/pts/"
+
+/* default name of AIK public key blob */
+#define DEFAULT_FILENAME_AIKPUBKEY AIK_DIR "aikPub.der"
+
+/* logging */
+static bool log_to_stderr = TRUE;
+static bool log_to_syslog = TRUE;
+static level_t default_loglevel = 1;
+
+/* options read by optionsfrom */
+options_t *options;
+
+chunk_t aik_pubkey;
+chunk_t aik_keyid;
+
+/**
+ * logging function for aikpub2
+ */
+static void aikpub2_dbg(debug_t group, level_t level, char *fmt, ...)
+{
+ char buffer[8192];
+ char *current = buffer, *next;
+ va_list args;
+
+ if (level <= default_loglevel)
+ {
+ if (log_to_stderr)
+ {
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+ }
+ if (log_to_syslog)
+ {
+ /* write in memory buffer first */
+ va_start(args, fmt);
+ vsnprintf(buffer, sizeof(buffer), fmt, args);
+ va_end(args);
+
+ /* do a syslog with every line */
+ while (current)
+ {
+ next = strchr(current, '\n');
+ if (next)
+ {
+ *(next++) = '\0';
+ }
+ syslog(LOG_INFO, "%s\n", current);
+ current = next;
+ }
+ }
+ }
+}
+
+/**
+ * Initialize logging to stderr/syslog
+ */
+static void init_log(const char *program)
+{
+ dbg = aikpub2_dbg;
+
+ if (log_to_stderr)
+ {
+ setbuf(stderr, NULL);
+ }
+ if (log_to_syslog)
+ {
+ openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
+ }
+}
+
+/**
+ * @brief exit aikgen
+ *
+ * @param status 0 = OK, -1 = general discomfort
+ */
+static void exit_aikpub2(err_t message, ...)
+{
+ int status = 0;
+
+ free(aik_pubkey.ptr);
+ free(aik_keyid.ptr);
+ options->destroy(options);
+
+ /* print any error message to stderr */
+ if (message != NULL && *message != '\0')
+ {
+ va_list args;
+ char m[8192];
+
+ va_start(args, message);
+ vsnprintf(m, sizeof(m), message, args);
+ va_end(args);
+
+ fprintf(stderr, "aikpub2 error: %s\n", m);
+ status = -1;
+ }
+ library_deinit();
+ exit(status);
+}
+
+/**
+ * @brief prints the usage of the program to the stderr output
+ *
+ * If message is set, program is exited with 1 (error)
+ * @param message message in case of an error
+ */
+static void usage(const char *message)
+{
+ fprintf(stderr,
+ "Usage: aikpub2 --handle <handle> --out <filename>\n"
+ " [--force] [--quiet] [--debug <level>]\n"
+ " aikpub2 --help\n"
+ "\n"
+ "Options:\n"
+ " --handle (-H) TSS 2.0 AIK object handle\n"
+ " --out (-o) AIK public key in PKCS #1 format\n"
+ " --force (-f) force to overwrite existing files\n"
+ " --help (-h) show usage and exit\n"
+ "\n"
+ "Debugging output:\n"
+ " --debug (-l) changes the log level (-1..4, default: 1)\n"
+ " --quiet (-q) do not write log output to stderr\n"
+ );
+ exit_aikpub2(message);
+}
+
+
+/**
+ * @brief main of aikpub2 which extracts an Attestation Identity Key (AIK)
+ *
+ * @param argc number of arguments
+ * @param argv pointer to the argument values
+ */
+int main(int argc, char *argv[])
+{
+ /* external values */
+ extern char * optarg;
+ extern int optind;
+
+ char *aik_out_filename = DEFAULT_FILENAME_AIKPUBKEY;
+ uint32_t aik_handle = 0;
+ bool force = FALSE;
+ hasher_t *hasher;
+ tpm_tss_t *tpm;
+
+ atexit(library_deinit);
+ if (!library_init(NULL, "aikpub2"))
+ {
+ exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
+ }
+ if (lib->integrity &&
+ !lib->integrity->check_file(lib->integrity, "aikpub2", argv[0]))
+ {
+ fprintf(stderr, "integrity check of aikpub2 failed\n");
+ exit(SS_RC_DAEMON_INTEGRITY);
+ }
+
+ /* initialize global variables */
+ options = options_create();
+
+ for (;;)
+ {
+ static const struct option long_opts[] = {
+ /* name, has_arg, flag, val */
+ { "help", no_argument, NULL, 'h' },
+ { "optionsfrom", required_argument, NULL, '+' },
+ { "handle", required_argument, NULL, 'H' },
+ { "in", required_argument, NULL, 'i' },
+ { "out", required_argument, NULL, 'o' },
+ { "force", no_argument, NULL, 'f' },
+ { "quiet", no_argument, NULL, 'q' },
+ { "debug", required_argument, NULL, 'l' },
+ { 0,0,0,0 }
+ };
+
+ /* parse next option */
+ int c = getopt_long(argc, argv, "h+:H:i:o:fql:", long_opts, NULL);
+
+ switch (c)
+ {
+ case EOF: /* end of flags */
+ break;
+
+ case 'h': /* --help */
+ usage(NULL);
+
+ case '+': /* --optionsfrom <filename> */
+ if (!options->from(options, optarg, &argc, &argv, optind))
+ {
+ exit_aikpub2("optionsfrom failed");
+ }
+ continue;
+
+ case 'H': /* --handle <handle> */
+ aik_handle = strtoll(optarg, NULL, 16);
+ continue;
+
+ case 'o': /* --out <filename> */
+ aik_out_filename = optarg;
+ continue;
+
+ case 'f': /* --force */
+ force = TRUE;
+ continue;
+
+ case 'q': /* --quiet */
+ log_to_stderr = FALSE;
+ continue;
+
+ case 'l': /* --debug <level> */
+ default_loglevel = atoi(optarg);
+ continue;
+
+ default:
+ usage("unknown option");
+ }
+ /* break from loop */
+ break;
+ }
+
+ init_log("aikpub2");
+
+ if (!lib->plugins->load(lib->plugins,
+ lib->settings->get_str(lib->settings, "aikpub2.load", PLUGINS)))
+ {
+ exit_aikpub2("plugin loading failed");
+ }
+ if (!aik_handle)
+ {
+ usage("--handle option is required");
+ }
+
+ /* try to find a TPM 2.0 */
+ tpm = tpm_tss_probe(TPM_VERSION_2_0);
+ if (!tpm)
+ {
+ exit_aikpub2("no TPM 2.0 found");
+ }
+
+ /* get AIK public key from TPM */
+ aik_pubkey = tpm->get_public(tpm, aik_handle);
+ tpm->destroy(tpm);
+
+ /* exit if AIK public key retrieval failed */
+ if (aik_pubkey.len == 0)
+ {
+ exit_aikpub2("retrieval of AIK public key failed");
+ }
+
+ /* store AIK subjectPublicKeyInfo to file */
+ if (!chunk_write(aik_pubkey, aik_out_filename, 0022, force))
+ {
+ exit_aikpub2("could not write AIK public key file '%s': %s",
+ aik_out_filename, strerror(errno));
+ }
+ DBG1(DBG_LIB, "AIK public key written to '%s' (%u bytes)",
+ aik_out_filename, aik_pubkey.len);
+
+ /* AIK keyid derived from subjectPublicKeyInfo encoding */
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+ if (!hasher)
+ {
+ exit_aikpub2("SHA1 hash algorithm not supported");
+ }
+ if (!hasher->allocate_hash(hasher, aik_pubkey, &aik_keyid))
+ {
+ hasher->destroy(hasher);
+ exit_aikpub2("computing SHA1 fingerprint failed");
+ }
+ hasher->destroy(hasher);
+
+ DBG1(DBG_LIB, "AIK keyid: %#B", &aik_keyid);
+
+ exit_aikpub2(NULL);
+ return -1; /* should never be reached */
+}
diff --git a/src/charon-cmd/Makefile.am b/src/charon-cmd/Makefile.am
index 1f4033a..1d4bf70 100644
--- a/src/charon-cmd/Makefile.am
+++ b/src/charon-cmd/Makefile.am
@@ -20,4 +20,4 @@ AM_CPPFLAGS = \
charon_cmd_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- -lm $(PTHREADLIB) $(DLLIB)
+ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in
index f484102..098eb94 100644
--- a/src/charon-cmd/Makefile.in
+++ b/src/charon-cmd/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
sbin_PROGRAMS = charon-cmd$(EXEEXT)
subdir = src/charon-cmd
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(srcdir)/charon-cmd.8.in $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES = charon-cmd.8
@@ -110,7 +119,8 @@ am__DEPENDENCIES_1 =
charon_cmd_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -205,12 +215,15 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/charon-cmd.8.in \
+ $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +273,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +308,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +420,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -451,7 +467,7 @@ AM_CPPFLAGS = \
charon_cmd_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- -lm $(PTHREADLIB) $(DLLIB)
+ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
all: all-am
@@ -469,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-cmd/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/charon-cmd/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -850,6 +865,8 @@ uninstall-man: uninstall-man8
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-man uninstall-man8 uninstall-sbinPROGRAMS
+.PRECIOUS: Makefile
+
charon-cmd.o : $(top_builddir)/config.status
diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
index 0c6a504..71df92f 100644
--- a/src/charon-cmd/cmd/cmd_connection.c
+++ b/src/charon-cmd/cmd/cmd_connection.c
@@ -142,10 +142,18 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
{
ike_cfg_t *ike_cfg;
peer_cfg_t *peer_cfg;
- u_int16_t local_port, remote_port = IKEV2_UDP_PORT;
+ uint16_t local_port, remote_port = IKEV2_UDP_PORT;
ike_version_t version = IKE_ANY;
- bool aggressive = FALSE;
proposal_t *proposal;
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_SEND_IF_ASKED,
+ .unique = UNIQUE_REPLACE,
+ .keyingtries = 1,
+ .rekey_time = 36000, /* 10h */
+ .jitter_time = 600, /* 10min */
+ .over_time = 600, /* 10min */
+ .dpd = 30,
+ };
switch (this->profile)
{
@@ -159,7 +167,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
case PROF_V1_XAUTH_AM:
case PROF_V1_XAUTH_PSK_AM:
case PROF_V1_HYBRID_AM:
- aggressive = TRUE;
+ peer.aggressive = TRUE;
/* FALL */
case PROF_V1_PUB:
case PROF_V1_XAUTH:
@@ -189,13 +197,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
}
- peer_cfg = peer_cfg_create("cmd", ike_cfg,
- CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
- 36000, 0, /* rekey 10h, reauth none */
- 600, 600, /* jitter, over 10min */
- TRUE, aggressive, TRUE, /* mobike, aggressive, pull */
- 30, 0, /* DPD delay, timeout */
- FALSE, NULL, NULL); /* mediation */
+ peer_cfg = peer_cfg_create("cmd", ike_cfg, &peer);
return peer_cfg;
}
@@ -335,18 +337,18 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this,
traffic_selector_t *ts;
proposal_t *proposal;
bool has_v4 = FALSE, has_v6 = FALSE;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = 10800 /* 3h */,
- .rekey = 10200 /* 2h50min */,
- .jitter = 300 /* 5min */
- }
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = 10800 /* 3h */,
+ .rekey = 10200 /* 2h50min */,
+ .jitter = 300 /* 5min */
+ }
+ },
+ .mode = MODE_TUNNEL,
};
- child_cfg = child_cfg_create("cmd", &lifetime,
- NULL, FALSE, MODE_TUNNEL, /* updown, hostaccess */
- ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
- 0, 0, NULL, NULL, 0);
+ child_cfg = child_cfg_create("cmd", &child);
if (this->child_proposals->get_count(this->child_proposals))
{
while (this->child_proposals->remove_first(this->child_proposals,
diff --git a/src/charon-nm/Makefile.am b/src/charon-nm/Makefile.am
index b6f0c8b..6ab7f27 100644
--- a/src/charon-nm/Makefile.am
+++ b/src/charon-nm/Makefile.am
@@ -21,4 +21,4 @@ AM_CFLAGS = \
charon_nm_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- -lm $(PTHREADLIB) $(DLLIB) ${nm_LIBS}
+ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS}
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index 490a080..715412a 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = charon-nm$(EXEEXT)
subdir = src/charon-nm
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -111,7 +120,7 @@ charon_nm_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -176,12 +185,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -231,6 +242,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -265,6 +277,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -376,6 +389,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -425,7 +439,7 @@ AM_CFLAGS = \
charon_nm_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- -lm $(PTHREADLIB) $(DLLIB) ${nm_LIBS}
+ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS}
all: all-am
@@ -443,7 +457,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-nm/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/charon-nm/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -779,6 +792,8 @@ uninstall-am: uninstall-ipsecPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index fc7e899..5991c24 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -68,7 +68,7 @@ static GValue* handler_to_val(nm_handler_t *handler,
array = g_array_new (FALSE, TRUE, sizeof (guint32));
while (enumerator->enumerate(enumerator, &chunk))
{
- g_array_append_val (array, *(u_int32_t*)chunk.ptr);
+ g_array_append_val (array, *(uint32_t*)chunk.ptr);
}
enumerator->destroy(enumerator);
val = g_slice_new0 (GValue);
@@ -113,7 +113,7 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
enumerator->destroy(enumerator);
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_UINT);
- g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr);
+ g_value_set_uint(val, *(uint32_t*)me->get_address(me).ptr);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val);
val = g_slice_new0(GValue);
@@ -289,7 +289,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
NMSettingVPN *vpn;
identification_t *user = NULL, *gateway = NULL;
const char *address, *str;
- bool virtual, encap, ipcomp;
+ bool virtual, encap;
ike_cfg_t *ike_cfg;
peer_cfg_t *peer_cfg;
child_cfg_t *child_cfg;
@@ -300,12 +300,23 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
certificate_t *cert = NULL;
x509_t *x509;
bool agent = FALSE, smartcard = FALSE, loose_gateway_id = FALSE;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = 10800 /* 3h */,
- .rekey = 10200 /* 2h50min */,
- .jitter = 300 /* 5min */
- }
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_SEND_IF_ASKED,
+ .unique = UNIQUE_REPLACE,
+ .keyingtries = 1,
+ .rekey_time = 36000, /* 10h */
+ .jitter_time = 600, /* 10min */
+ .over_time = 600, /* 10min */
+ };
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = 10800 /* 3h */,
+ .rekey = 10200 /* 2h50min */,
+ .jitter = 300 /* 5min */
+ },
+ },
+ .mode = MODE_TUNNEL,
};
/**
@@ -339,32 +350,29 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
return FALSE;
}
str = nm_setting_vpn_get_data_item(vpn, "virtual");
- virtual = str && streq(str, "yes");
+ virtual = streq(str, "yes");
str = nm_setting_vpn_get_data_item(vpn, "encap");
- encap = str && streq(str, "yes");
+ encap = streq(str, "yes");
str = nm_setting_vpn_get_data_item(vpn, "ipcomp");
- ipcomp = str && streq(str, "yes");
+ child.ipcomp = streq(str, "yes");
str = nm_setting_vpn_get_data_item(vpn, "method");
- if (str)
+ if (streq(str, "psk"))
{
- if (streq(str, "psk"))
- {
- auth_class = AUTH_CLASS_PSK;
- }
- else if (streq(str, "agent"))
- {
- auth_class = AUTH_CLASS_PUBKEY;
- agent = TRUE;
- }
- else if (streq(str, "key"))
- {
- auth_class = AUTH_CLASS_PUBKEY;
- }
- else if (streq(str, "smartcard"))
- {
- auth_class = AUTH_CLASS_PUBKEY;
- smartcard = TRUE;
- }
+ auth_class = AUTH_CLASS_PSK;
+ }
+ else if (streq(str, "agent"))
+ {
+ auth_class = AUTH_CLASS_PUBKEY;
+ agent = TRUE;
+ }
+ else if (streq(str, "key"))
+ {
+ auth_class = AUTH_CLASS_PUBKEY;
+ }
+ else if (streq(str, "smartcard"))
+ {
+ auth_class = AUTH_CLASS_PUBKEY;
+ smartcard = TRUE;
}
/**
@@ -533,13 +541,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
- peer_cfg = peer_cfg_create(priv->name, ike_cfg,
- CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
- 36000, 0, /* rekey 10h, reauth none */
- 600, 600, /* jitter, over 10min */
- TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
- 0, 0, /* DPD delay, timeout */
- FALSE, NULL, NULL); /* mediation */
+
+ peer_cfg = peer_cfg_create(priv->name, ike_cfg, &peer);
if (virtual)
{
peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
@@ -561,10 +564,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id);
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
- child_cfg = child_cfg_create(priv->name, &lifetime,
- NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
- ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp,
- 0, 0, NULL, NULL, 0);
+ child_cfg = child_cfg_create(priv->name, &child);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);
diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in
index 4f9143d..4afa625 100644
--- a/src/charon-svc/Makefile.in
+++ b/src/charon-svc/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
bin_PROGRAMS = charon-svc$(EXEEXT)
subdir = src/charon-svc
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -170,12 +179,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -225,6 +236,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -259,6 +271,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -370,6 +383,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -424,7 +438,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-svc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/charon-svc/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -739,6 +752,8 @@ uninstall-am: uninstall-binPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-binPROGRAMS
+.PRECIOUS: Makefile
+
charon-svc.o : $(top_builddir)/config.status
diff --git a/src/charon-systemd/Makefile.am b/src/charon-systemd/Makefile.am
index 9942a36..6dd7e27 100644
--- a/src/charon-systemd/Makefile.am
+++ b/src/charon-systemd/Makefile.am
@@ -14,4 +14,5 @@ charon_systemd_CPPFLAGS = \
charon_systemd_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB)
+ $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) \
+ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in
index b4f624d..3dcf3d7 100644
--- a/src/charon-systemd/Makefile.in
+++ b/src/charon-systemd/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
sbin_PROGRAMS = charon-systemd$(EXEEXT)
subdir = src/charon-systemd
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -109,7 +118,7 @@ charon_systemd_DEPENDENCIES = \
$(top_builddir)/src/libcharon/libcharon.la \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -174,12 +183,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -229,6 +240,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -263,6 +275,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -374,6 +387,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -414,7 +428,8 @@ charon_systemd_CPPFLAGS = \
charon_systemd_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB)
+ $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) \
+ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
all: all-am
@@ -432,7 +447,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-systemd/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/charon-systemd/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -762,6 +776,8 @@ uninstall-am: uninstall-sbinPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-sbinPROGRAMS
+.PRECIOUS: Makefile
+
charon-systemd.o : $(top_builddir)/config.status
diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in
index 81afd4d..1eaf46a 100644
--- a/src/charon-tkm/Makefile.in
+++ b/src/charon-tkm/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,7 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/charon-tkm
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -116,12 +126,14 @@ am__can_run_installinfo = \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -316,6 +330,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -391,7 +406,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-tkm/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/charon-tkm/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -563,6 +577,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
all: build_charon
diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
index c4953b6..5f2cbfe 100644
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
@@ -123,7 +123,7 @@ int register_dh_mapping()
int count, i;
char *iana_id_str, *tkm_id_str;
diffie_hellman_group_t *iana_id;
- u_int64_t *tkm_id;
+ uint64_t *tkm_id;
hashtable_t *map;
enumerator_t *enumerator;
@@ -138,7 +138,7 @@ int register_dh_mapping()
{
iana_id = malloc_thing(diffie_hellman_group_t);
*iana_id = settings_value_as_int(iana_id_str, 0);
- tkm_id = malloc_thing(u_int64_t);
+ tkm_id = malloc_thing(uint64_t);
*tkm_id = settings_value_as_int(tkm_id_str, 0);
map->put(map, iana_id, tkm_id);
@@ -227,7 +227,7 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
return NULL;
}
- u_int64_t *dha_id = group_map->get(group_map, &group);
+ uint64_t *dha_id = group_map->get(group_map, &group);
if (!dha_id)
{
free(this);
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
index 2d22fbd..c9be898 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
+++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
@@ -54,7 +54,7 @@ struct private_tkm_kernel_ipsec_t {
METHOD(kernel_ipsec_t, get_spi, status_t,
private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi)
+ uint8_t protocol, uint32_t *spi)
{
bool result;
@@ -68,26 +68,21 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
}
}
- result = this->rng->get_bytes(this->rng, sizeof(u_int32_t),
- (u_int8_t *)spi);
+ result = this->rng->get_bytes(this->rng, sizeof(uint32_t),
+ (uint8_t *)spi);
return result ? SUCCESS : FAILED;
}
METHOD(kernel_ipsec_t, get_cpi, status_t,
private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi)
+ uint16_t *cpi)
{
return NOT_SUPPORTED;
}
METHOD(kernel_ipsec_t, add_sa, status_t,
- private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
- u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound, bool update,
- linked_list_t* src_ts, linked_list_t* dst_ts)
+ private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data)
{
esa_info_t esa;
esp_spi_type spi_loc, spi_rem;
@@ -97,43 +92,43 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
esa_id_type esa_id;
nonce_type nc_rem;
- if (enc_key.ptr == NULL)
+ if (data->enc_key.ptr == NULL)
{
DBG1(DBG_KNL, "Unable to get ESA information");
return FAILED;
}
- esa = *(esa_info_t *)(enc_key.ptr);
+ esa = *(esa_info_t *)(data->enc_key.ptr);
/* only handle the case where we have both distinct ESP spi's available */
- if (esa.spi_r == spi)
+ if (esa.spi_r == id->spi)
{
chunk_free(&esa.nonce_i);
chunk_free(&esa.nonce_r);
return SUCCESS;
}
- if (initiator)
+ if (data->initiator)
{
- spi_loc = spi;
+ spi_loc = id->spi;
spi_rem = esa.spi_r;
- local = dst;
- peer = src;
+ local = id->dst;
+ peer = id->src;
nonce_loc = &esa.nonce_i;
nonce_rem = &esa.nonce_r;
}
else
{
spi_loc = esa.spi_r;
- spi_rem = spi;
- local = src;
- peer = dst;
+ spi_rem = id->spi;
+ local = id->src;
+ peer = id->dst;
nonce_loc = &esa.nonce_r;
nonce_rem = &esa.nonce_i;
}
esa_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ESA);
- if (!tkm->sad->insert(tkm->sad, esa_id, reqid, local, peer, spi_loc, spi_rem,
- protocol))
+ if (!tkm->sad->insert(tkm->sad, esa_id, data->reqid, local, peer,
+ spi_loc, spi_rem, id->proto))
{
DBG1(DBG_KNL, "unable to add entry (%llu) to SAD", esa_id);
goto sad_failure;
@@ -146,8 +141,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
nonce_loc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce_loc);
if (nonce_loc_id == 0 && esa.dh_id == 0)
{
- if (ike_esa_create_first(esa_id, esa.isa_id, reqid, 1, spi_loc, spi_rem)
- != TKM_OK)
+ if (ike_esa_create_first(esa_id, esa.isa_id, data->reqid, 1, spi_loc,
+ spi_rem) != TKM_OK)
{
DBG1(DBG_KNL, "child SA (%llu, first) creation failed", esa_id);
goto failure;
@@ -157,9 +152,9 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
else if (nonce_loc_id != 0 && esa.dh_id == 0)
{
chunk_to_sequence(nonce_rem, &nc_rem, sizeof(nonce_type));
- if (ike_esa_create_no_pfs(esa_id, esa.isa_id, reqid, 1, nonce_loc_id,
- nc_rem, initiator, spi_loc, spi_rem)
- != TKM_OK)
+ if (ike_esa_create_no_pfs(esa_id, esa.isa_id, data->reqid, 1,
+ nonce_loc_id, nc_rem, data->initiator,
+ spi_loc, spi_rem) != TKM_OK)
{
DBG1(DBG_KNL, "child SA (%llu, no PFS) creation failed", esa_id);
goto failure;
@@ -171,8 +166,9 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
else
{
chunk_to_sequence(nonce_rem, &nc_rem, sizeof(nonce_type));
- if (ike_esa_create(esa_id, esa.isa_id, reqid, 1, esa.dh_id, nonce_loc_id,
- nc_rem, initiator, spi_loc, spi_rem) != TKM_OK)
+ if (ike_esa_create(esa_id, esa.isa_id, data->reqid, 1, esa.dh_id,
+ nonce_loc_id, nc_rem, data->initiator, spi_loc,
+ spi_rem) != TKM_OK)
{
DBG1(DBG_KNL, "child SA (%llu) creation failed", esa_id);
goto failure;
@@ -192,7 +188,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
DBG1(DBG_KNL, "added child SA (esa: %llu, isa: %llu, esp_spi_loc: %x, "
"esp_spi_rem: %x, role: %s)", esa_id, esa.isa_id, ntohl(spi_loc),
- ntohl(spi_rem), initiator ? "initiator" : "responder");
+ ntohl(spi_rem), data->initiator ? "initiator" : "responder");
chunk_free(&esa.nonce_i);
chunk_free(&esa.nonce_r);
@@ -208,20 +204,21 @@ sad_failure:
}
METHOD(kernel_ipsec_t, query_sa, status_t,
- private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes,
- u_int64_t *packets, time_t *time)
+ private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
+ time_t *time)
{
return NOT_SUPPORTED;
}
METHOD(kernel_ipsec_t, del_sa, status_t,
- private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
+ private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data)
{
esa_id_type esa_id, other_esa_id;
- esa_id = tkm->sad->get_esa_id(tkm->sad, src, dst, spi, protocol);
+ esa_id = tkm->sad->get_esa_id(tkm->sad, id->src, id->dst,
+ id->spi, id->proto);
if (esa_id)
{
other_esa_id = tkm->sad->get_other_esa_id(tkm->sad, esa_id);
@@ -236,7 +233,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
}
DBG1(DBG_KNL, "deleting child SA (esa: %llu, spi: %x)", esa_id,
- ntohl(spi));
+ ntohl(id->spi));
if (ike_esa_reset(esa_id) != TKM_OK)
{
DBG1(DBG_KNL, "child SA (%llu) deletion failed", esa_id);
@@ -249,9 +246,8 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
}
METHOD(kernel_ipsec_t, update_sa, status_t,
- private_tkm_kernel_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
- u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
- bool old_encap, bool new_encap, mark_t mark)
+ private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data)
{
return NOT_SUPPORTED;
}
@@ -264,27 +260,22 @@ METHOD(kernel_ipsec_t, flush_sas, status_t,
}
METHOD(kernel_ipsec_t, add_policy, status_t,
- private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_tkm_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
return SUCCESS;
}
METHOD(kernel_ipsec_t, query_policy, status_t,
- private_tkm_kernel_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
- time_t *use_time)
+ private_tkm_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data, time_t *use_time)
{
return NOT_SUPPORTED;
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_tkm_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
return SUCCESS;
}
@@ -338,7 +329,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool,
}
METHOD(kernel_ipsec_t, enable_udp_decap, bool,
- private_tkm_kernel_ipsec_t *this, int fd, int family, u_int16_t port)
+ private_tkm_kernel_ipsec_t *this, int fd, int family, uint16_t port)
{
int type = UDP_ENCAP_ESPINUDP;
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.c b/src/charon-tkm/src/tkm/tkm_kernel_sad.c
index 2556f6b..22d2aac 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_sad.c
+++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.c
@@ -59,7 +59,7 @@ struct sad_entry_t {
/**
* Reqid.
*/
- u_int32_t reqid;
+ uint32_t reqid;
/**
* Source address of CHILD SA.
@@ -74,17 +74,17 @@ struct sad_entry_t {
/**
* Local SPI of CHILD SA.
*/
- u_int32_t spi_loc;
+ uint32_t spi_loc;
/**
* Remote SPI of CHILD SA.
*/
- u_int32_t spi_rem;
+ uint32_t spi_rem;
/**
* Protocol of CHILD SA (ESP/AH).
*/
- u_int8_t proto;
+ uint8_t proto;
};
@@ -105,8 +105,8 @@ static void sad_entry_destroy(sad_entry_t *entry)
* Find a list entry with given src, dst, (remote) spi and proto values.
*/
static bool sad_entry_match(sad_entry_t * const entry, const host_t * const src,
- const host_t * const dst, const u_int32_t * const spi,
- const u_int8_t * const proto)
+ const host_t * const dst, const uint32_t * const spi,
+ const uint8_t * const proto)
{
if (entry->src == NULL || entry->dst == NULL)
{
@@ -122,9 +122,9 @@ static bool sad_entry_match(sad_entry_t * const entry, const host_t * const src,
* Find a list entry with given reqid, spi and proto values.
*/
static bool sad_entry_match_dst(sad_entry_t * const entry,
- const u_int32_t * const reqid,
- const u_int32_t * const spi,
- const u_int8_t * const proto)
+ const uint32_t * const reqid,
+ const uint32_t * const spi,
+ const uint8_t * const proto)
{
return entry->reqid == *reqid &&
entry->spi_rem == *spi &&
@@ -145,7 +145,7 @@ static bool sad_entry_match_esa_id(sad_entry_t * const entry,
*/
static bool sad_entry_match_other_esa(sad_entry_t * const entry,
const esa_id_type * const esa_id,
- const u_int32_t * const reqid)
+ const uint32_t * const reqid)
{
return entry->reqid == *reqid &&
entry->esa_id != *esa_id;
@@ -172,8 +172,8 @@ static bool sad_entry_equal(sad_entry_t * const left, sad_entry_t * const right)
METHOD(tkm_kernel_sad_t, insert, bool,
private_tkm_kernel_sad_t * const this, const esa_id_type esa_id,
- const u_int32_t reqid, const host_t * const src, const host_t * const dst,
- const u_int32_t spi_loc, const u_int32_t spi_rem, const u_int8_t proto)
+ const uint32_t reqid, const host_t * const src, const host_t * const dst,
+ const uint32_t spi_loc, const uint32_t spi_rem, const uint8_t proto)
{
status_t result;
sad_entry_t *new_entry;
@@ -212,7 +212,7 @@ METHOD(tkm_kernel_sad_t, insert, bool,
METHOD(tkm_kernel_sad_t, get_esa_id, esa_id_type,
private_tkm_kernel_sad_t * const this, const host_t * const src,
- const host_t * const dst, const u_int32_t spi, const u_int8_t proto)
+ const host_t * const dst, const uint32_t spi, const uint8_t proto)
{
esa_id_type id = 0;
sad_entry_t *entry = NULL;
@@ -242,7 +242,7 @@ METHOD(tkm_kernel_sad_t, get_other_esa_id, esa_id_type,
{
esa_id_type id = 0;
sad_entry_t *entry = NULL;
- u_int32_t reqid;
+ uint32_t reqid;
status_t res;
this->mutex->lock(this->mutex);
@@ -274,8 +274,8 @@ METHOD(tkm_kernel_sad_t, get_other_esa_id, esa_id_type,
}
METHOD(tkm_kernel_sad_t, get_dst_host, host_t *,
- private_tkm_kernel_sad_t * const this, const u_int32_t reqid,
- const u_int32_t spi, const u_int8_t proto)
+ private_tkm_kernel_sad_t * const this, const uint32_t reqid,
+ const uint32_t spi, const uint8_t proto)
{
host_t *dst = NULL;
sad_entry_t *entry = NULL;
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.h b/src/charon-tkm/src/tkm/tkm_kernel_sad.h
index 3a84def..ba64621 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_sad.h
+++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.h
@@ -46,9 +46,9 @@ struct tkm_kernel_sad_t {
* @return TRUE if entry was inserted, FALSE otherwise
*/
bool (*insert)(tkm_kernel_sad_t * const this, const esa_id_type esa_id,
- const u_int32_t reqid, const host_t * const src,
- const host_t * const dst, const u_int32_t spi_loc,
- const u_int32_t spi_rem, const u_int8_t proto);
+ const uint32_t reqid, const host_t * const src,
+ const host_t * const dst, const uint32_t spi_loc,
+ const uint32_t spi_rem, const uint8_t proto);
/**
* Get ESA id for entry with given parameters.
@@ -61,7 +61,7 @@ struct tkm_kernel_sad_t {
*/
esa_id_type (*get_esa_id)(tkm_kernel_sad_t * const this,
const host_t * const src, const host_t * const dst,
- const u_int32_t spi, const u_int8_t proto);
+ const uint32_t spi, const uint8_t proto);
/**
* Get ESA id for entry associated with same security policy as the
@@ -82,7 +82,7 @@ struct tkm_kernel_sad_t {
* @return destination host of entry if found, NULL otherwise
*/
host_t * (*get_dst_host)(tkm_kernel_sad_t * const this,
- const u_int32_t reqid, const u_int32_t spi, const u_int8_t proto);
+ const uint32_t reqid, const uint32_t spi, const uint8_t proto);
/**
* Remove entry with given ESA id from SAD.
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index 1e1fa4f..a7cce0f 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -96,8 +96,8 @@ struct private_tkm_keymat_t {
static void aead_create_from_keys(aead_t **in, aead_t **out,
const chunk_t * const sk_ai, const chunk_t * const sk_ar,
const chunk_t * const sk_ei, const chunk_t * const sk_er,
- const u_int16_t enc_alg, const u_int16_t int_alg,
- const u_int16_t key_size, bool initiator)
+ const uint16_t enc_alg, const uint16_t int_alg,
+ const uint16_t key_size, bool initiator)
{
*in = *out = NULL;
signer_t *signer_i, *signer_r;
@@ -187,8 +187,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
pseudo_random_function_t rekey_function, chunk_t rekey_skd)
{
- u_int16_t enc_alg, int_alg, key_size;
- u_int64_t nc_id, spi_loc, spi_rem;
+ uint16_t enc_alg, int_alg, key_size;
+ uint64_t nc_id, spi_loc, spi_rem;
chunk_t *nonce, c_ai, c_ar, c_ei, c_er;
tkm_diffie_hellman_t *tkm_dh;
dh_id_type dh_id;
diff --git a/src/charon-tkm/src/tkm/tkm_nonceg.c b/src/charon-tkm/src/tkm/tkm_nonceg.c
index 336f16e..493ea29 100644
--- a/src/charon-tkm/src/tkm/tkm_nonceg.c
+++ b/src/charon-tkm/src/tkm/tkm_nonceg.c
@@ -39,7 +39,7 @@ struct private_tkm_nonceg_t {
};
METHOD(nonce_gen_t, get_nonce, bool,
- private_tkm_nonceg_t *this, size_t size, u_int8_t *buffer)
+ private_tkm_nonceg_t *this, size_t size, uint8_t *buffer)
{
nonce_type nonce;
uint64_t nc_id;
diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.c b/src/charon-tkm/src/tkm/tkm_spi_generator.c
index eff0ca9..b9ce837 100644
--- a/src/charon-tkm/src/tkm/tkm_spi_generator.c
+++ b/src/charon-tkm/src/tkm/tkm_spi_generator.c
@@ -25,8 +25,8 @@
*/
typedef struct {
rng_t *rng;
- u_int64_t spi_mask;
- u_int64_t spi_label;
+ uint64_t spi_mask;
+ uint64_t spi_label;
} get_spi_args_t;
static get_spi_args_t *spi_args;
@@ -37,12 +37,12 @@ static get_spi_args_t *spi_args;
* @param this Callback args containing rng_t and spi mask & label
* @return labeled SPI
*/
-CALLBACK(tkm_get_spi, u_int64_t,
+CALLBACK(tkm_get_spi, uint64_t,
const get_spi_args_t const *this)
{
- u_int64_t spi;
+ uint64_t spi;
- if (!this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi))
+ if (!this->rng->get_bytes(this->rng, sizeof(spi), (uint8_t*)&spi))
{
return 0;
}
@@ -54,7 +54,7 @@ bool tkm_spi_generator_register(plugin_t *plugin,
plugin_feature_t *feature,
bool reg, void *cb_data)
{
- u_int64_t spi_mask, spi_label;
+ uint64_t spi_mask, spi_label;
char *spi_val;
rng_t *rng;
diff --git a/src/charon-tkm/tests/nonceg_tests.c b/src/charon-tkm/tests/nonceg_tests.c
index d150891..67c1635 100644
--- a/src/charon-tkm/tests/nonceg_tests.c
+++ b/src/charon-tkm/tests/nonceg_tests.c
@@ -37,7 +37,7 @@ START_TEST(test_nonceg_allocate_nonce)
tkm_nonceg_t *ng = tkm_nonceg_create();
const size_t length = 256;
- u_int8_t zero[length];
+ uint8_t zero[length];
memset(zero, 0, length);
chunk_t nonce;
@@ -61,10 +61,10 @@ START_TEST(test_nonceg_get_nonce)
tkm_nonceg_t *ng = tkm_nonceg_create();
const size_t length = 128;
- u_int8_t zero[length];
+ uint8_t zero[length];
memset(zero, 0, length);
- u_int8_t *buf = malloc(length + 1);
+ uint8_t *buf = malloc(length + 1);
memset(buf, 0, length);
/* set end marker */
buf[length] = 255;
diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
index c6a6f40..b78bbd7 100644
--- a/src/charon/Makefile.am
+++ b/src/charon/Makefile.am
@@ -15,6 +15,6 @@ AM_CPPFLAGS = \
charon_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- -lm $(PTHREADLIB) $(DLLIB)
+ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
EXTRA_DIST = Android.mk
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index b4abeff..51f62fc 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = charon$(EXEEXT)
subdir = src/charon
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -107,7 +116,8 @@ am__DEPENDENCIES_1 =
charon_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -172,12 +182,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -227,6 +239,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -261,6 +274,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -372,6 +386,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -413,7 +428,7 @@ AM_CPPFLAGS = \
charon_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- -lm $(PTHREADLIB) $(DLLIB)
+ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
EXTRA_DIST = Android.mk
all: all-am
@@ -432,7 +447,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/charon/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -748,6 +762,8 @@ uninstall-am: uninstall-ipsecPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+.PRECIOUS: Makefile
+
charon.o : $(top_builddir)/config.status
diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am
index 9cc5fb6..87bbf9f 100644
--- a/src/checksum/Makefile.am
+++ b/src/checksum/Makefile.am
@@ -53,6 +53,11 @@ if USE_LIBPTTLS
libs += $(DESTDIR)$(ipseclibdir)/libpttls.so
endif
+if USE_LIBTPMTSS
+ deps += $(top_builddir)/src/libtpmtss/libtpmtss.la
+ libs += $(DESTDIR)$(ipseclibdir)/libtpmtss.so
+endif
+
if USE_LIBTNCCS
deps += $(top_builddir)/src/libtnccs/libtnccs.la
libs += $(DESTDIR)$(ipseclibdir)/libtnccs.so
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index 2584beb..ef14d12 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -88,26 +98,26 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT)
@USE_RADIUS_TRUE at am__append_7 = $(DESTDIR)$(ipseclibdir)/libradius.so
@USE_LIBPTTLS_TRUE at am__append_8 = $(top_builddir)/src/libpttls/libpttls.la
@USE_LIBPTTLS_TRUE at am__append_9 = $(DESTDIR)$(ipseclibdir)/libpttls.so
- at USE_LIBTNCCS_TRUE@am__append_10 = $(top_builddir)/src/libtnccs/libtnccs.la
- at USE_LIBTNCCS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libtnccs.so
- at MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE at am__append_12 = -DT_PLUGINS=\""${t_plugins}\""
- at USE_SIMAKA_TRUE@am__append_13 = $(top_builddir)/src/libsimaka/libsimaka.la
- at USE_SIMAKA_TRUE@am__append_14 = $(DESTDIR)$(ipseclibdir)/libsimaka.so
- at USE_IMCV_TRUE@am__append_15 = $(top_builddir)/src/libimcv/libimcv.la
- at USE_IMCV_TRUE@am__append_16 = $(DESTDIR)$(ipseclibdir)/libimcv.so
- at USE_CHARON_TRUE@am__append_17 = $(top_builddir)/src/libcharon/libcharon.la
- at USE_CHARON_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libcharon.so
- at USE_CHARON_TRUE@am__append_19 = $(DESTDIR)$(ipsecdir)/charon
- at MONOLITHIC_FALSE@@USE_CHARON_TRUE at am__append_20 = -DC_PLUGINS=\""${c_plugins}\""
- at USE_CMD_TRUE@am__append_21 = $(DESTDIR)$(sbindir)/charon-cmd
- at USE_SCEPCLIENT_TRUE@am__append_22 = $(DESTDIR)$(ipsecdir)/scepclient
- at USE_PKI_TRUE@am__append_23 = $(DESTDIR)$(bindir)/pki
- at USE_SWANCTL_TRUE@am__append_24 = $(DESTDIR)$(sbindir)/swanctl
- at USE_ATTR_SQL_TRUE@am__append_25 = $(DESTDIR)$(ipsecdir)/pool
- at USE_IMV_ATTESTATION_TRUE@am__append_26 = $(DESTDIR)$(ipsecdir)/attest
+ at USE_LIBTPMTSS_TRUE@am__append_10 = $(top_builddir)/src/libtpmtss/libtpmtss.la
+ at USE_LIBTPMTSS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libtpmtss.so
+ at USE_LIBTNCCS_TRUE@am__append_12 = $(top_builddir)/src/libtnccs/libtnccs.la
+ at USE_LIBTNCCS_TRUE@am__append_13 = $(DESTDIR)$(ipseclibdir)/libtnccs.so
+ at MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE at am__append_14 = -DT_PLUGINS=\""${t_plugins}\""
+ at USE_SIMAKA_TRUE@am__append_15 = $(top_builddir)/src/libsimaka/libsimaka.la
+ at USE_SIMAKA_TRUE@am__append_16 = $(DESTDIR)$(ipseclibdir)/libsimaka.so
+ at USE_IMCV_TRUE@am__append_17 = $(top_builddir)/src/libimcv/libimcv.la
+ at USE_IMCV_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libimcv.so
+ at USE_CHARON_TRUE@am__append_19 = $(top_builddir)/src/libcharon/libcharon.la
+ at USE_CHARON_TRUE@am__append_20 = $(DESTDIR)$(ipseclibdir)/libcharon.so
+ at USE_CHARON_TRUE@am__append_21 = $(DESTDIR)$(ipsecdir)/charon
+ at MONOLITHIC_FALSE@@USE_CHARON_TRUE at am__append_22 = -DC_PLUGINS=\""${c_plugins}\""
+ at USE_CMD_TRUE@am__append_23 = $(DESTDIR)$(sbindir)/charon-cmd
+ at USE_SCEPCLIENT_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/scepclient
+ at USE_PKI_TRUE@am__append_25 = $(DESTDIR)$(bindir)/pki
+ at USE_SWANCTL_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/swanctl
+ at USE_ATTR_SQL_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/pool
+ at USE_IMV_ATTESTATION_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/attest
subdir = src/checksum
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -121,6 +131,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -236,12 +247,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -291,6 +304,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -325,6 +339,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -436,6 +451,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -481,7 +497,7 @@ CLEANFILES = checksum.c $(EXTRA_PROGRAMS)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libcharon \
-DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \
- $(am__append_12) $(am__append_20)
+ $(am__append_14) $(am__append_22)
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
@@ -491,15 +507,15 @@ AM_CFLAGS = \
# as these are not relinked during installation.
deps = $(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__append_2) $(am__append_4) $(am__append_6) \
- $(am__append_8) $(am__append_10) $(am__append_13) \
- $(am__append_15) $(am__append_17)
+ $(am__append_8) $(am__append_10) $(am__append_12) \
+ $(am__append_15) $(am__append_17) $(am__append_19)
libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \
$(am__append_5) $(am__append_7) $(am__append_9) \
- $(am__append_11) $(am__append_14) $(am__append_16) \
- $(am__append_18)
-exes = $(am__append_19) $(am__append_21) $(am__append_22) \
- $(am__append_23) $(am__append_24) $(am__append_25) \
- $(am__append_26)
+ $(am__append_11) $(am__append_13) $(am__append_16) \
+ $(am__append_18) $(am__append_20)
+exes = $(am__append_21) $(am__append_23) $(am__append_24) \
+ $(am__append_25) $(am__append_26) $(am__append_27) \
+ $(am__append_28)
all: all-am
.SUFFIXES:
@@ -516,7 +532,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/checksum/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/checksum/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -827,6 +842,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES
tags tags-am uninstall uninstall-am uninstall-hook \
uninstall-ipseclibLTLIBRARIES
+.PRECIOUS: Makefile
+
checksum.c : checksum_builder $(deps) $(exes)
./checksum_builder $(libs) $(exes) > checksum.c
diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c
index 65399f5..e8998d5 100644
--- a/src/checksum/checksum_builder.c
+++ b/src/checksum/checksum_builder.c
@@ -33,7 +33,7 @@ integrity_checker_t *integrity;
static void build_checksum(char *path, char *name, char *sname)
{
void *handle, *symbol;
- u_int32_t fsum, ssum;
+ uint32_t fsum, ssum;
size_t fsize = 0;
size_t ssize = 0;
diff --git a/src/conftest/Makefile.am b/src/conftest/Makefile.am
index 2d4e439..4e4e0be 100644
--- a/src/conftest/Makefile.am
+++ b/src/conftest/Makefile.am
@@ -20,6 +20,6 @@ conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \
conftest_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- -lm $(PTHREADLIB) $(DLLIB)
+ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
EXTRA_DIST = README
diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in
index f5647f9..7b49989 100644
--- a/src/conftest/Makefile.in
+++ b/src/conftest/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = conftest$(EXEEXT)
subdir = src/conftest
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -121,7 +130,8 @@ am__DEPENDENCIES_1 =
conftest_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -186,12 +196,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp README
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -241,6 +253,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -275,6 +288,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -386,6 +400,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -433,7 +448,7 @@ conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \
conftest_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
- -lm $(PTHREADLIB) $(DLLIB)
+ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
EXTRA_DIST = README
all: all-am
@@ -452,7 +467,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/conftest/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/conftest/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -848,6 +862,8 @@ uninstall-am: uninstall-ipsecPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/conftest/actions.c b/src/conftest/actions.c
index 256b63d..36c3c8e 100644
--- a/src/conftest/actions.c
+++ b/src/conftest/actions.c
@@ -117,7 +117,7 @@ static job_requeue_t rekey_child(char *config)
enumerator_t *enumerator, *children;
ike_sa_t *ike_sa;
child_sa_t *child_sa;
- u_int32_t spi, proto;
+ uint32_t spi, proto;
host_t *dst = NULL;
enumerator = charon->controller->create_ike_sa_enumerator(
diff --git a/src/conftest/config.c b/src/conftest/config.c
index c83db7e..06a6850 100644
--- a/src/conftest/config.c
+++ b/src/conftest/config.c
@@ -139,25 +139,23 @@ static ike_cfg_t *load_ike_config(private_config_t *this,
static child_cfg_t *load_child_config(private_config_t *this,
settings_t *settings, char *config, char *child)
{
+ child_cfg_create_t data = {
+ .mode = MODE_TUNNEL,
+ };
child_cfg_t *child_cfg;
- lifetime_cfg_t lifetime = {};
enumerator_t *enumerator;
proposal_t *proposal;
traffic_selector_t *ts;
- ipsec_mode_t mode = MODE_TUNNEL;
char *token;
- u_int32_t tfc;
if (settings->get_bool(settings, "configs.%s.%s.transport",
FALSE, config, child))
{
- mode = MODE_TRANSPORT;
+ data.mode = MODE_TRANSPORT;
}
- tfc = settings->get_int(settings, "configs.%s.%s.tfc_padding",
- 0, config, child);
- child_cfg = child_cfg_create(child, &lifetime, NULL, FALSE, mode,
- ACTION_NONE, ACTION_NONE, ACTION_NONE,
- FALSE, 0, 0, NULL, NULL, tfc);
+ data.tfc = settings->get_int(settings, "configs.%s.%s.tfc_padding",
+ 0, config, child);
+ child_cfg = child_cfg_create(child, &data);
token = settings->get_str(settings, "configs.%s.%s.proposal",
NULL, config, child);
@@ -249,11 +247,15 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
identification_t *lid, *rid;
char *child, *policy, *pool;
uintptr_t strength;
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_ALWAYS_SEND,
+ .unique = UNIQUE_NO,
+ .keyingtries = 1,
+ .no_mobike = TRUE,
+ };
ike_cfg = load_ike_config(this, settings, config);
- peer_cfg = peer_cfg_create(config, ike_cfg, CERT_ALWAYS_SEND,
- UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, TRUE,
- 0, 0, FALSE, NULL, NULL);
+ peer_cfg = peer_cfg_create(config, ike_cfg, &peer);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
diff --git a/src/conftest/hooks/custom_proposal.c b/src/conftest/hooks/custom_proposal.c
index ee44045..c4f8385 100644
--- a/src/conftest/hooks/custom_proposal.c
+++ b/src/conftest/hooks/custom_proposal.c
@@ -52,7 +52,7 @@ struct private_custom_proposal_t {
* Load custom proposal configuration to proposal list
*/
static linked_list_t* load_proposals(private_custom_proposal_t *this,
- protocol_id_t proto, u_int64_t spi)
+ protocol_id_t proto, uint64_t spi)
{
enumerator_t *props, *algs;
char *number, *key, *value;
@@ -65,7 +65,7 @@ static linked_list_t* load_proposals(private_custom_proposal_t *this,
{
const proposal_token_t *token = NULL;
proposal_t *proposal;
- u_int16_t type, alg, keysize = 0;
+ uint16_t type, alg, keysize = 0;
char *end;
proposal = proposal_create(proto, atoi(number));
diff --git a/src/conftest/hooks/log_proposals.c b/src/conftest/hooks/log_proposals.c
index c0d458e..4062901 100644
--- a/src/conftest/hooks/log_proposals.c
+++ b/src/conftest/hooks/log_proposals.c
@@ -54,7 +54,7 @@ METHOD(listener_t, message, bool,
proposals = list->create_enumerator(list);
while (proposals->enumerate(proposals, &proposal))
{
- u_int64_t spi = proposal->get_spi(proposal);
+ uint64_t spi = proposal->get_spi(proposal);
if (proposal->get_protocol(proposal) != PROTO_IKE)
{
diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c
index bc2f000..42a9cb4 100644
--- a/src/conftest/hooks/rebuild_auth.c
+++ b/src/conftest/hooks/rebuild_auth.c
@@ -67,7 +67,7 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
char reserved[3];
generator_t *generator;
chunk_t data;
- u_int32_t *lenpos;
+ uint32_t *lenpos;
payload = message->get_payload(message,
message->get_request(message) ? PLV2_ID_INITIATOR : PLV2_ID_RESPONDER);
diff --git a/src/conftest/hooks/reset_seq.c b/src/conftest/hooks/reset_seq.c
index 717bcdb..93c6143 100644
--- a/src/conftest/hooks/reset_seq.c
+++ b/src/conftest/hooks/reset_seq.c
@@ -154,7 +154,7 @@ static job_requeue_t reset_cb(struct reset_cb_data_t *data)
* Schedule sequence number reset job
*/
static void schedule_reset_job(private_reset_seq_t *this, host_t *dst,
- u_int32_t spi)
+ uint32_t spi)
{
struct reset_cb_data_t *data;
chunk_t chunk;
diff --git a/src/conftest/hooks/set_ike_spi.c b/src/conftest/hooks/set_ike_spi.c
index bda0258..cc4d5af 100644
--- a/src/conftest/hooks/set_ike_spi.c
+++ b/src/conftest/hooks/set_ike_spi.c
@@ -42,12 +42,12 @@ struct private_set_ike_spi_t {
/**
* Initiator SPI
*/
- u_int64_t spii;
+ uint64_t spii;
/**
* Responder SPI
*/
- u_int64_t spir;
+ uint64_t spir;
};
METHOD(listener_t, message, bool,
diff --git a/src/conftest/hooks/set_length.c b/src/conftest/hooks/set_length.c
index b1a1a47..7f64158 100644
--- a/src/conftest/hooks/set_length.c
+++ b/src/conftest/hooks/set_length.c
@@ -75,7 +75,7 @@ METHOD(listener_t, message, bool,
if (type == payload->get_type(payload))
{
encoding_rule_t *rules;
- u_int16_t *len;
+ uint16_t *len;
int i, count;
count = payload->get_encoding_rules(payload, &rules);
@@ -83,7 +83,7 @@ METHOD(listener_t, message, bool,
{
if (rules[i].type == PAYLOAD_LENGTH)
{
- len = (u_int16_t*)(((void*)payload) + rules[i].offset);
+ len = (uint16_t*)(((void*)payload) + rules[i].offset);
DBG1(DBG_CFG, "adjusting length of %N payload "
"from %d to %d", payload_type_short_names, type,
*len, *len + this->diff);
diff --git a/src/conftest/hooks/set_proposal_number.c b/src/conftest/hooks/set_proposal_number.c
index 4e572d6..dd814ad 100644
--- a/src/conftest/hooks/set_proposal_number.c
+++ b/src/conftest/hooks/set_proposal_number.c
@@ -57,7 +57,7 @@ static void copy_proposal_algs(proposal_t *from, proposal_t *to,
transform_type_t type)
{
enumerator_t *enumerator;
- u_int16_t alg, key_size;
+ uint16_t alg, key_size;
enumerator = from->create_enumerator(from, type);
while (enumerator->enumerate(enumerator, &alg, &key_size))
diff --git a/src/conftest/hooks/set_reserved.c b/src/conftest/hooks/set_reserved.c
index 488e8df..7ce6f1b 100644
--- a/src/conftest/hooks/set_reserved.c
+++ b/src/conftest/hooks/set_reserved.c
@@ -85,11 +85,11 @@ static void set_bit(private_set_reserved_t *this, message_t *message,
* Set reserved byte of a payload
*/
static void set_byte(private_set_reserved_t *this, message_t *message,
- payload_type_t type, u_int nr, u_int8_t byteval)
+ payload_type_t type, u_int nr, uint8_t byteval)
{
enumerator_t *payloads;
payload_t *payload;
- u_int8_t *byte;
+ uint8_t *byte;
if (type == PLV2_TRANSFORM_SUBSTRUCTURE || type == PLV2_PROPOSAL_SUBSTRUCTURE)
{
@@ -172,7 +172,7 @@ METHOD(listener_t, message, bool,
enumerator_t *bits, *bytes, *types;
payload_type_t type;
char *nr, *name;
- u_int8_t byteval;
+ uint8_t byteval;
types = conftest->test->create_section_enumerator(conftest->test,
"hooks.%s", this->name);
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
index 6525fbc..d3bb11f 100644
--- a/src/dumm/Makefile.in
+++ b/src/dumm/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = dumm$(EXEEXT) irdumm$(EXEEXT)
subdir = src/dumm
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -208,12 +217,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -263,6 +274,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -297,6 +309,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -408,6 +421,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -472,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/dumm/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/dumm/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -841,6 +854,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipseclibLTLIBRARIES
tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS \
uninstall-ipseclibLTLIBRARIES
+.PRECIOUS: Makefile
+
all-local: ext
diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c
index 54c4fe3..4563d6f 100644
--- a/src/dumm/mconsole.c
+++ b/src/dumm/mconsole.c
@@ -54,9 +54,9 @@ struct private_mconsole_t {
typedef struct mconsole_request mconsole_request;
/** mconsole request message */
struct mconsole_request {
- u_int32_t magic;
- u_int32_t version;
- u_int32_t len;
+ uint32_t magic;
+ uint32_t version;
+ uint32_t len;
char data[MCONSOLE_MAX_DATA];
};
@@ -64,24 +64,24 @@ struct mconsole_request {
typedef struct mconsole_reply mconsole_reply;
/** mconsole reply message */
struct mconsole_reply {
- u_int32_t err;
- u_int32_t more;
- u_int32_t len;
+ uint32_t err;
+ uint32_t more;
+ uint32_t len;
char data[MCONSOLE_MAX_DATA];
};
typedef struct mconsole_notify mconsole_notify;
/** mconsole notify message */
struct mconsole_notify {
- u_int32_t magic;
- u_int32_t version;
+ uint32_t magic;
+ uint32_t version;
enum {
MCONSOLE_SOCKET,
MCONSOLE_PANIC,
MCONSOLE_HANG,
MCONSOLE_USER_NOTIFY,
} type;
- u_int32_t len;
+ uint32_t len;
char data[MCONSOLE_MAX_DATA];
};
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index 9f4becb..c909af9 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,7 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/include
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -116,12 +126,14 @@ am__can_run_installinfo = \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -316,6 +330,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -362,7 +377,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/include/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/include/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -537,6 +551,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/include/linux/pfkeyv2.h b/src/include/linux/pfkeyv2.h
index 7379d1a..7a1e995 100644
--- a/src/include/linux/pfkeyv2.h
+++ b/src/include/linux/pfkeyv2.h
@@ -159,7 +159,7 @@ struct sadb_spirange {
struct sadb_x_kmprivate {
uint16_t sadb_x_kmprivate_len;
uint16_t sadb_x_kmprivate_exttype;
- u_int32_t sadb_x_kmprivate_reserved;
+ uint32_t sadb_x_kmprivate_reserved;
} __attribute__((packed));
/* sizeof(struct sadb_x_kmprivate) == 8 */
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index 72022ed..c4cb5af 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/ipsec
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(dist_man8_MANS)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -150,12 +159,14 @@ man8dir = $(mandir)/man8
NROFF = nroff
MANS = $(dist_man8_MANS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(dist_man8_MANS) $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -205,6 +216,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -239,6 +251,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -350,6 +363,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -397,7 +411,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/ipsec/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/ipsec/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -660,6 +673,8 @@ uninstall-man: uninstall-man8
ps ps-am tags-am uninstall uninstall-am uninstall-hook \
uninstall-man uninstall-man8 uninstall-sbinSCRIPTS
+.PRECIOUS: Makefile
+
_ipsec.8 : _ipsec.8.in
$(AM_V_GEN) \
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index 686c1ce..b0acc6c 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.4.0rc1" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.5.0rc1" "strongSwan"
.
.SH NAME
.
diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk
index 55e6bc5..4f3d78c 100644
--- a/src/libcharon/Android.mk
+++ b/src/libcharon/Android.mk
@@ -10,6 +10,7 @@ attributes/mem_pool.c attributes/mem_pool.h \
bus/bus.c bus/bus.h \
bus/listeners/listener.h \
bus/listeners/logger.h \
+bus/listeners/custom_logger.h \
bus/listeners/file_logger.c bus/listeners/file_logger.h \
config/backend_manager.c config/backend_manager.h config/backend.h \
config/child_cfg.c config/child_cfg.h \
diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am
index 9f07078..550f6eb 100644
--- a/src/libcharon/Makefile.am
+++ b/src/libcharon/Makefile.am
@@ -154,12 +154,15 @@ AM_CPPFLAGS = \
-DIPSEC_DIR=\"${ipsecdir}\" \
-DIPSEC_PIDDIR=\"${piddir}\"
+AM_CFLAGS = \
+ @COVERAGE_CFLAGS@
+
AM_LDFLAGS = \
-no-undefined
libcharon_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB)
+ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) $(SOCKLIB)
if USE_WINDOWS
libcharon_la_LIBADD += -lws2_32
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index 2ccae21..3ea9b80 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -284,8 +294,6 @@ host_triplet = @host@
@USE_ATTR_SQL_TRUE at am__append_146 = plugins/attr_sql
@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE at am__append_147 = plugins/attr_sql/libstrongswan-attr-sql.la
subdir = src/libcharon
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -299,6 +307,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -336,31 +345,32 @@ am__DEPENDENCIES_1 =
libcharon_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_7) \
- $(am__append_9) $(am__append_11) $(am__append_13) \
- $(am__append_15) $(am__append_17) $(am__append_19) \
- $(am__append_21) $(am__append_23) $(am__append_25) \
- $(am__append_27) $(am__append_29) $(am__append_31) \
- $(am__append_33) $(am__append_35) $(am__append_37) \
- $(am__append_39) $(am__append_41) $(am__append_43) \
- $(am__append_45) $(am__append_47) $(am__append_49) \
- $(am__append_51) $(am__append_53) $(am__append_54) \
- $(am__append_56) $(am__append_58) $(am__append_60) \
- $(am__append_62) $(am__append_64) $(am__append_66) \
- $(am__append_68) $(am__append_70) $(am__append_72) \
- $(am__append_73) $(am__append_74) $(am__append_76) \
- $(am__append_78) $(am__append_79) $(am__append_81) \
- $(am__append_83) $(am__append_85) $(am__append_87) \
- $(am__append_89) $(am__append_91) $(am__append_93) \
- $(am__append_95) $(am__append_97) $(am__append_99) \
- $(am__append_101) $(am__append_103) $(am__append_105) \
- $(am__append_107) $(am__append_109) $(am__append_111) \
- $(am__append_113) $(am__append_115) $(am__append_117) \
- $(am__append_119) $(am__append_121) $(am__append_123) \
- $(am__append_125) $(am__append_127) $(am__append_129) \
- $(am__append_131) $(am__append_133) $(am__append_135) \
- $(am__append_137) $(am__append_139) $(am__append_141) \
- $(am__append_143) $(am__append_145) $(am__append_147)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__append_7) $(am__append_9) \
+ $(am__append_11) $(am__append_13) $(am__append_15) \
+ $(am__append_17) $(am__append_19) $(am__append_21) \
+ $(am__append_23) $(am__append_25) $(am__append_27) \
+ $(am__append_29) $(am__append_31) $(am__append_33) \
+ $(am__append_35) $(am__append_37) $(am__append_39) \
+ $(am__append_41) $(am__append_43) $(am__append_45) \
+ $(am__append_47) $(am__append_49) $(am__append_51) \
+ $(am__append_53) $(am__append_54) $(am__append_56) \
+ $(am__append_58) $(am__append_60) $(am__append_62) \
+ $(am__append_64) $(am__append_66) $(am__append_68) \
+ $(am__append_70) $(am__append_72) $(am__append_73) \
+ $(am__append_74) $(am__append_76) $(am__append_78) \
+ $(am__append_79) $(am__append_81) $(am__append_83) \
+ $(am__append_85) $(am__append_87) $(am__append_89) \
+ $(am__append_91) $(am__append_93) $(am__append_95) \
+ $(am__append_97) $(am__append_99) $(am__append_101) \
+ $(am__append_103) $(am__append_105) $(am__append_107) \
+ $(am__append_109) $(am__append_111) $(am__append_113) \
+ $(am__append_115) $(am__append_117) $(am__append_119) \
+ $(am__append_121) $(am__append_123) $(am__append_125) \
+ $(am__append_127) $(am__append_129) $(am__append_131) \
+ $(am__append_133) $(am__append_135) $(am__append_137) \
+ $(am__append_139) $(am__append_141) $(am__append_143) \
+ $(am__append_145) $(am__append_147)
am__libcharon_la_SOURCES_DIST = attributes/attributes.c \
attributes/attributes.h attributes/attribute_provider.h \
attributes/attribute_handler.h attributes/attribute_manager.c \
@@ -747,6 +757,7 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \
plugins/xauth_generic plugins/xauth_eap plugins/xauth_pam \
plugins/xauth_noauth plugins/resolve plugins/attr \
plugins/attr_sql tests
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -778,6 +789,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -827,6 +839,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -861,6 +874,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -972,6 +986,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -1112,12 +1127,15 @@ AM_CPPFLAGS = \
-DIPSEC_DIR=\"${ipsecdir}\" \
-DIPSEC_PIDDIR=\"${piddir}\"
+AM_CFLAGS = \
+ @COVERAGE_CFLAGS@
+
AM_LDFLAGS = \
-no-undefined
libcharon_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la -lm \
- $(PTHREADLIB) $(DLLIB) $(SOCKLIB) $(am__append_4) \
+ $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) $(SOCKLIB) $(am__append_4) \
$(am__append_7) $(am__append_9) $(am__append_11) \
$(am__append_13) $(am__append_15) $(am__append_17) \
$(am__append_19) $(am__append_21) $(am__append_23) \
@@ -1233,7 +1251,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -2231,6 +2248,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipseclibLTLIBRARIES
+.PRECIOUS: Makefile
+
daemon.lo : $(top_builddir)/config.status
diff --git a/src/libcharon/attributes/mem_pool.c b/src/libcharon/attributes/mem_pool.c
index 833c3e9..a2b7c28 100644
--- a/src/libcharon/attributes/mem_pool.c
+++ b/src/libcharon/attributes/mem_pool.c
@@ -142,7 +142,7 @@ static host_t* offset2host(private_mem_pool_t *pool, int offset)
{
chunk_t addr;
host_t *host;
- u_int32_t *pos;
+ uint32_t *pos;
offset--;
if (offset > pool->size)
@@ -153,11 +153,11 @@ static host_t* offset2host(private_mem_pool_t *pool, int offset)
addr = chunk_clone(pool->base->get_address(pool->base));
if (pool->base->get_family(pool->base) == AF_INET6)
{
- pos = (u_int32_t*)(addr.ptr + 12);
+ pos = (uint32_t*)(addr.ptr + 12);
}
else
{
- pos = (u_int32_t*)addr.ptr;
+ pos = (uint32_t*)addr.ptr;
}
*pos = htonl(offset + ntohl(*pos));
host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0);
@@ -171,7 +171,7 @@ static host_t* offset2host(private_mem_pool_t *pool, int offset)
static int host2offset(private_mem_pool_t *pool, host_t *addr)
{
chunk_t host, base;
- u_int32_t hosti, basei;
+ uint32_t hosti, basei;
if (addr->get_family(addr) != pool->base->get_family(pool->base))
{
@@ -189,8 +189,8 @@ static int host2offset(private_mem_pool_t *pool, host_t *addr)
host = chunk_skip(host, 12);
base = chunk_skip(base, 12);
}
- hosti = ntohl(*(u_int32_t*)(host.ptr));
- basei = ntohl(*(u_int32_t*)(base.ptr));
+ hosti = ntohl(*(uint32_t*)(host.ptr));
+ basei = ntohl(*(uint32_t*)(base.ptr));
if (hosti > basei + pool->size)
{
return -1;
@@ -634,7 +634,7 @@ static private_mem_pool_t *create_generic(char *name)
*/
static u_int network_id_diff(host_t *host, int hostbits)
{
- u_int32_t last;
+ uint32_t last;
chunk_t addr;
if (!hostbits)
@@ -705,7 +705,7 @@ mem_pool_t *mem_pool_create_range(char *name, host_t *from, host_t *to)
{
private_mem_pool_t *this;
chunk_t fromaddr, toaddr;
- u_int32_t diff;
+ uint32_t diff;
fromaddr = from->get_address(from);
toaddr = to->get_address(to);
diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index 53ded6b..e17d629 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -688,7 +688,7 @@ METHOD(bus_t, child_rekey, void,
}
METHOD(bus_t, children_migrate, void,
- private_bus_t *this, ike_sa_id_t *new, u_int32_t unique)
+ private_bus_t *this, ike_sa_id_t *new, uint32_t unique)
{
enumerator_t *enumerator;
ike_sa_t *ike_sa;
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index b6757b1..305cbe4 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -101,9 +101,13 @@ enum alert_t {
/** received IKE message with invalid body, argument is message_t*,
* followed by a status_t result returned by message_t.parse_body(). */
ALERT_PARSE_ERROR_BODY,
- /** sending a retransmit for a message, argument is packet_t, if the message
- * got fragmented only the first fragment is passed */
+ /** sending a retransmit for a message, arguments are packet_t and number
+ * of the retransmit, if the message got fragmented only the first fragment
+ * is passed */
ALERT_RETRANSMIT_SEND,
+ /** received response for retransmitted request, argument is packet_t, if
+ * the message got fragmented only the first fragment is passed */
+ ALERT_RETRANSMIT_SEND_CLEARED,
/** sending retransmits timed out, argument is packet_t, if available and if
* the message got fragmented only the first fragment is passed */
ALERT_RETRANSMIT_SEND_TIMEOUT,
@@ -432,7 +436,7 @@ struct bus_t {
* @param new ID of new SA when called for the old, NULL otherwise
* @param uniue unique ID of new SA when called for the old, 0 otherwise
*/
- void (*children_migrate)(bus_t *this, ike_sa_id_t *new, u_int32_t unique);
+ void (*children_migrate)(bus_t *this, ike_sa_id_t *new, uint32_t unique);
/**
* Virtual IP assignment hook.
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index c7a8d8d..be2726e 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -200,7 +200,7 @@ struct listener_t {
* @return TRUE to stay registered, FALSE to unregister
*/
bool (*children_migrate)(listener_t *this, ike_sa_t *ike_sa,
- ike_sa_id_t *new, u_int32_t unique);
+ ike_sa_id_t *new, uint32_t unique);
/**
* Hook called to invoke additional authorization rules.
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 3d3c741..76d7f2c 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -1,8 +1,9 @@
/*
- * Copyright (C) 2008-2015 Tobias Brunner
+ * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -110,12 +111,12 @@ struct private_child_cfg_t {
/**
* Inactivity timeout
*/
- u_int32_t inactivity;
+ uint32_t inactivity;
/**
* Reqid to install CHILD_SA with
*/
- u_int32_t reqid;
+ uint32_t reqid;
/**
* Optional mark to install inbound CHILD_SA with
@@ -130,7 +131,17 @@ struct private_child_cfg_t {
/**
* Traffic Flow Confidentiality padding, if enabled
*/
- u_int32_t tfc;
+ uint32_t tfc;
+
+ /**
+ * Optional manually-set IPsec policy priorities
+ */
+ uint32_t manual_prio;
+
+ /**
+ * Optional restriction of IPsec policy to a given network interface
+ */
+ char *interface;
/**
* set up IPsec transport SA in MIPv6 proxy mode
@@ -145,7 +156,7 @@ struct private_child_cfg_t {
/**
* anti-replay window size
*/
- u_int32_t replay_window;
+ uint32_t replay_window;
};
METHOD(child_cfg_t, get_name, char*,
@@ -200,25 +211,40 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*,
METHOD(child_cfg_t, select_proposal, proposal_t*,
private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh,
- bool private)
+ bool private, bool prefer_self)
{
- enumerator_t *stored_enum, *supplied_enum;
- proposal_t *stored, *supplied, *selected = NULL;
+ enumerator_t *prefer_enum, *match_enum;
+ proposal_t *proposal, *match, *selected = NULL;
- stored_enum = this->proposals->create_enumerator(this->proposals);
- supplied_enum = proposals->create_enumerator(proposals);
+ if (prefer_self)
+ {
+ prefer_enum = this->proposals->create_enumerator(this->proposals);
+ match_enum = proposals->create_enumerator(proposals);
+ }
+ else
+ {
+ prefer_enum = proposals->create_enumerator(proposals);
+ match_enum = this->proposals->create_enumerator(this->proposals);
+ }
- /* compare all stored proposals with all supplied. Stored ones are preferred. */
- while (stored_enum->enumerate(stored_enum, &stored))
+ while (prefer_enum->enumerate(prefer_enum, &proposal))
{
- stored = stored->clone(stored);
- while (supplied_enum->enumerate(supplied_enum, &supplied))
+ proposal = proposal->clone(proposal);
+ if (prefer_self)
+ {
+ proposals->reset_enumerator(proposals, match_enum);
+ }
+ else
+ {
+ this->proposals->reset_enumerator(this->proposals, match_enum);
+ }
+ while (match_enum->enumerate(match_enum, &match))
{
if (strip_dh)
{
- stored->strip_dh(stored, MODP_NONE);
+ proposal->strip_dh(proposal, MODP_NONE);
}
- selected = stored->select(stored, supplied, private);
+ selected = proposal->select(proposal, match, private);
if (selected)
{
DBG2(DBG_CFG, "received proposals: %#P", proposals);
@@ -227,17 +253,15 @@ METHOD(child_cfg_t, select_proposal, proposal_t*,
break;
}
}
- stored->destroy(stored);
+ proposal->destroy(proposal);
if (selected)
{
break;
}
- supplied_enum->destroy(supplied_enum);
- supplied_enum = proposals->create_enumerator(proposals);
}
- stored_enum->destroy(stored_enum);
- supplied_enum->destroy(supplied_enum);
- if (selected == NULL)
+ prefer_enum->destroy(prefer_enum);
+ match_enum->destroy(match_enum);
+ if (!selected)
{
DBG1(DBG_CFG, "received proposals: %#P", proposals);
DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
@@ -405,7 +429,7 @@ METHOD(child_cfg_t, get_hostaccess, bool,
* Note: The distribution of random values is not perfect, but it
* should get the job done.
*/
-static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter)
+static uint64_t apply_jitter(uint64_t rekey, uint64_t jitter)
{
if (jitter == 0)
{
@@ -417,10 +441,14 @@ static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter)
#define APPLY_JITTER(l) l.rekey = apply_jitter(l.rekey, l.jitter)
METHOD(child_cfg_t, get_lifetime, lifetime_cfg_t*,
- private_child_cfg_t *this)
+ private_child_cfg_t *this, bool jitter)
{
lifetime_cfg_t *lft = malloc_thing(lifetime_cfg_t);
memcpy(lft, &this->lifetime, sizeof(lifetime_cfg_t));
+ if (!jitter)
+ {
+ lft->time.jitter = lft->bytes.jitter = lft->packets.jitter = 0;
+ }
APPLY_JITTER(lft->time);
APPLY_JITTER(lft->bytes);
APPLY_JITTER(lft->packets);
@@ -456,7 +484,7 @@ METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t,
{
enumerator_t *enumerator;
proposal_t *proposal;
- u_int16_t dh_group = MODP_NONE;
+ uint16_t dh_group = MODP_NONE;
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &proposal))
@@ -476,13 +504,13 @@ METHOD(child_cfg_t, use_ipcomp, bool,
return this->use_ipcomp;
}
-METHOD(child_cfg_t, get_inactivity, u_int32_t,
+METHOD(child_cfg_t, get_inactivity, uint32_t,
private_child_cfg_t *this)
{
return this->inactivity;
}
-METHOD(child_cfg_t, get_reqid, u_int32_t,
+METHOD(child_cfg_t, get_reqid, uint32_t,
private_child_cfg_t *this)
{
return this->reqid;
@@ -494,29 +522,34 @@ METHOD(child_cfg_t, get_mark, mark_t,
return inbound ? this->mark_in : this->mark_out;
}
-METHOD(child_cfg_t, get_tfc, u_int32_t,
+METHOD(child_cfg_t, get_tfc, uint32_t,
private_child_cfg_t *this)
{
return this->tfc;
}
-METHOD(child_cfg_t, get_replay_window, u_int32_t,
+METHOD(child_cfg_t, get_manual_prio, uint32_t,
private_child_cfg_t *this)
{
- return this->replay_window;
+ return this->manual_prio;
}
-METHOD(child_cfg_t, set_replay_window, void,
- private_child_cfg_t *this, u_int32_t replay_window)
+METHOD(child_cfg_t, get_interface, char*,
+ private_child_cfg_t *this)
{
- this->replay_window = replay_window;
+ return this->interface;
+}
+
+METHOD(child_cfg_t, get_replay_window, uint32_t,
+ private_child_cfg_t *this)
+{
+ return this->replay_window;
}
-METHOD(child_cfg_t, set_mipv6_options, void,
- private_child_cfg_t *this, bool proxy_mode, bool install_policy)
+METHOD(child_cfg_t, set_replay_window, void,
+ private_child_cfg_t *this, uint32_t replay_window)
{
- this->proxy_mode = proxy_mode;
- this->install_policy = install_policy;
+ this->replay_window = replay_window;
}
METHOD(child_cfg_t, use_proxy_mode, bool,
@@ -532,7 +565,7 @@ METHOD(child_cfg_t, install_policy, bool,
}
#define LT_PART_EQUALS(a, b) ({ a.life == b.life && a.rekey == b.rekey && a.jitter == b.jitter; })
-#define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); })
+#define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); })
METHOD(child_cfg_t, equals, bool,
private_child_cfg_t *this, child_cfg_t *other_pub)
@@ -576,10 +609,12 @@ METHOD(child_cfg_t, equals, bool,
this->mark_out.value == other->mark_out.value &&
this->mark_out.mask == other->mark_out.mask &&
this->tfc == other->tfc &&
+ this->manual_prio == other->manual_prio &&
this->replay_window == other->replay_window &&
this->proxy_mode == other->proxy_mode &&
this->install_policy == other->install_policy &&
- streq(this->updown, other->updown);
+ streq(this->updown, other->updown) &&
+ streq(this->interface, other->interface);
}
METHOD(child_cfg_t, get_ref, child_cfg_t*,
@@ -597,10 +632,8 @@ METHOD(child_cfg_t, destroy, void,
this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy));
this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy));
- if (this->updown)
- {
- free(this->updown);
- }
+ free(this->updown);
+ free(this->interface);
free(this->name);
free(this);
}
@@ -609,12 +642,7 @@ METHOD(child_cfg_t, destroy, void,
/*
* Described in header-file
*/
-child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
- char *updown, bool hostaccess,
- ipsec_mode_t mode, action_t start_action,
- action_t dpd_action, action_t close_action,
- bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
- mark_t *mark_in, mark_t *mark_out, u_int32_t tfc)
+child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
{
private_child_cfg_t *this;
@@ -634,12 +662,13 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
.get_close_action = _get_close_action,
.get_lifetime = _get_lifetime,
.get_dh_group = _get_dh_group,
- .set_mipv6_options = _set_mipv6_options,
.use_ipcomp = _use_ipcomp,
.get_inactivity = _get_inactivity,
.get_reqid = _get_reqid,
.get_mark = _get_mark,
.get_tfc = _get_tfc,
+ .get_manual_prio = _get_manual_prio,
+ .get_interface = _get_interface,
.get_replay_window = _get_replay_window,
.set_replay_window = _set_replay_window,
.use_proxy_mode = _use_proxy_mode,
@@ -649,35 +678,30 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
.destroy = _destroy,
},
.name = strdup(name),
- .updown = strdupnull(updown),
- .hostaccess = hostaccess,
- .mode = mode,
- .start_action = start_action,
- .dpd_action = dpd_action,
- .close_action = close_action,
- .use_ipcomp = ipcomp,
- .inactivity = inactivity,
- .reqid = reqid,
- .proxy_mode = FALSE,
- .install_policy = TRUE,
+ .updown = strdupnull(data->updown),
+ .hostaccess = data->hostaccess,
+ .reqid = data->reqid,
+ .mode = data->mode,
+ .proxy_mode = data->proxy_mode,
+ .start_action = data->start_action,
+ .dpd_action = data->dpd_action,
+ .close_action = data->close_action,
+ .mark_in = data->mark_in,
+ .mark_out = data->mark_out,
+ .lifetime = data->lifetime,
+ .inactivity = data->inactivity,
+ .use_ipcomp = data->ipcomp,
+ .tfc = data->tfc,
+ .manual_prio = data->priority,
+ .interface = strdupnull(data->interface),
+ .install_policy = !data->suppress_policies,
.refcount = 1,
.proposals = linked_list_create(),
.my_ts = linked_list_create(),
.other_ts = linked_list_create(),
- .tfc = tfc,
.replay_window = lib->settings->get_int(lib->settings,
- "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns),
+ "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns),
);
- if (mark_in)
- {
- this->mark_in = *mark_in;
- }
- if (mark_out)
- {
- this->mark_out = *mark_out;
- }
- memcpy(&this->lifetime, lifetime, sizeof(lifetime_cfg_t));
-
return &this->public;
}
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index 22641f7..e736b27 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -1,8 +1,9 @@
/*
- * Copyright (C) 2008-2015 Tobias Brunner
+ * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -25,6 +26,7 @@
typedef enum action_t action_t;
typedef struct child_cfg_t child_cfg_t;
+typedef struct child_cfg_create_t child_cfg_create_t;
#include <library.h>
#include <selectors/traffic_selector.h>
@@ -98,10 +100,12 @@ struct child_cfg_t {
* @param proposals list from which proposals are selected
* @param strip_dh TRUE strip out diffie hellman groups
* @param private accept algorithms from a private range
+ * @param prefer_self whether to prefer configured or supplied proposals
* @return selected proposal, or NULL if nothing matches
*/
proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals,
- bool strip_dh, bool private);
+ bool strip_dh, bool private,
+ bool prefer_self);
/**
* Add a traffic selector to the config.
@@ -155,9 +159,10 @@ struct child_cfg_t {
* The rekey limits automatically contain a jitter to avoid simultaneous
* rekeying. These values will change with each call to this function.
*
+ * @param jitter subtract jitter value to randomize lifetimes
* @return lifetime_cfg_t (has to be freed)
*/
- lifetime_cfg_t* (*get_lifetime) (child_cfg_t *this);
+ lifetime_cfg_t* (*get_lifetime) (child_cfg_t *this, bool jitter);
/**
* Get the mode to use for the CHILD_SA.
@@ -210,14 +215,14 @@ struct child_cfg_t {
*
* @return inactivity timeout in s
*/
- u_int32_t (*get_inactivity)(child_cfg_t *this);
+ uint32_t (*get_inactivity)(child_cfg_t *this);
/**
* Specific reqid to use for CHILD_SA.
*
* @return reqid
*/
- u_int32_t (*get_reqid)(child_cfg_t *this);
+ uint32_t (*get_reqid)(child_cfg_t *this);
/**
* Optional mark for CHILD_SA.
@@ -232,30 +237,35 @@ struct child_cfg_t {
*
* @return TFC padding, 0 to disable, -1 for MTU
*/
- u_int32_t (*get_tfc)(child_cfg_t *this);
+ uint32_t (*get_tfc)(child_cfg_t *this);
/**
- * Get anti-replay window size
+ * Get optional manually-set IPsec policy priority
*
- * @return anti-replay window size
+ * @return manually-set IPsec policy priority (automatic if 0)
*/
- u_int32_t (*get_replay_window)(child_cfg_t *this);
+ uint32_t (*get_manual_prio)(child_cfg_t *this);
/**
- * Set anti-replay window size
+ * Get optional network interface restricting IPsec policy
*
- * @param window anti-replay window size
+ * @return network interface)
*/
- void (*set_replay_window)(child_cfg_t *this, u_int32_t window);
+ char* (*get_interface)(child_cfg_t *this);
/**
- * Sets two options needed for Mobile IPv6 interoperability.
+ * Get anti-replay window size
*
- * @param proxy_mode use IPsec transport proxy mode (default FALSE)
- * @param install_policy install IPsec kernel policies (default TRUE)
+ * @return anti-replay window size
*/
- void (*set_mipv6_options)(child_cfg_t *this, bool proxy_mode,
- bool install_policy);
+ uint32_t (*get_replay_window)(child_cfg_t *this);
+
+ /**
+ * Set anti-replay window size
+ *
+ * @param window anti-replay window size
+ */
+ void (*set_replay_window)(child_cfg_t *this, uint32_t window);
/**
* Check whether IPsec transport SA should be set up in proxy mode.
@@ -297,38 +307,56 @@ struct child_cfg_t {
void (*destroy) (child_cfg_t *this);
};
+
+/**
+ * Data passed to the constructor of a child_cfg_t object.
+ */
+struct child_cfg_create_t {
+ /** Specific reqid to use for CHILD_SA, 0 for auto assignment */
+ uint32_t reqid;
+ /** Optional inbound mark */
+ mark_t mark_in;
+ /** Optional outbound mark */
+ mark_t mark_out;
+ /** Mode to propose for CHILD_SA */
+ ipsec_mode_t mode;
+ /** Use IPsec transport proxy mode */
+ bool proxy_mode;
+ /** Use IPComp, if peer supports it */
+ bool ipcomp;
+ /** TFC padding size, 0 to disable, -1 to pad to PMTU */
+ uint32_t tfc;
+ /** Optional manually-set IPsec policy priority */
+ uint32_t priority;
+ /** Optional network interface restricting IPsec policy (cloned) */
+ char *interface;
+ /** lifetime_cfg_t for this child_cfg */
+ lifetime_cfg_t lifetime;
+ /** Inactivity timeout in s before closing a CHILD_SA */
+ uint32_t inactivity;
+ /** Start action */
+ action_t start_action;
+ /** DPD action */
+ action_t dpd_action;
+ /** Close action */
+ action_t close_action;
+ /** updown script to execute on up/down event (cloned) */
+ char *updown;
+ /** TRUE to allow access to the local host */
+ bool hostaccess;
+ /** Don't install IPsec policies */
+ bool suppress_policies;
+};
+
/**
* Create a configuration template for CHILD_SA setup.
*
- * The "name" string gets cloned.
- *
- * The lifetime_cfg_t object gets cloned.
- * To prevent two peers to start rekeying at the same time, a jitter may be
- * specified. Rekeying of an SA starts at (x.rekey - random(0, x.jitter)).
- *
* After a call to create, a reference is obtained (refcount = 1).
*
- * @param name name of the child_cfg
- * @param lifetime lifetime_cfg_t for this child_cfg
- * @param updown updown script to execute on up/down event
- * @param hostaccess TRUE to allow access to the local host
- * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET
- * @param start_action start action
- * @param dpd_action DPD action
- * @param close_action close action
- * @param ipcomp use IPComp, if peer supports it
- * @param inactivity inactivity timeout in s before closing a CHILD_SA
- * @param reqid specific reqid to use for CHILD_SA, 0 for auto assign
- * @param mark_in optional inbound mark (can be NULL)
- * @param mark_out optional outbound mark (can be NULL)
- * @param tfc TFC padding size, 0 to disable, -1 to pad to PMTU
+ * @param name name of the child_cfg (cloned)
+ * @param data data for this child_cfg
* @return child_cfg_t object
*/
-child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
- char *updown, bool hostaccess,
- ipsec_mode_t mode, action_t start_action,
- action_t dpd_action, action_t close_action,
- bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
- mark_t *mark_in, mark_t *mark_out, u_int32_t tfc);
+child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data);
#endif /** CHILD_CFG_H_ @}*/
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index a720e14..7d52ac8 100644
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2012-2016 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -83,12 +83,12 @@ struct private_ike_cfg_t {
/**
* our source port
*/
- u_int16_t my_port;
+ uint16_t my_port;
/**
* destination port
*/
- u_int16_t other_port;
+ uint16_t other_port;
/**
* should we send a certificate request?
@@ -108,7 +108,7 @@ struct private_ike_cfg_t {
/**
* DSCP value to use on sent IKE packets
*/
- u_int8_t dscp;
+ uint8_t dscp;
/**
* List of proposals to use
@@ -143,7 +143,7 @@ METHOD(ike_cfg_t, fragmentation, fragmentation_t,
/**
* Common function for resolve_me/other
*/
-static host_t* resolve(linked_list_t *hosts, int family, u_int16_t port)
+static host_t* resolve(linked_list_t *hosts, int family, uint16_t port)
{
enumerator_t *enumerator;
host_t *host = NULL;
@@ -192,7 +192,7 @@ static u_int match(linked_list_t *hosts, linked_list_t *ranges, host_t *cand)
traffic_selector_t *ts;
char *str;
host_t *host;
- u_int8_t mask;
+ uint8_t mask;
u_int quality = 0;
/* try single hosts first */
@@ -261,19 +261,19 @@ METHOD(ike_cfg_t, get_other_addr, char*,
return this->other;
}
-METHOD(ike_cfg_t, get_my_port, u_int16_t,
+METHOD(ike_cfg_t, get_my_port, uint16_t,
private_ike_cfg_t *this)
{
return this->my_port;
}
-METHOD(ike_cfg_t, get_other_port, u_int16_t,
+METHOD(ike_cfg_t, get_other_port, uint16_t,
private_ike_cfg_t *this)
{
return this->other_port;
}
-METHOD(ike_cfg_t, get_dscp, u_int8_t,
+METHOD(ike_cfg_t, get_dscp, uint8_t,
private_ike_cfg_t *this)
{
return this->dscp;
@@ -310,42 +310,57 @@ METHOD(ike_cfg_t, get_proposals, linked_list_t*,
}
METHOD(ike_cfg_t, select_proposal, proposal_t*,
- private_ike_cfg_t *this, linked_list_t *proposals, bool private)
+ private_ike_cfg_t *this, linked_list_t *proposals, bool private,
+ bool prefer_self)
{
- enumerator_t *stored_enum, *supplied_enum;
- proposal_t *stored, *supplied, *selected;
+ enumerator_t *prefer_enum, *match_enum;
+ proposal_t *proposal, *match, *selected = NULL;
- stored_enum = this->proposals->create_enumerator(this->proposals);
- supplied_enum = proposals->create_enumerator(proposals);
-
-
- /* compare all stored proposals with all supplied. Stored ones are preferred.*/
- while (stored_enum->enumerate(stored_enum, (void**)&stored))
+ if (prefer_self)
+ {
+ prefer_enum = this->proposals->create_enumerator(this->proposals);
+ match_enum = proposals->create_enumerator(proposals);
+ }
+ else
{
- proposals->reset_enumerator(proposals, supplied_enum);
+ prefer_enum = proposals->create_enumerator(proposals);
+ match_enum = this->proposals->create_enumerator(this->proposals);
+ }
- while (supplied_enum->enumerate(supplied_enum, (void**)&supplied))
+ while (prefer_enum->enumerate(prefer_enum, (void**)&proposal))
+ {
+ if (prefer_self)
+ {
+ proposals->reset_enumerator(proposals, match_enum);
+ }
+ else
{
- selected = stored->select(stored, supplied, private);
+ this->proposals->reset_enumerator(this->proposals, match_enum);
+ }
+ while (match_enum->enumerate(match_enum, (void**)&match))
+ {
+ selected = proposal->select(proposal, match, private);
if (selected)
{
- /* they match, return */
- stored_enum->destroy(stored_enum);
- supplied_enum->destroy(supplied_enum);
DBG2(DBG_CFG, "received proposals: %#P", proposals);
DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
DBG2(DBG_CFG, "selected proposal: %P", selected);
- return selected;
+ break;
}
}
+ if (selected)
+ {
+ break;
+ }
}
- /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
- stored_enum->destroy(stored_enum);
- supplied_enum->destroy(supplied_enum);
- DBG1(DBG_CFG, "received proposals: %#P", proposals);
- DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
-
- return NULL;
+ prefer_enum->destroy(prefer_enum);
+ match_enum->destroy(match_enum);
+ if (!selected)
+ {
+ DBG1(DBG_CFG, "received proposals: %#P", proposals);
+ DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
+ }
+ return selected;
}
METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t,
@@ -353,7 +368,7 @@ METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t,
{
enumerator_t *enumerator;
proposal_t *proposal;
- u_int16_t dh_group = MODP_NONE;
+ uint16_t dh_group = MODP_NONE;
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &proposal))
@@ -545,9 +560,9 @@ int ike_cfg_get_family(ike_cfg_t *cfg, bool local)
* Described in header.
*/
ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
- char *me, u_int16_t my_port,
- char *other, u_int16_t other_port,
- fragmentation_t fragmentation, u_int8_t dscp)
+ char *me, uint16_t my_port,
+ char *other, uint16_t other_port,
+ fragmentation_t fragmentation, uint8_t dscp)
{
private_ike_cfg_t *this;
diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index a72960f..5655a34 100644
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2012-2016 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -128,21 +128,21 @@ struct ike_cfg_t {
*
* @return source address port, host order
*/
- u_int16_t (*get_my_port)(ike_cfg_t *this);
+ uint16_t (*get_my_port)(ike_cfg_t *this);
/**
* Get the port to use as destination port.
*
* @return destination address, host order
*/
- u_int16_t (*get_other_port)(ike_cfg_t *this);
+ uint16_t (*get_other_port)(ike_cfg_t *this);
/**
* Get the DSCP value to use for IKE packets send from connections.
*
* @return DSCP value
*/
- u_int8_t (*get_dscp)(ike_cfg_t *this);
+ uint8_t (*get_dscp)(ike_cfg_t *this);
/**
* Adds a proposal to the list.
@@ -165,16 +165,17 @@ struct ike_cfg_t {
linked_list_t* (*get_proposals) (ike_cfg_t *this);
/**
- * Select a proposed from suggested proposals.
+ * Select a proposal from a list of supplied proposals.
*
* Returned proposal must be destroyed after use.
*
* @param proposals list of proposals to select from
* @param private accept algorithms from a private range
+ * @param prefer_self whether to prefer configured or supplied proposals
* @return selected proposal, or NULL if none matches.
*/
proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals,
- bool private);
+ bool private, bool prefer_self);
/**
* Should we send a certificate request in IKE_SA_INIT?
@@ -250,9 +251,9 @@ struct ike_cfg_t {
* @return ike_cfg_t object.
*/
ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
- char *me, u_int16_t my_port,
- char *other, u_int16_t other_port,
- fragmentation_t fragmentation, u_int8_t dscp);
+ char *me, uint16_t my_port,
+ char *other, uint16_t other_port,
+ fragmentation_t fragmentation, uint8_t dscp);
/**
* Determine the address family of the local or remtoe address(es). If multiple
diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c
index d28a795..6463c7a 100644
--- a/src/libcharon/config/peer_cfg.c
+++ b/src/libcharon/config/peer_cfg.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2007-2015 Tobias Brunner
+ * Copyright (C) 2007-2016 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -88,7 +88,7 @@ struct private_peer_cfg_t {
/**
* number of tries after giving up if peer does not respond
*/
- u_int32_t keyingtries;
+ uint32_t keyingtries;
/**
* enable support for MOBIKE
@@ -108,32 +108,32 @@ struct private_peer_cfg_t {
/**
* Time before starting rekeying
*/
- u_int32_t rekey_time;
+ uint32_t rekey_time;
/**
* Time before starting reauthentication
*/
- u_int32_t reauth_time;
+ uint32_t reauth_time;
/**
* Time, which specifies the range of a random value subtracted from above.
*/
- u_int32_t jitter_time;
+ uint32_t jitter_time;
/**
* Delay before deleting a rekeying/reauthenticating SA
*/
- u_int32_t over_time;
+ uint32_t over_time;
/**
* DPD check intervall
*/
- u_int32_t dpd;
+ uint32_t dpd;
/**
* DPD timeout intervall (used for IKEv1 only)
*/
- u_int32_t dpd_timeout;
+ uint32_t dpd_timeout;
/**
* List of virtual IPs (host_t*) to request
@@ -455,13 +455,13 @@ METHOD(peer_cfg_t, get_unique_policy, unique_policy_t,
return this->unique;
}
-METHOD(peer_cfg_t, get_keyingtries, u_int32_t,
+METHOD(peer_cfg_t, get_keyingtries, uint32_t,
private_peer_cfg_t *this)
{
return this->keyingtries;
}
-METHOD(peer_cfg_t, get_rekey_time, u_int32_t,
+METHOD(peer_cfg_t, get_rekey_time, uint32_t,
private_peer_cfg_t *this, bool jitter)
{
if (this->rekey_time == 0)
@@ -475,7 +475,7 @@ METHOD(peer_cfg_t, get_rekey_time, u_int32_t,
return this->rekey_time - (random() % this->jitter_time);
}
-METHOD(peer_cfg_t, get_reauth_time, u_int32_t,
+METHOD(peer_cfg_t, get_reauth_time, uint32_t,
private_peer_cfg_t *this, bool jitter)
{
if (this->reauth_time == 0)
@@ -489,7 +489,7 @@ METHOD(peer_cfg_t, get_reauth_time, u_int32_t,
return this->reauth_time - (random() % this->jitter_time);
}
-METHOD(peer_cfg_t, get_over_time, u_int32_t,
+METHOD(peer_cfg_t, get_over_time, uint32_t,
private_peer_cfg_t *this)
{
return this->over_time;
@@ -513,13 +513,13 @@ METHOD(peer_cfg_t, use_pull_mode, bool,
return this->pull_mode;
}
-METHOD(peer_cfg_t, get_dpd, u_int32_t,
+METHOD(peer_cfg_t, get_dpd, uint32_t,
private_peer_cfg_t *this)
{
return this->dpd;
}
-METHOD(peer_cfg_t, get_dpd_timeout, u_int32_t,
+METHOD(peer_cfg_t, get_dpd_timeout, uint32_t,
private_peer_cfg_t *this)
{
return this->dpd_timeout;
@@ -724,29 +724,22 @@ METHOD(peer_cfg_t, destroy, void,
/*
* Described in header-file
*/
-peer_cfg_t *peer_cfg_create(char *name,
- ike_cfg_t *ike_cfg, cert_policy_t cert_policy,
- unique_policy_t unique, u_int32_t keyingtries,
- u_int32_t rekey_time, u_int32_t reauth_time,
- u_int32_t jitter_time, u_int32_t over_time,
- bool mobike, bool aggressive, bool pull_mode,
- u_int32_t dpd, u_int32_t dpd_timeout,
- bool mediation, peer_cfg_t *mediated_by,
- identification_t *peer_id)
+peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg,
+ peer_cfg_create_t *data)
{
private_peer_cfg_t *this;
- if (rekey_time && jitter_time > rekey_time)
+ if (data->rekey_time && data->jitter_time > data->rekey_time)
{
- jitter_time = rekey_time;
+ data->jitter_time = data->rekey_time;
}
- if (reauth_time && jitter_time > reauth_time)
+ if (data->reauth_time && data->jitter_time > data->reauth_time)
{
- jitter_time = reauth_time;
+ data->jitter_time = data->reauth_time;
}
- if (dpd && dpd_timeout && dpd > dpd_timeout)
+ if (data->dpd && data->dpd_timeout && data->dpd > data->dpd_timeout)
{
- dpd_timeout = dpd;
+ data->dpd_timeout = data->dpd;
}
INIT(this,
@@ -789,33 +782,29 @@ peer_cfg_t *peer_cfg_create(char *name,
.ike_cfg = ike_cfg,
.child_cfgs = linked_list_create(),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
- .cert_policy = cert_policy,
- .unique = unique,
- .keyingtries = keyingtries,
- .rekey_time = rekey_time,
- .reauth_time = reauth_time,
- .jitter_time = jitter_time,
- .over_time = over_time,
- .use_mobike = mobike,
- .aggressive = aggressive,
- .pull_mode = pull_mode,
- .dpd = dpd,
- .dpd_timeout = dpd_timeout,
+ .cert_policy = data->cert_policy,
+ .unique = data->unique,
+ .keyingtries = data->keyingtries,
+ .rekey_time = data->rekey_time,
+ .reauth_time = data->reauth_time,
+ .jitter_time = data->jitter_time,
+ .over_time = data->over_time,
+ .use_mobike = !data->no_mobike,
+ .aggressive = data->aggressive,
+ .pull_mode = !data->push_mode,
+ .dpd = data->dpd,
+ .dpd_timeout = data->dpd_timeout,
.vips = linked_list_create(),
.pools = linked_list_create(),
.local_auth = linked_list_create(),
.remote_auth = linked_list_create(),
.refcount = 1,
- );
-
#ifdef ME
- this->mediation = mediation;
- this->mediated_by = mediated_by;
- this->peer_id = peer_id;
-#else /* ME */
- DESTROY_IF(mediated_by);
- DESTROY_IF(peer_id);
+ .mediation = data->mediation,
+ .mediated_by = data->mediated_by,
+ .peer_id = data->peer_id,
#endif /* ME */
+ );
return &this->public;
}
diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h
index b612a2e..8e4d533 100644
--- a/src/libcharon/config/peer_cfg.h
+++ b/src/libcharon/config/peer_cfg.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2007-2015 Tobias Brunner
+ * Copyright (C) 2007-2016 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -26,6 +26,7 @@
typedef enum cert_policy_t cert_policy_t;
typedef enum unique_policy_t unique_policy_t;
typedef struct peer_cfg_t peer_cfg_t;
+typedef struct peer_cfg_create_t peer_cfg_create_t;
#include <library.h>
#include <utils/identification.h>
@@ -222,30 +223,30 @@ struct peer_cfg_t {
*
* @return max number retries
*/
- u_int32_t (*get_keyingtries) (peer_cfg_t *this);
+ uint32_t (*get_keyingtries) (peer_cfg_t *this);
/**
* Get a time to start rekeying.
*
- * @param jitter remove a jitter value to randomize time
+ * @param jitter subtract a jitter value to randomize time
* @return time in s when to start rekeying, 0 disables rekeying
*/
- u_int32_t (*get_rekey_time)(peer_cfg_t *this, bool jitter);
+ uint32_t (*get_rekey_time)(peer_cfg_t *this, bool jitter);
/**
* Get a time to start reauthentication.
*
- * @param jitter remove a jitter value to randomize time
+ * @param jitter subtract a jitter value to randomize time
* @return time in s when to start reauthentication, 0 disables it
*/
- u_int32_t (*get_reauth_time)(peer_cfg_t *this, bool jitter);
+ uint32_t (*get_reauth_time)(peer_cfg_t *this, bool jitter);
/**
* Get the timeout of a rekeying/reauthenticating SA.
*
* @return timeout in s
*/
- u_int32_t (*get_over_time)(peer_cfg_t *this);
+ uint32_t (*get_over_time)(peer_cfg_t *this);
/**
* Use MOBIKE (RFC4555) if peer supports it?
@@ -273,14 +274,14 @@ struct peer_cfg_t {
*
* @return dpd_delay in seconds
*/
- u_int32_t (*get_dpd) (peer_cfg_t *this);
+ uint32_t (*get_dpd) (peer_cfg_t *this);
/**
* Get the DPD timeout interval (IKEv1 only)
*
* @return dpd_timeout in seconds
*/
- u_int32_t (*get_dpd_timeout) (peer_cfg_t *this);
+ uint32_t (*get_dpd_timeout) (peer_cfg_t *this);
/**
* Add a virtual IP to request as initiator.
@@ -367,42 +368,52 @@ struct peer_cfg_t {
};
/**
+ * Data passed to the constructor of a peer_cfg_t object.
+ */
+struct peer_cfg_create_t {
+ /** Whether to send a certificate payload */
+ cert_policy_t cert_policy;
+ /** Uniqueness of an IKE_SA */
+ unique_policy_t unique;
+ /** How many keying tries should be done before giving up */
+ uint32_t keyingtries;
+ /** Timeout in seconds before starting rekeying */
+ uint32_t rekey_time;
+ /** Timeout in seconds before starting reauthentication */
+ uint32_t reauth_time;
+ /** Time range in seconds to randomly subtract from rekey/reauth time */
+ uint32_t jitter_time;
+ /** Maximum overtime in seconds before closing a rekeying/reauth SA */
+ uint32_t over_time;
+ /** Disable MOBIKE (RFC4555) */
+ bool no_mobike;
+ /** Use/accept aggressive mode with IKEv1 */
+ bool aggressive;
+ /** TRUE to use modeconfig push, FALSE for pull */
+ bool push_mode;
+ /** DPD check interval, 0 to disable */
+ uint32_t dpd;
+ /** DPD timeout interval (IKEv1 only), if 0 default applies */
+ uint32_t dpd_timeout;
+#ifdef ME
+ /** TRUE if this is a mediation connection */
+ bool mediation;
+ /** peer_cfg_t of the mediation connection to mediate through (adopted) */
+ peer_cfg_t *mediated_by;
+ /** ID that identifies our peer at the mediation server (adopted) */
+ identification_t *peer_id;
+#endif /* ME */
+};
+
+/**
* Create a configuration object for IKE_AUTH and later.
*
- * name-string gets cloned, ID's not.
- * Virtual IPs are used if they are != NULL. A %any host means the virtual
- * IP should be obtained from the other peer.
- * Lifetimes are in seconds. To prevent to peers to start rekeying at the
- * same time, a jitter may be specified. Rekeying of an SA starts at
- * (rekeylifetime - random(0, jitter)).
- *
- * @param name name of the peer_cfg
- * @param ike_cfg IKE config to use when acting as initiator
- * @param cert_policy should we send a certificate payload?
- * @param unique uniqueness of an IKE_SA
- * @param keyingtries how many keying tries should be done before giving up
- * @param rekey_time timeout before starting rekeying
- * @param reauth_time timeout before starting reauthentication
- * @param jitter_time timerange to randomly subtract from rekey/reauth time
- * @param over_time maximum overtime before closing a rekeying/reauth SA
- * @param mobike use MOBIKE (RFC4555) if peer supports it
- * @param aggressive use/accept aggressive mode with IKEv1
- * @param pull_mode TRUE to use modeconfig pull, FALSE for push
- * @param dpd DPD check interval, 0 to disable
- * @param dpd_timeout DPD timeout interval (IKEv1 only), if 0 default applies
- * @param mediation TRUE if this is a mediation connection
- * @param mediated_by peer_cfg_t of the mediation connection to mediate through
- * @param peer_id ID that identifies our peer at the mediation server
+ * @param name name of the peer_cfg (cloned)
+ * @param ike_cfg IKE config to use when acting as initiator (adopted)
+ * @param data data for this peer_cfg
* @return peer_cfg_t object
*/
-peer_cfg_t *peer_cfg_create(char *name,
- ike_cfg_t *ike_cfg, cert_policy_t cert_policy,
- unique_policy_t unique, u_int32_t keyingtries,
- u_int32_t rekey_time, u_int32_t reauth_time,
- u_int32_t jitter_time, u_int32_t over_time,
- bool mobike, bool aggressive, bool pull_mode,
- u_int32_t dpd, u_int32_t dpd_timeout,
- bool mediation, peer_cfg_t *mediated_by,
- identification_t *peer_id);
+peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg,
+ peer_cfg_create_t *data);
#endif /** PEER_CFG_H_ @}*/
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 95b6a00..a83acec 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2014 Tobias Brunner
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2006-2010 Martin Willi
* Copyright (C) 2013-2015 Andreas Steffen
* Hochschule fuer Technik Rapperswil
@@ -61,7 +61,7 @@ struct private_proposal_t {
/**
* senders SPI
*/
- u_int64_t spi;
+ uint64_t spi;
/**
* Proposal number
@@ -76,14 +76,14 @@ typedef struct {
/** Type of the transform */
transform_type_t type;
/** algorithm identifier */
- u_int16_t alg;
+ uint16_t alg;
/** key size in bits, or zero if not needed */
- u_int16_t key_size;
+ uint16_t key_size;
} entry_t;
METHOD(proposal_t, add_algorithm, void,
private_proposal_t *this, transform_type_t type,
- u_int16_t alg, u_int16_t key_size)
+ uint16_t alg, uint16_t key_size)
{
entry_t entry = {
.type = type,
@@ -97,8 +97,8 @@ METHOD(proposal_t, add_algorithm, void,
/**
* filter function for peer configs
*/
-static bool alg_filter(uintptr_t type, entry_t **in, u_int16_t *alg,
- void **unused, u_int16_t *key_size)
+static bool alg_filter(uintptr_t type, entry_t **in, uint16_t *alg,
+ void **unused, uint16_t *key_size)
{
entry_t *entry = *in;
@@ -127,7 +127,7 @@ METHOD(proposal_t, create_enumerator, enumerator_t*,
METHOD(proposal_t, get_algorithm, bool,
private_proposal_t *this, transform_type_t type,
- u_int16_t *alg, u_int16_t *key_size)
+ uint16_t *alg, uint16_t *key_size)
{
enumerator_t *enumerator;
bool found = FALSE;
@@ -147,7 +147,7 @@ METHOD(proposal_t, has_dh_group, bool,
{
bool found = FALSE, any = FALSE;
enumerator_t *enumerator;
- u_int16_t current;
+ uint16_t current;
enumerator = create_enumerator(this, DIFFIE_HELLMAN_GROUP);
while (enumerator->enumerate(enumerator, ¤t, NULL))
@@ -193,7 +193,7 @@ static bool select_algo(private_proposal_t *this, proposal_t *other,
proposal_t *selected, transform_type_t type, bool priv)
{
enumerator_t *e1, *e2;
- u_int16_t alg1, alg2, ks1, ks2;
+ uint16_t alg1, alg2, ks1, ks2;
bool found = FALSE, optional = FALSE;
if (type == INTEGRITY_ALGORITHM &&
@@ -210,7 +210,7 @@ static bool select_algo(private_proposal_t *this, proposal_t *other,
e1 = create_enumerator(this, type);
e2 = other->create_enumerator(other, type);
- if (!e1->enumerate(e1, NULL, NULL))
+ if (!e1->enumerate(e1, &alg1, NULL))
{
if (!e2->enumerate(e2, &alg2, NULL))
{
@@ -219,12 +219,23 @@ static bool select_algo(private_proposal_t *this, proposal_t *other,
else if (optional)
{
do
- { /* if the other peer proposes NONE, we accept the proposal */
+ { /* if NONE is proposed, we accept the proposal */
found = !alg2;
}
while (!found && e2->enumerate(e2, &alg2, NULL));
}
}
+ else if (!e2->enumerate(e2, NULL, NULL))
+ {
+ if (optional)
+ {
+ do
+ { /* if NONE is proposed, we accept the proposal */
+ found = !alg1;
+ }
+ while (!found && e1->enumerate(e1, &alg1, NULL));
+ }
+ }
e1->destroy(e1);
e1 = create_enumerator(this, type);
@@ -244,7 +255,6 @@ static bool select_algo(private_proposal_t *this, proposal_t *other,
"but peer implementation is unknown, skipped");
continue;
}
- /* ok, we have an algorithm */
selected->add_algorithm(selected, type, alg1, ks1);
found = TRUE;
break;
@@ -288,9 +298,7 @@ METHOD(proposal_t, select_proposal, proposal_t*,
}
DBG2(DBG_CFG, " proposal matches");
-
selected->set_spi(selected, other->get_spi(other));
-
return selected;
}
@@ -301,12 +309,12 @@ METHOD(proposal_t, get_protocol, protocol_id_t,
}
METHOD(proposal_t, set_spi, void,
- private_proposal_t *this, u_int64_t spi)
+ private_proposal_t *this, uint64_t spi)
{
this->spi = spi;
}
-METHOD(proposal_t, get_spi, u_int64_t,
+METHOD(proposal_t, get_spi, uint64_t,
private_proposal_t *this)
{
return this->spi;
@@ -319,7 +327,7 @@ static bool algo_list_equals(private_proposal_t *this, proposal_t *other,
transform_type_t type)
{
enumerator_t *e1, *e2;
- u_int16_t alg1, alg2, ks1, ks2;
+ uint16_t alg1, alg2, ks1, ks2;
bool equals = TRUE;
e1 = create_enumerator(this, type);
@@ -418,7 +426,7 @@ static void check_proposal(private_proposal_t *this)
{
enumerator_t *e;
entry_t *entry;
- u_int16_t alg, ks;
+ uint16_t alg, ks;
bool all_aead = TRUE;
int i;
@@ -445,6 +453,16 @@ static void check_proposal(private_proposal_t *this)
}
}
e->destroy(e);
+ /* remove MODP_NONE from IKE proposal */
+ e = array_create_enumerator(this->transforms);
+ while (e->enumerate(e, &entry))
+ {
+ if (entry->type == DIFFIE_HELLMAN_GROUP && !entry->alg)
+ {
+ array_remove_at(this->transforms, e);
+ }
+ }
+ e->destroy(e);
}
if (this->protocol == PROTO_ESP)
@@ -516,7 +534,7 @@ static int print_alg(private_proposal_t *this, printf_hook_data_t *data,
{
enumerator_t *enumerator;
size_t written = 0;
- u_int16_t alg, size;
+ uint16_t alg, size;
enumerator = create_enumerator(this, kind);
while (enumerator->enumerate(enumerator, &alg, &size))
@@ -861,16 +879,18 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
case MODP_768_BIT:
/* weak */
break;
- case MODP_2048_BIT:
- case MODP_2048_256:
case MODP_2048_224:
case MODP_1536_BIT:
- case MODP_1024_BIT:
case MODP_1024_160:
case ECP_224_BIT:
case ECP_224_BP:
case ECP_192_BIT:
case NTRU_112_BIT:
+ /* rarely used */
+ break;
+ case MODP_2048_BIT:
+ case MODP_2048_256:
+ case MODP_1024_BIT:
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
break;
default:
diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h
index 78b8688..f9f2778 100644
--- a/src/libcharon/config/proposal.h
+++ b/src/libcharon/config/proposal.h
@@ -78,13 +78,13 @@ struct proposal_t {
* @param key_size key size to use
*/
void (*add_algorithm) (proposal_t *this, transform_type_t type,
- u_int16_t alg, u_int16_t key_size);
+ uint16_t alg, uint16_t key_size);
/**
* Get an enumerator over algorithms for a specifc algo type.
*
* @param type kind of algorithm
- * @return enumerator over u_int16_t alg, u_int16_t key_size
+ * @return enumerator over uint16_t alg, uint16_t key_size
*/
enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type);
@@ -99,7 +99,7 @@ struct proposal_t {
* @return TRUE if algorithm of this kind available
*/
bool (*get_algorithm) (proposal_t *this, transform_type_t type,
- u_int16_t *alg, u_int16_t *key_size);
+ uint16_t *alg, uint16_t *key_size);
/**
* Check if the proposal has a specific DH group.
@@ -141,14 +141,14 @@ struct proposal_t {
*
* @return spi for proto
*/
- u_int64_t (*get_spi) (proposal_t *this);
+ uint64_t (*get_spi) (proposal_t *this);
/**
* Set the SPI of the proposal.
*
* @param spi spi to set for proto
*/
- void (*set_spi) (proposal_t *this, u_int64_t spi);
+ void (*set_spi) (proposal_t *this, uint64_t spi);
/**
* Get the proposal number, as encoded in SA payload
diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c
index 6dd54b4..93ff70b 100644
--- a/src/libcharon/control/controller.c
+++ b/src/libcharon/control/controller.c
@@ -105,7 +105,7 @@ struct interface_listener_t {
/**
* unique ID, used for various methods
*/
- u_int32_t id;
+ uint32_t id;
/**
* semaphore to implement wait_for_listener()
@@ -272,6 +272,28 @@ METHOD(listener_t, ike_state_change, bool,
}
#endif /* ME */
case IKE_DESTROYING:
+ return listener_done(this);
+ default:
+ break;
+ }
+ }
+ return TRUE;
+}
+
+METHOD(listener_t, ike_state_change_terminate, bool,
+ interface_listener_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
+{
+ ike_sa_t *target;
+
+ this->lock->lock(this->lock);
+ target = this->ike_sa;
+ this->lock->unlock(this->lock);
+
+ if (target == ike_sa)
+ {
+ switch (state)
+ {
+ case IKE_DESTROYING:
if (ike_sa->get_state(ike_sa) == IKE_DELETING)
{ /* proper termination */
this->status = SUCCESS;
@@ -304,10 +326,6 @@ METHOD(listener_t, child_state_change, bool,
case CHILD_DESTROYING:
switch (child_sa->get_state(child_sa))
{
- case CHILD_DELETING:
- /* proper delete */
- this->status = SUCCESS;
- break;
case CHILD_RETRYING:
/* retrying with a different DH group; survive another
* initiation round */
@@ -331,6 +349,38 @@ METHOD(listener_t, child_state_change, bool,
return TRUE;
}
+METHOD(listener_t, child_state_change_terminate, bool,
+ interface_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
+ child_sa_state_t state)
+{
+ ike_sa_t *target;
+
+ this->lock->lock(this->lock);
+ target = this->ike_sa;
+ this->lock->unlock(this->lock);
+
+ if (target == ike_sa)
+ {
+ switch (state)
+ {
+ case CHILD_DESTROYING:
+ switch (child_sa->get_state(child_sa))
+ {
+ case CHILD_DELETING:
+ /* proper delete */
+ this->status = SUCCESS;
+ break;
+ default:
+ break;
+ }
+ return listener_done(this);
+ default:
+ break;
+ }
+ }
+ return TRUE;
+}
+
METHOD(job_t, destroy_job, void,
interface_job_t *this)
{
@@ -493,7 +543,7 @@ METHOD(job_t, terminate_ike_execute, job_requeue_t,
interface_job_t *job)
{
interface_listener_t *listener = &job->listener;
- u_int32_t unique_id = listener->id;
+ uint32_t unique_id = listener->id;
ike_sa_t *ike_sa;
ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
@@ -528,7 +578,7 @@ METHOD(job_t, terminate_ike_execute, job_requeue_t,
}
METHOD(controller_t, terminate_ike, status_t,
- controller_t *this, u_int32_t unique_id,
+ controller_t *this, uint32_t unique_id,
controller_cb_t callback, void *param, u_int timeout)
{
interface_job_t *job;
@@ -537,8 +587,8 @@ METHOD(controller_t, terminate_ike, status_t,
INIT(job,
.listener = {
.public = {
- .ike_state_change = _ike_state_change,
- .child_state_change = _child_state_change,
+ .ike_state_change = _ike_state_change_terminate,
+ .child_state_change = _child_state_change_terminate,
},
.logger = {
.public = {
@@ -582,7 +632,7 @@ METHOD(job_t, terminate_child_execute, job_requeue_t,
interface_job_t *job)
{
interface_listener_t *listener = &job->listener;
- u_int32_t id = listener->id;
+ uint32_t id = listener->id;
child_sa_t *child_sa;
ike_sa_t *ike_sa;
@@ -630,7 +680,7 @@ METHOD(job_t, terminate_child_execute, job_requeue_t,
}
METHOD(controller_t, terminate_child, status_t,
- controller_t *this, u_int32_t unique_id,
+ controller_t *this, uint32_t unique_id,
controller_cb_t callback, void *param, u_int timeout)
{
interface_job_t *job;
@@ -639,8 +689,8 @@ METHOD(controller_t, terminate_child, status_t,
INIT(job,
.listener = {
.public = {
- .ike_state_change = _ike_state_change,
- .child_state_change = _child_state_change,
+ .ike_state_change = _ike_state_change_terminate,
+ .child_state_change = _child_state_change_terminate,
},
.logger = {
.public = {
diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h
index 5ffeac5..9524f53 100644
--- a/src/libcharon/control/controller.h
+++ b/src/libcharon/control/controller.h
@@ -111,7 +111,7 @@ struct controller_t {
* - NEED_MORE, if callback returned FALSE
* - OUT_OF_RES if timed out
*/
- status_t (*terminate_ike)(controller_t *this, u_int32_t unique_id,
+ status_t (*terminate_ike)(controller_t *this, uint32_t unique_id,
controller_cb_t callback, void *param,
u_int timeout);
@@ -131,7 +131,7 @@ struct controller_t {
* - NEED_MORE, if callback returned FALSE
* - OUT_OF_RES if timed out
*/
- status_t (*terminate_child)(controller_t *this, u_int32_t unique_id,
+ status_t (*terminate_child)(controller_t *this, uint32_t unique_id,
controller_cb_t callback, void *param,
u_int timeout);
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c
index cef8b89..532d081 100644
--- a/src/libcharon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2006-2016 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -54,6 +54,7 @@
#include <library.h>
#include <bus/listeners/sys_logger.h>
#include <bus/listeners/file_logger.h>
+#include <collections/array.h>
#include <config/proposal.h>
#include <plugins/plugin_feature.h>
#include <kernel/kernel_handler.h>
@@ -701,46 +702,68 @@ static void destroy(private_daemon_t *this)
*/
static void run_scripts(private_daemon_t *this, char *verb)
{
+ struct {
+ char *name;
+ char *path;
+ } *script;
+ array_t *scripts = NULL;
enumerator_t *enumerator;
char *key, *value, *pos, buf[1024];
FILE *cmd;
+ /* copy the scripts so we don't hold any locks while executing them */
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
"%s.%s-scripts", lib->ns, verb);
while (enumerator->enumerate(enumerator, &key, &value))
{
- DBG1(DBG_DMN, "executing %s script '%s' (%s):", verb, key, value);
- cmd = popen(value, "r");
+ INIT(script,
+ .name = key,
+ .path = value,
+ );
+ array_insert_create(&scripts, ARRAY_TAIL, script);
+ }
+ enumerator->destroy(enumerator);
+
+ enumerator = array_create_enumerator(scripts);
+ while (enumerator->enumerate(enumerator, &script))
+ {
+ DBG1(DBG_DMN, "executing %s script '%s' (%s)", verb, script->name,
+ script->path);
+ cmd = popen(script->path, "r");
if (!cmd)
{
DBG1(DBG_DMN, "executing %s script '%s' (%s) failed: %s",
- verb, key, value, strerror(errno));
- continue;
+ verb, script->name, script->path, strerror(errno));
}
- while (TRUE)
+ else
{
- if (!fgets(buf, sizeof(buf), cmd))
+ while (TRUE)
{
- if (ferror(cmd))
+ if (!fgets(buf, sizeof(buf), cmd))
{
- DBG1(DBG_DMN, "reading from %s script '%s' (%s) failed",
- verb, key, value);
+ if (ferror(cmd))
+ {
+ DBG1(DBG_DMN, "reading from %s script '%s' (%s) failed",
+ verb, script->name, script->path);
+ }
+ break;
}
- break;
- }
- else
- {
- pos = buf + strlen(buf);
- if (pos > buf && pos[-1] == '\n')
+ else
{
- pos[-1] = '\0';
+ pos = buf + strlen(buf);
+ if (pos > buf && pos[-1] == '\n')
+ {
+ pos[-1] = '\0';
+ }
+ DBG1(DBG_DMN, "%s: %s", script->name, buf);
}
- DBG1(DBG_DMN, "%s: %s", key, buf);
}
+ pclose(cmd);
}
- pclose(cmd);
+ free(script);
}
enumerator->destroy(enumerator);
+ array_destroy(scripts);
}
METHOD(daemon_t, start, void,
diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c
index a0a508f..41aacd4 100644
--- a/src/libcharon/encoding/generator.c
+++ b/src/libcharon/encoding/generator.c
@@ -68,22 +68,22 @@ struct private_generator_t {
/**
* Buffer used to generate the data into.
*/
- u_int8_t *buffer;
+ uint8_t *buffer;
/**
* Current write position in buffer (one byte aligned).
*/
- u_int8_t *out_position;
+ uint8_t *out_position;
/**
* Position of last byte in buffer.
*/
- u_int8_t *roof_position;
+ uint8_t *roof_position;
/**
* Current bit writing to in current byte (between 0 and 7).
*/
- u_int8_t current_bit;
+ uint8_t current_bit;
/**
* Associated data struct to read informations from.
@@ -93,7 +93,7 @@ struct private_generator_t {
/**
* Offset of the header length field in the buffer.
*/
- u_int32_t header_length_offset;
+ uint32_t header_length_offset;
/**
* Attribute format of the last generated transform attribute.
@@ -107,7 +107,7 @@ struct private_generator_t {
* Depending on the value of attribute_format this field is used
* to hold the length of the transform attribute in bytes.
*/
- u_int16_t attribute_length;
+ uint16_t attribute_length;
/**
* TRUE, if debug messages should be logged during generation.
@@ -142,7 +142,7 @@ static int get_length(private_generator_t *this)
/**
* Get current offset in buffer (in bytes).
*/
-static u_int32_t get_offset(private_generator_t *this)
+static uint32_t get_offset(private_generator_t *this)
{
return this->out_position - this->buffer;
}
@@ -179,7 +179,7 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes,
int number_of_bytes)
{
int i;
- u_int8_t *read_position = (u_int8_t *)bytes;
+ uint8_t *read_position = (uint8_t *)bytes;
make_space_available(this, number_of_bytes * 8);
@@ -195,7 +195,7 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes,
* Generates a U_INT-Field type and writes it to buffer.
*/
static void generate_u_int_type(private_generator_t *this,
- encoding_type_t int_type,u_int32_t offset)
+ encoding_type_t int_type,uint32_t offset)
{
int number_of_bits = 0;
@@ -242,12 +242,12 @@ static void generate_u_int_type(private_generator_t *this,
{
case U_INT_4:
{
- u_int8_t high, low;
+ uint8_t high, low;
if (this->current_bit == 0)
{
/* high of current byte in buffer has to be set to the new value*/
- high = *((u_int8_t *)(this->data_struct + offset)) << 4;
+ high = *((uint8_t *)(this->data_struct + offset)) << 4;
/* low in buffer is not changed */
low = *(this->out_position) & 0x0F;
/* high is set, low_val is not changed */
@@ -264,7 +264,7 @@ static void generate_u_int_type(private_generator_t *this,
/* high in buffer is not changed */
high = *(this->out_position) & 0xF0;
/* low of current byte in buffer has to be set to the new value*/
- low = *((u_int8_t *)(this->data_struct + offset)) & 0x0F;
+ low = *((uint8_t *)(this->data_struct + offset)) & 0x0F;
*(this->out_position) = high | low;
if (this->debug)
{
@@ -287,7 +287,7 @@ static void generate_u_int_type(private_generator_t *this,
case U_INT_8:
{
/* 8 bit values are written as they are */
- *this->out_position = *((u_int8_t *)(this->data_struct + offset));
+ *this->out_position = *((uint8_t *)(this->data_struct + offset));
if (this->debug)
{
DBG3(DBG_ENC, " => %d", *(this->out_position));
@@ -297,8 +297,8 @@ static void generate_u_int_type(private_generator_t *this,
}
case ATTRIBUTE_TYPE:
{
- u_int8_t attribute_format_flag;
- u_int16_t val;
+ uint8_t attribute_format_flag;
+ uint16_t val;
/* attribute type must not change first bit of current byte */
if (this->current_bit != 1)
@@ -308,7 +308,7 @@ static void generate_u_int_type(private_generator_t *this,
}
attribute_format_flag = *(this->out_position) & 0x80;
/* get attribute type value as 16 bit integer*/
- val = *((u_int16_t*)(this->data_struct + offset));
+ val = *((uint16_t*)(this->data_struct + offset));
/* unset most significant bit */
val &= 0x7FFF;
if (attribute_format_flag)
@@ -321,7 +321,7 @@ static void generate_u_int_type(private_generator_t *this,
DBG3(DBG_ENC, " => %d", val);
}
/* write bytes to buffer (set bit is overwritten) */
- write_bytes_to_buffer(this, &val, sizeof(u_int16_t));
+ write_bytes_to_buffer(this, &val, sizeof(uint16_t));
this->current_bit = 0;
break;
@@ -330,33 +330,33 @@ static void generate_u_int_type(private_generator_t *this,
case PAYLOAD_LENGTH:
case ATTRIBUTE_LENGTH:
{
- u_int16_t val = htons(*((u_int16_t*)(this->data_struct + offset)));
+ uint16_t val = htons(*((uint16_t*)(this->data_struct + offset)));
if (this->debug)
{
- DBG3(DBG_ENC, " %b", &val, sizeof(u_int16_t));
+ DBG3(DBG_ENC, " %b", &val, sizeof(uint16_t));
}
- write_bytes_to_buffer(this, &val, sizeof(u_int16_t));
+ write_bytes_to_buffer(this, &val, sizeof(uint16_t));
break;
}
case U_INT_32:
{
- u_int32_t val = htonl(*((u_int32_t*)(this->data_struct + offset)));
+ uint32_t val = htonl(*((uint32_t*)(this->data_struct + offset)));
if (this->debug)
{
- DBG3(DBG_ENC, " %b", &val, sizeof(u_int32_t));
+ DBG3(DBG_ENC, " %b", &val, sizeof(uint32_t));
}
- write_bytes_to_buffer(this, &val, sizeof(u_int32_t));
+ write_bytes_to_buffer(this, &val, sizeof(uint32_t));
break;
}
case IKE_SPI:
{
/* 64 bit are written as-is, no host order conversion */
write_bytes_to_buffer(this, this->data_struct + offset,
- sizeof(u_int64_t));
+ sizeof(uint64_t));
if (this->debug)
{
DBG3(DBG_ENC, " %b", this->data_struct + offset,
- sizeof(u_int64_t));
+ sizeof(uint64_t));
}
break;
}
@@ -372,10 +372,10 @@ static void generate_u_int_type(private_generator_t *this,
/**
* Generate a FLAG filed
*/
-static void generate_flag(private_generator_t *this, u_int32_t offset)
+static void generate_flag(private_generator_t *this, uint32_t offset)
{
- u_int8_t flag_value;
- u_int8_t flag;
+ uint8_t flag_value;
+ uint8_t flag;
flag_value = (*((bool *) (this->data_struct + offset))) ? 1 : 0;
/* get flag position */
@@ -406,7 +406,7 @@ static void generate_flag(private_generator_t *this, u_int32_t offset)
/**
* Generates a bytestream from a chunk_t.
*/
-static void generate_from_chunk(private_generator_t *this, u_int32_t offset)
+static void generate_from_chunk(private_generator_t *this, uint32_t offset)
{
chunk_t *value;
@@ -427,11 +427,11 @@ static void generate_from_chunk(private_generator_t *this, u_int32_t offset)
}
METHOD(generator_t, get_chunk, chunk_t,
- private_generator_t *this, u_int32_t **lenpos)
+ private_generator_t *this, uint32_t **lenpos)
{
chunk_t data;
- *lenpos = (u_int32_t*)(this->buffer + this->header_length_offset);
+ *lenpos = (uint32_t*)(this->buffer + this->header_length_offset);
data = chunk_create(this->buffer, get_length(this));
if (this->debug)
{
@@ -537,7 +537,7 @@ METHOD(generator_t, generate_payload, void,
generate_u_int_type(this, U_INT_16, rules[i].offset);
/* this field hold the length of the attribute */
this->attribute_length =
- *((u_int16_t *)(this->data_struct + rules[i].offset));
+ *((uint16_t *)(this->data_struct + rules[i].offset));
}
break;
case ATTRIBUTE_VALUE:
diff --git a/src/libcharon/encoding/generator.h b/src/libcharon/encoding/generator.h
index c2c0aad..3755307 100644
--- a/src/libcharon/encoding/generator.h
+++ b/src/libcharon/encoding/generator.h
@@ -57,7 +57,7 @@ struct generator_t {
* @param lenpos receives a pointer to fill in length value
* @param return chunk to internal buffer.
*/
- chunk_t (*get_chunk) (generator_t *this, u_int32_t **lenpos);
+ chunk_t (*get_chunk) (generator_t *this, uint32_t **lenpos);
/**
* Destroys a generator_t object.
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index bbdc462..1fd6442 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -829,7 +829,7 @@ typedef struct {
* fragments we expect.
* For IKEv2 we store the total number of fragment we received last.
*/
- u_int16_t last;
+ uint16_t last;
/**
* Length of all currently received fragments.
@@ -858,12 +858,12 @@ struct private_message_t {
/**
* Minor version of message.
*/
- u_int8_t major_version;
+ uint8_t major_version;
/**
* Major version of message.
*/
- u_int8_t minor_version;
+ uint8_t minor_version;
/**
* First Payload in message.
@@ -903,7 +903,7 @@ struct private_message_t {
/**
* Message ID of this message.
*/
- u_int32_t message_id;
+ uint32_t message_id;
/**
* ID of assigned IKE_SA.
@@ -953,7 +953,7 @@ struct private_message_t {
typedef struct {
/** fragment number */
- u_int8_t num;
+ uint8_t num;
/** fragment data */
chunk_t data;
@@ -1024,48 +1024,48 @@ METHOD(message_t, get_ike_sa_id, ike_sa_id_t*,
}
METHOD(message_t, set_message_id, void,
- private_message_t *this,u_int32_t message_id)
+ private_message_t *this,uint32_t message_id)
{
this->message_id = message_id;
}
-METHOD(message_t, get_message_id, u_int32_t,
+METHOD(message_t, get_message_id, uint32_t,
private_message_t *this)
{
return this->message_id;
}
-METHOD(message_t, get_initiator_spi, u_int64_t,
+METHOD(message_t, get_initiator_spi, uint64_t,
private_message_t *this)
{
return (this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
}
-METHOD(message_t, get_responder_spi, u_int64_t,
+METHOD(message_t, get_responder_spi, uint64_t,
private_message_t *this)
{
return (this->ike_sa_id->get_responder_spi(this->ike_sa_id));
}
METHOD(message_t, set_major_version, void,
- private_message_t *this, u_int8_t major_version)
+ private_message_t *this, uint8_t major_version)
{
this->major_version = major_version;
}
-METHOD(message_t, get_major_version, u_int8_t,
+METHOD(message_t, get_major_version, uint8_t,
private_message_t *this)
{
return this->major_version;
}
METHOD(message_t, set_minor_version, void,
- private_message_t *this,u_int8_t minor_version)
+ private_message_t *this,uint8_t minor_version)
{
this->minor_version = minor_version;
}
-METHOD(message_t, get_minor_version, u_int8_t,
+METHOD(message_t, get_minor_version, uint8_t,
private_message_t *this)
{
return this->minor_version;
@@ -1331,7 +1331,7 @@ static char* get_string(private_message_t *this, char *buf, int len)
if (payload->get_type(payload) == PLV2_EAP)
{
eap_payload_t *eap = (eap_payload_t*)payload;
- u_int32_t vendor;
+ uint32_t vendor;
eap_type_t type;
char method[64] = "";
@@ -1790,7 +1790,7 @@ static status_t finalize_message(private_message_t *this, keymat_t *keymat,
{
keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
chunk_t chunk;
- u_int32_t *lenpos;
+ uint32_t *lenpos;
if (encrypted)
{
@@ -1893,7 +1893,7 @@ static message_t *clone_message(private_message_t *this)
* Create a single fragment with the given data
*/
static message_t *create_fragment(private_message_t *this, payload_type_t next,
- u_int16_t num, u_int16_t count, chunk_t data)
+ uint16_t num, uint16_t count, chunk_t data)
{
enumerator_t *enumerator;
payload_t *fragment, *payload;
@@ -1972,11 +1972,11 @@ METHOD(message_t, fragment, status_t,
message_t *fragment;
packet_t *packet;
payload_type_t next = PL_NONE;
- u_int16_t num, count;
+ uint16_t num, count;
host_t *src, *dst;
chunk_t data;
status_t status;
- u_int32_t *lenpos;
+ uint32_t *lenpos;
size_t len;
src = this->packet->get_source(this->packet);
@@ -2703,7 +2703,7 @@ METHOD(message_t, parse_body, status_t,
/**
* Store the fragment data for the fragment with the given fragment number.
*/
-static status_t add_fragment(private_message_t *this, u_int16_t num,
+static status_t add_fragment(private_message_t *this, uint16_t num,
chunk_t data)
{
fragment_t *fragment;
@@ -2777,7 +2777,7 @@ METHOD(message_t, add_fragment_v1, status_t,
{
fragment_payload_t *payload;
chunk_t data;
- u_int8_t num;
+ uint8_t num;
status_t status;
if (!this->frag)
@@ -2840,7 +2840,7 @@ METHOD(message_t, add_fragment_v2, status_t,
payload_t *payload;
enumerator_t *enumerator;
chunk_t data;
- u_int16_t total, num;
+ uint16_t total, num;
status_t status;
if (!this->frag)
diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h
index a03aa8e..8c43729 100644
--- a/src/libcharon/encoding/message.h
+++ b/src/libcharon/encoding/message.h
@@ -49,56 +49,56 @@ struct message_t {
*
* @param major_version major version to set
*/
- void (*set_major_version) (message_t *this, u_int8_t major_version);
+ void (*set_major_version) (message_t *this, uint8_t major_version);
/**
* Gets the IKE major version of the message.
*
* @return major version of the message
*/
- u_int8_t (*get_major_version) (message_t *this);
+ uint8_t (*get_major_version) (message_t *this);
/**
* Sets the IKE minor version of the message.
*
* @param minor_version minor version to set
*/
- void (*set_minor_version) (message_t *this, u_int8_t minor_version);
+ void (*set_minor_version) (message_t *this, uint8_t minor_version);
/**
* Gets the IKE minor version of the message.
*
* @return minor version of the message
*/
- u_int8_t (*get_minor_version) (message_t *this);
+ uint8_t (*get_minor_version) (message_t *this);
/**
* Sets the Message ID of the message.
*
* @param message_id message_id to set
*/
- void (*set_message_id) (message_t *this, u_int32_t message_id);
+ void (*set_message_id) (message_t *this, uint32_t message_id);
/**
* Gets the Message ID of the message.
*
* @return message_id type of the message
*/
- u_int32_t (*get_message_id) (message_t *this);
+ uint32_t (*get_message_id) (message_t *this);
/**
* Gets the initiator SPI of the message.
*
* @return initiator spi of the message
*/
- u_int64_t (*get_initiator_spi) (message_t *this);
+ uint64_t (*get_initiator_spi) (message_t *this);
/**
* Gets the responder SPI of the message.
*
* @return responder spi of the message
*/
- u_int64_t (*get_responder_spi) (message_t *this);
+ uint64_t (*get_responder_spi) (message_t *this);
/**
* Sets the IKE_SA ID of the message.
diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c
index f834036..c9d6b0d 100644
--- a/src/libcharon/encoding/parser.c
+++ b/src/libcharon/encoding/parser.c
@@ -61,27 +61,27 @@ struct private_parser_t {
/**
* major IKE version
*/
- u_int8_t major_version;
+ uint8_t major_version;
/**
* Current bit for reading in input data.
*/
- u_int8_t bit_pos;
+ uint8_t bit_pos;
/**
* Current byte for reading in input data.
*/
- u_int8_t *byte_pos;
+ uint8_t *byte_pos;
/**
* Input data to parse.
*/
- u_int8_t *input;
+ uint8_t *input;
/**
* Roof of input, used for length-checking.
*/
- u_int8_t *input_roof;
+ uint8_t *input_roof;
/**
* Set of encoding rules for this parsing session.
@@ -113,9 +113,9 @@ static bool bad_bitpos(private_parser_t *this, int number)
* Parse a 4-Bit unsigned integer from the current parsing position.
*/
static bool parse_uint4(private_parser_t *this, int rule_number,
- u_int8_t *output_pos)
+ uint8_t *output_pos)
{
- if (this->byte_pos + sizeof(u_int8_t) > this->input_roof)
+ if (this->byte_pos + sizeof(uint8_t) > this->input_roof)
{
return short_input(this, rule_number);
}
@@ -150,9 +150,9 @@ static bool parse_uint4(private_parser_t *this, int rule_number,
* Parse a 8-Bit unsigned integer from the current parsing position.
*/
static bool parse_uint8(private_parser_t *this, int rule_number,
- u_int8_t *output_pos)
+ uint8_t *output_pos)
{
- if (this->byte_pos + sizeof(u_int8_t) > this->input_roof)
+ if (this->byte_pos + sizeof(uint8_t) > this->input_roof)
{
return short_input(this, rule_number);
}
@@ -173,9 +173,9 @@ static bool parse_uint8(private_parser_t *this, int rule_number,
* Parse a 15-Bit unsigned integer from the current parsing position.
*/
static bool parse_uint15(private_parser_t *this, int rule_number,
- u_int16_t *output_pos)
+ uint16_t *output_pos)
{
- if (this->byte_pos + sizeof(u_int16_t) > this->input_roof)
+ if (this->byte_pos + sizeof(uint16_t) > this->input_roof)
{
return short_input(this, rule_number);
}
@@ -185,11 +185,11 @@ static bool parse_uint15(private_parser_t *this, int rule_number,
}
if (output_pos)
{
- memcpy(output_pos, this->byte_pos, sizeof(u_int16_t));
+ memcpy(output_pos, this->byte_pos, sizeof(uint16_t));
*output_pos = ntohs(*output_pos) & ~0x8000;
DBG3(DBG_ENC, " => %hu", *output_pos);
}
- this->byte_pos += sizeof(u_int16_t);
+ this->byte_pos += sizeof(uint16_t);
this->bit_pos = 0;
return TRUE;
}
@@ -198,9 +198,9 @@ static bool parse_uint15(private_parser_t *this, int rule_number,
* Parse a 16-Bit unsigned integer from the current parsing position.
*/
static bool parse_uint16(private_parser_t *this, int rule_number,
- u_int16_t *output_pos)
+ uint16_t *output_pos)
{
- if (this->byte_pos + sizeof(u_int16_t) > this->input_roof)
+ if (this->byte_pos + sizeof(uint16_t) > this->input_roof)
{
return short_input(this, rule_number);
}
@@ -210,20 +210,20 @@ static bool parse_uint16(private_parser_t *this, int rule_number,
}
if (output_pos)
{
- memcpy(output_pos, this->byte_pos, sizeof(u_int16_t));
+ memcpy(output_pos, this->byte_pos, sizeof(uint16_t));
*output_pos = ntohs(*output_pos);
DBG3(DBG_ENC, " => %hu", *output_pos);
}
- this->byte_pos += sizeof(u_int16_t);
+ this->byte_pos += sizeof(uint16_t);
return TRUE;
}
/**
* Parse a 32-Bit unsigned integer from the current parsing position.
*/
static bool parse_uint32(private_parser_t *this, int rule_number,
- u_int32_t *output_pos)
+ uint32_t *output_pos)
{
- if (this->byte_pos + sizeof(u_int32_t) > this->input_roof)
+ if (this->byte_pos + sizeof(uint32_t) > this->input_roof)
{
return short_input(this, rule_number);
}
@@ -233,11 +233,11 @@ static bool parse_uint32(private_parser_t *this, int rule_number,
}
if (output_pos)
{
- memcpy(output_pos, this->byte_pos, sizeof(u_int32_t));
+ memcpy(output_pos, this->byte_pos, sizeof(uint32_t));
*output_pos = ntohl(*output_pos);
DBG3(DBG_ENC, " => %u", *output_pos);
}
- this->byte_pos += sizeof(u_int32_t);
+ this->byte_pos += sizeof(uint32_t);
return TRUE;
}
@@ -245,7 +245,7 @@ static bool parse_uint32(private_parser_t *this, int rule_number,
* Parse a given amount of bytes and writes them to a specific location
*/
static bool parse_bytes(private_parser_t *this, int rule_number,
- u_int8_t *output_pos, int bytes)
+ uint8_t *output_pos, int bytes)
{
if (this->byte_pos + bytes > this->input_roof)
{
@@ -270,13 +270,13 @@ static bool parse_bytes(private_parser_t *this, int rule_number,
static bool parse_bit(private_parser_t *this, int rule_number,
bool *output_pos)
{
- if (this->byte_pos + sizeof(u_int8_t) > this->input_roof)
+ if (this->byte_pos + sizeof(uint8_t) > this->input_roof)
{
return short_input(this, rule_number);
}
if (output_pos)
{
- u_int8_t mask;
+ uint8_t mask;
mask = 0x01 << (7 - this->bit_pos);
*output_pos = *this->byte_pos & mask;
@@ -312,7 +312,7 @@ static bool parse_list(private_parser_t *this, int rule_number,
}
while (length > 0)
{
- u_int8_t *pos_before = this->byte_pos;
+ uint8_t *pos_before = this->byte_pos;
payload_t *payload;
DBG2(DBG_ENC, " %d bytes left, parsing recursively %N",
@@ -368,7 +368,7 @@ METHOD(parser_t, parse_payload, status_t,
payload_t *pld;
void *output;
int payload_length = 0, spi_size = 0, attribute_length = 0, header_length;
- u_int16_t ts_type = 0;
+ uint16_t ts_type = 0;
bool attribute_format = FALSE;
int rule_number, rule_count;
encoding_rule_t *rule;
@@ -468,7 +468,7 @@ METHOD(parser_t, parse_payload, status_t,
return PARSE_ERROR;
}
/* parsed u_int16 should be aligned */
- payload_length = *(u_int16_t*)(output + rule->offset);
+ payload_length = *(uint16_t*)(output + rule->offset);
/* all payloads must have at least 4 bytes header */
if (payload_length < 4)
{
@@ -484,7 +484,7 @@ METHOD(parser_t, parse_payload, status_t,
pld->destroy(pld);
return PARSE_ERROR;
}
- spi_size = *(u_int8_t*)(output + rule->offset);
+ spi_size = *(uint8_t*)(output + rule->offset);
break;
}
case SPI:
@@ -564,7 +564,7 @@ METHOD(parser_t, parse_payload, status_t,
pld->destroy(pld);
return PARSE_ERROR;
}
- attribute_length = *(u_int16_t*)(output + rule->offset);
+ attribute_length = *(uint16_t*)(output + rule->offset);
break;
}
case ATTRIBUTE_LENGTH_OR_VALUE:
@@ -574,7 +574,7 @@ METHOD(parser_t, parse_payload, status_t,
pld->destroy(pld);
return PARSE_ERROR;
}
- attribute_length = *(u_int16_t*)(output + rule->offset);
+ attribute_length = *(uint16_t*)(output + rule->offset);
break;
}
case ATTRIBUTE_VALUE:
@@ -595,7 +595,7 @@ METHOD(parser_t, parse_payload, status_t,
pld->destroy(pld);
return PARSE_ERROR;
}
- ts_type = *(u_int8_t*)(output + rule->offset);
+ ts_type = *(uint8_t*)(output + rule->offset);
break;
}
case ADDRESS:
@@ -642,7 +642,7 @@ METHOD(parser_t, reset_context, void,
}
METHOD(parser_t, set_major_version, void,
- private_parser_t *this, u_int8_t major_version)
+ private_parser_t *this, uint8_t major_version)
{
this->major_version = major_version;
}
diff --git a/src/libcharon/encoding/parser.h b/src/libcharon/encoding/parser.h
index 5fd3e86..8f07355 100644
--- a/src/libcharon/encoding/parser.h
+++ b/src/libcharon/encoding/parser.h
@@ -68,7 +68,7 @@ struct parser_t {
*
* @param major_version the major IKE version
*/
- void (*set_major_version) (parser_t *this, u_int8_t major_version);
+ void (*set_major_version) (parser_t *this, uint8_t major_version);
/**
* Destroys a parser_t object.
diff --git a/src/libcharon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c
index ee3ed54..9d03bb6 100644
--- a/src/libcharon/encoding/payloads/auth_payload.c
+++ b/src/libcharon/encoding/payloads/auth_payload.c
@@ -35,7 +35,7 @@ struct private_auth_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -50,17 +50,17 @@ struct private_auth_payload_t {
/**
* Reserved bytes
*/
- u_int8_t reserved_byte[3];
+ uint8_t reserved_byte[3];
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Method of the AUTH Data.
*/
- u_int8_t auth_method;
+ uint8_t auth_method;
/**
* The contained auth data value.
diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c
index 43993ae..ea25ca7 100644
--- a/src/libcharon/encoding/payloads/cert_payload.c
+++ b/src/libcharon/encoding/payloads/cert_payload.c
@@ -55,7 +55,7 @@ struct private_cert_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -70,12 +70,12 @@ struct private_cert_payload_t {
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Encoding of the CERT Data.
*/
- u_int8_t encoding;
+ uint8_t encoding;
/**
* The contained cert data value.
diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c
index 6ac90a2..09bfa24 100644
--- a/src/libcharon/encoding/payloads/certreq_payload.c
+++ b/src/libcharon/encoding/payloads/certreq_payload.c
@@ -38,7 +38,7 @@ struct private_certreq_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -53,12 +53,12 @@ struct private_certreq_payload_t {
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Encoding of the CERT Data.
*/
- u_int8_t encoding;
+ uint8_t encoding;
/**
* The contained certreq data value.
diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c
index 4ecdf56..32e4828 100644
--- a/src/libcharon/encoding/payloads/configuration_attribute.c
+++ b/src/libcharon/encoding/payloads/configuration_attribute.c
@@ -48,12 +48,12 @@ struct private_configuration_attribute_t {
/**
* Type of the attribute.
*/
- u_int16_t attr_type;
+ uint16_t attr_type;
/**
* Length of the attribute, value if af_flag set.
*/
- u_int16_t length_or_value;
+ uint16_t length_or_value;
/**
* Attribute value as chunk.
@@ -272,7 +272,7 @@ METHOD(configuration_attribute_t, get_chunk, chunk_t,
return this->value;
}
-METHOD(configuration_attribute_t, get_value, u_int16_t,
+METHOD(configuration_attribute_t, get_value, uint16_t,
private_configuration_attribute_t *this)
{
if (this->af_flag)
@@ -328,7 +328,7 @@ configuration_attribute_t *configuration_attribute_create_chunk(
this = (private_configuration_attribute_t*)
configuration_attribute_create(type);
- this->attr_type = ((u_int16_t)attr_type) & 0x7FFF;
+ this->attr_type = ((uint16_t)attr_type) & 0x7FFF;
this->value = chunk_clone(chunk);
this->length_or_value = chunk.len;
@@ -339,13 +339,13 @@ configuration_attribute_t *configuration_attribute_create_chunk(
* Described in header.
*/
configuration_attribute_t *configuration_attribute_create_value(
- configuration_attribute_type_t attr_type, u_int16_t value)
+ configuration_attribute_type_t attr_type, uint16_t value)
{
private_configuration_attribute_t *this;
this = (private_configuration_attribute_t*)
configuration_attribute_create(PLV1_CONFIGURATION_ATTRIBUTE);
- this->attr_type = ((u_int16_t)attr_type) & 0x7FFF;
+ this->attr_type = ((uint16_t)attr_type) & 0x7FFF;
this->length_or_value = value;
this->af_flag = TRUE;
diff --git a/src/libcharon/encoding/payloads/configuration_attribute.h b/src/libcharon/encoding/payloads/configuration_attribute.h
index 946c1b5..417ba73 100644
--- a/src/libcharon/encoding/payloads/configuration_attribute.h
+++ b/src/libcharon/encoding/payloads/configuration_attribute.h
@@ -57,7 +57,7 @@ struct configuration_attribute_t {
*
* @return attribute value
*/
- u_int16_t (*get_value) (configuration_attribute_t *this);
+ uint16_t (*get_value) (configuration_attribute_t *this);
/**
* Destroys an configuration_attribute_t object.
@@ -92,6 +92,6 @@ configuration_attribute_t *configuration_attribute_create_chunk(
* @return created PLV1_CONFIGURATION_ATTRIBUTE configuration attribute
*/
configuration_attribute_t *configuration_attribute_create_value(
- configuration_attribute_type_t attr_type, u_int16_t value);
+ configuration_attribute_type_t attr_type, uint16_t value);
#endif /** CONFIGURATION_ATTRIBUTE_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c
index ef9df84..d86693e 100644
--- a/src/libcharon/encoding/payloads/cp_payload.c
+++ b/src/libcharon/encoding/payloads/cp_payload.c
@@ -44,7 +44,7 @@ struct private_cp_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -59,17 +59,17 @@ struct private_cp_payload_t {
/**
* Reserved bytes
*/
- u_int8_t reserved_byte[3];
+ uint8_t reserved_byte[3];
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Identifier field, IKEv1 only
*/
- u_int16_t identifier;
+ uint16_t identifier;
/**
* List of attributes, as configuration_attribute_t
@@ -79,7 +79,7 @@ struct private_cp_payload_t {
/**
* Config Type.
*/
- u_int8_t cfg_type;
+ uint8_t cfg_type;
/**
* PLV2_CONFIGURATION or PLV1_CONFIGURATION
@@ -269,13 +269,13 @@ METHOD(cp_payload_t, get_config_type, config_type_t,
return this->cfg_type;
}
-METHOD(cp_payload_t, get_identifier, u_int16_t,
+METHOD(cp_payload_t, get_identifier, uint16_t,
private_cp_payload_t *this)
{
return this->identifier;
}
METHOD(cp_payload_t, set_identifier, void,
- private_cp_payload_t *this, u_int16_t identifier)
+ private_cp_payload_t *this, uint16_t identifier)
{
this->identifier = identifier;
}
diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h
index d466989..3e4763f 100644
--- a/src/libcharon/encoding/payloads/cp_payload.h
+++ b/src/libcharon/encoding/payloads/cp_payload.h
@@ -82,14 +82,14 @@ struct cp_payload_t {
*
@param identifier identifier to set
*/
- void (*set_identifier) (cp_payload_t *this, u_int16_t identifier);
+ void (*set_identifier) (cp_payload_t *this, uint16_t identifier);
/**
* Get the configuration payload identifier (IKEv1 only).
*
* @return identifier
*/
- u_int16_t (*get_identifier) (cp_payload_t *this);
+ uint16_t (*get_identifier) (cp_payload_t *this);
/**
* Destroys an cp_payload_t object.
diff --git a/src/libcharon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c
index f11ea48..584e6f2 100644
--- a/src/libcharon/encoding/payloads/delete_payload.c
+++ b/src/libcharon/encoding/payloads/delete_payload.c
@@ -36,7 +36,7 @@ struct private_delete_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -51,27 +51,27 @@ struct private_delete_payload_t {
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* IKEv1 Domain of Interpretation
*/
- u_int32_t doi;
+ uint32_t doi;
/**
* Protocol ID.
*/
- u_int8_t protocol_id;
+ uint8_t protocol_id;
/**
* SPI Size.
*/
- u_int8_t spi_size;
+ uint8_t spi_size;
/**
* Number of SPI's.
*/
- u_int16_t spi_count;
+ uint16_t spi_count;
/**
* The contained SPI's.
@@ -257,7 +257,7 @@ METHOD(delete_payload_t, get_protocol_id, protocol_id_t,
}
METHOD(delete_payload_t, add_spi, void,
- private_delete_payload_t *this, u_int32_t spi)
+ private_delete_payload_t *this, uint32_t spi)
{
switch (this->protocol_id)
{
@@ -273,7 +273,7 @@ METHOD(delete_payload_t, add_spi, void,
}
METHOD(delete_payload_t, set_ike_spi, void,
- private_delete_payload_t *this, u_int64_t spi_i, u_int64_t spi_r)
+ private_delete_payload_t *this, uint64_t spi_i, uint64_t spi_r)
{
free(this->spis.ptr);
this->spis = chunk_cat("cc", chunk_from_thing(spi_i),
@@ -283,15 +283,15 @@ METHOD(delete_payload_t, set_ike_spi, void,
}
METHOD(delete_payload_t, get_ike_spi, bool,
- private_delete_payload_t *this, u_int64_t *spi_i, u_int64_t *spi_r)
+ private_delete_payload_t *this, uint64_t *spi_i, uint64_t *spi_r)
{
if (this->protocol_id != PROTO_IKE ||
- this->spis.len < 2 * sizeof(u_int64_t))
+ this->spis.len < 2 * sizeof(uint64_t))
{
return FALSE;
}
- memcpy(spi_i, this->spis.ptr, sizeof(u_int64_t));
- memcpy(spi_r, this->spis.ptr + sizeof(u_int64_t), sizeof(u_int64_t));
+ memcpy(spi_i, this->spis.ptr, sizeof(uint64_t));
+ memcpy(spi_r, this->spis.ptr + sizeof(uint64_t), sizeof(uint64_t));
return TRUE;
}
@@ -306,7 +306,7 @@ typedef struct {
} spi_enumerator_t;
METHOD(enumerator_t, spis_enumerate, bool,
- spi_enumerator_t *this, u_int32_t *spi)
+ spi_enumerator_t *this, uint32_t *spi)
{
if (this->spis.len >= sizeof(*spi))
{
@@ -322,7 +322,7 @@ METHOD(delete_payload_t, create_spi_enumerator, enumerator_t*,
{
spi_enumerator_t *e;
- if (this->spi_size != sizeof(u_int32_t))
+ if (this->spi_size != sizeof(uint32_t))
{
return enumerator_create_empty();
}
diff --git a/src/libcharon/encoding/payloads/delete_payload.h b/src/libcharon/encoding/payloads/delete_payload.h
index 6728718..06ed76c 100644
--- a/src/libcharon/encoding/payloads/delete_payload.h
+++ b/src/libcharon/encoding/payloads/delete_payload.h
@@ -51,7 +51,7 @@ struct delete_payload_t {
*
* @param spi spi to add
*/
- void (*add_spi) (delete_payload_t *this, u_int32_t spi);
+ void (*add_spi) (delete_payload_t *this, uint32_t spi);
/**
* Set the IKE SPIs for an IKEv1 delete.
@@ -59,7 +59,7 @@ struct delete_payload_t {
* @param spi_i initiator SPI
* @param spi_r responder SPI
*/
- void (*set_ike_spi)(delete_payload_t *this, u_int64_t spi_i, u_int64_t spi_r);
+ void (*set_ike_spi)(delete_payload_t *this, uint64_t spi_i, uint64_t spi_r);
/**
* Get the IKE SPIs from an IKEv1 delete.
@@ -68,12 +68,12 @@ struct delete_payload_t {
* @param spi_r responder SPI
* @return TRUE if SPIs extracted successfully
*/
- bool (*get_ike_spi)(delete_payload_t *this, u_int64_t *spi_i, u_int64_t *spi_r);
+ bool (*get_ike_spi)(delete_payload_t *this, uint64_t *spi_i, uint64_t *spi_r);
/**
* Get an enumerator over the SPIs in network order.
*
- * @return enumerator over SPIs, u_int32_t
+ * @return enumerator over SPIs, uint32_t
*/
enumerator_t *(*create_spi_enumerator) (delete_payload_t *this);
diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c
index ebdf8a3..8c3fc59 100644
--- a/src/libcharon/encoding/payloads/eap_payload.c
+++ b/src/libcharon/encoding/payloads/eap_payload.c
@@ -38,7 +38,7 @@ struct private_eap_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -53,7 +53,7 @@ struct private_eap_payload_t {
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* EAP message data, if available
@@ -102,8 +102,8 @@ static encoding_rule_t encodings[] = {
METHOD(payload_t, verify, status_t,
private_eap_payload_t *this)
{
- u_int16_t length;
- u_int8_t code;
+ uint16_t length;
+ uint8_t code;
if (this->data.len < 4)
{
@@ -208,7 +208,7 @@ METHOD(eap_payload_t, get_code, eap_code_t,
return 0;
}
-METHOD(eap_payload_t, get_identifier, u_int8_t,
+METHOD(eap_payload_t, get_identifier, uint8_t,
private_eap_payload_t *this)
{
if (this->data.len > 1)
@@ -224,7 +224,7 @@ METHOD(eap_payload_t, get_identifier, u_int8_t,
* @return the new offset or 0 if failed
*/
static size_t extract_type(private_eap_payload_t *this, size_t offset,
- eap_type_t *type, u_int32_t *vendor)
+ eap_type_t *type, uint32_t *vendor)
{
if (this->data.len > offset)
{
@@ -245,7 +245,7 @@ static size_t extract_type(private_eap_payload_t *this, size_t offset,
}
METHOD(eap_payload_t, get_type, eap_type_t,
- private_eap_payload_t *this, u_int32_t *vendor)
+ private_eap_payload_t *this, uint32_t *vendor)
{
eap_type_t type;
@@ -270,7 +270,7 @@ typedef struct {
} type_enumerator_t;
METHOD(enumerator_t, enumerate_types, bool,
- type_enumerator_t *this, eap_type_t *type, u_int32_t *vendor)
+ type_enumerator_t *this, eap_type_t *type, uint32_t *vendor)
{
this->offset = extract_type(this->payload, this->offset, type, vendor);
return this->offset;
@@ -281,7 +281,7 @@ METHOD(eap_payload_t, get_types, enumerator_t*,
{
type_enumerator_t *enumerator;
eap_type_t type;
- u_int32_t vendor;
+ uint32_t vendor;
size_t offset;
offset = extract_type(this, 4, &type, &vendor);
@@ -373,7 +373,7 @@ eap_payload_t *eap_payload_create_data_own(chunk_t data)
/*
* Described in header
*/
-eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier)
+eap_payload_t *eap_payload_create_code(eap_code_t code, uint8_t identifier)
{
chunk_t data;
@@ -385,7 +385,7 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier)
/**
* Write the given type either expanded or not
*/
-static void write_type(bio_writer_t *writer, eap_type_t type, u_int32_t vendor,
+static void write_type(bio_writer_t *writer, eap_type_t type, uint32_t vendor,
bool expanded)
{
if (expanded)
@@ -403,12 +403,12 @@ static void write_type(bio_writer_t *writer, eap_type_t type, u_int32_t vendor,
/*
* Described in header
*/
-eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type,
- u_int32_t vendor, bool expanded)
+eap_payload_t *eap_payload_create_nak(uint8_t identifier, eap_type_t type,
+ uint32_t vendor, bool expanded)
{
enumerator_t *enumerator;
eap_type_t reg_type;
- u_int32_t reg_vendor;
+ uint32_t reg_vendor;
bio_writer_t *writer;
chunk_t data;
bool added_any = FALSE, found_vendor = FALSE;
diff --git a/src/libcharon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h
index e8ed1c5..abaefde 100644
--- a/src/libcharon/encoding/payloads/eap_payload.h
+++ b/src/libcharon/encoding/payloads/eap_payload.h
@@ -72,7 +72,7 @@ struct eap_payload_t {
*
* @return unique identifier
*/
- u_int8_t (*get_identifier) (eap_payload_t *this);
+ uint8_t (*get_identifier) (eap_payload_t *this);
/**
* Get the EAP method type.
@@ -80,13 +80,13 @@ struct eap_payload_t {
* @param vendor pointer receiving vendor identifier
* @return EAP method type, vendor specific if vendor != 0
*/
- eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor);
+ eap_type_t (*get_type) (eap_payload_t *this, uint32_t *vendor);
/**
* Enumerate the EAP method types contained in an EAP-Nak (i.e. get_type()
* returns EAP_NAK).
*
- * @return enumerator over (eap_type_t type, u_int32_t vendor)
+ * @return enumerator over (eap_type_t type, uint32_t vendor)
*/
enumerator_t* (*get_types) (eap_payload_t *this);
@@ -136,7 +136,7 @@ eap_payload_t *eap_payload_create_data_own(chunk_t data);
* @param identifier EAP identifier to use in payload
* @return eap_payload_t object
*/
-eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier);
+eap_payload_t *eap_payload_create_code(eap_code_t code, uint8_t identifier);
/**
* Creates an eap_payload_t EAP_RESPONSE containing an EAP_NAK.
@@ -147,7 +147,7 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier);
* @param expanded TRUE to send an expanded Nak
* @return eap_payload_t object
*/
-eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type,
- u_int32_t vendor, bool expanded);
+eap_payload_t *eap_payload_create_nak(uint8_t identifier, eap_type_t type,
+ uint32_t vendor, bool expanded);
#endif /** EAP_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/encodings.h b/src/libcharon/encoding/payloads/encodings.h
index 54830bc..442bf74 100644
--- a/src/libcharon/encoding/payloads/encodings.h
+++ b/src/libcharon/encoding/payloads/encodings.h
@@ -289,10 +289,10 @@ enum encoding_type_t {
/**
* Representating an IKE_SPI field in an IKEv2 Header.
*
- * When generating the value of the u_int64_t pointing to
+ * When generating the value of the uint64_t pointing to
* is written (host and networ order is not changed).
*
- * When parsing 8 bytes are read and written into the u_int64_t pointing to.
+ * When parsing 8 bytes are read and written into the uint64_t pointing to.
*/
IKE_SPI,
@@ -342,7 +342,7 @@ struct encoding_rule_t {
* When generating, data are read from this offset in the
* data struct.
*/
- u_int32_t offset;
+ uint32_t offset;
};
#endif /** ENCODINGS_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h
index 1c2cc37..6ff61dd 100644
--- a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h
+++ b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h
@@ -42,14 +42,14 @@ struct encrypted_fragment_payload_t {
*
* @return fragment number
*/
- u_int16_t (*get_fragment_number)(encrypted_fragment_payload_t *this);
+ uint16_t (*get_fragment_number)(encrypted_fragment_payload_t *this);
/**
* Get the total number of fragments.
*
* @return total number of fragments
*/
- u_int16_t (*get_total_fragments)(encrypted_fragment_payload_t *this);
+ uint16_t (*get_total_fragments)(encrypted_fragment_payload_t *this);
/**
* Get the (decrypted) content of this payload.
@@ -80,6 +80,6 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create();
* @return encrypted_fragment_payload_t object
*/
encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data(
- u_int16_t num, u_int16_t total, chunk_t data);
+ uint16_t num, uint16_t total, chunk_t data);
#endif /** ENCRYPTED_FRAGMENT_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c
index d1a2678..a033f60 100644
--- a/src/libcharon/encoding/payloads/encrypted_payload.c
+++ b/src/libcharon/encoding/payloads/encrypted_payload.c
@@ -43,17 +43,17 @@ struct private_encrypted_payload_t {
* next_payload means here the first payload of the
* contained, encrypted payload.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Flags, including reserved bits
*/
- u_int8_t flags;
+ uint8_t flags;
/**
* Length of this payload
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Chunk containing the IV, plain, padding and ICV.
@@ -88,17 +88,17 @@ struct private_encrypted_fragment_payload_t {
* the original encrypted payload, for all other fragments it MUST be set
* to zero.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Flags, including reserved bits
*/
- u_int8_t flags;
+ uint8_t flags;
/**
* Length of this payload
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Chunk containing the IV, plain, padding and ICV.
@@ -108,12 +108,12 @@ struct private_encrypted_fragment_payload_t {
/**
* Fragment number
*/
- u_int16_t fragment_number;
+ uint16_t fragment_number;
/**
* Total fragments
*/
- u_int16_t total_fragments;
+ uint16_t total_fragments;
/**
* AEAD transform to use
@@ -366,7 +366,7 @@ static chunk_t generate(private_encrypted_payload_t *this,
{
payload_t *current, *next;
enumerator_t *enumerator;
- u_int32_t *lenpos;
+ uint32_t *lenpos;
chunk_t chunk = chunk_empty;
enumerator = this->payloads->create_enumerator(this->payloads);
@@ -402,9 +402,9 @@ METHOD(encrypted_payload_t, generate_payloads, void,
static chunk_t append_header(private_encrypted_payload_t *this, chunk_t assoc)
{
struct {
- u_int8_t next_payload;
- u_int8_t flags;
- u_int16_t length;
+ uint8_t next_payload;
+ uint8_t flags;
+ uint16_t length;
} __attribute__((packed)) header = {
.next_payload = this->next_payload,
.flags = this->flags,
@@ -416,7 +416,7 @@ static chunk_t append_header(private_encrypted_payload_t *this, chunk_t assoc)
/**
* Encrypts the data in plain and returns it in an allocated chunk.
*/
-static status_t encrypt_content(char *label, aead_t *aead, u_int64_t mid,
+static status_t encrypt_content(char *label, aead_t *aead, uint64_t mid,
chunk_t plain, chunk_t assoc, chunk_t *encrypted)
{
chunk_t iv, padding, icv, crypt;
@@ -486,7 +486,7 @@ static status_t encrypt_content(char *label, aead_t *aead, u_int64_t mid,
}
METHOD(encrypted_payload_t, encrypt, status_t,
- private_encrypted_payload_t *this, u_int64_t mid, chunk_t assoc)
+ private_encrypted_payload_t *this, uint64_t mid, chunk_t assoc)
{
generator_t *generator;
chunk_t plain;
@@ -512,7 +512,7 @@ METHOD(encrypted_payload_t, encrypt, status_t,
}
METHOD(encrypted_payload_t, encrypt_v1, status_t,
- private_encrypted_payload_t *this, u_int64_t mid, chunk_t iv)
+ private_encrypted_payload_t *this, uint64_t mid, chunk_t iv)
{
generator_t *generator;
chunk_t plain, padding;
@@ -869,13 +869,13 @@ METHOD2(payload_t, encrypted_payload_t, frag_get_length, size_t,
return this->payload_length;
}
-METHOD(encrypted_fragment_payload_t, get_fragment_number, u_int16_t,
+METHOD(encrypted_fragment_payload_t, get_fragment_number, uint16_t,
private_encrypted_fragment_payload_t *this)
{
return this->fragment_number;
}
-METHOD(encrypted_fragment_payload_t, get_total_fragments, u_int16_t,
+METHOD(encrypted_fragment_payload_t, get_total_fragments, uint16_t,
private_encrypted_fragment_payload_t *this)
{
return this->total_fragments;
@@ -906,11 +906,11 @@ static chunk_t append_header_frag(private_encrypted_fragment_payload_t *this,
chunk_t assoc)
{
struct {
- u_int8_t next_payload;
- u_int8_t flags;
- u_int16_t length;
- u_int16_t fragment_number;
- u_int16_t total_fragments;
+ uint8_t next_payload;
+ uint8_t flags;
+ uint16_t length;
+ uint16_t fragment_number;
+ uint16_t total_fragments;
} __attribute__((packed)) header = {
.next_payload = this->next_payload,
.flags = this->flags,
@@ -922,7 +922,7 @@ static chunk_t append_header_frag(private_encrypted_fragment_payload_t *this,
}
METHOD(encrypted_payload_t, frag_encrypt, status_t,
- private_encrypted_fragment_payload_t *this, u_int64_t mid, chunk_t assoc)
+ private_encrypted_fragment_payload_t *this, uint64_t mid, chunk_t assoc)
{
status_t status;
@@ -1015,7 +1015,7 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create()
* Described in header
*/
encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data(
- u_int16_t num, u_int16_t total, chunk_t plain)
+ uint16_t num, uint16_t total, chunk_t plain)
{
private_encrypted_fragment_payload_t *this;
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h
index be59e3c..19c60c5 100644
--- a/src/libcharon/encoding/payloads/encrypted_payload.h
+++ b/src/libcharon/encoding/payloads/encrypted_payload.h
@@ -88,7 +88,7 @@ struct encrypted_payload_t {
* - FAILED if encryption failed
* - INVALID_STATE if aead not supplied, but needed
*/
- status_t (*encrypt) (encrypted_payload_t *this, u_int64_t mid,
+ status_t (*encrypt) (encrypted_payload_t *this, uint64_t mid,
chunk_t assoc);
/**
diff --git a/src/libcharon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c
index ebe5f32..afeee72 100644
--- a/src/libcharon/encoding/payloads/endpoint_notify.c
+++ b/src/libcharon/encoding/payloads/endpoint_notify.c
@@ -33,7 +33,7 @@ struct private_endpoint_notify_t {
/**
* Priority
*/
- u_int32_t priority;
+ uint32_t priority;
/**
* Family
@@ -83,36 +83,36 @@ static private_endpoint_notify_t *endpoint_notify_create();
/**
* Helper functions to parse integer values
*/
-static status_t parse_uint8(u_int8_t **cur, u_int8_t *top, u_int8_t *val)
+static status_t parse_uint8(uint8_t **cur, uint8_t *top, uint8_t *val)
{
- if (*cur + sizeof(u_int8_t) > top)
+ if (*cur + sizeof(uint8_t) > top)
{
return FAILED;
}
- *val = *(u_int8_t*)*cur;
- *cur += sizeof(u_int8_t);
+ *val = *(uint8_t*)*cur;
+ *cur += sizeof(uint8_t);
return SUCCESS;
}
-static status_t parse_uint16(u_int8_t **cur, u_int8_t *top, u_int16_t *val)
+static status_t parse_uint16(uint8_t **cur, uint8_t *top, uint16_t *val)
{
- if (*cur + sizeof(u_int16_t) > top)
+ if (*cur + sizeof(uint16_t) > top)
{
return FAILED;
}
- *val = ntohs(*(u_int16_t*)*cur);
- *cur += sizeof(u_int16_t);
+ *val = ntohs(*(uint16_t*)*cur);
+ *cur += sizeof(uint16_t);
return SUCCESS;
}
-static status_t parse_uint32(u_int8_t **cur, u_int8_t *top, u_int32_t *val)
+static status_t parse_uint32(uint8_t **cur, uint8_t *top, uint32_t *val)
{
- if (*cur + sizeof(u_int32_t) > top)
+ if (*cur + sizeof(uint32_t) > top)
{
return FAILED;
}
- *val = ntohl(*(u_int32_t*)*cur);
- *cur += sizeof(u_int32_t);
+ *val = ntohl(*(uint32_t*)*cur);
+ *cur += sizeof(uint32_t);
return SUCCESS;
}
@@ -121,11 +121,11 @@ static status_t parse_uint32(u_int8_t **cur, u_int8_t *top, u_int32_t *val)
*/
static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t data)
{
- u_int8_t family, type, addr_family;
- u_int16_t port;
+ uint8_t family, type, addr_family;
+ uint16_t port;
chunk_t addr;
- u_int8_t *cur = data.ptr;
- u_int8_t *top = data.ptr + data.len;
+ uint8_t *cur = data.ptr;
+ uint8_t *top = data.ptr + data.len;
DBG3(DBG_IKE, "me_endpoint_data %B", &data);
@@ -191,9 +191,9 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this)
{
chunk_t prio_chunk, family_chunk, type_chunk, port_chunk, addr_chunk;
chunk_t data;
- u_int32_t prio;
- u_int16_t port;
- u_int8_t family, type;
+ uint32_t prio;
+ uint16_t port;
+ uint8_t family, type;
prio = htonl(this->priority);
prio_chunk = chunk_from_thing(prio);
@@ -237,14 +237,14 @@ METHOD(endpoint_notify_t, build_notify, notify_payload_t*,
}
-METHOD(endpoint_notify_t, get_priority, u_int32_t,
+METHOD(endpoint_notify_t, get_priority, uint32_t,
private_endpoint_notify_t *this)
{
return this->priority;
}
METHOD(endpoint_notify_t, set_priority, void,
- private_endpoint_notify_t *this, u_int32_t priority)
+ private_endpoint_notify_t *this, uint32_t priority)
{
this->priority = priority;
}
diff --git a/src/libcharon/encoding/payloads/endpoint_notify.h b/src/libcharon/encoding/payloads/endpoint_notify.h
index 853aadf..f4cf89f 100644
--- a/src/libcharon/encoding/payloads/endpoint_notify.h
+++ b/src/libcharon/encoding/payloads/endpoint_notify.h
@@ -82,14 +82,14 @@ struct endpoint_notify_t {
*
* @return priority
*/
- u_int32_t (*get_priority) (endpoint_notify_t *this);
+ uint32_t (*get_priority) (endpoint_notify_t *this);
/**
* Sets the priority of this endpoint.
*
* @param priority priority
*/
- void (*set_priority) (endpoint_notify_t *this, u_int32_t priority);
+ void (*set_priority) (endpoint_notify_t *this, uint32_t priority);
/**
* Returns the endpoint type of this endpoint.
diff --git a/src/libcharon/encoding/payloads/fragment_payload.c b/src/libcharon/encoding/payloads/fragment_payload.c
index 7f158f5..fecd05f 100644
--- a/src/libcharon/encoding/payloads/fragment_payload.c
+++ b/src/libcharon/encoding/payloads/fragment_payload.c
@@ -35,32 +35,32 @@ struct private_fragment_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Reserved byte
*/
- u_int8_t reserved;
+ uint8_t reserved;
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Fragment ID.
*/
- u_int16_t fragment_id;
+ uint16_t fragment_id;
/**
* Fragment number.
*/
- u_int8_t fragment_number;
+ uint8_t fragment_number;
/**
* Flags
*/
- u_int8_t flags;
+ uint8_t flags;
/**
* The contained fragment data.
@@ -145,13 +145,13 @@ METHOD(payload_t, get_length, size_t,
return this->payload_length;
}
-METHOD(fragment_payload_t, get_id, u_int16_t,
+METHOD(fragment_payload_t, get_id, uint16_t,
private_fragment_payload_t *this)
{
return this->fragment_id;
}
-METHOD(fragment_payload_t, get_number, u_int8_t,
+METHOD(fragment_payload_t, get_number, uint8_t,
private_fragment_payload_t *this)
{
return this->fragment_number;
@@ -210,7 +210,7 @@ fragment_payload_t *fragment_payload_create()
/*
* Described in header
*/
-fragment_payload_t *fragment_payload_create_from_data(u_int8_t num, bool last,
+fragment_payload_t *fragment_payload_create_from_data(uint8_t num, bool last,
chunk_t data)
{
private_fragment_payload_t *this;
diff --git a/src/libcharon/encoding/payloads/fragment_payload.h b/src/libcharon/encoding/payloads/fragment_payload.h
index a49cf32..a756601 100644
--- a/src/libcharon/encoding/payloads/fragment_payload.h
+++ b/src/libcharon/encoding/payloads/fragment_payload.h
@@ -42,14 +42,14 @@ struct fragment_payload_t {
*
* @return fragment ID
*/
- u_int16_t (*get_id)(fragment_payload_t *this);
+ uint16_t (*get_id)(fragment_payload_t *this);
/**
* Get the fragment number. Defines the order of the fragments.
*
* @return fragment number
*/
- u_int8_t (*get_number)(fragment_payload_t *this);
+ uint8_t (*get_number)(fragment_payload_t *this);
/**
* Check if this is the last fragment.
@@ -88,7 +88,7 @@ fragment_payload_t *fragment_payload_create();
* @param data fragment data (gets cloned)
* @return fragment_payload_t object
*/
-fragment_payload_t *fragment_payload_create_from_data(u_int8_t num, bool last,
+fragment_payload_t *fragment_payload_create_from_data(uint8_t num, bool last,
chunk_t data);
#endif /** FRAGMENT_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/hash_payload.c b/src/libcharon/encoding/payloads/hash_payload.c
index a12b018..eac8207 100644
--- a/src/libcharon/encoding/payloads/hash_payload.c
+++ b/src/libcharon/encoding/payloads/hash_payload.c
@@ -34,17 +34,17 @@ struct private_hash_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Reserved byte
*/
- u_int8_t reserved;
+ uint8_t reserved;
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* The contained hash value.
diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c
index bb8aab7..ae0b19a 100644
--- a/src/libcharon/encoding/payloads/id_payload.c
+++ b/src/libcharon/encoding/payloads/id_payload.c
@@ -38,7 +38,7 @@ struct private_id_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -53,17 +53,17 @@ struct private_id_payload_t {
/**
* Reserved bytes
*/
- u_int8_t reserved_byte[3];
+ uint8_t reserved_byte[3];
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Type of the ID Data.
*/
- u_int8_t id_type;
+ uint8_t id_type;
/**
* The contained id data value.
@@ -73,12 +73,12 @@ struct private_id_payload_t {
/**
* Tunneled protocol ID for IKEv1 quick modes.
*/
- u_int8_t protocol_id;
+ uint8_t protocol_id;
/**
* Tunneled port for IKEv1 quick modes.
*/
- u_int16_t port;
+ uint16_t port;
/**
* one of PLV2_ID_INITIATOR, PLV2_ID_RESPONDER, IDv1 and PLV1_NAT_OA
@@ -334,7 +334,7 @@ METHOD(id_payload_t, get_ts, traffic_selector_t*,
METHOD(id_payload_t, get_encoded, chunk_t,
private_id_payload_t *this)
{
- u_int16_t port = htons(this->port);
+ uint16_t port = htons(this->port);
return chunk_cat("cccc", chunk_from_thing(this->id_type),
chunk_from_thing(this->protocol_id),
chunk_from_thing(port), this->id_data);
@@ -400,7 +400,7 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type,
id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts)
{
private_id_payload_t *this;
- u_int8_t mask;
+ uint8_t mask;
host_t *net;
this = (private_id_payload_t*)id_payload_create(PLV1_ID);
@@ -419,7 +419,7 @@ id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts)
}
else if (ts->to_subnet(ts, &net, &mask))
{
- u_int8_t netmask[16], len, byte;
+ uint8_t netmask[16], len, byte;
if (ts->get_type(ts) == TS_IPV4_ADDR_RANGE)
{
diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index c96738a..61a0424 100644
--- a/src/libcharon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
@@ -37,31 +37,31 @@ struct private_ike_header_t {
/**
* SPI of the initiator.
*/
- u_int64_t initiator_spi;
+ uint64_t initiator_spi;
/**
* SPI of the responder.
*/
- u_int64_t responder_spi;
+ uint64_t responder_spi;
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* IKE major version.
*/
- u_int8_t maj_version;
+ uint8_t maj_version;
/**
* IKE minor version.
*/
- u_int8_t min_version;
+ uint8_t min_version;
/**
* Exchange type .
*/
- u_int8_t exchange_type;
+ uint8_t exchange_type;
/**
* Flags of the Message.
@@ -106,12 +106,12 @@ struct private_ike_header_t {
/**
* Associated Message-ID.
*/
- u_int32_t message_id;
+ uint32_t message_id;
/**
* Length of the whole IKEv2-Message (header and all payloads).
*/
- u_int32_t length;
+ uint32_t length;
};
ENUM_BEGIN(exchange_type_names, ID_PROT, TRANSACTION,
@@ -290,50 +290,50 @@ METHOD(payload_t, get_length, size_t,
return this->length;
}
-METHOD(ike_header_t, get_initiator_spi, u_int64_t,
+METHOD(ike_header_t, get_initiator_spi, uint64_t,
private_ike_header_t *this)
{
return this->initiator_spi;
}
METHOD(ike_header_t, set_initiator_spi, void,
- private_ike_header_t *this, u_int64_t initiator_spi)
+ private_ike_header_t *this, uint64_t initiator_spi)
{
this->initiator_spi = initiator_spi;
}
-METHOD(ike_header_t, get_responder_spi, u_int64_t,
+METHOD(ike_header_t, get_responder_spi, uint64_t,
private_ike_header_t *this)
{
return this->responder_spi;
}
METHOD(ike_header_t, set_responder_spi, void,
- private_ike_header_t *this, u_int64_t responder_spi)
+ private_ike_header_t *this, uint64_t responder_spi)
{
this->responder_spi = responder_spi;
}
-METHOD(ike_header_t, get_maj_version, u_int8_t,
+METHOD(ike_header_t, get_maj_version, uint8_t,
private_ike_header_t *this)
{
return this->maj_version;
}
METHOD(ike_header_t, set_maj_version, void,
- private_ike_header_t *this, u_int8_t major)
+ private_ike_header_t *this, uint8_t major)
{
this->maj_version = major;
}
-METHOD(ike_header_t, get_min_version, u_int8_t,
+METHOD(ike_header_t, get_min_version, uint8_t,
private_ike_header_t *this)
{
return this->min_version;
}
METHOD(ike_header_t, set_min_version, void,
- private_ike_header_t *this, u_int8_t minor)
+ private_ike_header_t *this, uint8_t minor)
{
this->min_version = minor;
}
@@ -411,26 +411,26 @@ METHOD(ike_header_t, set_authonly_flag, void,
this->flags.authonly = authonly;
}
-METHOD(ike_header_t, get_exchange_type, u_int8_t,
+METHOD(ike_header_t, get_exchange_type, uint8_t,
private_ike_header_t *this)
{
return this->exchange_type;
}
METHOD(ike_header_t, set_exchange_type, void,
- private_ike_header_t *this, u_int8_t exchange_type)
+ private_ike_header_t *this, uint8_t exchange_type)
{
this->exchange_type = exchange_type;
}
-METHOD(ike_header_t, get_message_id, u_int32_t,
+METHOD(ike_header_t, get_message_id, uint32_t,
private_ike_header_t *this)
{
return this->message_id;
}
METHOD(ike_header_t, set_message_id, void,
- private_ike_header_t *this, u_int32_t message_id)
+ private_ike_header_t *this, uint32_t message_id)
{
this->message_id = message_id;
}
diff --git a/src/libcharon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h
index d9a44dd..fa89c39 100644
--- a/src/libcharon/encoding/payloads/ike_header.h
+++ b/src/libcharon/encoding/payloads/ike_header.h
@@ -153,56 +153,56 @@ struct ike_header_t {
*
* @return initiator_spi
*/
- u_int64_t (*get_initiator_spi) (ike_header_t *this);
+ uint64_t (*get_initiator_spi) (ike_header_t *this);
/**
* Set the initiator spi.
*
* @param initiator_spi initiator_spi
*/
- void (*set_initiator_spi) (ike_header_t *this, u_int64_t initiator_spi);
+ void (*set_initiator_spi) (ike_header_t *this, uint64_t initiator_spi);
/**
* Get the responder spi.
*
* @return responder_spi
*/
- u_int64_t (*get_responder_spi) (ike_header_t *this);
+ uint64_t (*get_responder_spi) (ike_header_t *this);
/**
* Set the responder spi.
*
* @param responder_spi responder_spi
*/
- void (*set_responder_spi) (ike_header_t *this, u_int64_t responder_spi);
+ void (*set_responder_spi) (ike_header_t *this, uint64_t responder_spi);
/**
* Get the major version.
*
* @return major version
*/
- u_int8_t (*get_maj_version) (ike_header_t *this);
+ uint8_t (*get_maj_version) (ike_header_t *this);
/**
* Set the major version.
*
* @param major major version
*/
- void (*set_maj_version) (ike_header_t *this, u_int8_t major);
+ void (*set_maj_version) (ike_header_t *this, uint8_t major);
/**
* Get the minor version.
*
* @return minor version
*/
- u_int8_t (*get_min_version) (ike_header_t *this);
+ uint8_t (*get_min_version) (ike_header_t *this);
/**
* Set the minor version.
*
* @param minor minor version
*/
- void (*set_min_version) (ike_header_t *this, u_int8_t minor);
+ void (*set_min_version) (ike_header_t *this, uint8_t minor);
/**
* Get the response flag.
@@ -293,28 +293,28 @@ struct ike_header_t {
*
* @return exchange type
*/
- u_int8_t (*get_exchange_type) (ike_header_t *this);
+ uint8_t (*get_exchange_type) (ike_header_t *this);
/**
* Set the exchange type.
*
* @param exchange_type exchange type
*/
- void (*set_exchange_type) (ike_header_t *this, u_int8_t exchange_type);
+ void (*set_exchange_type) (ike_header_t *this, uint8_t exchange_type);
/**
* Get the message id.
*
* @return message id
*/
- u_int32_t (*get_message_id) (ike_header_t *this);
+ uint32_t (*get_message_id) (ike_header_t *this);
/**
* Set the message id.
*
* @param initiator_spi message id
*/
- void (*set_message_id) (ike_header_t *this, u_int32_t message_id);
+ void (*set_message_id) (ike_header_t *this, uint32_t message_id);
/**
* Destroys a ike_header_t object.
diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c
index 50fd73f..37f3adf 100644
--- a/src/libcharon/encoding/payloads/ke_payload.c
+++ b/src/libcharon/encoding/payloads/ke_payload.c
@@ -36,7 +36,7 @@ struct private_ke_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -51,17 +51,17 @@ struct private_ke_payload_t {
/**
* Reserved bytes
*/
- u_int8_t reserved_byte[2];
+ uint8_t reserved_byte[2];
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* DH Group Number.
*/
- u_int16_t dh_group_number;
+ uint16_t dh_group_number;
/**
* Key Exchange Data of this KE payload.
diff --git a/src/libcharon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c
index b0d1c60..17a0417 100644
--- a/src/libcharon/encoding/payloads/nonce_payload.c
+++ b/src/libcharon/encoding/payloads/nonce_payload.c
@@ -37,7 +37,7 @@ struct private_nonce_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -52,7 +52,7 @@ struct private_nonce_payload_t {
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* The contained nonce value.
diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index f32a127..ca7ef3a 100644
--- a/src/libcharon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
@@ -260,7 +260,7 @@ struct private_notify_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -275,27 +275,27 @@ struct private_notify_payload_t {
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Domain of interpretation, IKEv1 only.
*/
- u_int32_t doi;
+ uint32_t doi;
/**
* Protocol id.
*/
- u_int8_t protocol_id;
+ uint8_t protocol_id;
/**
* Spi size.
*/
- u_int8_t spi_size;
+ uint8_t spi_size;
/**
* Notify message type.
*/
- u_int16_t notify_type;
+ uint16_t notify_type;
/**
* Security parameter index (spi).
@@ -596,14 +596,14 @@ METHOD(payload_t, get_length, size_t,
return this->payload_length;
}
-METHOD(notify_payload_t, get_protocol_id, u_int8_t,
+METHOD(notify_payload_t, get_protocol_id, uint8_t,
private_notify_payload_t *this)
{
return this->protocol_id;
}
METHOD(notify_payload_t, set_protocol_id, void,
- private_notify_payload_t *this, u_int8_t protocol_id)
+ private_notify_payload_t *this, uint8_t protocol_id)
{
this->protocol_id = protocol_id;
}
@@ -620,7 +620,7 @@ METHOD(notify_payload_t, set_notify_type, void,
this->notify_type = notify_type;
}
-METHOD(notify_payload_t, get_spi, u_int32_t,
+METHOD(notify_payload_t, get_spi, uint32_t,
private_notify_payload_t *this)
{
switch (this->protocol_id)
@@ -629,7 +629,7 @@ METHOD(notify_payload_t, get_spi, u_int32_t,
case PROTO_ESP:
if (this->spi.len == 4)
{
- return *((u_int32_t*)this->spi.ptr);
+ return *((uint32_t*)this->spi.ptr);
}
default:
break;
@@ -638,7 +638,7 @@ METHOD(notify_payload_t, get_spi, u_int32_t,
}
METHOD(notify_payload_t, set_spi, void,
- private_notify_payload_t *this, u_int32_t spi)
+ private_notify_payload_t *this, uint32_t spi)
{
chunk_free(&this->spi);
switch (this->protocol_id)
@@ -646,7 +646,7 @@ METHOD(notify_payload_t, set_spi, void,
case PROTO_AH:
case PROTO_ESP:
this->spi = chunk_alloc(4);
- *((u_int32_t*)this->spi.ptr) = spi;
+ *((uint32_t*)this->spi.ptr) = spi;
break;
default:
break;
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 6907573..04160bb 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -200,14 +200,14 @@ struct notify_payload_t {
*
* @return protocol id of this payload
*/
- u_int8_t (*get_protocol_id) (notify_payload_t *this);
+ uint8_t (*get_protocol_id) (notify_payload_t *this);
/**
* Sets the protocol id of this payload.
*
* @param protocol_id protocol id to set
*/
- void (*set_protocol_id) (notify_payload_t *this, u_int8_t protocol_id);
+ void (*set_protocol_id) (notify_payload_t *this, uint8_t protocol_id);
/**
* Gets the notify message type of this payload.
@@ -230,7 +230,7 @@ struct notify_payload_t {
*
* @return SPI value
*/
- u_int32_t (*get_spi) (notify_payload_t *this);
+ uint32_t (*get_spi) (notify_payload_t *this);
/**
* Sets the spi of this payload.
@@ -239,7 +239,7 @@ struct notify_payload_t {
*
* @param spi SPI value
*/
- void (*set_spi) (notify_payload_t *this, u_int32_t spi);
+ void (*set_spi) (notify_payload_t *this, uint32_t spi);
/**
* Returns the currently set spi of this payload.
diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c
index f7c2754..6d1894e 100644
--- a/src/libcharon/encoding/payloads/payload.c
+++ b/src/libcharon/encoding/payloads/payload.c
@@ -268,7 +268,7 @@ payload_t *payload_create(payload_type_t type)
/**
* See header.
*/
-bool payload_is_known(payload_type_t type, u_int8_t maj_ver)
+bool payload_is_known(payload_type_t type, uint8_t maj_ver)
{
if (type >= PL_HEADER)
{
diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h
index 7200389..8ba1ef9 100644
--- a/src/libcharon/encoding/payloads/payload.h
+++ b/src/libcharon/encoding/payloads/payload.h
@@ -413,7 +413,7 @@ payload_t *payload_create(payload_type_t type);
* @param maj_ver major IKE version (use 0 to skip version check)
* @return FALSE if payload type handled as unknown payload
*/
-bool payload_is_known(payload_type_t type, u_int8_t maj_ver);
+bool payload_is_known(payload_type_t type, uint8_t maj_ver);
/**
* Get the value field in a payload using encoding rules.
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index 65ce667..1a435a8 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -45,37 +45,37 @@ struct private_proposal_substructure_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* reserved byte
*/
- u_int8_t reserved;
+ uint8_t reserved;
/**
* Length of this payload.
*/
- u_int16_t proposal_length;
+ uint16_t proposal_length;
/**
* Proposal number.
*/
- u_int8_t proposal_number;
+ uint8_t proposal_number;
/**
* Protocol ID.
*/
- u_int8_t protocol_id;
+ uint8_t protocol_id;
/**
* SPI size of the following SPI.
*/
- u_int8_t spi_size;
+ uint8_t spi_size;
/**
* Number of transforms.
*/
- u_int8_t transforms_count;
+ uint8_t transforms_count;
/**
* SPI is stored as chunk.
@@ -479,24 +479,24 @@ METHOD(proposal_substructure_t, set_is_last_proposal, void,
}
METHOD(proposal_substructure_t, set_proposal_number, void,
- private_proposal_substructure_t *this,u_int8_t proposal_number)
+ private_proposal_substructure_t *this,uint8_t proposal_number)
{
this->proposal_number = proposal_number;
}
-METHOD(proposal_substructure_t, get_proposal_number, u_int8_t,
+METHOD(proposal_substructure_t, get_proposal_number, uint8_t,
private_proposal_substructure_t *this)
{
return this->proposal_number;
}
METHOD(proposal_substructure_t, set_protocol_id, void,
- private_proposal_substructure_t *this,u_int8_t protocol_id)
+ private_proposal_substructure_t *this,uint8_t protocol_id)
{
this->protocol_id = protocol_id;
}
-METHOD(proposal_substructure_t, get_protocol_id, u_int8_t,
+METHOD(proposal_substructure_t, get_protocol_id, uint8_t,
private_proposal_substructure_t *this)
{
return this->protocol_id;
@@ -518,7 +518,7 @@ METHOD(proposal_substructure_t, get_spi, chunk_t,
}
METHOD(proposal_substructure_t, get_cpi, bool,
- private_proposal_substructure_t *this, u_int16_t *cpi)
+ private_proposal_substructure_t *this, uint16_t *cpi)
{
transform_substructure_t *transform;
@@ -554,7 +554,7 @@ static void add_to_proposal_v2(proposal_t *proposal,
{
transform_attribute_t *tattr;
enumerator_t *enumerator;
- u_int16_t key_length = 0;
+ uint16_t key_length = 0;
enumerator = transform->create_attribute_enumerator(transform);
while (enumerator->enumerate(enumerator, &tattr))
@@ -576,8 +576,8 @@ static void add_to_proposal_v2(proposal_t *proposal,
* Map IKEv1 to IKEv2 algorithms
*/
typedef struct {
- u_int16_t ikev1;
- u_int16_t ikev2;
+ uint16_t ikev1;
+ uint16_t ikev2;
} algo_map_t;
/**
@@ -681,8 +681,8 @@ static algo_map_t map_auth[] = {
/**
* Map an IKEv1 to an IKEv2 identifier
*/
-static u_int16_t ikev2_from_ikev1(algo_map_t *map, int count, u_int16_t def,
- u_int16_t value)
+static uint16_t ikev2_from_ikev1(algo_map_t *map, int count, uint16_t def,
+ uint16_t value)
{
int i;
@@ -699,7 +699,7 @@ static u_int16_t ikev2_from_ikev1(algo_map_t *map, int count, u_int16_t def,
/**
* Map an IKEv2 to an IKEv1 identifier
*/
-static u_int16_t ikev1_from_ikev2(algo_map_t *map, int count, u_int16_t value)
+static uint16_t ikev1_from_ikev2(algo_map_t *map, int count, uint16_t value)
{
int i;
@@ -716,7 +716,7 @@ static u_int16_t ikev1_from_ikev2(algo_map_t *map, int count, u_int16_t value)
/**
* Get IKEv2 algorithm from IKEv1 identifier
*/
-static u_int16_t get_alg_from_ikev1(transform_type_t type, u_int16_t value)
+static uint16_t get_alg_from_ikev1(transform_type_t type, uint16_t value)
{
switch (type)
{
@@ -737,7 +737,7 @@ static u_int16_t get_alg_from_ikev1(transform_type_t type, u_int16_t value)
/**
* Get IKEv1 algorithm from IKEv2 identifier
*/
-static u_int16_t get_ikev1_from_alg(transform_type_t type, u_int16_t value)
+static uint16_t get_ikev1_from_alg(transform_type_t type, uint16_t value)
{
switch (type)
{
@@ -755,8 +755,8 @@ static u_int16_t get_ikev1_from_alg(transform_type_t type, u_int16_t value)
/**
* Get IKEv2 algorithm from IKEv1 ESP/AH transform ID
*/
-static u_int16_t get_alg_from_ikev1_transid(transform_type_t type,
- u_int16_t value)
+static uint16_t get_alg_from_ikev1_transid(transform_type_t type,
+ uint16_t value)
{
switch (type)
{
@@ -774,8 +774,8 @@ static u_int16_t get_alg_from_ikev1_transid(transform_type_t type,
/**
* Get IKEv1 ESP/AH transform ID from IKEv2 identifier
*/
-static u_int16_t get_ikev1_transid_from_alg(transform_type_t type,
- u_int16_t value)
+static uint16_t get_ikev1_transid_from_alg(transform_type_t type,
+ uint16_t value)
{
switch (type)
{
@@ -791,7 +791,7 @@ static u_int16_t get_ikev1_transid_from_alg(transform_type_t type,
/**
* Get IKEv1 authentication algorithm from IKEv2 identifier
*/
-static u_int16_t get_alg_from_ikev1_auth(u_int16_t value)
+static uint16_t get_alg_from_ikev1_auth(uint16_t value)
{
return ikev2_from_ikev1(map_auth, countof(map_auth), AUTH_UNDEFINED, value);
}
@@ -799,7 +799,7 @@ static u_int16_t get_alg_from_ikev1_auth(u_int16_t value)
/**
* Get IKEv1 authentication algorithm from IKEv2 identifier
*/
-static u_int16_t get_ikev1_auth_from_alg(u_int16_t value)
+static uint16_t get_ikev1_auth_from_alg(uint16_t value)
{
return ikev1_from_ikev2(map_auth, countof(map_auth), value);
}
@@ -807,7 +807,7 @@ static u_int16_t get_ikev1_auth_from_alg(u_int16_t value)
/**
* Get IKEv1 authentication attribute from auth_method_t
*/
-static u_int16_t get_ikev1_auth(auth_method_t method)
+static uint16_t get_ikev1_auth(auth_method_t method)
{
switch (method)
{
@@ -842,7 +842,7 @@ static u_int16_t get_ikev1_auth(auth_method_t method)
/**
* Get IKEv1 encapsulation mode
*/
-static u_int16_t get_ikev1_mode(ipsec_mode_t mode, encap_t udp)
+static uint16_t get_ikev1_mode(ipsec_mode_t mode, encap_t udp)
{
switch (mode)
{
@@ -880,8 +880,8 @@ static void add_to_proposal_v1_ike(proposal_t *proposal,
transform_attribute_type_t type;
transform_attribute_t *tattr;
enumerator_t *enumerator;
- u_int16_t value, key_length = 0;
- u_int16_t encr = ENCR_UNDEFINED;
+ uint16_t value, key_length = 0;
+ uint16_t encr = ENCR_UNDEFINED;
enumerator = transform->create_attribute_enumerator(transform);
while (enumerator->enumerate(enumerator, &tattr))
@@ -932,7 +932,8 @@ static void add_to_proposal_v1(proposal_t *proposal,
transform_attribute_type_t type;
transform_attribute_t *tattr;
enumerator_t *enumerator;
- u_int16_t encr, value, key_length = 0;
+ uint16_t encr, value, key_length = 0;
+ extended_sequence_numbers_t esn = NO_EXT_SEQ_NUMBERS;
enumerator = transform->create_attribute_enumerator(transform);
while (enumerator->enumerate(enumerator, &tattr))
@@ -952,15 +953,16 @@ static void add_to_proposal_v1(proposal_t *proposal,
proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP,
value, 0);
break;
+ case TATTR_PH2_EXT_SEQ_NUMBER:
+ esn = EXT_SEQ_NUMBERS;
+ break;
default:
break;
}
}
enumerator->destroy(enumerator);
- /* TODO-IKEv1: handle ESN attribute */
- proposal->add_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS,
- NO_EXT_SEQ_NUMBERS, 0);
+ proposal->add_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS, esn, 0);
if (proto == PROTO_ESP)
{
encr = get_alg_from_ikev1_transid(ENCRYPTION_ALGORITHM,
@@ -985,15 +987,15 @@ METHOD(proposal_substructure_t, get_proposals, void,
transform_substructure_t *transform;
enumerator_t *enumerator;
proposal_t *proposal = NULL;
- u_int64_t spi = 0;
+ uint64_t spi = 0;
switch (this->spi.len)
{
case 4:
- spi = *((u_int32_t*)this->spi.ptr);
+ spi = *((uint32_t*)this->spi.ptr);
break;
case 8:
- spi = *((u_int64_t*)this->spi.ptr);
+ spi = *((uint64_t*)this->spi.ptr);
break;
default:
break;
@@ -1042,7 +1044,7 @@ METHOD(proposal_substructure_t, create_substructure_enumerator, enumerator_t*,
/**
* Get an attribute from any transform, 0 if not found
*/
-static u_int64_t get_attr(private_proposal_substructure_t *this,
+static uint64_t get_attr(private_proposal_substructure_t *this,
transform_attribute_type_t type)
{
enumerator_t *transforms, *attributes;
@@ -1071,7 +1073,7 @@ static u_int64_t get_attr(private_proposal_substructure_t *this,
/**
* Look up a lifetime duration of a given kind in all transforms
*/
-static u_int64_t get_life_duration(private_proposal_substructure_t *this,
+static uint64_t get_life_duration(private_proposal_substructure_t *this,
transform_attribute_type_t type_attr, ikev1_life_type_t type,
transform_attribute_type_t dur_attr)
{
@@ -1105,10 +1107,10 @@ static u_int64_t get_life_duration(private_proposal_substructure_t *this,
return 0;
}
-METHOD(proposal_substructure_t, get_lifetime, u_int32_t,
+METHOD(proposal_substructure_t, get_lifetime, uint32_t,
private_proposal_substructure_t *this)
{
- u_int32_t duration;
+ uint32_t duration;
switch (this->protocol_id)
{
@@ -1129,7 +1131,7 @@ METHOD(proposal_substructure_t, get_lifetime, u_int32_t,
}
}
-METHOD(proposal_substructure_t, get_lifebytes, u_int64_t,
+METHOD(proposal_substructure_t, get_lifebytes, uint64_t,
private_proposal_substructure_t *this)
{
switch (this->protocol_id)
@@ -1259,11 +1261,11 @@ proposal_substructure_t *proposal_substructure_create(payload_type_t type)
* Add an IKEv1 IKE proposal to the substructure
*/
static void set_from_proposal_v1_ike(private_proposal_substructure_t *this,
- proposal_t *proposal, u_int32_t lifetime,
+ proposal_t *proposal, uint32_t lifetime,
auth_method_t method, int number)
{
transform_substructure_t *transform;
- u_int16_t alg, key_size;
+ uint16_t alg, key_size;
enumerator_t *enumerator;
transform = transform_substructure_create_type(PLV1_TRANSFORM_SUBSTRUCTURE,
@@ -1330,11 +1332,11 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this,
* Add an IKEv1 ESP/AH proposal to the substructure
*/
static void set_from_proposal_v1(private_proposal_substructure_t *this,
- proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes,
+ proposal_t *proposal, uint32_t lifetime, uint64_t lifebytes,
ipsec_mode_t mode, encap_t udp, int number)
{
transform_substructure_t *transform = NULL;
- u_int16_t alg, transid, key_size;
+ uint16_t alg, transid, key_size;
enumerator_t *enumerator;
enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM);
@@ -1410,6 +1412,18 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this,
TATTR_PH2_SA_LIFE_DURATION, lifebytes / 1000));
}
+ enumerator = proposal->create_enumerator(proposal,
+ EXTENDED_SEQUENCE_NUMBERS);
+ while (enumerator->enumerate(enumerator, &alg, NULL))
+ {
+ if (alg == EXT_SEQ_NUMBERS)
+ {
+ transform->add_transform_attribute(transform,
+ transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE,
+ TATTR_PH2_EXT_SEQ_NUMBER, alg));
+ }
+ }
+ enumerator->destroy(enumerator);
add_transform_substructure(this, transform);
}
@@ -1420,7 +1434,7 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this,
proposal_t *proposal)
{
transform_substructure_t *transform;
- u_int16_t alg, key_size;
+ uint16_t alg, key_size;
enumerator_t *enumerator;
/* encryption algorithm is only available in ESP */
@@ -1485,8 +1499,8 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this,
*/
static void set_data(private_proposal_substructure_t *this, proposal_t *proposal)
{
- u_int64_t spi64;
- u_int32_t spi32;
+ uint64_t spi64;
+ uint32_t spi32;
/* add SPI, if necessary */
switch (proposal->get_protocol(proposal))
@@ -1533,7 +1547,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2(
* See header.
*/
proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
- proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes,
+ proposal_t *proposal, uint32_t lifetime, uint64_t lifebytes,
auth_method_t auth, ipsec_mode_t mode, encap_t udp)
{
private_proposal_substructure_t *this;
@@ -1562,7 +1576,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
* See header.
*/
proposal_substructure_t *proposal_substructure_create_from_proposals_v1(
- linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes,
+ linked_list_t *proposals, uint32_t lifetime, uint64_t lifebytes,
auth_method_t auth, ipsec_mode_t mode, encap_t udp)
{
private_proposal_substructure_t *this = NULL;
@@ -1607,8 +1621,8 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1(
* See header.
*/
proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1(
- u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi,
- ipsec_mode_t mode, encap_t udp, u_int8_t proposal_number)
+ uint32_t lifetime, uint64_t lifebytes, uint16_t cpi,
+ ipsec_mode_t mode, encap_t udp, uint8_t proposal_number)
{
private_proposal_substructure_t *this;
transform_substructure_t *transform;
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h
index c4614b8..796c108 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.h
+++ b/src/libcharon/encoding/payloads/proposal_substructure.h
@@ -59,13 +59,13 @@ struct proposal_substructure_t {
* @param id proposal number to set
*/
void (*set_proposal_number) (proposal_substructure_t *this,
- u_int8_t proposal_number);
+ uint8_t proposal_number);
/**
* get proposal number of current proposal.
*
* @return proposal number of current proposal substructure.
*/
- u_int8_t (*get_proposal_number) (proposal_substructure_t *this);
+ uint8_t (*get_proposal_number) (proposal_substructure_t *this);
/**
* Sets the protocol id of current proposal.
@@ -73,14 +73,14 @@ struct proposal_substructure_t {
* @param id protocol id to set
*/
void (*set_protocol_id) (proposal_substructure_t *this,
- u_int8_t protocol_id);
+ uint8_t protocol_id);
/**
* get protocol id of current proposal.
*
* @return protocol id of current proposal substructure.
*/
- u_int8_t (*get_protocol_id) (proposal_substructure_t *this);
+ uint8_t (*get_protocol_id) (proposal_substructure_t *this);
/**
* Sets the next_payload field of this substructure
@@ -114,7 +114,7 @@ struct proposal_substructure_t {
* @param cpi the CPI if a supported algorithm is proposed
* @return TRUE if a supported algorithm is proposed
*/
- bool (*get_cpi) (proposal_substructure_t *this, u_int16_t *cpi);
+ bool (*get_cpi) (proposal_substructure_t *this, uint16_t *cpi);
/**
* Get proposals contained in a propsal_substructure_t.
@@ -135,14 +135,14 @@ struct proposal_substructure_t {
*
* @return lifetime, in seconds
*/
- u_int32_t (*get_lifetime)(proposal_substructure_t *this);
+ uint32_t (*get_lifetime)(proposal_substructure_t *this);
/**
* Get the (shortest) life duration of a proposal (IKEv1 only).
*
* @return life duration, in bytes
*/
- u_int64_t (*get_lifebytes)(proposal_substructure_t *this);
+ uint64_t (*get_lifebytes)(proposal_substructure_t *this);
/**
* Get the first authentication method from the proposal (IKEv1 only).
@@ -193,7 +193,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2(
* @return proposal_substructure_t object PLV1_PROPOSAL_SUBSTRUCTURE
*/
proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
- proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes,
+ proposal_t *proposal, uint32_t lifetime, uint64_t lifebytes,
auth_method_t auth, ipsec_mode_t mode, encap_t udp);
/**
@@ -208,7 +208,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
* @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE
*/
proposal_substructure_t *proposal_substructure_create_from_proposals_v1(
- linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes,
+ linked_list_t *proposals, uint32_t lifetime, uint64_t lifebytes,
auth_method_t auth, ipsec_mode_t mode, encap_t udp);
/**
@@ -224,7 +224,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1(
* @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE
*/
proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1(
- u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi,
- ipsec_mode_t mode, encap_t udp, u_int8_t proposal_number);
+ uint32_t lifetime, uint64_t lifebytes, uint16_t cpi,
+ ipsec_mode_t mode, encap_t udp, uint8_t proposal_number);
#endif /** PROPOSAL_SUBSTRUCTURE_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c
index 407038a..9c0b071 100644
--- a/src/libcharon/encoding/payloads/sa_payload.c
+++ b/src/libcharon/encoding/payloads/sa_payload.c
@@ -41,7 +41,7 @@ struct private_sa_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -56,7 +56,7 @@ struct private_sa_payload_t {
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Proposals in this payload are stored in a linked_list_t.
@@ -71,12 +71,12 @@ struct private_sa_payload_t {
/**
* IKEv1 DOI
*/
- u_int32_t doi;
+ uint32_t doi;
/**
* IKEv1 situation
*/
- u_int32_t situation;
+ uint32_t situation;
};
/**
@@ -342,7 +342,7 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*,
}
METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*,
- private_sa_payload_t *this, u_int16_t *cpi)
+ private_sa_payload_t *this, uint16_t *cpi)
{
int current_proposal = -1, unsupported_proposal = -1;
enumerator_t *enumerator;
@@ -353,8 +353,8 @@ METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*,
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &substruct))
{
- u_int8_t proposal_number = substruct->get_proposal_number(substruct);
- u_int8_t protocol_id = substruct->get_protocol_id(substruct);
+ uint8_t proposal_number = substruct->get_proposal_number(substruct);
+ uint8_t protocol_id = substruct->get_protocol_id(substruct);
if (proposal_number == unsupported_proposal)
{
@@ -403,12 +403,12 @@ METHOD(sa_payload_t, create_substructure_enumerator, enumerator_t*,
return this->proposals->create_enumerator(this->proposals);
}
-METHOD(sa_payload_t, get_lifetime, u_int32_t,
+METHOD(sa_payload_t, get_lifetime, uint32_t,
private_sa_payload_t *this)
{
proposal_substructure_t *substruct;
enumerator_t *enumerator;
- u_int32_t lifetime = 0;
+ uint32_t lifetime = 0;
enumerator = this->proposals->create_enumerator(this->proposals);
if (enumerator->enumerate(enumerator, &substruct))
@@ -420,12 +420,12 @@ METHOD(sa_payload_t, get_lifetime, u_int32_t,
return lifetime;
}
-METHOD(sa_payload_t, get_lifebytes, u_int64_t,
+METHOD(sa_payload_t, get_lifebytes, uint64_t,
private_sa_payload_t *this)
{
proposal_substructure_t *substruct;
enumerator_t *enumerator;
- u_int64_t lifebytes = 0;
+ uint64_t lifebytes = 0;
enumerator = this->proposals->create_enumerator(this->proposals);
if (enumerator->enumerate(enumerator, &substruct))
@@ -558,9 +558,9 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal)
* Described in header.
*/
sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
- u_int32_t lifetime, u_int64_t lifebytes,
+ uint32_t lifetime, uint64_t lifebytes,
auth_method_t auth, ipsec_mode_t mode,
- encap_t udp, u_int16_t cpi)
+ encap_t udp, uint16_t cpi)
{
proposal_substructure_t *substruct;
private_sa_payload_t *this;
@@ -580,7 +580,7 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
substruct->set_is_last_proposal(substruct, FALSE);
if (cpi)
{
- u_int8_t proposal_number = substruct->get_proposal_number(substruct);
+ uint8_t proposal_number = substruct->get_proposal_number(substruct);
substruct = proposal_substructure_create_for_ipcomp_v1(lifetime,
lifebytes, cpi, mode, udp, proposal_number);
@@ -602,9 +602,9 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
* Described in header.
*/
sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal,
- u_int32_t lifetime, u_int64_t lifebytes,
+ uint32_t lifetime, uint64_t lifebytes,
auth_method_t auth, ipsec_mode_t mode,
- encap_t udp, u_int16_t cpi)
+ encap_t udp, uint16_t cpi)
{
private_sa_payload_t *this;
linked_list_t *proposals;
diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h
index 0ddf361..f01c451 100644
--- a/src/libcharon/encoding/payloads/sa_payload.h
+++ b/src/libcharon/encoding/payloads/sa_payload.h
@@ -57,21 +57,21 @@ struct sa_payload_t {
* @param cpi the CPI of the first IPComp (sub)proposal
* @return a list containing proposal_ts
*/
- linked_list_t *(*get_ipcomp_proposals) (sa_payload_t *this, u_int16_t *cpi);
+ linked_list_t *(*get_ipcomp_proposals) (sa_payload_t *this, uint16_t *cpi);
/**
* Get the (shortest) lifetime of a proposal (IKEv1 only).
*
* @return lifetime, in seconds
*/
- u_int32_t (*get_lifetime)(sa_payload_t *this);
+ uint32_t (*get_lifetime)(sa_payload_t *this);
/**
* Get the (shortest) life duration of a proposal (IKEv1 only).
*
* @return life duration, in bytes
*/
- u_int64_t (*get_lifebytes)(sa_payload_t *this);
+ uint64_t (*get_lifebytes)(sa_payload_t *this);
/**
* Get the first authentication method from the proposal (IKEv1 only).
@@ -138,9 +138,9 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal);
* @return sa_payload_t object
*/
sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
- u_int32_t lifetime, u_int64_t lifebytes,
+ uint32_t lifetime, uint64_t lifebytes,
auth_method_t auth, ipsec_mode_t mode, encap_t udp,
- u_int16_t cpi);
+ uint16_t cpi);
/**
* Creates an IKEv1 sa_payload_t object from a single proposal.
@@ -155,8 +155,8 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
* @return sa_payload_t object
*/
sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal,
- u_int32_t lifetime, u_int64_t lifebytes,
+ uint32_t lifetime, uint64_t lifebytes,
auth_method_t auth, ipsec_mode_t mode, encap_t udp,
- u_int16_t cpi);
+ uint16_t cpi);
#endif /** SA_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
index 83618ff..f69fee3 100644
--- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
@@ -35,27 +35,27 @@ struct private_traffic_selector_substructure_t {
/**
* Type of traffic selector.
*/
- u_int8_t ts_type;
+ uint8_t ts_type;
/**
* IP Protocol ID.
*/
- u_int8_t ip_protocol_id;
+ uint8_t ip_protocol_id;
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Start port number.
*/
- u_int16_t start_port;
+ uint16_t start_port;
/**
* End port number.
*/
- u_int16_t end_port;
+ uint16_t end_port;
/**
* Starting address.
diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.h b/src/libcharon/encoding/payloads/traffic_selector_substructure.h
index d3fbe84..c7a5443 100644
--- a/src/libcharon/encoding/payloads/traffic_selector_substructure.h
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.h
@@ -62,7 +62,7 @@ struct traffic_selector_substructure_t {
* @return type of traffic selector
*
*/
- u_int8_t (*get_protocol_id) (traffic_selector_substructure_t *this);
+ uint8_t (*get_protocol_id) (traffic_selector_substructure_t *this);
/**
* Set the IP protocol ID of Traffic selector
@@ -70,7 +70,7 @@ struct traffic_selector_substructure_t {
* @param protocol_id protocol ID of traffic selector
*/
void (*set_protocol_id) (traffic_selector_substructure_t *this,
- u_int8_t protocol_id);
+ uint8_t protocol_id);
/**
* Get the start port and address as host_t object.
diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c
index 4a5b52d..860607f 100644
--- a/src/libcharon/encoding/payloads/transform_attribute.c
+++ b/src/libcharon/encoding/payloads/transform_attribute.c
@@ -85,12 +85,12 @@ struct private_transform_attribute_t {
/**
* Type of the attribute.
*/
- u_int16_t attribute_type;
+ uint16_t attribute_type;
/**
* Attribute Length if attribute_format is 0, attribute Value otherwise.
*/
- u_int16_t attribute_length_or_value;
+ uint16_t attribute_length_or_value;
/**
* Attribute value as chunk if attribute_format is 0 (FALSE).
@@ -185,10 +185,10 @@ METHOD(transform_attribute_t, get_value_chunk, chunk_t,
return this->attribute_value;
}
-METHOD(transform_attribute_t, get_value, u_int64_t,
+METHOD(transform_attribute_t, get_value, uint64_t,
private_transform_attribute_t *this)
{
- u_int64_t value = 0;
+ uint64_t value = 0;
if (this->attribute_format)
{
@@ -203,7 +203,7 @@ METHOD(transform_attribute_t, get_value, u_int64_t,
return untoh64((char*)&value);
}
-METHOD(transform_attribute_t, get_attribute_type, u_int16_t,
+METHOD(transform_attribute_t, get_attribute_type, uint16_t,
private_transform_attribute_t *this)
{
return this->attribute_type;
@@ -250,7 +250,7 @@ transform_attribute_t *transform_attribute_create(payload_type_t type)
* Described in header.
*/
transform_attribute_t *transform_attribute_create_value(payload_type_t type,
- transform_attribute_type_t kind, u_int64_t value)
+ transform_attribute_type_t kind, uint64_t value)
{
private_transform_attribute_t *this;
@@ -265,7 +265,7 @@ transform_attribute_t *transform_attribute_create_value(payload_type_t type,
}
else if (value <= UINT32_MAX)
{
- u_int32_t val32;
+ uint32_t val32;
val32 = htonl(value);
this->attribute_value = chunk_clone(chunk_from_thing(val32));
diff --git a/src/libcharon/encoding/payloads/transform_attribute.h b/src/libcharon/encoding/payloads/transform_attribute.h
index 87e283b..2e86a40 100644
--- a/src/libcharon/encoding/payloads/transform_attribute.h
+++ b/src/libcharon/encoding/payloads/transform_attribute.h
@@ -109,14 +109,14 @@ struct transform_attribute_t {
*
* @return value
*/
- u_int64_t (*get_value) (transform_attribute_t *this);
+ uint64_t (*get_value) (transform_attribute_t *this);
/**
* get the type of the attribute.
*
* @return type of the value
*/
- u_int16_t (*get_attribute_type) (transform_attribute_t *this);
+ uint16_t (*get_attribute_type) (transform_attribute_t *this);
/**
* Destroys an transform_attribute_t object.
@@ -141,6 +141,6 @@ transform_attribute_t *transform_attribute_create(payload_type_t type);
* @return transform_attribute_t object
*/
transform_attribute_t *transform_attribute_create_value(payload_type_t type,
- transform_attribute_type_t kind, u_int64_t value);
+ transform_attribute_type_t kind, uint64_t value);
#endif /** TRANSFORM_ATTRIBUTE_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c
index 6885d61..11e4b46 100644
--- a/src/libcharon/encoding/payloads/transform_substructure.c
+++ b/src/libcharon/encoding/payloads/transform_substructure.c
@@ -40,32 +40,32 @@ struct private_transform_substructure_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Reserved byte
*/
- u_int8_t reserved[3];
+ uint8_t reserved[3];
/**
* Length of this payload.
*/
- u_int16_t transform_length;
+ uint16_t transform_length;
/**
* Type or number, Type of the transform in IKEv2, number in IKEv2.
*/
- u_int8_t transform_ton;
+ uint8_t transform_ton;
/**
* Transform ID, as encoded in IKEv1.
*/
- u_int8_t transform_id_v1;
+ uint8_t transform_id_v1;
/**
* Transform ID, as encoded in IKEv2.
*/
- u_int16_t transform_id_v2;
+ uint16_t transform_id_v2;
/**
* Transforms Attributes are stored in a linked_list_t.
@@ -235,13 +235,13 @@ METHOD(payload_t, set_next_type, void,
{
}
-METHOD(transform_substructure_t, get_transform_type_or_number, u_int8_t,
+METHOD(transform_substructure_t, get_transform_type_or_number, uint8_t,
private_transform_substructure_t *this)
{
return this->transform_ton;
}
-METHOD(transform_substructure_t, get_transform_id, u_int16_t,
+METHOD(transform_substructure_t, get_transform_id, uint16_t,
private_transform_substructure_t *this)
{
if (this->type == PLV2_TRANSFORM_SUBSTRUCTURE)
@@ -303,7 +303,7 @@ transform_substructure_t *transform_substructure_create(payload_type_t type)
* Described in header
*/
transform_substructure_t *transform_substructure_create_type(payload_type_t type,
- u_int8_t type_or_number, u_int16_t id)
+ uint8_t type_or_number, uint16_t id)
{
private_transform_substructure_t *this;
diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h
index ba821d3..e75dc27 100644
--- a/src/libcharon/encoding/payloads/transform_substructure.h
+++ b/src/libcharon/encoding/payloads/transform_substructure.h
@@ -72,14 +72,14 @@ struct transform_substructure_t {
*
* @return Transform type of current transform substructure.
*/
- u_int8_t (*get_transform_type_or_number) (transform_substructure_t *this);
+ uint8_t (*get_transform_type_or_number) (transform_substructure_t *this);
/**
* Get transform id of the current transform.
*
* @return Transform id of current transform substructure.
*/
- u_int16_t (*get_transform_id) (transform_substructure_t *this);
+ uint16_t (*get_transform_id) (transform_substructure_t *this);
/**
* Create an enumerator over transform attributes.
@@ -111,6 +111,6 @@ transform_substructure_t *transform_substructure_create(payload_type_t type);
* @return transform_substructure_t object
*/
transform_substructure_t *transform_substructure_create_type(payload_type_t type,
- u_int8_t type_or_number, u_int16_t id);
+ uint8_t type_or_number, uint16_t id);
#endif /** TRANSFORM_SUBSTRUCTURE_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c
index e74b9ae..0b2d4de 100644
--- a/src/libcharon/encoding/payloads/ts_payload.c
+++ b/src/libcharon/encoding/payloads/ts_payload.c
@@ -42,7 +42,7 @@ struct private_ts_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -62,12 +62,12 @@ struct private_ts_payload_t {
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* Number of traffic selectors
*/
- u_int8_t ts_num;
+ uint8_t ts_num;
/**
* Contains the traffic selectors of type traffic_selector_substructure_t.
diff --git a/src/libcharon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c
index c69254f..adbf2c8 100644
--- a/src/libcharon/encoding/payloads/unknown_payload.c
+++ b/src/libcharon/encoding/payloads/unknown_payload.c
@@ -39,7 +39,7 @@ struct private_unknown_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -54,7 +54,7 @@ struct private_unknown_payload_t {
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* The contained data.
diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c
index 400e064..7db9a69 100644
--- a/src/libcharon/encoding/payloads/vendor_id_payload.c
+++ b/src/libcharon/encoding/payloads/vendor_id_payload.c
@@ -34,7 +34,7 @@ struct private_vendor_id_payload_t {
/**
* Next payload type.
*/
- u_int8_t next_payload;
+ uint8_t next_payload;
/**
* Critical flag.
@@ -49,7 +49,7 @@ struct private_vendor_id_payload_t {
/**
* Length of this payload.
*/
- u_int16_t payload_length;
+ uint16_t payload_length;
/**
* The contained data.
diff --git a/src/libcharon/kernel/kernel_handler.c b/src/libcharon/kernel/kernel_handler.c
index be37d30..7112190 100644
--- a/src/libcharon/kernel/kernel_handler.c
+++ b/src/libcharon/kernel/kernel_handler.c
@@ -39,7 +39,7 @@ struct private_kernel_handler_t {
/**
* convert an IP protocol identifier to the IKEv2 specific protocol identifier.
*/
-static inline protocol_id_t proto_ip2ike(u_int8_t protocol)
+static inline protocol_id_t proto_ip2ike(uint8_t protocol)
{
switch (protocol)
{
@@ -53,7 +53,7 @@ static inline protocol_id_t proto_ip2ike(u_int8_t protocol)
}
METHOD(kernel_listener_t, acquire, bool,
- private_kernel_handler_t *this, u_int32_t reqid,
+ private_kernel_handler_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
{
if (src_ts && dst_ts)
@@ -71,7 +71,7 @@ METHOD(kernel_listener_t, acquire, bool,
}
METHOD(kernel_listener_t, expire, bool,
- private_kernel_handler_t *this, u_int8_t protocol, u_int32_t spi,
+ private_kernel_handler_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, bool hard)
{
protocol_id_t proto = proto_ip2ike(protocol);
@@ -93,7 +93,7 @@ METHOD(kernel_listener_t, expire, bool,
}
METHOD(kernel_listener_t, mapping, bool,
- private_kernel_handler_t *this, u_int8_t protocol, u_int32_t spi,
+ private_kernel_handler_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, host_t *remote)
{
protocol_id_t proto = proto_ip2ike(protocol);
@@ -108,7 +108,7 @@ METHOD(kernel_listener_t, mapping, bool,
}
METHOD(kernel_listener_t, migrate, bool,
- private_kernel_handler_t *this, u_int32_t reqid,
+ private_kernel_handler_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, host_t *local, host_t *remote)
{
diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c
index 40c4ee5..7b39a02 100644
--- a/src/libcharon/kernel/kernel_interface.c
+++ b/src/libcharon/kernel/kernel_interface.c
@@ -1,6 +1,7 @@
/*
- * Copyright (C) 2008-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2008-2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -62,12 +63,12 @@ struct kernel_algorithm_t {
/**
* Identifier specified in IKE
*/
- u_int16_t ike;
+ uint16_t ike;
/**
* Identifier as defined in pfkeyv2.h
*/
- u_int16_t kernel;
+ uint16_t kernel;
/**
* Name of the algorithm in linux crypto API
@@ -166,7 +167,7 @@ METHOD(kernel_interface_t, get_features, kernel_feature_t,
METHOD(kernel_interface_t, get_spi, status_t,
private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi)
+ uint8_t protocol, uint32_t *spi)
{
if (!this->ipsec)
{
@@ -177,7 +178,7 @@ METHOD(kernel_interface_t, get_spi, status_t,
METHOD(kernel_interface_t, get_cpi, status_t,
private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi)
+ uint16_t *cpi)
{
if (!this->ipsec)
{
@@ -191,7 +192,7 @@ METHOD(kernel_interface_t, get_cpi, status_t,
*/
typedef struct {
/** allocated reqid */
- u_int32_t reqid;
+ uint32_t reqid;
/** references to this entry */
u_int refs;
/** inbound mark used for SA */
@@ -327,9 +328,9 @@ static array_t *array_from_ts_list(linked_list_t *list)
METHOD(kernel_interface_t, alloc_reqid, status_t,
private_kernel_interface_t *this,
linked_list_t *local_ts, linked_list_t *remote_ts,
- mark_t mark_in, mark_t mark_out, u_int32_t *reqid)
+ mark_t mark_in, mark_t mark_out, uint32_t *reqid)
{
- static u_int32_t counter = 0;
+ static uint32_t counter = 0;
reqid_entry_t *entry = NULL, *tmpl;
status_t status = SUCCESS;
@@ -379,7 +380,7 @@ METHOD(kernel_interface_t, alloc_reqid, status_t,
}
METHOD(kernel_interface_t, release_reqid, status_t,
- private_kernel_interface_t *this, u_int32_t reqid,
+ private_kernel_interface_t *this, uint32_t reqid,
mark_t mark_in, mark_t mark_out)
{
reqid_entry_t *entry, tmpl = {
@@ -415,59 +416,48 @@ METHOD(kernel_interface_t, release_reqid, status_t,
}
METHOD(kernel_interface_t, add_sa, status_t,
- private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
- u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound, bool update,
- linked_list_t *src_ts, linked_list_t *dst_ts)
+ private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
- mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode,
- ipcomp, cpi, replay_window, initiator, encap, esn, inbound,
- update, src_ts, dst_ts);
+ return this->ipsec->add_sa(this->ipsec, id, data);
}
METHOD(kernel_interface_t, update_sa, status_t,
- private_kernel_interface_t *this, u_int32_t spi, u_int8_t protocol,
- u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap, mark_t mark)
+ private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst,
- new_src, new_dst, encap, new_encap, mark);
+ return this->ipsec->update_sa(this->ipsec, id, data);
}
METHOD(kernel_interface_t, query_sa, status_t,
- private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time)
+ private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
+ time_t *time)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark,
- bytes, packets, time);
+ return this->ipsec->query_sa(this->ipsec, id, data, bytes, packets, time);
}
METHOD(kernel_interface_t, del_sa, status_t,
- private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi,
- u_int8_t protocol, u_int16_t cpi, mark_t mark)
+ private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark);
+ return this->ipsec->del_sa(this->ipsec, id, data);
}
METHOD(kernel_interface_t, flush_sas, status_t,
@@ -481,44 +471,36 @@ METHOD(kernel_interface_t, flush_sas, status_t,
}
METHOD(kernel_interface_t, add_policy, status_t,
- private_kernel_interface_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts,
- direction, type, sa, mark, priority);
+ return this->ipsec->add_policy(this->ipsec, id, data);
}
METHOD(kernel_interface_t, query_policy, status_t,
- private_kernel_interface_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
- time_t *use_time)
+ private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data, time_t *use_time)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts,
- direction, mark, use_time);
+ return this->ipsec->query_policy(this->ipsec, id, data, use_time);
}
METHOD(kernel_interface_t, del_policy, status_t,
- private_kernel_interface_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->del_policy(this->ipsec, src, dst, src_ts, dst_ts,
- direction, type, sa, mark, priority);
+ return this->ipsec->del_policy(this->ipsec, id, data);
}
METHOD(kernel_interface_t, flush_policies, status_t,
@@ -542,13 +524,14 @@ METHOD(kernel_interface_t, get_source_addr, host_t*,
}
METHOD(kernel_interface_t, get_nexthop, host_t*,
- private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src)
+ private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src,
+ char **iface)
{
if (!this->net)
{
return NULL;
}
- return this->net->get_nexthop(this->net, dest, prefix, src);
+ return this->net->get_nexthop(this->net, dest, prefix, src, iface);
}
METHOD(kernel_interface_t, get_interface, bool,
@@ -594,7 +577,7 @@ METHOD(kernel_interface_t, del_ip, status_t,
METHOD(kernel_interface_t, add_route, status_t,
private_kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
{
if (!this->net)
{
@@ -606,7 +589,7 @@ METHOD(kernel_interface_t, add_route, status_t,
METHOD(kernel_interface_t, del_route, status_t,
private_kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
{
if (!this->net)
{
@@ -627,7 +610,7 @@ METHOD(kernel_interface_t, bypass_socket, bool,
}
METHOD(kernel_interface_t, enable_udp_decap, bool,
- private_kernel_interface_t *this, int fd, int family, u_int16_t port)
+ private_kernel_interface_t *this, int fd, int family, uint16_t port)
{
if (!this->ipsec)
{
@@ -683,6 +666,10 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t,
if (ts->includes(ts, host))
{
*ip = host_create_any(family);
+ if (vip)
+ {
+ *vip = FALSE;
+ }
host->destroy(host);
DBG2(DBG_KNL, "using host %H", *ip);
return SUCCESS;
@@ -803,7 +790,7 @@ METHOD(kernel_interface_t, remove_listener, void,
}
METHOD(kernel_interface_t, acquire, void,
- private_kernel_interface_t *this, u_int32_t reqid,
+ private_kernel_interface_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
{
kernel_listener_t *listener;
@@ -823,7 +810,7 @@ METHOD(kernel_interface_t, acquire, void,
}
METHOD(kernel_interface_t, expire, void,
- private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ private_kernel_interface_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, bool hard)
{
kernel_listener_t *listener;
@@ -844,7 +831,7 @@ METHOD(kernel_interface_t, expire, void,
}
METHOD(kernel_interface_t, mapping, void,
- private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ private_kernel_interface_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, host_t *remote)
{
kernel_listener_t *listener;
@@ -865,7 +852,7 @@ METHOD(kernel_interface_t, mapping, void,
}
METHOD(kernel_interface_t, migrate, void,
- private_kernel_interface_t *this, u_int32_t reqid,
+ private_kernel_interface_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, host_t *local, host_t *remote)
{
@@ -919,8 +906,8 @@ METHOD(kernel_interface_t, tun, void,
}
METHOD(kernel_interface_t, register_algorithm, void,
- private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type,
- u_int16_t kernel_id, char *kernel_name)
+ private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type,
+ uint16_t kernel_id, char *kernel_name)
{
kernel_algorithm_t *algorithm;
@@ -937,8 +924,8 @@ METHOD(kernel_interface_t, register_algorithm, void,
}
METHOD(kernel_interface_t, lookup_algorithm, bool,
- private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type,
- u_int16_t *kernel_id, char **kernel_name)
+ private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type,
+ uint16_t *kernel_id, char **kernel_name)
{
kernel_algorithm_t *algorithm;
enumerator_t *enumerator;
diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h
index 6793c6c..225b409 100644
--- a/src/libcharon/kernel/kernel_interface.h
+++ b/src/libcharon/kernel/kernel_interface.h
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2006-2016 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -108,7 +108,7 @@ struct kernel_interface_t {
* @return SUCCESS if operation completed
*/
status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi);
+ uint8_t protocol, uint32_t *spi);
/**
* Get a Compression Parameter Index (CPI) from the kernel.
@@ -119,7 +119,7 @@ struct kernel_interface_t {
* @return SUCCESS if operation completed
*/
status_t (*get_cpi)(kernel_interface_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi);
+ uint16_t *cpi);
/**
* Allocate or confirm a reqid to use for a given SA pair.
@@ -141,7 +141,7 @@ struct kernel_interface_t {
status_t (*alloc_reqid)(kernel_interface_t *this,
linked_list_t *local_ts, linked_list_t *remote_ts,
mark_t mark_in, mark_t mark_out,
- u_int32_t *reqid);
+ uint32_t *reqid);
/**
* Release a previously allocated reqid.
@@ -151,7 +151,7 @@ struct kernel_interface_t {
* @param mark_out outbound mark on SA
* @return SUCCESS if reqid released
*/
- status_t (*release_reqid)(kernel_interface_t *this, u_int32_t reqid,
+ status_t (*release_reqid)(kernel_interface_t *this, uint32_t reqid,
mark_t mark_in, mark_t mark_out);
/**
@@ -160,41 +160,12 @@ struct kernel_interface_t {
* This function does install a single SA for a single protocol in one
* direction.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param reqid reqid for this SA
- * @param mark optional mark for this SA
- * @param tfc Traffic Flow Confidentiality padding for this SA
- * @param lifetime lifetime_cfg_t for this SA
- * @param enc_alg Algorithm to use for encryption (ESP only)
- * @param enc_key key to use for encryption
- * @param int_alg Algorithm to use for integrity protection
- * @param int_key key to use for integrity protection
- * @param mode mode of the SA (tunnel, transport)
- * @param ipcomp IPComp transform to use
- * @param cpi CPI for IPComp
- * @param replay_window anti-replay window size
- * @param initiator TRUE if initiator of the exchange creating this SA
- * @param encap enable UDP encapsulation for NAT traversal
- * @param esn TRUE to use Extended Sequence Numbers
- * @param inbound TRUE if this is an inbound SA
- * @param update TRUE if an SPI has already been allocated for SA
- * @param src_ts list of source traffic selectors
- * @param dst_ts list of destination traffic selectors
+ * @param id data identifying this SA
+ * @param data data for this SA
* @return SUCCESS if operation completed
*/
- status_t (*add_sa) (kernel_interface_t *this,
- host_t *src, host_t *dst, u_int32_t spi,
- u_int8_t protocol, u_int32_t reqid, mark_t mark,
- u_int32_t tfc, lifetime_cfg_t *lifetime,
- u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- u_int32_t replay_window, bool initiator, bool encap,
- bool esn, bool inbound, bool update,
- linked_list_t *src_ts, linked_list_t *dst_ts);
+ status_t (*add_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data);
/**
* Update the hosts on an installed SA.
@@ -204,85 +175,55 @@ struct kernel_interface_t {
* to identify SAs. Therefore if the destination address changed we
* create a new SA and delete the old one.
*
- * @param spi SPI of the SA
- * @param protocol protocol for this SA (ESP/AH)
- * @param cpi CPI for IPComp, 0 if no IPComp is used
- * @param src current source address
- * @param dst current destination address
- * @param new_src new source address
- * @param new_dst new destination address
- * @param encap current use of UDP encapsulation
- * @param new_encap new use of UDP encapsulation
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data updated data for this SA
* @return SUCCESS if operation completed, NOT_SUPPORTED if
- * the kernel interface can't update the SA
+ * the kernel interface can't update the SA
*/
- status_t (*update_sa)(kernel_interface_t *this,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
- host_t *src, host_t *dst,
- host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap, mark_t mark);
+ status_t (*update_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data);
/**
* Query the number of bytes processed by an SA from the SAD.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data data to query the SA
* @param[out] bytes the number of bytes processed by SA
* @param[out] packets number of packets processed by SA
* @param[out] time last (monotonic) time of SA use
* @return SUCCESS if operation completed
*/
- status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time);
+ status_t (*query_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes,
+ uint64_t *packets, time_t *time);
/**
* Delete a previously installed SA from the SAD.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param cpi CPI for IPComp or 0
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data data to delete the SA
* @return SUCCESS if operation completed
*/
- status_t (*del_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
- mark_t mark);
+ status_t (*del_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data);
/**
* Flush all SAs from the SAD.
*
* @return SUCCESS if operation completed
*/
- status_t (*flush_sas) (kernel_interface_t *this);
+ status_t (*flush_sas)(kernel_interface_t *this);
/**
* Add a policy to the SPD.
*
- * @param src source address of SA
- * @param dst dest address of SA
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
- * @param sa details about the SA(s) tied to this policy
- * @param mark mark for this policy
- * @param priority priority of this policy
+ * @param id data identifying this policy
+ * @param data data for this policy
* @return SUCCESS if operation completed
*/
- status_t (*add_policy) (kernel_interface_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority);
+ status_t (*add_policy)(kernel_interface_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data);
/**
* Query the use time of a policy.
@@ -290,47 +231,33 @@ struct kernel_interface_t {
* The use time of a policy is the time the policy was used
* for the last time.
*
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param mark optional mark
- * @param[out] use_time the (monotonic) time of this SA's last use
+ * @param id data identifying this policy
+ * @param data data to query the policy
+ * @param[out] use_time the monotonic timestamp of this SA's last use
* @return SUCCESS if operation completed
*/
- status_t (*query_policy) (kernel_interface_t *this,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, mark_t mark,
- time_t *use_time);
+ status_t (*query_policy)(kernel_interface_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data,
+ time_t *use_time);
/**
* Remove a policy from the SPD.
*
- * @param src source address of SA
- * @param dst dest address of SA
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
- * @param sa details about the SA(s) tied to this policy
- * @param mark mark for this policy
- * @param priority priority of the policy
+ * @param id data identifying this policy
+ * @param data data for this policy
* @return SUCCESS if operation completed
*/
- status_t (*del_policy) (kernel_interface_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority);
+ status_t (*del_policy)(kernel_interface_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data);
/**
* Flush all policies from the SPD.
*
* @return SUCCESS if operation completed
*/
- status_t (*flush_policies) (kernel_interface_t *this);
+ status_t (*flush_policies)(kernel_interface_t *this);
/**
* Get our outgoing source address for a destination.
@@ -358,10 +285,12 @@ struct kernel_interface_t {
* @param dest target destination address
* @param prefix prefix length if dest is a subnet, -1 for auto
* @param src source address to check, or NULL
+ * @param[out] iface allocated name of the interface to reach dest, if
+ * available (optional)
* @return next hop address, NULL if unreachable
*/
host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest,
- int prefix, host_t *src);
+ int prefix, host_t *src, char **iface);
/**
* Get the interface name of a local address. Interfaces that are down or
@@ -426,7 +355,7 @@ struct kernel_interface_t {
* ALREADY_DONE if the route already exists
*/
status_t (*add_route) (kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip,
char *if_name);
/**
@@ -440,7 +369,7 @@ struct kernel_interface_t {
* @return SUCCESS if operation completed
*/
status_t (*del_route) (kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip,
char *if_name);
/**
@@ -461,7 +390,7 @@ struct kernel_interface_t {
* @return TRUE if UDP decapsulation was enabled successfully
*/
bool (*enable_udp_decap)(kernel_interface_t *this, int fd, int family,
- u_int16_t port);
+ uint16_t port);
/**
@@ -561,7 +490,7 @@ struct kernel_interface_t {
* @param src_ts source traffic selector
* @param dst_ts destination traffic selector
*/
- void (*acquire)(kernel_interface_t *this, u_int32_t reqid,
+ void (*acquire)(kernel_interface_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
/**
@@ -572,7 +501,7 @@ struct kernel_interface_t {
* @param dst destination address of expired SA
* @param hard TRUE if it is a hard expire, FALSE otherwise
*/
- void (*expire)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ void (*expire)(kernel_interface_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, bool hard);
/**
@@ -583,7 +512,7 @@ struct kernel_interface_t {
* @param dst original destination address of SA
* @param remote new remote host
*/
- void (*mapping)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ void (*mapping)(kernel_interface_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, host_t *remote);
/**
@@ -596,7 +525,7 @@ struct kernel_interface_t {
* @param local local host address to be used in the IKE_SA
* @param remote remote host address to be used in the IKE_SA
*/
- void (*migrate)(kernel_interface_t *this, u_int32_t reqid,
+ void (*migrate)(kernel_interface_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, host_t *local, host_t *remote);
@@ -623,8 +552,8 @@ struct kernel_interface_t {
* @param kernel_id the kernel id of the algorithm
* @param kernel_name the kernel name of the algorithm
*/
- void (*register_algorithm)(kernel_interface_t *this, u_int16_t alg_id,
- transform_type_t type, u_int16_t kernel_id,
+ void (*register_algorithm)(kernel_interface_t *this, uint16_t alg_id,
+ transform_type_t type, uint16_t kernel_id,
char *kernel_name);
/**
@@ -637,8 +566,8 @@ struct kernel_interface_t {
* @param kernel_name the kernel name of the algorithm (optional)
* @return TRUE if algorithm was found
*/
- bool (*lookup_algorithm)(kernel_interface_t *this, u_int16_t alg_id,
- transform_type_t type, u_int16_t *kernel_id,
+ bool (*lookup_algorithm)(kernel_interface_t *this, uint16_t alg_id,
+ transform_type_t type, uint16_t *kernel_id,
char **kernel_name);
/**
diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
index 31e0630..0ad5660 100644
--- a/src/libcharon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -1,9 +1,10 @@
/*
- * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2006-2016 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -25,6 +26,14 @@
#define KERNEL_IPSEC_H_
typedef struct kernel_ipsec_t kernel_ipsec_t;
+typedef struct kernel_ipsec_sa_id_t kernel_ipsec_sa_id_t;
+typedef struct kernel_ipsec_add_sa_t kernel_ipsec_add_sa_t;
+typedef struct kernel_ipsec_update_sa_t kernel_ipsec_update_sa_t;
+typedef struct kernel_ipsec_query_sa_t kernel_ipsec_query_sa_t;
+typedef struct kernel_ipsec_del_sa_t kernel_ipsec_del_sa_t;
+typedef struct kernel_ipsec_policy_id_t kernel_ipsec_policy_id_t;
+typedef struct kernel_ipsec_manage_policy_t kernel_ipsec_manage_policy_t;
+typedef struct kernel_ipsec_query_policy_t kernel_ipsec_query_policy_t;
#include <networking/host.h>
#include <ipsec/ipsec_types.h>
@@ -33,6 +42,137 @@ typedef struct kernel_ipsec_t kernel_ipsec_t;
#include <kernel/kernel_interface.h>
/**
+ * Data required to identify an SA in the kernel
+ */
+struct kernel_ipsec_sa_id_t {
+ /** Source address */
+ host_t *src;
+ /** Destination address */
+ host_t *dst;
+ /** SPI */
+ uint32_t spi;
+ /** Protocol (ESP/AH) */
+ uint8_t proto;
+ /** Optional mark */
+ mark_t mark;
+};
+
+/**
+ * Data required to add an SA to the kernel
+ */
+struct kernel_ipsec_add_sa_t {
+ /** Reqid */
+ uint32_t reqid;
+ /** Mode (tunnel, transport...) */
+ ipsec_mode_t mode;
+ /** List of source traffic selectors */
+ linked_list_t *src_ts;
+ /** List of destination traffic selectors */
+ linked_list_t *dst_ts;
+ /** Network interface restricting policy */
+ char *interface;
+ /** Lifetime configuration */
+ lifetime_cfg_t *lifetime;
+ /** Encryption algorithm */
+ uint16_t enc_alg;
+ /** Encryption key */
+ chunk_t enc_key;
+ /** Integrity protection algorithm */
+ uint16_t int_alg;
+ /** Integrity protection key */
+ chunk_t int_key;
+ /** Anti-replay window size */
+ uint32_t replay_window;
+ /** Traffic Flow Confidentiality padding */
+ uint32_t tfc;
+ /** IPComp transform */
+ uint16_t ipcomp;
+ /** CPI for IPComp */
+ uint16_t cpi;
+ /** TRUE to enable UDP encapsulation for NAT traversal */
+ bool encap;
+ /** TRUE to use Extended Sequence Numbers */
+ bool esn;
+ /** TRUE if initiator of the exchange creating the SA */
+ bool initiator;
+ /** TRUE if this is an inbound SA */
+ bool inbound;
+ /** TRUE if an SPI has already been allocated for this SA */
+ bool update;
+};
+
+/**
+ * Data required to update the hosts of an SA in the kernel
+ */
+struct kernel_ipsec_update_sa_t {
+ /** CPI in case IPComp is used */
+ uint16_t cpi;
+ /** New source address */
+ host_t *new_src;
+ /** New destination address */
+ host_t *new_dst;
+ /** TRUE if UDP encapsulation is currently enabled */
+ bool encap;
+ /** TRUE to enable UDP encapsulation */
+ bool new_encap;
+};
+
+/**
+ * Data required to query an SA in the kernel
+ */
+struct kernel_ipsec_query_sa_t {
+ uint16_t cpi;
+};
+
+/**
+ * Data required to delete an SA in the kernel
+ */
+struct kernel_ipsec_del_sa_t {
+ /** CPI in case IPComp is used */
+ uint16_t cpi;
+};
+
+/**
+ * Data identifying a policy in the kernel
+ */
+struct kernel_ipsec_policy_id_t {
+ /** Direction of traffic */
+ policy_dir_t dir;
+ /** Source traffic selector */
+ traffic_selector_t *src_ts;
+ /** Destination traffic selector */
+ traffic_selector_t *dst_ts;
+ /** Optional mark */
+ mark_t mark;
+ /** Network interface restricting policy */
+ char *interface;
+};
+
+/**
+ * Data required to add/delete a policy to/from the kernel
+ */
+struct kernel_ipsec_manage_policy_t {
+ /** Type of policy */
+ policy_type_t type;
+ /** Priority class */
+ policy_priority_t prio;
+ /** Manually-set priority (automatic if set to 0) */
+ uint32_t manual_prio;
+ /** Source address of the SA(s) tied to this policy */
+ host_t *src;
+ /** Destination address of the SA(s) tied to this policy */
+ host_t *dst;
+ /** Details about the SA(s) tied to this policy */
+ ipsec_sa_cfg_t *sa;
+};
+
+/**
+ * Data required to query a policy in the kernel
+ */
+struct kernel_ipsec_query_policy_t {
+};
+
+/**
* Interface to the ipsec subsystem of the kernel.
*
* The kernel ipsec interface handles the communication with the kernel
@@ -62,7 +202,7 @@ struct kernel_ipsec_t {
* @return SUCCESS if operation completed
*/
status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi);
+ uint8_t protocol, uint32_t *spi);
/**
* Get a Compression Parameter Index (CPI) from the kernel.
@@ -73,7 +213,7 @@ struct kernel_ipsec_t {
* @return SUCCESS if operation completed
*/
status_t (*get_cpi)(kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi);
+ uint16_t *cpi);
/**
* Add an SA to the SAD.
@@ -81,41 +221,12 @@ struct kernel_ipsec_t {
* This function does install a single SA for a single protocol in one
* direction.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param reqid unique ID for this SA
- * @param mark mark for this SA
- * @param tfc Traffic Flow Confidentiality padding for this SA
- * @param lifetime lifetime_cfg_t for this SA
- * @param enc_alg Algorithm to use for encryption (ESP only)
- * @param enc_key key to use for encryption
- * @param int_alg Algorithm to use for integrity protection
- * @param int_key key to use for integrity protection
- * @param mode mode of the SA (tunnel, transport)
- * @param ipcomp IPComp transform to use
- * @param cpi CPI for IPComp
- * @param replay_window anti-replay window size
- * @param initiator TRUE if initiator of the exchange creating this SA
- * @param encap enable UDP encapsulation for NAT traversal
- * @param esn TRUE to use Extended Sequence Numbers
- * @param inbound TRUE if this is an inbound SA
- * @param update TRUE if an SPI has already been allocated for SA
- * @param src_ts list of source traffic selectors
- * @param dst_ts list of destination traffic selectors
+ * @param id data identifying this SA
+ * @param data data for this SA
* @return SUCCESS if operation completed
*/
- status_t (*add_sa) (kernel_ipsec_t *this,
- host_t *src, host_t *dst, u_int32_t spi,
- u_int8_t protocol, u_int32_t reqid,
- mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime,
- u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- u_int32_t replay_window, bool initiator, bool encap,
- bool esn, bool inbound, bool update,
- linked_list_t *src_ts, linked_list_t *dst_ts);
+ status_t (*add_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data);
/**
* Update the hosts on an installed SA.
@@ -125,85 +236,55 @@ struct kernel_ipsec_t {
* to identify SAs. Therefore if the destination address changed we
* create a new SA and delete the old one.
*
- * @param spi SPI of the SA
- * @param protocol protocol for this SA (ESP/AH)
- * @param cpi CPI for IPComp, 0 if no IPComp is used
- * @param src current source address
- * @param dst current destination address
- * @param new_src new source address
- * @param new_dst new destination address
- * @param encap current use of UDP encapsulation
- * @param new_encap new use of UDP encapsulation
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data updated data for this SA
* @return SUCCESS if operation completed, NOT_SUPPORTED if
- * the kernel interface can't update the SA
+ * the kernel interface can't update the SA
*/
- status_t (*update_sa)(kernel_ipsec_t *this,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
- host_t *src, host_t *dst,
- host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap, mark_t mark);
+ status_t (*update_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data);
/**
* Query the number of bytes processed by an SA from the SAD.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data data to query the SA
* @param[out] bytes the number of bytes processed by SA
* @param[out] packets number of packets processed by SA
* @param[out] time last (monotonic) time of SA use
* @return SUCCESS if operation completed
*/
- status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time);
+ status_t (*query_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes,
+ uint64_t *packets, time_t *time);
/**
- * Delete a previusly installed SA from the SAD.
+ * Delete a previously installed SA from the SAD.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param cpi CPI for IPComp or 0
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data data to delete the SA
* @return SUCCESS if operation completed
*/
- status_t (*del_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
- mark_t mark);
+ status_t (*del_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data);
/**
* Flush all SAs from the SAD.
*
* @return SUCCESS if operation completed
*/
- status_t (*flush_sas) (kernel_ipsec_t *this);
+ status_t (*flush_sas)(kernel_ipsec_t *this);
/**
* Add a policy to the SPD.
*
- * @param src source address of SA
- * @param dst dest address of SA
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
- * @param sa details about the SA(s) tied to this policy
- * @param mark mark for this policy
- * @param priority priority of this policy
+ * @param id data identifying this policy
+ * @param data data for this policy
* @return SUCCESS if operation completed
*/
- status_t (*add_policy) (kernel_ipsec_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority);
+ status_t (*add_policy)(kernel_ipsec_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data);
/**
* Query the use time of a policy.
@@ -212,47 +293,33 @@ struct kernel_ipsec_t {
* time. It is not the system time, but a monotonic timestamp as returned
* by time_monotonic.
*
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param mark optional mark
+ * @param id data identifying this policy
+ * @param data data to query the policy
* @param[out] use_time the monotonic timestamp of this SA's last use
* @return SUCCESS if operation completed
*/
- status_t (*query_policy) (kernel_ipsec_t *this,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, mark_t mark,
- time_t *use_time);
+ status_t (*query_policy)(kernel_ipsec_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data,
+ time_t *use_time);
/**
* Remove a policy from the SPD.
*
- * @param src source address of SA
- * @param dst dest address of SA
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
- * @param sa details about the SA(s) tied to this policy
- * @param mark mark for this policy
- * @param priority priority of the policy
+ * @param id data identifying this policy
+ * @param data data for this policy
* @return SUCCESS if operation completed
*/
- status_t (*del_policy) (kernel_ipsec_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority);
+ status_t (*del_policy)(kernel_ipsec_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data);
/**
* Flush all policies from the SPD.
*
* @return SUCCESS if operation completed
*/
- status_t (*flush_policies) (kernel_ipsec_t *this);
+ status_t (*flush_policies)(kernel_ipsec_t *this);
/**
* Install a bypass policy for the given socket.
@@ -272,12 +339,12 @@ struct kernel_ipsec_t {
* @return TRUE if UDP decapsulation was enabled successfully
*/
bool (*enable_udp_decap)(kernel_ipsec_t *this, int fd, int family,
- u_int16_t port);
+ uint16_t port);
/**
* Destroy the implementation.
*/
- void (*destroy) (kernel_ipsec_t *this);
+ void (*destroy)(kernel_ipsec_t *this);
};
/**
diff --git a/src/libcharon/kernel/kernel_listener.h b/src/libcharon/kernel/kernel_listener.h
index 6426fae..aaeb4f5 100644
--- a/src/libcharon/kernel/kernel_listener.h
+++ b/src/libcharon/kernel/kernel_listener.h
@@ -43,7 +43,7 @@ struct kernel_listener_t {
* @param dst_ts destination traffic selector
* @return TRUE to remain registered, FALSE to unregister
*/
- bool (*acquire)(kernel_listener_t *this, u_int32_t reqid,
+ bool (*acquire)(kernel_listener_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
/**
@@ -55,7 +55,7 @@ struct kernel_listener_t {
* @param hard TRUE if it is a hard expire, FALSE otherwise
* @return TRUE to remain registered, FALSE to unregister
*/
- bool (*expire)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi,
+ bool (*expire)(kernel_listener_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, bool hard);
/**
@@ -67,7 +67,7 @@ struct kernel_listener_t {
* @param remote new remote host
* @return TRUE to remain registered, FALSE to unregister
*/
- bool (*mapping)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi,
+ bool (*mapping)(kernel_listener_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, host_t *remote);
/**
@@ -81,7 +81,7 @@ struct kernel_listener_t {
* @param remote remote host address to be used in the IKE_SA
* @return TRUE to remain registered, FALSE to unregister
*/
- bool (*migrate)(kernel_listener_t *this, u_int32_t reqid,
+ bool (*migrate)(kernel_listener_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, host_t *local, host_t *remote);
diff --git a/src/libcharon/kernel/kernel_net.h b/src/libcharon/kernel/kernel_net.h
index 7fc644a..1d78d6e 100644
--- a/src/libcharon/kernel/kernel_net.h
+++ b/src/libcharon/kernel/kernel_net.h
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2008-2012 Tobias Brunner
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -88,10 +88,12 @@ struct kernel_net_t {
* @param dest target destination address
* @param prefix prefix length if dest is a subnet, -1 for auto
* @param src source address to check, or NULL
+ * @param[out] iface allocated name of the interface to reach dest, if
+ * available (optional)
* @return next hop address, NULL if unreachable
*/
host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest, int prefix,
- host_t *src);
+ host_t *src, char **iface);
/**
* Get the interface name of a local address. Interfaces that are down or
@@ -156,7 +158,7 @@ struct kernel_net_t {
* ALREADY_DONE if the route already exists
*/
status_t (*add_route) (kernel_net_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip,
char *if_name);
/**
@@ -170,7 +172,7 @@ struct kernel_net_t {
* @return SUCCESS if operation completed
*/
status_t (*del_route) (kernel_net_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip,
char *if_name);
/**
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index ee357ca..1bf93ad 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -81,17 +81,17 @@ struct private_receiver_t {
/**
* how many times we have used "secret" so far
*/
- u_int32_t secret_used;
+ uint32_t secret_used;
/**
* time we did the cookie switch
*/
- u_int32_t secret_switch;
+ uint32_t secret_switch;
/**
* time offset to use, hides our system time
*/
- u_int32_t secret_offset;
+ uint32_t secret_offset;
/**
* the RNG to use for secret generation
@@ -106,7 +106,7 @@ struct private_receiver_t {
/**
* require cookies after this many half open IKE_SAs
*/
- u_int32_t cookie_threshold;
+ uint32_t cookie_threshold;
/**
* timestamp of last cookie requested
@@ -116,7 +116,7 @@ struct private_receiver_t {
/**
* how many half open IKE_SAs per peer before blocking
*/
- u_int32_t block_threshold;
+ uint32_t block_threshold;
/**
* Drop IKE_SA_INIT requests if processor job load exceeds this limit
@@ -192,9 +192,9 @@ static void send_notify(message_t *request, int major, exchange_type_t exchange,
* build a cookie
*/
static bool cookie_build(private_receiver_t *this, message_t *message,
- u_int32_t t, chunk_t secret, chunk_t *cookie)
+ uint32_t t, chunk_t secret, chunk_t *cookie)
{
- u_int64_t spi = message->get_initiator_spi(message);
+ uint64_t spi = message->get_initiator_spi(message);
host_t *ip = message->get_source(message);
chunk_t input, hash;
@@ -216,14 +216,14 @@ static bool cookie_build(private_receiver_t *this, message_t *message,
static bool cookie_verify(private_receiver_t *this, message_t *message,
chunk_t cookie)
{
- u_int32_t t, now;
+ uint32_t t, now;
chunk_t reference;
chunk_t secret;
now = time_monotonic(NULL);
- t = *(u_int32_t*)cookie.ptr;
+ t = *(uint32_t*)cookie.ptr;
- if (cookie.len != sizeof(u_int32_t) +
+ if (cookie.len != sizeof(uint32_t) +
this->hasher->get_hash_size(this->hasher) ||
t < now - this->secret_offset - COOKIE_LIFETIME)
{
@@ -269,15 +269,15 @@ static bool check_cookie(private_receiver_t *this, message_t *message)
data = message->get_packet_data(message);
if (data.len <
IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH +
- sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher) ||
+ sizeof(uint32_t) + this->hasher->get_hash_size(this->hasher) ||
*(data.ptr + 16) != PLV2_NOTIFY ||
- *(u_int16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE))
+ *(uint16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE))
{
/* no cookie found */
return FALSE;
}
data.ptr += IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH;
- data.len = sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher);
+ data.len = sizeof(uint32_t) + this->hasher->get_hash_size(this->hasher);
if (!cookie_verify(this, message, data))
{
DBG2(DBG_NET, "found cookie, but content invalid");
@@ -290,7 +290,7 @@ static bool check_cookie(private_receiver_t *this, message_t *message)
* Check if we currently require cookies
*/
static bool cookie_required(private_receiver_t *this,
- u_int half_open, u_int32_t now)
+ u_int half_open, uint32_t now)
{
if (this->cookie_threshold && half_open >= this->cookie_threshold)
{
@@ -322,7 +322,7 @@ static bool cookie_required(private_receiver_t *this,
static bool drop_ike_sa_init(private_receiver_t *this, message_t *message)
{
u_int half_open, half_open_r;
- u_int32_t now;
+ uint32_t now;
now = time_monotonic(NULL);
half_open = charon->ike_sa_manager->get_half_open_count(
@@ -620,7 +620,7 @@ METHOD(receiver_t, destroy, void,
receiver_t *receiver_create()
{
private_receiver_t *this;
- u_int32_t now = time_monotonic(NULL);
+ uint32_t now = time_monotonic(NULL);
INIT(this,
.public = {
diff --git a/src/libcharon/network/socket.h b/src/libcharon/network/socket.h
index e3cda3b..b084d96 100644
--- a/src/libcharon/network/socket.h
+++ b/src/libcharon/network/socket.h
@@ -99,7 +99,7 @@ struct socket_t {
* @param nat_t TRUE to get the port used to float in case of NAT-T
* @return the port
*/
- u_int16_t (*get_port)(socket_t *this, bool nat_t);
+ uint16_t (*get_port)(socket_t *this, bool nat_t);
/**
* Get the address families this socket is listening on.
diff --git a/src/libcharon/network/socket_manager.c b/src/libcharon/network/socket_manager.c
index 2a07e50..564608d 100644
--- a/src/libcharon/network/socket_manager.c
+++ b/src/libcharon/network/socket_manager.c
@@ -89,10 +89,10 @@ METHOD(socket_manager_t, sender, status_t,
return status;
}
-METHOD(socket_manager_t, get_port, u_int16_t,
+METHOD(socket_manager_t, get_port, uint16_t,
private_socket_manager_t *this, bool nat_t)
{
- u_int16_t port = 0;
+ uint16_t port = 0;
this->lock->read_lock(this->lock);
if (this->socket)
{
diff --git a/src/libcharon/network/socket_manager.h b/src/libcharon/network/socket_manager.h
index a07d080..cde7859 100644
--- a/src/libcharon/network/socket_manager.h
+++ b/src/libcharon/network/socket_manager.h
@@ -58,7 +58,7 @@ struct socket_manager_t {
* @param nat_t TRUE to get the port used to float in case of NAT-T
* @return the port, or 0, if no socket is registered
*/
- u_int16_t (*get_port)(socket_manager_t *this, bool nat_t);
+ uint16_t (*get_port)(socket_manager_t *this, bool nat_t);
/**
* Get the address families the registered socket is listening on.
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index b4ae6fa..3b49a85 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/addrblock
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/addrblock/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/addrblock/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index d901498..5f6ecbf 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/android_dns
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/android_dns/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/android_dns/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index 64fecd9..bee30d9 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/android_log
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/android_log/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/android_log/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in
index acb7d07..607fe3f 100644
--- a/src/libcharon/plugins/attr/Makefile.in
+++ b/src/libcharon/plugins/attr/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/attr
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/attr/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/attr/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/attr/attr_provider.c b/src/libcharon/plugins/attr/attr_provider.c
index 1de571c..f4c1436 100644
--- a/src/libcharon/plugins/attr/attr_provider.c
+++ b/src/libcharon/plugins/attr/attr_provider.c
@@ -272,10 +272,10 @@ static void load_entries(private_attr_provider_t *this)
{
if (family == AF_INET)
{ /* IPv4 attributes contain a subnet mask */
- u_int32_t netmask = 0;
+ uint32_t netmask = 0;
if (mask)
- { /* shifting u_int32_t by 32 or more is undefined */
+ { /* shifting uint32_t by 32 or more is undefined */
mask = 32 - mask;
netmask = htonl((0xFFFFFFFF >> mask) << mask);
}
diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in
index 8ee9f3f..d533a56 100644
--- a/src/libcharon/plugins/attr_sql/Makefile.in
+++ b/src/libcharon/plugins/attr_sql/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/attr_sql
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/attr_sql/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/attr_sql/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index be19d61..31e7861 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/certexpire
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/certexpire/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/certexpire/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -779,6 +792,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in
index eaf4f1e..c312821 100644
--- a/src/libcharon/plugins/connmark/Makefile.in
+++ b/src/libcharon/plugins/connmark/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/connmark
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +417,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/connmark/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/connmark/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/connmark/connmark_listener.c b/src/libcharon/plugins/connmark/connmark_listener.c
index 607316f..29f7cac 100644
--- a/src/libcharon/plugins/connmark/connmark_listener.c
+++ b/src/libcharon/plugins/connmark/connmark_listener.c
@@ -24,6 +24,7 @@
#include <libiptc/libiptc.h>
#include <linux/netfilter/xt_esp.h>
#include <linux/netfilter/xt_tcpudp.h>
+#include <linux/netfilter/xt_mark.h>
#include <linux/netfilter/xt_MARK.h>
#include <linux/netfilter/xt_policy.h>
#include <linux/netfilter/xt_CONNMARK.h>
@@ -56,7 +57,7 @@ struct private_connmark_listener_t {
static bool ts2in(traffic_selector_t *ts,
struct in_addr *addr, struct in_addr *mask)
{
- u_int8_t bits;
+ uint8_t bits;
host_t *net;
if (ts->get_type(ts) == TS_IPV4_ADDR_RANGE &&
@@ -119,15 +120,15 @@ static bool manage_rule(struct iptc_handle *ipth, const char *chain,
*/
static bool manage_pre_esp_in_udp(private_connmark_listener_t *this,
struct iptc_handle *ipth, bool add,
- u_int mark, u_int32_t spi,
+ u_int mark, uint32_t spi,
host_t *dst, host_t *src)
{
- u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
+ uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
XT_ALIGN(sizeof(struct xt_udp));
- u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
- u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
+ uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
+ uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
XT_ALIGN(sizeof(struct xt_mark_tginfo2));
- u_int16_t entry_size = target_offset + target_size;
+ uint16_t entry_size = target_offset + target_size;
u_char ipt[entry_size], *pos = ipt;
struct ipt_entry *e;
@@ -177,15 +178,15 @@ static bool manage_pre_esp_in_udp(private_connmark_listener_t *this,
*/
static bool manage_pre_esp(private_connmark_listener_t *this,
struct iptc_handle *ipth, bool add,
- u_int mark, u_int32_t spi,
+ u_int mark, uint32_t spi,
host_t *dst, host_t *src)
{
- u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
+ uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
XT_ALIGN(sizeof(struct xt_esp));
- u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
- u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
+ uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
+ uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
XT_ALIGN(sizeof(struct xt_mark_tginfo2));
- u_int16_t entry_size = target_offset + target_size;
+ uint16_t entry_size = target_offset + target_size;
u_char ipt[entry_size], *pos = ipt;
struct ipt_entry *e;
@@ -234,7 +235,7 @@ static bool manage_pre_esp(private_connmark_listener_t *this,
*/
static bool manage_pre(private_connmark_listener_t *this,
struct iptc_handle *ipth, bool add,
- u_int mark, u_int32_t spi, bool encap,
+ u_int mark, uint32_t spi, bool encap,
host_t *dst, host_t *src)
{
if (encap)
@@ -249,15 +250,15 @@ static bool manage_pre(private_connmark_listener_t *this,
*/
static bool manage_in(private_connmark_listener_t *this,
struct iptc_handle *ipth, bool add,
- u_int mark, u_int32_t spi,
+ u_int mark, uint32_t spi,
traffic_selector_t *dst, traffic_selector_t *src)
{
- u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
+ uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
XT_ALIGN(sizeof(struct xt_policy_info));
- u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
- u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
+ uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
+ uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
XT_ALIGN(sizeof(struct xt_connmark_tginfo1));
- u_int16_t entry_size = target_offset + target_size;
+ uint16_t entry_size = target_offset + target_size;
u_char ipt[entry_size], *pos = ipt;
struct ipt_entry *e;
@@ -315,12 +316,12 @@ static bool manage_out(private_connmark_listener_t *this,
struct iptc_handle *ipth, bool add,
traffic_selector_t *dst, traffic_selector_t *src)
{
- u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
+ uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
XT_ALIGN(sizeof(struct xt_mark_mtinfo1));
- u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
- u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
+ uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
+ uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
XT_ALIGN(sizeof(struct xt_connmark_tginfo1));
- u_int16_t entry_size = target_offset + target_size;
+ uint16_t entry_size = target_offset + target_size;
u_char ipt[entry_size], *pos = ipt;
struct ipt_entry *e;
@@ -401,7 +402,7 @@ static bool manage_policies(private_connmark_listener_t *this,
{
traffic_selector_t *local, *remote;
enumerator_t *enumerator;
- u_int32_t spi;
+ uint32_t spi;
u_int mark;
bool done = TRUE;
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index 44598c3..a71d755 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/coupling
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/coupling/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/coupling/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index 3d39fda..843d05e 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/dhcp
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c
index 0fd1d33..807c682 100644
--- a/src/libcharon/plugins/dhcp/dhcp_socket.c
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -151,8 +151,8 @@ typedef enum {
* DHCP option encoding, a TLV
*/
typedef struct __attribute__((packed)) {
- u_int8_t type;
- u_int8_t len;
+ uint8_t type;
+ uint8_t len;
char data[];
} dhcp_option_t;
@@ -160,22 +160,22 @@ typedef struct __attribute__((packed)) {
* DHCP message format, with a maximum size options buffer
*/
typedef struct __attribute__((packed)) {
- u_int8_t opcode;
- u_int8_t hw_type;
- u_int8_t hw_addr_len;
- u_int8_t hop_count;
- u_int32_t transaction_id;
- u_int16_t number_of_seconds;
- u_int16_t flags;
- u_int32_t client_address;
- u_int32_t your_address;
- u_int32_t server_address;
- u_int32_t gateway_address;
+ uint8_t opcode;
+ uint8_t hw_type;
+ uint8_t hw_addr_len;
+ uint8_t hop_count;
+ uint32_t transaction_id;
+ uint16_t number_of_seconds;
+ uint16_t flags;
+ uint32_t client_address;
+ uint32_t your_address;
+ uint32_t server_address;
+ uint32_t gateway_address;
char client_hw_addr[6];
char client_hw_padding[10];
char server_hostname[64];
char boot_filename[128];
- u_int32_t magic_cookie;
+ uint32_t magic_cookie;
char options[252];
} dhcp_t;
@@ -191,7 +191,7 @@ static int prepare_dhcp(private_dhcp_socket_t *this,
dhcp_option_t *option;
int optlen = 0;
host_t *src;
- u_int32_t id;
+ uint32_t id;
memset(dhcp, 0, sizeof(*dhcp));
dhcp->opcode = BOOTREQUEST;
@@ -366,10 +366,10 @@ METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*,
private_dhcp_socket_t *this, identification_t *identity)
{
dhcp_transaction_t *transaction;
- u_int32_t id;
+ uint32_t id;
int try;
- if (!this->rng->get_bytes(this->rng, sizeof(id), (u_int8_t*)&id))
+ if (!this->rng->get_bytes(this->rng, sizeof(id), (uint8_t*)&id))
{
DBG1(DBG_CFG, "DHCP DISCOVER failed, no transaction ID");
return NULL;
diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.c b/src/libcharon/plugins/dhcp/dhcp_transaction.c
index 22d3f3f..3ee88a6 100644
--- a/src/libcharon/plugins/dhcp/dhcp_transaction.c
+++ b/src/libcharon/plugins/dhcp/dhcp_transaction.c
@@ -32,7 +32,7 @@ struct private_dhcp_transaction_t {
/**
* DHCP transaction ID
*/
- u_int32_t id;
+ uint32_t id;
/**
* Peer identity
@@ -63,7 +63,7 @@ typedef struct {
chunk_t data;
} attribute_entry_t;
-METHOD(dhcp_transaction_t, get_id, u_int32_t,
+METHOD(dhcp_transaction_t, get_id, uint32_t,
private_dhcp_transaction_t *this)
{
return this->id;
@@ -157,7 +157,7 @@ METHOD(dhcp_transaction_t, destroy, void,
/**
* See header
*/
-dhcp_transaction_t *dhcp_transaction_create(u_int32_t id,
+dhcp_transaction_t *dhcp_transaction_create(uint32_t id,
identification_t *identity)
{
private_dhcp_transaction_t *this;
diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.h b/src/libcharon/plugins/dhcp/dhcp_transaction.h
index 35f08e8..0c614f7 100644
--- a/src/libcharon/plugins/dhcp/dhcp_transaction.h
+++ b/src/libcharon/plugins/dhcp/dhcp_transaction.h
@@ -37,7 +37,7 @@ struct dhcp_transaction_t {
*
* @return DHCP transaction identifier
*/
- u_int32_t (*get_id)(dhcp_transaction_t *this);
+ uint32_t (*get_id)(dhcp_transaction_t *this);
/**
* Get the peer identity this transaction is used for.
@@ -103,7 +103,7 @@ struct dhcp_transaction_t {
* @param identity peer identity this transaction is used for
* @return transaction instance
*/
-dhcp_transaction_t *dhcp_transaction_create(u_int32_t id,
+dhcp_transaction_t *dhcp_transaction_create(uint32_t id,
identification_t *identity);
#endif /** DHCP_TRANSACTION_H_ @}*/
diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in
index 04fc31a..5f035ba 100644
--- a/src/libcharon/plugins/dnscert/Makefile.in
+++ b/src/libcharon/plugins/dnscert/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/dnscert
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/dnscert/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/dnscert/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/dnscert/dnscert.c b/src/libcharon/plugins/dnscert/dnscert.c
index 882ad9f..b360eac 100644
--- a/src/libcharon/plugins/dnscert/dnscert.c
+++ b/src/libcharon/plugins/dnscert/dnscert.c
@@ -41,17 +41,17 @@ struct private_dnscert_t {
/**
* Certificate type
*/
- u_int16_t cert_type;
+ uint16_t cert_type;
/**
* Key tag
*/
- u_int16_t key_tag;
+ uint16_t key_tag;
/**
* Algorithm
*/
- u_int8_t algorithm;
+ uint8_t algorithm;
/**
* Certificate
@@ -65,7 +65,7 @@ METHOD(dnscert_t, get_cert_type, dnscert_type_t,
return this->cert_type;
}
-METHOD(dnscert_t, get_key_tag, u_int16_t,
+METHOD(dnscert_t, get_key_tag, uint16_t,
private_dnscert_t *this)
{
return this->key_tag;
diff --git a/src/libcharon/plugins/dnscert/dnscert.h b/src/libcharon/plugins/dnscert/dnscert.h
index 567a9df..31a26ff 100644
--- a/src/libcharon/plugins/dnscert/dnscert.h
+++ b/src/libcharon/plugins/dnscert/dnscert.h
@@ -119,7 +119,7 @@ struct dnscert_t {
*
* @return keytag
*/
- u_int16_t (*get_key_tag)(dnscert_t *this);
+ uint16_t (*get_key_tag)(dnscert_t *this);
/**
* Get the algorithm.
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index da4534c..9e3133b 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = duplicheck$(EXEEXT)
subdir = src/libcharon/plugins/duplicheck
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -210,12 +219,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -265,6 +276,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -299,6 +311,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -410,6 +423,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -471,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/duplicheck/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/duplicheck/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -841,6 +854,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/duplicheck/duplicheck.c b/src/libcharon/plugins/duplicheck/duplicheck.c
index 7c4cd5c..442fa4a 100644
--- a/src/libcharon/plugins/duplicheck/duplicheck.c
+++ b/src/libcharon/plugins/duplicheck/duplicheck.c
@@ -71,7 +71,7 @@ int main(int argc, char *argv[])
{
char buf[128];
int fd, len;
- u_int16_t msglen;
+ uint16_t msglen;
fd = make_connection();
if (fd < 0)
diff --git a/src/libcharon/plugins/duplicheck/duplicheck_msg.h b/src/libcharon/plugins/duplicheck/duplicheck_msg.h
index 99e2971..0f40574 100644
--- a/src/libcharon/plugins/duplicheck/duplicheck_msg.h
+++ b/src/libcharon/plugins/duplicheck/duplicheck_msg.h
@@ -35,7 +35,7 @@ typedef struct duplicheck_msg_t duplicheck_msg_t;
*/
struct duplicheck_msg_t {
/** length of the identity following, in network order (excluding len). */
- u_int16_t len;
+ uint16_t len;
/** identity string, not null terminated */
char identity[];
} __attribute__((__packed__));
diff --git a/src/libcharon/plugins/duplicheck/duplicheck_notify.c b/src/libcharon/plugins/duplicheck/duplicheck_notify.c
index f77b48b..501d122 100644
--- a/src/libcharon/plugins/duplicheck/duplicheck_notify.c
+++ b/src/libcharon/plugins/duplicheck/duplicheck_notify.c
@@ -75,7 +75,7 @@ METHOD(duplicheck_notify_t, send_, void,
{
enumerator_t *enumerator;
stream_t *stream;
- u_int16_t nlen;
+ uint16_t nlen;
char buf[512];
int len;
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index b5ffd8c..8ac12c1 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_aka
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +417,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -465,7 +479,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -780,6 +793,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_peer.c b/src/libcharon/plugins/eap_aka/eap_aka_peer.c
index 810a19c..3ab053b 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_peer.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.c
@@ -62,7 +62,7 @@ struct private_eap_aka_peer_t {
/**
* EAP message identifier
*/
- u_int8_t identifier;
+ uint8_t identifier;
/**
* MSK
@@ -77,7 +77,7 @@ struct private_eap_aka_peer_t {
/**
* Counter value if reauthentication is used
*/
- u_int16_t counter;
+ uint16_t counter;
};
/**
@@ -105,7 +105,7 @@ static bool create_client_error(private_eap_aka_peer_t *this,
eap_payload_t **out)
{
simaka_message_t *message;
- u_int16_t encoded;
+ uint16_t encoded;
DBG1(DBG_IKE, "sending client error '%N'",
simaka_client_error_names, AKA_UNABLE_TO_PROCESS);
@@ -347,7 +347,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
*/
static bool counter_too_small(private_eap_aka_peer_t *this, chunk_t chunk)
{
- u_int16_t counter;
+ uint16_t counter;
memcpy(&counter, chunk.ptr, sizeof(counter));
counter = htons(counter);
@@ -483,7 +483,7 @@ static status_t process_notification(private_eap_aka_peer_t *this,
{
if (type == AT_NOTIFICATION)
{
- u_int16_t code;
+ uint16_t code;
memcpy(&code, data.ptr, sizeof(code));
code = ntohs(code);
@@ -594,7 +594,7 @@ METHOD(eap_method_t, initiate, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_aka_peer_t *this, u_int32_t *vendor)
+ private_eap_aka_peer_t *this, uint32_t *vendor)
{
*vendor = 0;
return EAP_AKA;
@@ -611,14 +611,14 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_aka_peer_t *this)
{
return this->identifier;
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_aka_peer_t *this, u_int8_t identifier)
+ private_eap_aka_peer_t *this, uint8_t identifier)
{
this->identifier = identifier;
}
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c
index 04bfc17..1ede567 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_server.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c
@@ -65,7 +65,7 @@ struct private_eap_aka_server_t {
/**
* EAP message identifier
*/
- u_int8_t identifier;
+ uint8_t identifier;
/**
* Expected Result XRES
@@ -238,7 +238,7 @@ static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out)
* Initiate EAP-AKA/Request/Re-authentication message
*/
static status_t reauthenticate(private_eap_aka_server_t *this,
- char mk[HASH_SIZE_SHA1], u_int16_t counter,
+ char mk[HASH_SIZE_SHA1], uint16_t counter,
eap_payload_t **out)
{
simaka_message_t *message;
@@ -341,7 +341,7 @@ static status_t process_identity(private_eap_aka_server_t *this,
if (this->use_reauth)
{
char mk[HASH_SIZE_SHA1];
- u_int16_t counter;
+ uint16_t counter;
permanent = this->mgr->provider_is_reauth(this->mgr, id, mk, &counter);
if (permanent)
@@ -564,7 +564,7 @@ static status_t process_client_error(private_eap_aka_server_t *this,
{
if (type == AT_CLIENT_ERROR_CODE)
{
- u_int16_t code;
+ uint16_t code;
memcpy(&code, data.ptr, sizeof(code));
DBG1(DBG_IKE, "received EAP-AKA client error '%N'",
@@ -637,7 +637,7 @@ METHOD(eap_method_t, process, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_aka_server_t *this, u_int32_t *vendor)
+ private_eap_aka_server_t *this, uint32_t *vendor)
{
*vendor = 0;
return EAP_AKA;
@@ -654,14 +654,14 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_aka_server_t *this)
{
return this->identifier;
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_aka_server_t *this, u_int8_t identifier)
+ private_eap_aka_server_t *this, uint8_t identifier)
{
this->identifier = identifier;
}
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index e0ad6fe..7dc9003 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
@MONOLITHIC_FALSE at am__append_1 = $(top_builddir)/src/libsimaka/libsimaka.la
subdir = src/libcharon/plugins/eap_aka_3gpp2
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -783,6 +796,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
index 93ea8d0..cfe6407 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
@@ -54,7 +54,7 @@ static chunk_t fmk = chunk_from_chars(0x41, 0x48, 0x41, 0x47);
/**
* Binary represnation of the polynom T^160 + T^5 + T^3 + T^2 + 1
*/
-static u_int8_t g[] = {
+static uint8_t g[] = {
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x2d
@@ -63,7 +63,7 @@ static u_int8_t g[] = {
/**
* Predefined random bits from the RAND Corporation book
*/
-static u_int8_t a[] = {
+static uint8_t a[] = {
0x9d, 0xe9, 0xc9, 0xc8, 0xef, 0xd5, 0x78, 0x11,
0x48, 0x23, 0x14, 0x01, 0x90, 0x1f, 0x2d, 0x49,
0x3f, 0x4c, 0x63, 0x65
@@ -72,7 +72,7 @@ static u_int8_t a[] = {
/**
* Predefined random bits from the RAND Corporation book
*/
-static u_int8_t b[] = {
+static uint8_t b[] = {
0x75, 0xef, 0xd1, 0x5c, 0x4b, 0x8f, 0x8f, 0x51,
0x4e, 0xf3, 0xbc, 0xc3, 0x79, 0x4a, 0x76, 0x5e,
0x7e, 0xec, 0x45, 0xe0
@@ -171,7 +171,7 @@ static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b)
* XOR the key into the SHA1 IV
*/
static bool step3(prf_t *prf, u_char k[AKA_K_LEN],
- u_char payload[AKA_PAYLOAD_LEN], u_int8_t h[HASH_SIZE_SHA1])
+ u_char payload[AKA_PAYLOAD_LEN], uint8_t h[HASH_SIZE_SHA1])
{
/* use the keyed hasher to build the hash */
return prf->set_key(prf, chunk_create(k, AKA_K_LEN)) &&
@@ -243,7 +243,7 @@ static bool fx(prf_t *prf, u_char f, u_char k[AKA_K_LEN],
/**
* Calculation function of f1() and f1star()
*/
-static bool f1x(prf_t *prf, u_int8_t f, u_char k[AKA_K_LEN],
+static bool f1x(prf_t *prf, uint8_t f, u_char k[AKA_K_LEN],
u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN],
u_char amf[AKA_AMF_LEN], u_char mac[AKA_MAC_LEN])
{
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index 821f6de..f81d54f 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_dynamic
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_dynamic/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_dynamic/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
index 3216446..d0f0595 100644
--- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
+++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
@@ -73,7 +73,7 @@ static bool entry_matches(eap_vendor_type_t *item, eap_vendor_type_t *other)
* Load the given EAP method
*/
static eap_method_t *load_method(private_eap_dynamic_t *this,
- eap_type_t type, u_int32_t vendor)
+ eap_type_t type, uint32_t vendor)
{
eap_method_t *method;
@@ -171,7 +171,7 @@ METHOD(eap_method_t, process, status_t,
private_eap_dynamic_t *this, eap_payload_t *in, eap_payload_t **out)
{
eap_type_t received_type, type;
- u_int32_t received_vendor, vendor;
+ uint32_t received_vendor, vendor;
received_type = in->get_type(in, &received_vendor);
if (received_vendor == 0 && received_type == EAP_NAK)
@@ -225,7 +225,7 @@ METHOD(eap_method_t, process, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_dynamic_t *this, u_int32_t *vendor)
+ private_eap_dynamic_t *this, uint32_t *vendor)
{
if (this->method)
{
@@ -245,7 +245,7 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_dynamic_t *this)
{
if (this->method)
@@ -256,7 +256,7 @@ METHOD(eap_method_t, get_identifier, u_int8_t,
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_dynamic_t *this, u_int8_t identifier)
+ private_eap_dynamic_t *this, uint8_t identifier)
{
if (this->method)
{
@@ -335,7 +335,7 @@ static void get_supported_eap_types(private_eap_dynamic_t *this)
{
enumerator_t *enumerator;
eap_type_t type;
- u_int32_t vendor;
+ uint32_t vendor;
enumerator = charon->eap->create_enumerator(charon->eap, EAP_SERVER);
while (enumerator->enumerate(enumerator, &type, &vendor))
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index cfd7c4e..f11d860 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_gtc
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c
index 5fcd9eb..6f5c38e 100644
--- a/src/libcharon/plugins/eap_gtc/eap_gtc.c
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c
@@ -46,7 +46,7 @@ struct private_eap_gtc_t {
/**
* EAP message identififier
*/
- u_int8_t identifier;
+ uint8_t identifier;
};
typedef struct eap_gtc_header_t eap_gtc_header_t;
@@ -56,15 +56,15 @@ typedef struct eap_gtc_header_t eap_gtc_header_t;
*/
struct eap_gtc_header_t {
/** EAP code (REQUEST/RESPONSE) */
- u_int8_t code;
+ uint8_t code;
/** unique message identifier */
- u_int8_t identifier;
+ uint8_t identifier;
/** length of whole message */
- u_int16_t length;
+ uint16_t length;
/** EAP type */
- u_int8_t type;
+ uint8_t type;
/** type data */
- u_int8_t data[];
+ uint8_t data[];
} __attribute__((__packed__));
METHOD(eap_method_t, initiate_peer, status_t,
@@ -186,7 +186,7 @@ METHOD(eap_method_t, process_server, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_gtc_t *this, u_int32_t *vendor)
+ private_eap_gtc_t *this, uint32_t *vendor)
{
*vendor = 0;
return EAP_GTC;
@@ -198,14 +198,14 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_gtc_t *this)
{
return this->identifier;
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_gtc_t *this, u_int8_t identifier)
+ private_eap_gtc_t *this, uint8_t identifier)
{
this->identifier = identifier;
}
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index 1c544f3..e9755aa 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_identity
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_identity/eap_identity.c b/src/libcharon/plugins/eap_identity/eap_identity.c
index 6ecde06..7d6dc4a 100644
--- a/src/libcharon/plugins/eap_identity/eap_identity.c
+++ b/src/libcharon/plugins/eap_identity/eap_identity.c
@@ -43,7 +43,7 @@ struct private_eap_identity_t {
/**
* EAP identifier
*/
- u_int8_t identifier;
+ uint8_t identifier;
};
typedef struct eap_identity_header_t eap_identity_header_t;
@@ -53,15 +53,15 @@ typedef struct eap_identity_header_t eap_identity_header_t;
*/
struct eap_identity_header_t {
/** EAP code (REQUEST/RESPONSE) */
- u_int8_t code;
+ uint8_t code;
/** unique message identifier */
- u_int8_t identifier;
+ uint8_t identifier;
/** length of whole message */
- u_int16_t length;
+ uint16_t length;
/** EAP type */
- u_int8_t type;
+ uint8_t type;
/** identity data */
- u_int8_t data[];
+ uint8_t data[];
} __attribute__((__packed__));
METHOD(eap_method_t, process_peer, status_t,
@@ -124,7 +124,7 @@ METHOD(eap_method_t, initiate_server, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_identity_t *this, u_int32_t *vendor)
+ private_eap_identity_t *this, uint32_t *vendor)
{
*vendor = 0;
return EAP_IDENTITY;
@@ -141,14 +141,14 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_identity_t *this)
{
return this->identifier;
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_identity_t *this, u_int8_t identifier)
+ private_eap_identity_t *this, uint8_t identifier)
{
this->identifier = identifier;
}
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index e967262..82ba96d 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_md5
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c
index d314e7a..2cb0db4 100644
--- a/src/libcharon/plugins/eap_md5/eap_md5.c
+++ b/src/libcharon/plugins/eap_md5/eap_md5.c
@@ -49,7 +49,7 @@ struct private_eap_md5_t {
/**
* EAP message identifier
*/
- u_int8_t identifier;
+ uint8_t identifier;
};
typedef struct eap_md5_header_t eap_md5_header_t;
@@ -59,17 +59,17 @@ typedef struct eap_md5_header_t eap_md5_header_t;
*/
struct eap_md5_header_t {
/** EAP code (REQUEST/RESPONSE) */
- u_int8_t code;
+ uint8_t code;
/** unique message identifier */
- u_int8_t identifier;
+ uint8_t identifier;
/** length of whole message */
- u_int16_t length;
+ uint16_t length;
/** EAP type */
- u_int8_t type;
+ uint8_t type;
/** length of value (challenge) */
- u_int8_t value_size;
+ uint8_t value_size;
/** actual value */
- u_int8_t value[];
+ uint8_t value[];
} __attribute__((__packed__));
#define CHALLENGE_LEN 16
@@ -204,7 +204,7 @@ METHOD(eap_method_t, process_server, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_md5_t *this, u_int32_t *vendor)
+ private_eap_md5_t *this, uint32_t *vendor)
{
*vendor = 0;
return EAP_MD5;
@@ -222,14 +222,14 @@ METHOD(eap_method_t, is_mutual, bool,
return FALSE;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_md5_t *this)
{
return this->identifier;
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_md5_t *this, u_int8_t identifier)
+ private_eap_md5_t *this, uint8_t identifier)
{
this->identifier = identifier;
}
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index d96343a..c3b31cd 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_mschapv2
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
index 16978f4..12f61f7 100644
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -70,12 +70,12 @@ struct private_eap_mschapv2_t
/**
* EAP message identifier
*/
- u_int8_t identifier;
+ uint8_t identifier;
/**
* MS-CHAPv2-ID (session ID, increases with each retry)
*/
- u_int8_t mschapv2id;
+ uint8_t mschapv2id;
/**
* Number of retries
@@ -179,21 +179,21 @@ typedef struct eap_mschapv2_response_t eap_mschapv2_response_t;
struct eap_mschapv2_header_t
{
/** EAP code (REQUEST/RESPONSE) */
- u_int8_t code;
+ uint8_t code;
/** unique message identifier */
- u_int8_t identifier;
+ uint8_t identifier;
/** length of whole message */
- u_int16_t length;
+ uint16_t length;
/** EAP type */
- u_int8_t type;
+ uint8_t type;
/** MS-CHAPv2 OpCode */
- u_int8_t opcode;
+ uint8_t opcode;
/** MS-CHAPv2-ID (equals identifier) */
- u_int8_t ms_chapv2_id;
+ uint8_t ms_chapv2_id;
/** MS-Length (defined as length - 5) */
- u_int16_t ms_length;
+ uint16_t ms_length;
/** packet data (determined by OpCode) */
- u_int8_t data[];
+ uint8_t data[];
}__attribute__((__packed__));
/**
@@ -202,11 +202,11 @@ struct eap_mschapv2_header_t
struct eap_mschapv2_challenge_t
{
/** Value-Size */
- u_int8_t value_size;
+ uint8_t value_size;
/** Challenge */
- u_int8_t challenge[CHALLENGE_LEN];
+ uint8_t challenge[CHALLENGE_LEN];
/** Name */
- u_int8_t name[];
+ uint8_t name[];
}__attribute__((__packed__));
/**
@@ -215,21 +215,21 @@ struct eap_mschapv2_challenge_t
struct eap_mschapv2_response_t
{
/** Value-Size */
- u_int8_t value_size;
+ uint8_t value_size;
/** Response */
struct
{
/* Peer-Challenge*/
- u_int8_t peer_challenge[CHALLENGE_LEN];
+ uint8_t peer_challenge[CHALLENGE_LEN];
/* Reserved (=zero) */
- u_int8_t peer_reserved[8];
+ uint8_t peer_reserved[8];
/* NT-Response */
- u_int8_t nt_response[24];
+ uint8_t nt_response[24];
/* Flags (=zero) */
- u_int8_t flags;
+ uint8_t flags;
} response;
/** Name */
- u_int8_t name[];
+ uint8_t name[];
}__attribute__((__packed__));
/**
@@ -597,10 +597,10 @@ static chunk_t extract_username(chunk_t id)
/**
* Set the ms_length field using aligned write
*/
-static void set_ms_length(eap_mschapv2_header_t *eap, u_int16_t len)
+static void set_ms_length(eap_mschapv2_header_t *eap, uint16_t len)
{
len = htons(len - 5);
- memcpy(&eap->ms_length, &len, sizeof(u_int16_t));
+ memcpy(&eap->ms_length, &len, sizeof(uint16_t));
}
METHOD(eap_method_t, initiate_peer, status_t,
@@ -617,7 +617,7 @@ METHOD(eap_method_t, initiate_server, status_t,
eap_mschapv2_header_t *eap;
eap_mschapv2_challenge_t *cha;
const char *name = MSCHAPV2_HOST_NAME;
- u_int16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1;
+ uint16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1;
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
if (!rng || !rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge))
@@ -690,7 +690,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this,
eap_mschapv2_challenge_t *cha;
eap_mschapv2_response_t *res;
chunk_t data, peer_challenge, userid, username, nt_hash;
- u_int16_t len = RESPONSE_PAYLOAD_LEN;
+ uint16_t len = RESPONSE_PAYLOAD_LEN;
data = in->get_data(in);
eap = (eap_mschapv2_header_t*)data.ptr;
@@ -779,7 +779,7 @@ static status_t process_peer_success(private_eap_mschapv2_t *this,
chunk_t data, auth_string = chunk_empty;
char *message, *token, *msg = NULL;
int message_len;
- u_int16_t len = SHORT_HEADER_LEN;
+ uint16_t len = SHORT_HEADER_LEN;
data = in->get_data(in);
eap = (eap_mschapv2_header_t*)data.ptr;
@@ -1011,7 +1011,7 @@ static status_t process_server_retry(private_eap_mschapv2_t *this,
rng_t *rng;
chunk_t hex;
char msg[FAILURE_MESSAGE_LEN];
- u_int16_t len = HEADER_LEN + FAILURE_MESSAGE_LEN - 1; /* no null byte */
+ uint16_t len = HEADER_LEN + FAILURE_MESSAGE_LEN - 1; /* no null byte */
if (++this->retries > MAX_RETRIES)
{
@@ -1127,7 +1127,7 @@ static status_t process_server_response(private_eap_mschapv2_t *this,
{
chunk_t hex;
char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)];
- u_int16_t len = HEADER_LEN + AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE);
+ uint16_t len = HEADER_LEN + AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE);
eap = alloca(len);
eap->code = EAP_REQUEST;
@@ -1213,7 +1213,7 @@ METHOD(eap_method_t, process_server, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_mschapv2_t *this, u_int32_t *vendor)
+ private_eap_mschapv2_t *this, uint32_t *vendor)
{
*vendor = 0;
return EAP_MSCHAPV2;
@@ -1230,14 +1230,14 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_mschapv2_t *this)
{
return this->identifier;
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_mschapv2_t *this, u_int8_t identifier)
+ private_eap_mschapv2_t *this, uint8_t identifier)
{
this->identifier = identifier;
}
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index 0f920fe..2a01a36 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_peap
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +417,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_peap/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_peap/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -784,6 +797,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_peap/eap_peap.c b/src/libcharon/plugins/eap_peap/eap_peap.c
index c24dd57..4778a09 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap.c
@@ -76,7 +76,7 @@ METHOD(eap_method_t, process, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_peap_t *this, u_int32_t *vendor)
+ private_eap_peap_t *this, uint32_t *vendor)
{
*vendor = 0;
return EAP_PEAP;
@@ -93,14 +93,14 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_peap_t *this)
{
return this->tls_eap->get_identifier(this->tls_eap);
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_peap_t *this, u_int8_t identifier)
+ private_eap_peap_t *this, uint8_t identifier)
{
this->tls_eap->set_identifier(this->tls_eap, identifier);
}
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.c b/src/libcharon/plugins/eap_peap/eap_peap_avp.c
index 3f541ba..d5ce5fb 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_avp.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.c
@@ -47,7 +47,7 @@ struct private_eap_peap_avp_t {
METHOD(eap_peap_avp_t, build, void,
private_eap_peap_avp_t *this, bio_writer_t *writer, chunk_t data)
{
- u_int8_t code;
+ uint8_t code;
eap_packet_t *pkt;
chunk_t avp_data;
@@ -71,10 +71,10 @@ METHOD(eap_peap_avp_t, build, void,
METHOD(eap_peap_avp_t, process, status_t,
private_eap_peap_avp_t* this, bio_reader_t *reader, chunk_t *data,
- u_int8_t identifier)
+ uint8_t identifier)
{
- u_int8_t code;
- u_int16_t len;
+ uint8_t code;
+ uint16_t len;
eap_packet_t *pkt;
chunk_t avp_data;
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.h b/src/libcharon/plugins/eap_peap/eap_peap_avp.h
index 98c5f19..cc5930b 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_avp.h
+++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.h
@@ -45,7 +45,7 @@ struct eap_peap_avp_t {
* - NEED_MORE if another invocation of process/build needed
*/
status_t (*process)(eap_peap_avp_t *this, bio_reader_t *reader,
- chunk_t *data, u_int8_t identifier);
+ chunk_t *data, uint8_t identifier);
/**
* Build EAP-PEAP Message AVP to send out.
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
index f482c5b..2668ac4 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
@@ -71,7 +71,7 @@ METHOD(tls_application_t, process, status_t,
eap_payload_t *in;
eap_code_t code;
eap_type_t type, received_type;
- u_int32_t vendor, received_vendor;
+ uint32_t vendor, received_vendor;
status = this->avp->process(this->avp, reader, &data,
this->ph1_method->get_identifier(this->ph1_method));
@@ -191,7 +191,7 @@ METHOD(tls_application_t, build, status_t,
chunk_t data;
eap_code_t code;
eap_type_t type;
- u_int32_t vendor;
+ uint32_t vendor;
if (this->out)
{
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c
index 33b01e9..7f8348e 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_server.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c
@@ -167,7 +167,7 @@ METHOD(tls_application_t, process, status_t,
eap_payload_t *in;
eap_code_t code;
eap_type_t type = EAP_NAK, received_type;
- u_int32_t vendor, received_vendor;
+ uint32_t vendor, received_vendor;
status = this->avp->process(this->avp, reader, &data,
this->ph1_method->get_identifier(this->ph1_method));
@@ -336,7 +336,7 @@ METHOD(tls_application_t, build, status_t,
chunk_t data;
eap_code_t code;
eap_type_t type;
- u_int32_t vendor;
+ uint32_t vendor;
if (this->ph2_method == NULL && this->start_phase2 && this->start_phase2_id)
{
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index 881a5b7..cdba38c 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_radius
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -470,7 +484,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -789,6 +802,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index 237f065..a2530e6 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -55,12 +55,12 @@ struct private_eap_radius_t {
/**
* EAP vendor, if any
*/
- u_int32_t vendor;
+ uint32_t vendor;
/**
* EAP message identifier
*/
- u_int8_t identifier;
+ uint8_t identifier;
/**
* RADIUS client instance
@@ -86,15 +86,15 @@ static void add_eap_identity(private_eap_radius_t *this,
{
struct {
/** EAP code (REQUEST/RESPONSE) */
- u_int8_t code;
+ uint8_t code;
/** unique message identifier */
- u_int8_t identifier;
+ uint8_t identifier;
/** length of whole message */
- u_int16_t length;
+ uint16_t length;
/** EAP type */
- u_int8_t type;
+ uint8_t type;
/** identity data */
- u_int8_t data[];
+ uint8_t data[];
} __attribute__((__packed__)) *hdr;
chunk_t id, prefix;
size_t len;
@@ -156,7 +156,7 @@ void eap_radius_build_attributes(radius_message_t *request)
ike_sa_t *ike_sa;
host_t *host;
char buf[40], *station_id_fmt;;
- u_int32_t value;
+ uint32_t value;
chunk_t chunk;
/* virtual NAS-Port-Type */
@@ -314,8 +314,8 @@ static void process_filter_id(radius_message_t *msg)
{
enumerator_t *enumerator;
int type;
- u_int8_t tunnel_tag;
- u_int32_t tunnel_type;
+ uint8_t tunnel_tag;
+ uint32_t tunnel_type;
chunk_t filter_id = chunk_empty, data;
bool is_esp_tunnel = FALSE;
@@ -395,7 +395,7 @@ static void process_timeout(radius_message_t *msg)
/**
* Add a Cisco Unity configuration attribute
*/
-static void add_unity_attribute(eap_radius_provider_t *provider, u_int32_t id,
+static void add_unity_attribute(eap_radius_provider_t *provider, uint32_t id,
int type, chunk_t data)
{
switch (type)
@@ -417,7 +417,7 @@ static void add_unity_attribute(eap_radius_provider_t *provider, u_int32_t id,
* Add a DNS/NBNS configuration attribute
*/
static void add_nameserver_attribute(eap_radius_provider_t *provider,
- u_int32_t id, int type, chunk_t data)
+ uint32_t id, int type, chunk_t data)
{
/* these are from different vendors, but there is currently no conflict */
switch (type)
@@ -444,7 +444,7 @@ static void add_nameserver_attribute(eap_radius_provider_t *provider,
* Add a UNITY_LOCAL_LAN or UNITY_SPLIT_INCLUDE attribute
*/
static void add_unity_split_attribute(eap_radius_provider_t *provider,
- u_int32_t id, configuration_attribute_type_t type,
+ uint32_t id, configuration_attribute_type_t type,
chunk_t data)
{
enumerator_t *enumerator;
@@ -701,7 +701,7 @@ METHOD(eap_method_t, process, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_radius_t *this, u_int32_t *vendor)
+ private_eap_radius_t *this, uint32_t *vendor)
{
*vendor = this->vendor;
return this->type;
@@ -721,14 +721,14 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_radius_t *this)
{
return this->identifier;
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_radius_t *this, u_int8_t identifier)
+ private_eap_radius_t *this, uint8_t identifier)
{
this->identifier = identifier;
}
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
index 4b72603..0c302af 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
@@ -54,7 +54,7 @@ struct private_eap_radius_accounting_t {
/**
* Session ID prefix
*/
- u_int32_t prefix;
+ uint32_t prefix;
/**
* Format string we use for Called/Calling-Station-Id for a host
@@ -101,8 +101,8 @@ typedef enum {
*/
typedef struct {
struct {
- u_int64_t sent;
- u_int64_t received;
+ uint64_t sent;
+ uint64_t received;
} bytes, packets;
} usage_t;
@@ -133,7 +133,7 @@ static inline void sub_usage(usage_t *a, usage_t b)
*/
typedef struct {
/** unique CHILD_SA identifier */
- u_int32_t id;
+ uint32_t id;
/** usage stats for this SA */
usage_t usage;
} sa_entry_t;
@@ -172,7 +172,7 @@ typedef struct {
radius_acct_terminate_cause_t cause;
/* interim interval and timestamp of last update */
struct {
- u_int32_t interval;
+ uint32_t interval;
time_t last;
} interim;
/** did we send Accounting-Start */
@@ -237,7 +237,7 @@ static int sa_find(const void *a, const void *b)
/**
* Update or create usage counters of a cached SA
*/
-static void update_sa(entry_t *entry, u_int32_t id, usage_t usage)
+static void update_sa(entry_t *entry, uint32_t id, usage_t usage)
{
sa_entry_t *sa, lookup;
@@ -402,7 +402,7 @@ static void add_ike_sa_parameters(private_eap_radius_accounting_t *this,
host_t *vip, *host;
char buf[MAX_RADIUS_ATTRIBUTE_SIZE + 1];
chunk_t data;
- u_int32_t value;
+ uint32_t value;
/* virtual NAS-Port-Type */
value = htonl(5);
@@ -461,7 +461,7 @@ static void add_ike_sa_parameters(private_eap_radius_accounting_t *this,
* Get an existing or create a new entry from the locked session table
*/
static entry_t* get_or_create_entry(private_eap_radius_accounting_t *this,
- ike_sa_id_t *id, u_int32_t unique)
+ ike_sa_id_t *id, uint32_t unique)
{
entry_t *entry;
time_t now;
@@ -520,7 +520,7 @@ static job_requeue_t send_interim(interim_data_t *data)
enumerator_t *enumerator;
ike_sa_t *ike_sa;
entry_t *entry;
- u_int32_t value;
+ uint32_t value;
array_t *stats;
sa_entry_t *sa, *found;
@@ -681,7 +681,7 @@ static void send_start(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
{
radius_message_t *message;
entry_t *entry;
- u_int32_t value;
+ uint32_t value;
if (this->acct_req_vip && !has_vip(ike_sa))
{
@@ -735,7 +735,7 @@ static void send_stop(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
enumerator_t *enumerator;
entry_t *entry;
sa_entry_t *sa;
- u_int32_t value;
+ uint32_t value;
this->mutex->lock(this->mutex);
entry = this->sessions->remove(this->sessions, ike_sa->get_id(ike_sa));
@@ -931,7 +931,7 @@ METHOD(listener_t, child_rekey, bool,
METHOD(listener_t, children_migrate, bool,
private_eap_radius_accounting_t *this, ike_sa_t *ike_sa, ike_sa_id_t *new,
- u_int32_t unique)
+ uint32_t unique)
{
enumerator_t *enumerator;
sa_entry_t *sa, *sa_new, *cached;
@@ -1020,7 +1020,7 @@ eap_radius_accounting_t *eap_radius_accounting_create()
.destroy = _destroy,
},
/* use system time as Session ID prefix */
- .prefix = (u_int32_t)time(NULL),
+ .prefix = (uint32_t)time(NULL),
.sessions = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 32),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
@@ -1050,7 +1050,7 @@ eap_radius_accounting_t *eap_radius_accounting_create()
/**
* See header
*/
-void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, u_int32_t interval)
+void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, uint32_t interval)
{
if (singleton)
{
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h
index 8d4f9a0..f7a19c9 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h
@@ -52,6 +52,6 @@ eap_radius_accounting_t *eap_radius_accounting_create();
* @param ike_sa IKE_SA to send updates for
* @param interval interval for interim updates
*/
-void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, u_int32_t interval);
+void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, uint32_t interval);
#endif /** EAP_RADIUS_ACCOUNTING_H_ @}*/
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
index a0bf99e..fc9b39c 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
@@ -293,7 +293,7 @@ static void process_disconnect(private_eap_radius_dae_t *this,
* Apply a new lifetime to an IKE_SA
*/
static void apply_lifetime(private_eap_radius_dae_t *this, ike_sa_id_t *id,
- u_int32_t lifetime)
+ uint32_t lifetime)
{
ike_sa_t *ike_sa;
@@ -323,7 +323,7 @@ static void process_coa(private_eap_radius_dae_t *this,
ike_sa_id_t *id;
chunk_t data;
int type;
- u_int32_t lifetime = 0;
+ uint32_t lifetime = 0;
bool lifetime_seen = FALSE;
ids = get_matching_ike_sas(this, request, client);
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.c b/src/libcharon/plugins/eap_radius/eap_radius_forward.c
index 52ea840..919e861 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_forward.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.c
@@ -63,9 +63,9 @@ struct private_eap_radius_forward_t {
*/
typedef struct {
/** vendor ID, 0 for standard attributes */
- u_int32_t vendor;
+ uint32_t vendor;
/** attribute type */
- u_int8_t type;
+ uint8_t type;
} attr_t;
/**
@@ -132,7 +132,7 @@ static bool is_attribute_selected(linked_list_t *selector,
radius_attribute_type_t type, chunk_t data)
{
enumerator_t *enumerator;
- u_int32_t vendor = 0;
+ uint32_t vendor = 0;
attr_t *sel;
bool found = FALSE;
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.c b/src/libcharon/plugins/eap_radius/eap_radius_provider.c
index 0f207fb..9a87ad3 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_provider.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.c
@@ -469,7 +469,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
}
METHOD(eap_radius_provider_t, add_framed_ip, void,
- private_eap_radius_provider_t *this, u_int32_t id, host_t *ip)
+ private_eap_radius_provider_t *this, uint32_t id, host_t *ip)
{
this->listener.mutex->lock(this->listener.mutex);
add_addr(this, this->listener.unclaimed, id, ip);
@@ -477,7 +477,7 @@ METHOD(eap_radius_provider_t, add_framed_ip, void,
}
METHOD(eap_radius_provider_t, add_attribute, void,
- private_eap_radius_provider_t *this, u_int32_t id,
+ private_eap_radius_provider_t *this, uint32_t id,
configuration_attribute_type_t type, chunk_t data)
{
attr_t *attr;
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.h b/src/libcharon/plugins/eap_radius/eap_radius_provider.h
index 5a62f4a..80971bd 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_provider.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.h
@@ -42,7 +42,7 @@ struct eap_radius_provider_t {
* @param id IKE_SA unique identifier
* @param ip IP address received from RADIUS server, gets owned
*/
- void (*add_framed_ip)(eap_radius_provider_t *this, u_int32_t id,
+ void (*add_framed_ip)(eap_radius_provider_t *this, uint32_t id,
host_t *ip);
/**
@@ -52,7 +52,7 @@ struct eap_radius_provider_t {
* @param type attribute type
* @param data attribute data
*/
- void (*add_attribute)(eap_radius_provider_t *this, u_int32_t id,
+ void (*add_attribute)(eap_radius_provider_t *this, uint32_t id,
configuration_attribute_type_t type, chunk_t data);
/**
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index aaa24bb..f1b8adb 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_sim
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +417,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -465,7 +479,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -780,6 +793,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
index 2637b43..37f8a87 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_peer.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
@@ -64,7 +64,7 @@ struct private_eap_sim_peer_t {
/**
* EAP message identifier
*/
- u_int8_t identifier;
+ uint8_t identifier;
/**
* EAP-SIM crypto helper
@@ -99,7 +99,7 @@ struct private_eap_sim_peer_t {
/**
* Counter value if reauthentication is used
*/
- u_int16_t counter;
+ uint16_t counter;
};
/* version of SIM protocol we speak */
@@ -130,7 +130,7 @@ static bool create_client_error(private_eap_sim_peer_t *this,
simaka_client_error_t code, eap_payload_t **out)
{
simaka_message_t *message;
- u_int16_t encoded;
+ uint16_t encoded;
DBG1(DBG_IKE, "sending client error '%N'", simaka_client_error_names, code);
@@ -404,7 +404,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
*/
static bool counter_too_small(private_eap_sim_peer_t *this, chunk_t chunk)
{
- u_int16_t counter;
+ uint16_t counter;
memcpy(&counter, chunk.ptr, sizeof(counter));
counter = htons(counter);
@@ -540,7 +540,7 @@ static status_t process_notification(private_eap_sim_peer_t *this,
{
if (type == AT_NOTIFICATION)
{
- u_int16_t code;
+ uint16_t code;
memcpy(&code, data.ptr, sizeof(code));
code = ntohs(code);
@@ -650,7 +650,7 @@ METHOD(eap_method_t, initiate, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_sim_peer_t *this, u_int32_t *vendor)
+ private_eap_sim_peer_t *this, uint32_t *vendor)
{
*vendor = 0;
return EAP_SIM;
@@ -667,14 +667,14 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_sim_peer_t *this)
{
return this->identifier;
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_sim_peer_t *this, u_int8_t identifier)
+ private_eap_sim_peer_t *this, uint8_t identifier)
{
this->identifier = identifier;
}
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c
index 5aa54db..3b413cf 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_server.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c
@@ -67,7 +67,7 @@ struct private_eap_sim_server_t {
/**
* unique EAP identifier
*/
- u_int8_t identifier;
+ uint8_t identifier;
/**
* concatenated SRES values
@@ -163,7 +163,7 @@ METHOD(eap_method_t, initiate, status_t,
* Initiate EAP-SIM/Request/Re-authentication message
*/
static status_t reauthenticate(private_eap_sim_server_t *this,
- char mk[HASH_SIZE_SHA1], u_int16_t counter,
+ char mk[HASH_SIZE_SHA1], uint16_t counter,
eap_payload_t **out)
{
simaka_message_t *message;
@@ -328,7 +328,7 @@ static status_t process_start(private_eap_sim_server_t *this,
if (this->use_reauth && !nonce.len)
{
char mk[HASH_SIZE_SHA1];
- u_int16_t counter;
+ uint16_t counter;
permanent = this->mgr->provider_is_reauth(this->mgr, id,
mk, &counter);
@@ -495,7 +495,7 @@ static status_t process_client_error(private_eap_sim_server_t *this,
{
if (type == AT_CLIENT_ERROR_CODE)
{
- u_int16_t code;
+ uint16_t code;
memcpy(&code, data.ptr, sizeof(code));
DBG1(DBG_IKE, "received EAP-SIM client error '%N'",
@@ -551,7 +551,7 @@ METHOD(eap_method_t, process, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_sim_server_t *this, u_int32_t *vendor)
+ private_eap_sim_server_t *this, uint32_t *vendor)
{
*vendor = 0;
return EAP_SIM;
@@ -568,14 +568,14 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_sim_server_t *this)
{
return this->identifier;
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_sim_server_t *this, u_int8_t identifier)
+ private_eap_sim_server_t *this, uint8_t identifier)
{
this->identifier = identifier;
}
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index 6e61f99..40ff9f2 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_sim_file
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -784,6 +797,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index e821e3e..354c7a1 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
@MONOLITHIC_FALSE at am__append_1 = $(top_builddir)/src/libsimaka/libsimaka.la
subdir = src/libcharon/plugins/eap_sim_pcsc
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -406,6 +419,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_pcsc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_pcsc/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index b883f0a..4e3105f 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_simaka_pseudonym
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -406,6 +419,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c
index b5bbdd6..758bce4 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2016 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -31,17 +32,32 @@ struct private_eap_simaka_pseudonym_card_t {
eap_simaka_pseudonym_card_t public;
/**
- * Permanent -> pseudonym mappings
+ * Permanent -> pseudonym mappings (entry_t*)
*/
hashtable_t *pseudonym;
-
- /**
- * Reverse pseudonym -> permanent mappings
- */
- hashtable_t *permanent;
};
/**
+ * Mapping between real and pseudonym identity
+ */
+typedef struct {
+
+ /** Real identity */
+ identification_t *id;
+
+ /** Pseudonym */
+ identification_t *pseudonym;
+
+} entry_t;
+
+static void destroy_entry(entry_t *this)
+{
+ this->id->destroy(this->id);
+ this->pseudonym->destroy(this->pseudonym);
+ free(this);
+}
+
+/**
* hashtable hash function
*/
static u_int hash(identification_t *key)
@@ -60,12 +76,12 @@ static bool equals(identification_t *key1, identification_t *key2)
METHOD(simaka_card_t, get_pseudonym, identification_t*,
private_eap_simaka_pseudonym_card_t *this, identification_t *id)
{
- identification_t *pseudonym;
+ entry_t *entry;
- pseudonym = this->pseudonym->get(this->pseudonym, id);
- if (pseudonym)
+ entry = this->pseudonym->get(this->pseudonym, id);
+ if (entry)
{
- return pseudonym->clone(pseudonym);
+ return entry->pseudonym->clone(entry->pseudonym);
}
return NULL;
}
@@ -74,17 +90,17 @@ METHOD(simaka_card_t, set_pseudonym, void,
private_eap_simaka_pseudonym_card_t *this, identification_t *id,
identification_t *pseudonym)
{
- identification_t *permanent;
-
- /* create new entries */
- id = id->clone(id);
- pseudonym = pseudonym->clone(pseudonym);
- permanent = this->permanent->put(this->permanent, pseudonym, id);
- pseudonym = this->pseudonym->put(this->pseudonym, id, pseudonym);
+ entry_t *entry;
- /* delete old entries */
- DESTROY_IF(permanent);
- DESTROY_IF(pseudonym);
+ INIT(entry,
+ .id = id->clone(id),
+ .pseudonym = pseudonym->clone(pseudonym),
+ );
+ entry = this->pseudonym->put(this->pseudonym, entry->id, entry);
+ if (entry)
+ {
+ destroy_entry(entry);
+ }
}
METHOD(simaka_card_t, get_quintuplet, status_t,
@@ -98,26 +114,7 @@ METHOD(simaka_card_t, get_quintuplet, status_t,
METHOD(eap_simaka_pseudonym_card_t, destroy, void,
private_eap_simaka_pseudonym_card_t *this)
{
- enumerator_t *enumerator;
- identification_t *id;
- void *key;
-
- enumerator = this->pseudonym->create_enumerator(this->pseudonym);
- while (enumerator->enumerate(enumerator, &key, &id))
- {
- id->destroy(id);
- }
- enumerator->destroy(enumerator);
-
- enumerator = this->permanent->create_enumerator(this->permanent);
- while (enumerator->enumerate(enumerator, &key, &id))
- {
- id->destroy(id);
- }
- enumerator->destroy(enumerator);
-
- this->pseudonym->destroy(this->pseudonym);
- this->permanent->destroy(this->permanent);
+ this->pseudonym->destroy_function(this->pseudonym, (void*)destroy_entry);
free(this);
}
@@ -142,9 +139,6 @@ eap_simaka_pseudonym_card_t *eap_simaka_pseudonym_card_create()
.destroy = _destroy,
},
.pseudonym = hashtable_create((void*)hash, (void*)equals, 0),
- .permanent = hashtable_create((void*)hash, (void*)equals, 0),
);
-
return &this->public;
}
-
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 5417f96..2d5747e 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_simaka_reauth
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -781,6 +794,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
index 5bc5fd3..153ec0f 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
@@ -45,7 +45,7 @@ typedef struct {
/** associated permanent identity */
identification_t *permanent;
/** counter value */
- u_int16_t counter;
+ uint16_t counter;
/** master key */
char mk[HASH_SIZE_SHA1];
} reauth_data_t;
@@ -68,7 +68,7 @@ static bool equals(identification_t *key1, identification_t *key2)
METHOD(simaka_card_t, get_reauth, identification_t*,
private_eap_simaka_reauth_card_t *this, identification_t *id,
- char mk[HASH_SIZE_SHA1], u_int16_t *counter)
+ char mk[HASH_SIZE_SHA1], uint16_t *counter)
{
reauth_data_t *data;
identification_t *reauth;
@@ -89,7 +89,7 @@ METHOD(simaka_card_t, get_reauth, identification_t*,
METHOD(simaka_card_t, set_reauth, void,
private_eap_simaka_reauth_card_t *this, identification_t *id,
- identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter)
+ identification_t* next, char mk[HASH_SIZE_SHA1], uint16_t counter)
{
reauth_data_t *data;
diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
index 937095e..543b557 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
@@ -53,7 +53,7 @@ typedef struct {
/** currently used reauthentication identity */
identification_t *id;
/** counter value */
- u_int16_t counter;
+ uint16_t counter;
/** master key */
char mk[HASH_SIZE_SHA1];
} reauth_data_t;
@@ -92,7 +92,7 @@ static identification_t *gen_identity(private_eap_simaka_reauth_provider_t *this
METHOD(simaka_provider_t, is_reauth, identification_t*,
private_eap_simaka_reauth_provider_t *this, identification_t *id,
- char mk[HASH_SIZE_SHA1], u_int16_t *counter)
+ char mk[HASH_SIZE_SHA1], uint16_t *counter)
{
identification_t *permanent;
reauth_data_t *data;
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index c858e46..a491899 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_simaka_sql
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +417,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_sql/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_sql/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -781,6 +794,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index c953d0e..c912f9f 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_tls
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_tls/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_tls/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c
index bc01ba5..79e87dc 100644
--- a/src/libcharon/plugins/eap_tls/eap_tls.c
+++ b/src/libcharon/plugins/eap_tls/eap_tls.c
@@ -74,7 +74,7 @@ METHOD(eap_method_t, process, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_tls_t *this, u_int32_t *vendor)
+ private_eap_tls_t *this, uint32_t *vendor)
{
*vendor = 0;
return EAP_TLS;
@@ -91,14 +91,14 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_tls_t *this)
{
return this->tls_eap->get_identifier(this->tls_eap);
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_tls_t *this, u_int8_t identifier)
+ private_eap_tls_t *this, uint8_t identifier)
{
this->tls_eap->set_identifier(this->tls_eap, identifier);
}
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index 2f197ed..efef3af 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_tnc
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +417,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_tnc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_tnc/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index b563acd..6f39b84 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/eap_ttls
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_ttls/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/eap_ttls/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -786,6 +799,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c
index c99d47f..9987c43 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c
@@ -76,7 +76,7 @@ METHOD(eap_method_t, process, status_t,
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_ttls_t *this, u_int32_t *vendor)
+ private_eap_ttls_t *this, uint32_t *vendor)
{
*vendor = 0;
return EAP_TTLS;
@@ -93,14 +93,14 @@ METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_ttls_t *this)
{
return this->tls_eap->get_identifier(this->tls_eap);
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_ttls_t *this, u_int8_t identifier)
+ private_eap_ttls_t *this, uint8_t identifier)
{
this->tls_eap->set_identifier(this->tls_eap, identifier);
}
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
index 47e0f8a..f75e3e0 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
@@ -58,8 +58,8 @@ METHOD(eap_ttls_avp_t, build, void,
{
char zero_padding[] = { 0x00, 0x00, 0x00 };
chunk_t avp_padding;
- u_int8_t avp_flags;
- u_int32_t avp_len;
+ uint8_t avp_flags;
+ uint32_t avp_len;
avp_flags = 0x40;
avp_len = 8 + data.len;
@@ -81,9 +81,9 @@ METHOD(eap_ttls_avp_t, process, status_t,
if (this->process_header)
{
bio_reader_t *header;
- u_int32_t avp_code;
- u_int8_t avp_flags;
- u_int32_t avp_len;
+ uint32_t avp_code;
+ uint8_t avp_flags;
+ uint32_t avp_len;
bool success;
len = min(reader->remaining(reader), AVP_HEADER_LEN - this->inpos);
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
index e0b59a6..be6a081 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
@@ -75,8 +75,8 @@ METHOD(tls_application_t, process, status_t,
eap_packet_t *pkt;
eap_code_t code;
eap_type_t type, received_type;
- u_int32_t vendor, received_vendor;
- u_int16_t eap_len;
+ uint32_t vendor, received_vendor;
+ uint16_t eap_len;
size_t eap_pos = 0;
bool concatenated = FALSE;
@@ -240,7 +240,7 @@ METHOD(tls_application_t, build, status_t,
chunk_t data;
eap_code_t code;
eap_type_t type;
- u_int32_t vendor;
+ uint32_t vendor;
if (this->method == NULL && this->start_phase2)
{
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index 03dfe3d..d3fd2a1 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = error-notify$(EXEEXT)
subdir = src/libcharon/plugins/error_notify
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -211,12 +220,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -266,6 +277,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -300,6 +312,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -411,6 +424,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -473,7 +487,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/error_notify/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/error_notify/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -843,6 +856,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/error_notify/error_notify_listener.c b/src/libcharon/plugins/error_notify/error_notify_listener.c
index ce577c6..be84ec0 100644
--- a/src/libcharon/plugins/error_notify/error_notify_listener.c
+++ b/src/libcharon/plugins/error_notify/error_notify_listener.c
@@ -83,6 +83,11 @@ METHOD(listener_t, alert, bool,
snprintf(msg.str, sizeof(msg.str), "parsing IKE message from "
"%#H failed", message->get_source(message));
break;
+ case ALERT_RETRANSMIT_SEND:
+ msg.type = htonl(ERROR_NOTIFY_RETRANSMIT_SEND);
+ snprintf(msg.str, sizeof(msg.str), "IKE message retransmission "
+ "number %u", va_arg(args, u_int));
+ break;
case ALERT_RETRANSMIT_SEND_TIMEOUT:
msg.type = htonl(ERROR_NOTIFY_RETRANSMIT_SEND_TIMEOUT);
snprintf(msg.str, sizeof(msg.str),
diff --git a/src/libcharon/plugins/error_notify/error_notify_msg.h b/src/libcharon/plugins/error_notify/error_notify_msg.h
index c660802..74b5908 100644
--- a/src/libcharon/plugins/error_notify/error_notify_msg.h
+++ b/src/libcharon/plugins/error_notify/error_notify_msg.h
@@ -48,6 +48,7 @@ enum {
ERROR_NOTIFY_CERT_EXPIRED = 17,
ERROR_NOTIFY_CERT_REVOKED = 18,
ERROR_NOTIFY_NO_ISSUER_CERT = 19,
+ ERROR_NOTIFY_RETRANSMIT_SEND = 20,
};
/**
diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in
index fce2e8e..c49c55f 100644
--- a/src/libcharon/plugins/ext_auth/Makefile.in
+++ b/src/libcharon/plugins/ext_auth/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/ext_auth
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index 2afc5ad..4674a78 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/farp
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/farp/farp_listener.c b/src/libcharon/plugins/farp/farp_listener.c
index 87c8435..e19fc59 100644
--- a/src/libcharon/plugins/farp/farp_listener.c
+++ b/src/libcharon/plugins/farp/farp_listener.c
@@ -50,7 +50,7 @@ typedef struct {
/** list of remote selectors */
linked_list_t *remote;
/** reqid of CHILD_SA */
- u_int32_t reqid;
+ uint32_t reqid;
} entry_t;
METHOD(listener_t, child_updown, bool,
diff --git a/src/libcharon/plugins/farp/farp_spoofer.c b/src/libcharon/plugins/farp/farp_spoofer.c
index 9f66d74..c2715bd 100644
--- a/src/libcharon/plugins/farp/farp_spoofer.c
+++ b/src/libcharon/plugins/farp/farp_spoofer.c
@@ -54,15 +54,15 @@ struct private_farp_spoofer_t {
* IP over Ethernet ARP message
*/
typedef struct __attribute__((packed)) {
- u_int16_t hardware_type;
- u_int16_t protocol_type;
- u_int8_t hardware_size;
- u_int8_t protocol_size;
- u_int16_t opcode;
- u_int8_t sender_mac[6];
- u_int8_t sender_ip[4];
- u_int8_t target_mac[6];
- u_int8_t target_ip[4];
+ uint16_t hardware_type;
+ uint16_t protocol_type;
+ uint8_t hardware_size;
+ uint8_t protocol_size;
+ uint16_t opcode;
+ uint8_t sender_mac[6];
+ uint8_t sender_ip[4];
+ uint8_t target_mac[6];
+ uint8_t target_ip[4];
} arp_t;
/**
diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in
index 4f2a407..d29134f 100644
--- a/src/libcharon/plugins/forecast/Makefile.in
+++ b/src/libcharon/plugins/forecast/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/forecast
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +417,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -464,7 +478,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/forecast/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/forecast/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -779,6 +792,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/forecast/forecast_forwarder.c b/src/libcharon/plugins/forecast/forecast_forwarder.c
index 40aaa7f..ce39097 100644
--- a/src/libcharon/plugins/forecast/forecast_forwarder.c
+++ b/src/libcharon/plugins/forecast/forecast_forwarder.c
@@ -55,7 +55,7 @@ struct private_kernel_listener_t {
/**
* current broadcast address of internal network
*/
- u_int32_t broadcast;
+ uint32_t broadcast;
/**
* LAN interface index
@@ -105,7 +105,7 @@ static void send_net(private_forecast_forwarder_t *this,
/**
* Send a broadcast/multicast packet to a peer
*/
-static void send_peer(private_forecast_forwarder_t *this, u_int32_t dst,
+static void send_peer(private_forecast_forwarder_t *this, uint32_t dst,
void *buf, size_t len, int mark)
{
struct sockaddr_in addr = {
@@ -317,7 +317,7 @@ static void join_groups(private_kernel_listener_t *this, struct sockaddr *addr)
/**
* Attach the socket filter to the socket
*/
-static bool attach_filter(int fd, u_int32_t broadcast)
+static bool attach_filter(int fd, uint32_t broadcast)
{
struct sock_filter filter_code[] = {
/* destination address: is ... */
diff --git a/src/libcharon/plugins/forecast/forecast_listener.c b/src/libcharon/plugins/forecast/forecast_listener.c
index 8f7f260..3f252db 100644
--- a/src/libcharon/plugins/forecast/forecast_listener.c
+++ b/src/libcharon/plugins/forecast/forecast_listener.c
@@ -67,7 +67,7 @@ struct private_forecast_listener_t {
/**
* Broadcast address on LAN interface, network order
*/
- u_int32_t broadcast;
+ uint32_t broadcast;
};
/**
@@ -85,13 +85,13 @@ typedef struct {
/** remote IKE_SA endpoint */
host_t *rhost;
/** inbound SPI */
- u_int32_t spi;
+ uint32_t spi;
/** use UDP encapsulation */
bool encap;
/** whether we should allow reencapsulation of IPsec received forecasts */
bool reinject;
/** broadcast address used for that entry */
- u_int32_t broadcast;
+ uint32_t broadcast;
} entry_t;
/**
@@ -115,7 +115,7 @@ static void entry_destroy(entry_t *entry)
static bool ts2in(traffic_selector_t *ts,
struct in_addr *addr, struct in_addr *mask)
{
- u_int8_t bits;
+ uint8_t bits;
host_t *net;
if (ts->get_type(ts) == TS_IPV4_ADDR_RANGE &&
@@ -179,12 +179,12 @@ static bool manage_rule(struct iptc_handle *ipth, const char *chain,
static bool manage_pre_esp_in_udp(struct iptc_handle *ipth,
entry_t *entry, bool add)
{
- u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
+ uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
XT_ALIGN(sizeof(struct xt_udp));
- u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
- u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
+ uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
+ uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
XT_ALIGN(sizeof(struct xt_mark_tginfo2));
- u_int16_t entry_size = target_offset + target_size;
+ uint16_t entry_size = target_offset + target_size;
u_char ipt[entry_size], *pos = ipt;
struct ipt_entry *e;
@@ -240,12 +240,12 @@ static bool manage_pre_esp_in_udp(struct iptc_handle *ipth,
*/
static bool manage_pre_esp(struct iptc_handle *ipth, entry_t *entry, bool add)
{
- u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
+ uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) +
XT_ALIGN(sizeof(struct xt_esp));
- u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
- u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
+ uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size;
+ uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
XT_ALIGN(sizeof(struct xt_mark_tginfo2));
- u_int16_t entry_size = target_offset + target_size;
+ uint16_t entry_size = target_offset + target_size;
u_char ipt[entry_size], *pos = ipt;
struct ipt_entry *e;
@@ -306,10 +306,10 @@ static bool manage_pre(struct iptc_handle *ipth, entry_t *entry, bool add)
*/
static bool manage_out(struct iptc_handle *ipth, entry_t *entry, bool add)
{
- u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry));
- u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
+ uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry));
+ uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) +
XT_ALIGN(sizeof(struct xt_mark_tginfo2));
- u_int16_t entry_size = target_offset + target_size;
+ uint16_t entry_size = target_offset + target_size;
u_char ipt[entry_size], *pos = ipt;
struct ipt_entry *e;
@@ -617,7 +617,7 @@ METHOD(listener_t, ike_update, bool,
* Filter to map entries to ts/mark
*/
static bool ts_filter(entry_t *entry, traffic_selector_t **ts,
- traffic_selector_t **out, void *dummy, u_int32_t *mark,
+ traffic_selector_t **out, void *dummy, uint32_t *mark,
void *dummy2, bool *reinject)
{
*out = *ts;
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index 677c36a..420b8bd 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/ha
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -472,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -796,6 +809,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/ha/ha_attribute.c b/src/libcharon/plugins/ha/ha_attribute.c
index 2b271a8..b20ef87 100644
--- a/src/libcharon/plugins/ha/ha_attribute.c
+++ b/src/libcharon/plugins/ha/ha_attribute.c
@@ -83,7 +83,7 @@ static host_t* offset2host(pool_t *pool, int offset)
{
chunk_t addr;
host_t *host;
- u_int32_t *pos;
+ uint32_t *pos;
if (offset > pool->size)
{
@@ -93,11 +93,11 @@ static host_t* offset2host(pool_t *pool, int offset)
addr = chunk_clone(pool->base->get_address(pool->base));
if (pool->base->get_family(pool->base) == AF_INET6)
{
- pos = (u_int32_t*)(addr.ptr + 12);
+ pos = (uint32_t*)(addr.ptr + 12);
}
else
{
- pos = (u_int32_t*)addr.ptr;
+ pos = (uint32_t*)addr.ptr;
}
*pos = htonl(offset + ntohl(*pos));
host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0);
@@ -111,7 +111,7 @@ static host_t* offset2host(pool_t *pool, int offset)
static int host2offset(pool_t *pool, host_t *addr)
{
chunk_t host, base;
- u_int32_t hosti, basei;
+ uint32_t hosti, basei;
if (addr->get_family(addr) != pool->base->get_family(pool->base))
{
@@ -129,8 +129,8 @@ static int host2offset(pool_t *pool, host_t *addr)
host = chunk_skip(host, 12);
base = chunk_skip(base, 12);
}
- hosti = ntohl(*(u_int32_t*)(host.ptr));
- basei = ntohl(*(u_int32_t*)(base.ptr));
+ hosti = ntohl(*(uint32_t*)(host.ptr));
+ basei = ntohl(*(uint32_t*)(base.ptr));
if (hosti > basei + pool->size)
{
return -1;
diff --git a/src/libcharon/plugins/ha/ha_cache.c b/src/libcharon/plugins/ha/ha_cache.c
index 0650f7f..8394eb7 100644
--- a/src/libcharon/plugins/ha/ha_cache.c
+++ b/src/libcharon/plugins/ha/ha_cache.c
@@ -186,11 +186,13 @@ METHOD(ha_cache_t, delete_, void,
{
entry_t *entry;
+ this->mutex->lock(this->mutex);
entry = this->cache->remove(this->cache, ike_sa);
if (entry)
{
entry_destroy(entry);
}
+ this->mutex->unlock(this->mutex);
}
/**
@@ -204,7 +206,7 @@ static status_t rekey_children(ike_sa_t *ike_sa)
linked_list_t *children;
struct {
protocol_id_t protocol;
- u_int32_t spi;
+ uint32_t spi;
} *info;
children = linked_list_create();
diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c
index 7dafb16..8c9f66a 100644
--- a/src/libcharon/plugins/ha/ha_child.c
+++ b/src/libcharon/plugins/ha/ha_child.c
@@ -55,7 +55,7 @@ METHOD(listener_t, child_keys, bool,
ha_message_t *m;
chunk_t secret;
proposal_t *proposal;
- u_int16_t alg, len;
+ uint16_t alg, len;
linked_list_t *local_ts, *remote_ts;
enumerator_t *enumerator;
traffic_selector_t *ts;
@@ -69,7 +69,7 @@ METHOD(listener_t, child_keys, bool,
m = ha_message_create(HA_CHILD_ADD);
m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
- m->add_attribute(m, HA_INITIATOR, (u_int8_t)initiator);
+ m->add_attribute(m, HA_INITIATOR, (uint8_t)initiator);
m->add_attribute(m, HA_INBOUND_SPI, child_sa->get_spi(child_sa, TRUE));
m->add_attribute(m, HA_OUTBOUND_SPI, child_sa->get_spi(child_sa, FALSE));
m->add_attribute(m, HA_INBOUND_CPI, child_sa->get_cpi(child_sa, TRUE));
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index ce90f5b..ee66b84 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -131,8 +131,8 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
enumerator_t *enumerator;
ike_sa_t *ike_sa = NULL, *old_sa = NULL;
ike_version_t version = IKEV2;
- u_int16_t encr = 0, len = 0, integ = 0, prf = 0, old_prf = PRF_UNDEFINED;
- u_int16_t dh_grp = 0;
+ uint16_t encr = 0, len = 0, integ = 0, prf = 0, old_prf = PRF_UNDEFINED;
+ uint16_t dh_grp = 0;
chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty;
chunk_t secret = chunk_empty, old_skd = chunk_empty;
chunk_t dh_local = chunk_empty, dh_remote = chunk_empty, psk = chunk_empty;
@@ -486,7 +486,7 @@ static void process_ike_mid(private_ha_dispatcher_t *this,
ha_message_value_t value;
enumerator_t *enumerator;
ike_sa_t *ike_sa = NULL;
- u_int32_t mid = 0;
+ uint32_t mid = 0;
enumerator = message->create_attribute_enumerator(message);
while (enumerator->enumerate(enumerator, &attribute, &value))
@@ -652,11 +652,11 @@ static void process_child_add(private_ha_dispatcher_t *this,
child_sa_t *child_sa;
proposal_t *proposal;
bool initiator = FALSE, failed = FALSE, ok = FALSE;
- u_int32_t inbound_spi = 0, outbound_spi = 0;
- u_int16_t inbound_cpi = 0, outbound_cpi = 0;
- u_int8_t mode = MODE_TUNNEL, ipcomp = 0;
- u_int16_t encr = 0, integ = 0, len = 0, dh_grp = 0;
- u_int16_t esn = NO_EXT_SEQ_NUMBERS;
+ uint32_t inbound_spi = 0, outbound_spi = 0;
+ uint16_t inbound_cpi = 0, outbound_cpi = 0;
+ uint8_t mode = MODE_TUNNEL, ipcomp = 0;
+ uint16_t encr = 0, integ = 0, len = 0, dh_grp = 0;
+ uint16_t esn = NO_EXT_SEQ_NUMBERS;
u_int seg_i, seg_o;
chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty, secret = chunk_empty;
chunk_t encr_i, integ_i, encr_r, integ_r;
@@ -777,7 +777,7 @@ static void process_child_add(private_ha_dispatcher_t *this,
if (ike_sa->get_version(ike_sa) == IKEV1)
{
keymat_v1_t *keymat_v1 = (keymat_v1_t*)ike_sa->get_keymat(ike_sa);
- u_int32_t spi_i, spi_r;
+ uint32_t spi_i, spi_r;
spi_i = initiator ? inbound_spi : outbound_spi;
spi_r = initiator ? outbound_spi : inbound_spi;
@@ -889,7 +889,7 @@ static void process_child_delete(private_ha_dispatcher_t *this,
enumerator_t *enumerator;
ike_sa_t *ike_sa = NULL;
child_sa_t *child_sa;
- u_int32_t spi = 0;
+ uint32_t spi = 0;
enumerator = message->create_attribute_enumerator(message);
while (enumerator->enumerate(enumerator, &attribute, &value))
diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c
index 3ffcaee..992ccb0 100644
--- a/src/libcharon/plugins/ha/ha_ike.c
+++ b/src/libcharon/plugins/ha/ha_ike.c
@@ -78,7 +78,7 @@ METHOD(listener_t, ike_keys, bool,
ha_message_t *m;
chunk_t secret;
proposal_t *proposal;
- u_int16_t alg, len;
+ uint16_t alg, len;
if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
{ /* do not sync SA between nodes */
@@ -168,7 +168,7 @@ METHOD(listener_t, ike_updown, bool,
{
enumerator_t *enumerator;
peer_cfg_t *peer_cfg;
- u_int32_t extension, condition;
+ uint32_t extension, condition;
host_t *addr;
ike_sa_id_t *id;
identification_t *eap_id;
@@ -349,7 +349,7 @@ METHOD(listener_t, message_hook, bool,
ha_message_t *m;
notify_payload_t *notify;
chunk_t data;
- u_int32_t seq;
+ uint32_t seq;
notify = message->get_notify(message, DPD_R_U_THERE);
if (notify)
diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c
index bd43dc3..061741e 100644
--- a/src/libcharon/plugins/ha/ha_kernel.c
+++ b/src/libcharon/plugins/ha/ha_kernel.c
@@ -15,8 +15,8 @@
#include "ha_kernel.h"
-typedef u_int32_t u32;
-typedef u_int8_t u8;
+typedef uint32_t u32;
+typedef uint8_t u8;
#include <sys/utsname.h>
#include <string.h>
@@ -115,9 +115,9 @@ static jhash_version_t get_jhash_version()
/**
* jhash algorithm of two words, as used in kernel (using 0 as initval)
*/
-static u_int32_t jhash(jhash_version_t version, u_int32_t a, u_int32_t b)
+static uint32_t jhash(jhash_version_t version, uint32_t a, uint32_t b)
{
- u_int32_t c = 0;
+ uint32_t c = 0;
switch (version)
{
@@ -162,7 +162,7 @@ static u_int32_t jhash(jhash_version_t version, u_int32_t a, u_int32_t b)
/**
* Segmentate a calculated hash
*/
-static u_int hash2segment(private_ha_kernel_t *this, u_int64_t hash)
+static u_int hash2segment(private_ha_kernel_t *this, uint64_t hash)
{
return ((hash * this->count) >> 32) + 1;
}
@@ -170,11 +170,11 @@ static u_int hash2segment(private_ha_kernel_t *this, u_int64_t hash)
/**
* Get a host as an integer for hashing
*/
-static u_int32_t host2int(host_t *host)
+static uint32_t host2int(host_t *host)
{
if (host->get_family(host) == AF_INET)
{
- return *(u_int32_t*)host->get_address(host).ptr;
+ return *(uint32_t*)host->get_address(host).ptr;
}
return 0;
}
@@ -183,7 +183,7 @@ METHOD(ha_kernel_t, get_segment, u_int,
private_ha_kernel_t *this, host_t *host)
{
unsigned long hash;
- u_int32_t addr;
+ uint32_t addr;
addr = host2int(host);
hash = jhash(this->version, ntohl(addr), 0);
@@ -192,10 +192,10 @@ METHOD(ha_kernel_t, get_segment, u_int,
}
METHOD(ha_kernel_t, get_segment_spi, u_int,
- private_ha_kernel_t *this, host_t *host, u_int32_t spi)
+ private_ha_kernel_t *this, host_t *host, uint32_t spi)
{
unsigned long hash;
- u_int32_t addr;
+ uint32_t addr;
addr = host2int(host);
hash = jhash(this->version, ntohl(addr), ntohl(spi));
diff --git a/src/libcharon/plugins/ha/ha_kernel.h b/src/libcharon/plugins/ha/ha_kernel.h
index 7b56f1e..bd0a382 100644
--- a/src/libcharon/plugins/ha/ha_kernel.h
+++ b/src/libcharon/plugins/ha/ha_kernel.h
@@ -45,7 +45,7 @@ struct ha_kernel_t {
* @param spi SPI to include in hash
* @return segment number
*/
- u_int (*get_segment_spi)(ha_kernel_t *this, host_t *host, u_int32_t spi);
+ u_int (*get_segment_spi)(ha_kernel_t *this, host_t *host, uint32_t spi);
/**
* Get the segment an arbitrary integer is in.
diff --git a/src/libcharon/plugins/ha/ha_message.c b/src/libcharon/plugins/ha/ha_message.c
index b40219c..42dfaf0 100644
--- a/src/libcharon/plugins/ha/ha_message.c
+++ b/src/libcharon/plugins/ha/ha_message.c
@@ -67,10 +67,10 @@ typedef struct ike_sa_id_encoding_t ike_sa_id_encoding_t;
* Encoding if an ike_sa_id_t
*/
struct ike_sa_id_encoding_t {
- u_int8_t ike_version;
- u_int64_t initiator_spi;
- u_int64_t responder_spi;
- u_int8_t initiator;
+ uint8_t ike_version;
+ uint64_t initiator_spi;
+ uint64_t responder_spi;
+ uint8_t initiator;
} __attribute__((packed));
typedef struct identification_encoding_t identification_encoding_t;
@@ -79,8 +79,8 @@ typedef struct identification_encoding_t identification_encoding_t;
* Encoding of a identification_t
*/
struct identification_encoding_t {
- u_int8_t type;
- u_int8_t len;
+ uint8_t type;
+ uint8_t len;
char encoding[];
} __attribute__((packed));
@@ -90,8 +90,8 @@ typedef struct host_encoding_t host_encoding_t;
* encoding of a host_t
*/
struct host_encoding_t {
- u_int16_t port;
- u_int8_t family;
+ uint16_t port;
+ uint8_t family;
char encoding[];
} __attribute__((packed));
@@ -101,11 +101,11 @@ typedef struct ts_encoding_t ts_encoding_t;
* encoding of a traffic_selector_t
*/
struct ts_encoding_t {
- u_int8_t type;
- u_int8_t protocol;
- u_int16_t from_port;
- u_int16_t to_port;
- u_int8_t dynamic;
+ uint8_t type;
+ uint8_t protocol;
+ uint16_t from_port;
+ uint16_t to_port;
+ uint8_t dynamic;
char encoding[];
} __attribute__((packed));
@@ -139,9 +139,9 @@ METHOD(ha_message_t, add_attribute, void,
size_t len;
va_list args;
- check_buf(this, sizeof(u_int8_t));
+ check_buf(this, sizeof(uint8_t));
this->buf.ptr[this->buf.len] = attribute;
- this->buf.len += sizeof(u_int8_t);
+ this->buf.len += sizeof(uint8_t);
va_start(args, attribute);
switch (attribute)
@@ -215,13 +215,13 @@ METHOD(ha_message_t, add_attribute, void,
this->buf.len += len;
break;
}
- /* u_int8_t */
+ /* uint8_t */
case HA_IKE_VERSION:
case HA_INITIATOR:
case HA_IPSEC_MODE:
case HA_IPCOMP:
{
- u_int8_t val;
+ uint8_t val;
val = va_arg(args, u_int);
check_buf(this, sizeof(val));
@@ -229,7 +229,7 @@ METHOD(ha_message_t, add_attribute, void,
this->buf.len += sizeof(val);
break;
}
- /* u_int16_t */
+ /* uint16_t */
case HA_ALG_DH:
case HA_ALG_PRF:
case HA_ALG_OLD_PRF:
@@ -241,26 +241,26 @@ METHOD(ha_message_t, add_attribute, void,
case HA_SEGMENT:
case HA_ESN:
{
- u_int16_t val;
+ uint16_t val;
val = va_arg(args, u_int);
check_buf(this, sizeof(val));
- *(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(val);
+ *(uint16_t*)(this->buf.ptr + this->buf.len) = htons(val);
this->buf.len += sizeof(val);
break;
}
- /** u_int32_t */
+ /** uint32_t */
case HA_CONDITIONS:
case HA_EXTENSIONS:
case HA_INBOUND_SPI:
case HA_OUTBOUND_SPI:
case HA_MID:
{
- u_int32_t val;
+ uint32_t val;
val = va_arg(args, u_int);
check_buf(this, sizeof(val));
- *(u_int32_t*)(this->buf.ptr + this->buf.len) = htonl(val);
+ *(uint32_t*)(this->buf.ptr + this->buf.len) = htonl(val);
this->buf.len += sizeof(val);
break;
}
@@ -277,11 +277,11 @@ METHOD(ha_message_t, add_attribute, void,
chunk_t chunk;
chunk = va_arg(args, chunk_t);
- check_buf(this, chunk.len + sizeof(u_int16_t));
- *(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(chunk.len);
- memcpy(this->buf.ptr + this->buf.len + sizeof(u_int16_t),
+ check_buf(this, chunk.len + sizeof(uint16_t));
+ *(uint16_t*)(this->buf.ptr + this->buf.len) = htons(chunk.len);
+ memcpy(this->buf.ptr + this->buf.len + sizeof(uint16_t),
chunk.ptr, chunk.len);
- this->buf.len += chunk.len + sizeof(u_int16_t);;
+ this->buf.len += chunk.len + sizeof(uint16_t);;
break;
}
/** traffic_selector_t */
@@ -309,7 +309,7 @@ METHOD(ha_message_t, add_attribute, void,
default:
{
DBG1(DBG_CFG, "unable to encode, attribute %d unknown", attribute);
- this->buf.len -= sizeof(u_int8_t);
+ this->buf.len -= sizeof(uint8_t);
break;
}
}
@@ -435,22 +435,22 @@ METHOD(enumerator_t, attribute_enumerate, bool,
this->buf = chunk_skip(this->buf, len + 1);
return TRUE;
}
- /* u_int8_t */
+ /* uint8_t */
case HA_IKE_VERSION:
case HA_INITIATOR:
case HA_IPSEC_MODE:
case HA_IPCOMP:
{
- if (this->buf.len < sizeof(u_int8_t))
+ if (this->buf.len < sizeof(uint8_t))
{
return FALSE;
}
- value->u8 = *(u_int8_t*)this->buf.ptr;
+ value->u8 = *(uint8_t*)this->buf.ptr;
*attr_out = attr;
- this->buf = chunk_skip(this->buf, sizeof(u_int8_t));
+ this->buf = chunk_skip(this->buf, sizeof(uint8_t));
return TRUE;
}
- /** u_int16_t */
+ /** uint16_t */
case HA_ALG_DH:
case HA_ALG_PRF:
case HA_ALG_OLD_PRF:
@@ -462,29 +462,29 @@ METHOD(enumerator_t, attribute_enumerate, bool,
case HA_SEGMENT:
case HA_ESN:
{
- if (this->buf.len < sizeof(u_int16_t))
+ if (this->buf.len < sizeof(uint16_t))
{
return FALSE;
}
- value->u16 = ntohs(*(u_int16_t*)this->buf.ptr);
+ value->u16 = ntohs(*(uint16_t*)this->buf.ptr);
*attr_out = attr;
- this->buf = chunk_skip(this->buf, sizeof(u_int16_t));
+ this->buf = chunk_skip(this->buf, sizeof(uint16_t));
return TRUE;
}
- /** u_int32_t */
+ /** uint32_t */
case HA_CONDITIONS:
case HA_EXTENSIONS:
case HA_INBOUND_SPI:
case HA_OUTBOUND_SPI:
case HA_MID:
{
- if (this->buf.len < sizeof(u_int32_t))
+ if (this->buf.len < sizeof(uint32_t))
{
return FALSE;
}
- value->u32 = ntohl(*(u_int32_t*)this->buf.ptr);
+ value->u32 = ntohl(*(uint32_t*)this->buf.ptr);
*attr_out = attr;
- this->buf = chunk_skip(this->buf, sizeof(u_int32_t));
+ this->buf = chunk_skip(this->buf, sizeof(uint32_t));
return TRUE;
}
/** chunk_t */
@@ -499,12 +499,12 @@ METHOD(enumerator_t, attribute_enumerate, bool,
{
size_t len;
- if (this->buf.len < sizeof(u_int16_t))
+ if (this->buf.len < sizeof(uint16_t))
{
return FALSE;
}
- len = ntohs(*(u_int16_t*)this->buf.ptr);
- this->buf = chunk_skip(this->buf, sizeof(u_int16_t));
+ len = ntohs(*(uint16_t*)this->buf.ptr);
+ this->buf = chunk_skip(this->buf, sizeof(uint16_t));
if (this->buf.len < len)
{
return FALSE;
diff --git a/src/libcharon/plugins/ha/ha_message.h b/src/libcharon/plugins/ha/ha_message.h
index fe1786e..630c8af 100644
--- a/src/libcharon/plugins/ha/ha_message.h
+++ b/src/libcharon/plugins/ha/ha_message.h
@@ -92,9 +92,9 @@ enum ha_message_attribute_t {
HA_REMOTE_ADDR,
/** char*, name of configuration */
HA_CONFIG_NAME,
- /** u_int32_t, bitset of ike_condition_t */
+ /** uint32_t, bitset of ike_condition_t */
HA_CONDITIONS,
- /** u_int32_t, bitset of ike_extension_t */
+ /** uint32_t, bitset of ike_extension_t */
HA_EXTENSIONS,
/** host_t*, local virtual IP */
HA_LOCAL_VIP,
@@ -102,7 +102,7 @@ enum ha_message_attribute_t {
HA_REMOTE_VIP,
/** host_t*, known peer addresses (used for MOBIKE) */
HA_PEER_ADDR,
- /** u_int8_t, initiator of an exchange, TRUE for local */
+ /** uint8_t, initiator of an exchange, TRUE for local */
HA_INITIATOR,
/** chunk_t, initiators nonce */
HA_NONCE_I,
@@ -112,41 +112,41 @@ enum ha_message_attribute_t {
HA_SECRET,
/** chunk_t, SKd of old SA if rekeying */
HA_OLD_SKD,
- /** u_int16_t, pseudo random function */
+ /** uint16_t, pseudo random function */
HA_ALG_PRF,
- /** u_int16_t, old pseudo random function if rekeying */
+ /** uint16_t, old pseudo random function if rekeying */
HA_ALG_OLD_PRF,
- /** u_int16_t, encryption algorithm */
+ /** uint16_t, encryption algorithm */
HA_ALG_ENCR,
- /** u_int16_t, encryption key size in bytes */
+ /** uint16_t, encryption key size in bytes */
HA_ALG_ENCR_LEN,
- /** u_int16_t, integrity protection algorithm */
+ /** uint16_t, integrity protection algorithm */
HA_ALG_INTEG,
- /** u_int16_t, DH group */
+ /** uint16_t, DH group */
HA_ALG_DH,
- /** u_int8_t, IPsec mode, TUNNEL|TRANSPORT|... */
+ /** uint8_t, IPsec mode, TUNNEL|TRANSPORT|... */
HA_IPSEC_MODE,
- /** u_int8_t, IPComp protocol */
+ /** uint8_t, IPComp protocol */
HA_IPCOMP,
- /** u_int32_t, inbound security parameter index */
+ /** uint32_t, inbound security parameter index */
HA_INBOUND_SPI,
- /** u_int32_t, outbound security parameter index */
+ /** uint32_t, outbound security parameter index */
HA_OUTBOUND_SPI,
- /** u_int16_t, inbound security parameter index */
+ /** uint16_t, inbound security parameter index */
HA_INBOUND_CPI,
- /** u_int16_t, outbound security parameter index */
+ /** uint16_t, outbound security parameter index */
HA_OUTBOUND_CPI,
/** traffic_selector_t*, local traffic selector */
HA_LOCAL_TS,
/** traffic_selector_t*, remote traffic selector */
HA_REMOTE_TS,
- /** u_int32_t, message ID */
+ /** uint32_t, message ID */
HA_MID,
- /** u_int16_t, HA segment */
+ /** uint16_t, HA segment */
HA_SEGMENT,
- /** u_int16_t, Extended Sequence numbers */
+ /** uint16_t, Extended Sequence numbers */
HA_ESN,
- /** u_int8_t, IKE version */
+ /** uint8_t, IKE version */
HA_IKE_VERSION,
/** chunk_t, own DH public value */
HA_LOCAL_DH,
@@ -162,9 +162,9 @@ enum ha_message_attribute_t {
* Union to enumerate typed attributes in a message
*/
union ha_message_value_t {
- u_int8_t u8;
- u_int16_t u16;
- u_int32_t u32;
+ uint8_t u8;
+ uint16_t u16;
+ uint32_t u32;
char *str;
chunk_t chunk;
ike_sa_id_t *ike_sa_id;
diff --git a/src/libcharon/plugins/ha/ha_segments.h b/src/libcharon/plugins/ha/ha_segments.h
index 76da380..31d47e3 100644
--- a/src/libcharon/plugins/ha/ha_segments.h
+++ b/src/libcharon/plugins/ha/ha_segments.h
@@ -25,7 +25,7 @@
typedef struct ha_segments_t ha_segments_t;
-typedef u_int16_t segment_mask_t;
+typedef uint16_t segment_mask_t;
/**
* maximum number of segments
diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c
index dd23993..a0e5146 100644
--- a/src/libcharon/plugins/ha/ha_tunnel.c
+++ b/src/libcharon/plugins/ha/ha_tunnel.c
@@ -79,7 +79,7 @@ struct private_ha_tunnel_t {
/**
* Reqid of installed trap
*/
- u_int32_t trap;
+ uint32_t trap;
/**
* backend for HA SA
@@ -183,10 +183,22 @@ static void setup_tunnel(private_ha_tunnel_t *this,
auth_cfg_t *auth_cfg;
child_cfg_t *child_cfg;
traffic_selector_t *ts;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = 21600, .rekey = 20400, .jitter = 400,
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_NEVER_SEND,
+ .unique = UNIQUE_KEEP,
+ .rekey_time = 86400, /* 24h */
+ .jitter_time = 7200, /* 2h */
+ .over_time = 3600, /* 1h */
+ .no_mobike = TRUE,
+ .dpd = 30,
+ };
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = 21600, .rekey = 20400, .jitter = 400,
+ },
},
+ .mode = MODE_TRANSPORT,
};
/* setup credentials */
@@ -208,9 +220,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
- peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND,
- UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE,
- TRUE, 30, 0, FALSE, NULL, NULL);
+ peer_cfg = peer_cfg_create("ha", ike_cfg, &peer);
auth_cfg = auth_cfg_create();
auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
@@ -224,9 +234,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
identification_create_from_string(remote));
peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
- child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT,
- ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
- 0, 0, NULL, NULL, 0);
+ child_cfg = child_cfg_create("ha", &child);
ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index 0b7a291..38a63ea 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/ipseckey
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ipseckey/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/ipseckey/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/ipseckey/ipseckey.c b/src/libcharon/plugins/ipseckey/ipseckey.c
index ca126d7..5ca1e27 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey.c
@@ -34,17 +34,17 @@ struct private_ipseckey_t {
/**
* Precedence
*/
- u_int8_t precedence;
+ uint8_t precedence;
/**
* Gateway type
*/
- u_int8_t gateway_type;
+ uint8_t gateway_type;
/**
* Algorithm
*/
- u_int8_t algorithm;
+ uint8_t algorithm;
/**
* Gateway
@@ -57,7 +57,7 @@ struct private_ipseckey_t {
chunk_t public_key;
};
-METHOD(ipseckey_t, get_precedence, u_int8_t,
+METHOD(ipseckey_t, get_precedence, uint8_t,
private_ipseckey_t *this)
{
return this->precedence;
@@ -102,7 +102,7 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
{
private_ipseckey_t *this;
bio_reader_t *reader = NULL;
- u_int8_t label;
+ uint8_t label;
chunk_t tmp;
INIT(this,
diff --git a/src/libcharon/plugins/ipseckey/ipseckey.h b/src/libcharon/plugins/ipseckey/ipseckey.h
index 5885dae..b19ec89 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey.h
+++ b/src/libcharon/plugins/ipseckey/ipseckey.h
@@ -85,7 +85,7 @@ struct ipseckey_t {
*
* @return precedence
*/
- u_int8_t (*get_precedence)(ipseckey_t *this);
+ uint8_t (*get_precedence)(ipseckey_t *this);
/**
* Get the type of the gateway.
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
index 3ff6dd8..6c041ce 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
@@ -136,7 +136,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
rr_set_t *rrset;
rr_t *rrsig;
bio_reader_t *reader;
- u_int32_t nBefore, nAfter;
+ uint32_t nBefore, nAfter;
chunk_t ignore;
char *fqdn;
diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in
index de5bfd5..19e7701 100644
--- a/src/libcharon/plugins/kernel_iph/Makefile.in
+++ b/src/libcharon/plugins/kernel_iph/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/kernel_iph
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_iph/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/kernel_iph/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/kernel_iph/kernel_iph_net.c b/src/libcharon/plugins/kernel_iph/kernel_iph_net.c
index 6a8a968..efeb980 100644
--- a/src/libcharon/plugins/kernel_iph/kernel_iph_net.c
+++ b/src/libcharon/plugins/kernel_iph/kernel_iph_net.c
@@ -562,7 +562,8 @@ METHOD(kernel_net_t, get_source_addr, host_t*,
}
METHOD(kernel_net_t, get_nexthop, host_t*,
- private_kernel_iph_net_t *this, host_t *dest, int prefix, host_t *src)
+ private_kernel_iph_net_t *this, host_t *dest, int prefix, host_t *src,
+ char **iface)
{
MIB_IPFORWARD_ROW2 route;
SOCKADDR_INET best, *sai_dst, *sai_src = NULL;
@@ -592,6 +593,10 @@ METHOD(kernel_net_t, get_nexthop, host_t*,
{
if (!nexthop->is_anyaddr(nexthop))
{
+ if (iface)
+ {
+ *iface = NULL;
+ }
return nexthop;
}
nexthop->destroy(nexthop);
@@ -617,7 +622,7 @@ METHOD(kernel_net_t, del_ip, status_t,
* Add or remove a route
*/
static status_t manage_route(private_kernel_iph_net_t *this, bool add,
- chunk_t dst, u_int8_t prefixlen, host_t *gtw, char *name)
+ chunk_t dst, uint8_t prefixlen, host_t *gtw, char *name)
{
MIB_IPFORWARD_ROW2 row = {
.DestinationPrefix = {
@@ -705,14 +710,14 @@ static status_t manage_route(private_kernel_iph_net_t *this, bool add,
}
METHOD(kernel_net_t, add_route, status_t,
- private_kernel_iph_net_t *this, chunk_t dst, u_int8_t prefixlen,
+ private_kernel_iph_net_t *this, chunk_t dst, uint8_t prefixlen,
host_t *gateway, host_t *src, char *name)
{
return manage_route(this, TRUE, dst, prefixlen, gateway, name);
}
METHOD(kernel_net_t, del_route, status_t,
- private_kernel_iph_net_t *this, chunk_t dst, u_int8_t prefixlen,
+ private_kernel_iph_net_t *this, chunk_t dst, uint8_t prefixlen,
host_t *gateway, host_t *src, char *name)
{
return manage_route(this, FALSE, dst, prefixlen, gateway, name);
diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in
index 018a25a..9bfdb95 100644
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.in
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/kernel_libipsec
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_libipsec/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/kernel_libipsec/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -781,6 +794,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
index 4c8771e..77e37e2 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
@@ -108,7 +108,7 @@ struct route_entry_t {
/** Destination net */
chunk_t dst_net;
/** Destination net prefixlen */
- u_int8_t prefixlen;
+ uint8_t prefixlen;
/** Reference to exclude route, if any */
exclude_route_t *exclude;
};
@@ -151,15 +151,15 @@ typedef struct policy_entry_t policy_entry_t;
*/
struct policy_entry_t {
/** Direction of this policy: in, out, forward */
- u_int8_t direction;
+ uint8_t direction;
/** Parameters of installed policy */
struct {
/** Subnet and port */
host_t *net;
/** Subnet mask */
- u_int8_t mask;
+ uint8_t mask;
/** Protocol */
- u_int8_t proto;
+ uint8_t proto;
} src, dst;
/** Associated route installed for this policy */
route_entry_t *route;
@@ -222,7 +222,7 @@ static inline bool policy_entry_equals(policy_entry_t *a,
/**
* Expiration callback
*/
-static void expire(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard)
+static void expire(uint8_t protocol, uint32_t spi, host_t *dst, bool hard)
{
charon->kernel->expire(charon->kernel, protocol, spi, dst, hard);
}
@@ -235,55 +235,51 @@ METHOD(kernel_ipsec_t, get_features, kernel_feature_t,
METHOD(kernel_ipsec_t, get_spi, status_t,
private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi)
+ uint8_t protocol, uint32_t *spi)
{
return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, spi);
}
METHOD(kernel_ipsec_t, get_cpi, status_t,
private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi)
+ uint16_t *cpi)
{
return NOT_SUPPORTED;
}
METHOD(kernel_ipsec_t, add_sa, status_t,
- private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
- u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound, bool update,
- linked_list_t *src_ts, linked_list_t *dst_ts)
+ private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data)
{
- return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark,
- tfc, lifetime, enc_alg, enc_key, int_alg, int_key,
- mode, ipcomp, cpi, initiator, encap, esn,
- inbound, update);
+ return ipsec->sas->add_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto,
+ data->reqid, id->mark, data->tfc, data->lifetime,
+ data->enc_alg, data->enc_key, data->int_alg, data->int_key,
+ data->mode, data->ipcomp, data->cpi, data->initiator,
+ data->encap, data->esn, data->inbound, data->update);
}
METHOD(kernel_ipsec_t, update_sa, status_t,
- private_kernel_libipsec_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
- u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap, mark_t mark)
+ private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data)
{
return NOT_SUPPORTED;
}
METHOD(kernel_ipsec_t, query_sa, status_t,
- private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes,
- u_int64_t *packets, time_t *time)
+ private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
+ time_t *time)
{
- return ipsec->sas->query_sa(ipsec->sas, src, dst, spi, protocol, mark,
- bytes, packets, time);
+ return ipsec->sas->query_sa(ipsec->sas, id->src, id->dst, id->spi,
+ id->proto, id->mark, bytes, packets, time);
}
METHOD(kernel_ipsec_t, del_sa, status_t,
- private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
+ private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data)
{
- return ipsec->sas->del_sa(ipsec->sas, src, dst, spi, protocol, cpi, mark);
+ return ipsec->sas->del_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto,
+ data->cpi, id->mark);
}
METHOD(kernel_ipsec_t, flush_sas, status_t,
@@ -312,7 +308,7 @@ static void add_exclude_route(private_kernel_libipsec_ipsec_t *this,
if (!route->exclude)
{
DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src);
- gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL);
+ gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL, NULL);
if (gtw)
{
char *if_name = NULL;
@@ -438,7 +434,8 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
);
#ifndef __linux__
/* on Linux we cant't install a gateway */
- route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src);
+ route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src,
+ NULL);
#endif
if (policy->route)
@@ -509,22 +506,22 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
}
METHOD(kernel_ipsec_t, add_policy, status_t,
- private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority)
+ private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
policy_entry_t *policy, *found = NULL;
status_t status;
- status = ipsec->policies->add_policy(ipsec->policies, src, dst, src_ts,
- dst_ts, direction, type, sa, mark, priority);
+ status = ipsec->policies->add_policy(ipsec->policies, data->src, data->dst,
+ id->src_ts, id->dst_ts, id->dir,
+ data->type, data->sa, id->mark,
+ data->prio);
if (status != SUCCESS)
{
return status;
}
/* we track policies in order to install routes */
- policy = create_policy_entry(src_ts, dst_ts, direction);
+ policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir);
this->mutex->lock(this->mutex);
if (this->policies->find_first(this->policies,
@@ -540,7 +537,8 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
}
policy->refs++;
- if (!install_route(this, src, dst, src_ts, dst_ts, policy))
+ if (!install_route(this, data->src, data->dst, id->src_ts, id->dst_ts,
+ policy))
{
return FAILED;
}
@@ -548,26 +546,25 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
}
METHOD(kernel_ipsec_t, query_policy, status_t,
- private_kernel_libipsec_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
- time_t *use_time)
+ private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data, time_t *use_time)
{
return NOT_SUPPORTED;
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
policy_entry_t *policy, *found = NULL;
status_t status;
- status = ipsec->policies->del_policy(ipsec->policies, src, dst, src_ts,
- dst_ts, direction, type, sa, mark, priority);
+ status = ipsec->policies->del_policy(ipsec->policies, data->src, data->dst,
+ id->src_ts, id->dst_ts, id->dir,
+ data->type, data->sa, id->mark,
+ data->prio);
- policy = create_policy_entry(src_ts, dst_ts, direction);
+ policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir);
this->mutex->lock(this->mutex);
if (this->policies->find_first(this->policies,
@@ -596,8 +593,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
route->src_ip, route->if_name) != SUCCESS)
{
DBG1(DBG_KNL, "error uninstalling route installed with "
- "policy %R === %R %N", src_ts, dst_ts,
- policy_dir_names, direction);
+ "policy %R === %R %N", id->src_ts, id->dst_ts,
+ policy_dir_names, id->dir);
}
remove_exclude_route(this, route);
}
@@ -641,7 +638,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool,
}
METHOD(kernel_ipsec_t, enable_udp_decap, bool,
- private_kernel_libipsec_ipsec_t *this, int fd, int family, u_int16_t port)
+ private_kernel_libipsec_ipsec_t *this, int fd, int family, uint16_t port)
{
return NOT_SUPPORTED;
}
diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.am b/src/libcharon/plugins/kernel_netlink/Makefile.am
index 973e2c2..41c7304 100644
--- a/src/libcharon/plugins/kernel_netlink/Makefile.am
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.am
@@ -20,6 +20,8 @@ libstrongswan_kernel_netlink_la_SOURCES = \
kernel_netlink_net.h kernel_netlink_net.c \
kernel_netlink_shared.h kernel_netlink_shared.c
+libstrongswan_kernel_netlink_la_LIBADD = $(DLLIB)
+
libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in
index 55dcabf..2435dea 100644
--- a/src/libcharon/plugins/kernel_netlink/Makefile.in
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ host_triplet = @host@
TESTS = tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libcharon/plugins/kernel_netlink
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -129,7 +138,8 @@ am__uninstall_files_from_dir = { \
}
am__installdirs = "$(DESTDIR)$(plugindir)"
LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-libstrongswan_kernel_netlink_la_LIBADD =
+am__DEPENDENCIES_1 =
+libstrongswan_kernel_netlink_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
am_libstrongswan_kernel_netlink_la_OBJECTS = kernel_netlink_plugin.lo \
kernel_netlink_ipsec.lo kernel_netlink_net.lo \
kernel_netlink_shared.lo
@@ -241,12 +251,14 @@ am__tty_colors = { \
std='�[m'; \
fi; \
}
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -296,6 +308,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -330,6 +343,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -441,6 +455,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -487,6 +502,7 @@ libstrongswan_kernel_netlink_la_SOURCES = \
kernel_netlink_net.h kernel_netlink_net.c \
kernel_netlink_shared.h kernel_netlink_shared.c
+libstrongswan_kernel_netlink_la_LIBADD = $(DLLIB)
libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version
tests_SOURCES = \
tests.h tests.c \
@@ -520,7 +536,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -1001,6 +1016,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 6d9d63a..9c2a7c3 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1,11 +1,11 @@
/*
- * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2006-2016 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2008-2016 Andreas Steffen
* Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -18,6 +18,7 @@
* for more details.
*/
+#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/socket.h>
#include <stdint.h>
@@ -26,11 +27,13 @@
#include <linux/rtnetlink.h>
#include <linux/xfrm.h>
#include <linux/udp.h>
+#include <net/if.h>
#include <unistd.h>
#include <time.h>
#include <errno.h>
#include <string.h>
#include <fcntl.h>
+#include <dlfcn.h>
#include "kernel_netlink_ipsec.h"
#include "kernel_netlink_shared.h"
@@ -38,6 +41,7 @@
#include <daemon.h>
#include <utils/debug.h>
#include <threading/mutex.h>
+#include <threading/condvar.h>
#include <collections/array.h>
#include <collections/hashtable.h>
#include <collections/linked_list.h>
@@ -72,7 +76,7 @@
#endif
/** Base priority for installed policies */
-#define PRIO_BASE 384
+#define PRIO_BASE 100000
/** Default lifetime of an acquire XFRM state (in seconds) */
#define DEFAULT_ACQUIRE_LIFETIME 165
@@ -287,6 +291,11 @@ struct private_kernel_netlink_ipsec_t {
mutex_t *mutex;
/**
+ * Condvar to synchronize access to individual policies
+ */
+ condvar_t *condvar;
+
+ /**
* Hash table of installed policies (policy_entry_t)
*/
hashtable_t *policies;
@@ -326,6 +335,12 @@ struct private_kernel_netlink_ipsec_t {
* Installed port based IKE bypass policies, as bypass_t
*/
array_t *bypass;
+
+ /**
+ * Custom priority calculation function
+ */
+ uint32_t (*get_priority)(kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data);
};
typedef struct route_entry_t route_entry_t;
@@ -347,7 +362,7 @@ struct route_entry_t {
chunk_t dst_net;
/** Destination net prefixlen */
- u_int8_t prefixlen;
+ uint8_t prefixlen;
};
/**
@@ -413,8 +428,9 @@ static bool ipsec_sa_equals(ipsec_sa_t *sa, ipsec_sa_t *other_sa)
{
return sa->src->ip_equals(sa->src, other_sa->src) &&
sa->dst->ip_equals(sa->dst, other_sa->dst) &&
- memeq(&sa->mark, &other_sa->mark, sizeof(mark_t)) &&
- memeq(&sa->cfg, &other_sa->cfg, sizeof(ipsec_sa_cfg_t));
+ sa->mark.value == other_sa->mark.value &&
+ sa->mark.mask == other_sa->mark.mask &&
+ ipsec_sa_cfg_equals(&sa->cfg, &other_sa->cfg);
}
/**
@@ -463,14 +479,17 @@ static void ipsec_sa_destroy(private_kernel_netlink_ipsec_t *this,
}
typedef struct policy_sa_t policy_sa_t;
-typedef struct policy_sa_fwd_t policy_sa_fwd_t;
+typedef struct policy_sa_out_t policy_sa_out_t;
/**
* Mapping between a policy and an IPsec SA.
*/
struct policy_sa_t {
/** Priority assigned to the policy when installed with this SA */
- u_int32_t priority;
+ uint32_t priority;
+
+ /** Automatic priority assigned to the policy when installed with this SA */
+ uint32_t auto_priority;
/** Type of the policy */
policy_type_t type;
@@ -480,10 +499,10 @@ struct policy_sa_t {
};
/**
- * For forward policies we also cache the traffic selectors in order to install
+ * For outbound policies we also cache the traffic selectors in order to install
* the route.
*/
-struct policy_sa_fwd_t {
+struct policy_sa_out_t {
/** Generic interface */
policy_sa_t generic;
@@ -495,7 +514,7 @@ struct policy_sa_fwd_t {
};
/**
- * Create a policy_sa(_fwd)_t object
+ * Create a policy_sa(_in)_t object
*/
static policy_sa_t *policy_sa_create(private_kernel_netlink_ipsec_t *this,
policy_dir_t dir, policy_type_t type, host_t *src, host_t *dst,
@@ -504,14 +523,14 @@ static policy_sa_t *policy_sa_create(private_kernel_netlink_ipsec_t *this,
{
policy_sa_t *policy;
- if (dir == POLICY_FWD)
+ if (dir == POLICY_OUT)
{
- policy_sa_fwd_t *fwd;
- INIT(fwd,
+ policy_sa_out_t *out;
+ INIT(out,
.src_ts = src_ts->clone(src_ts),
.dst_ts = dst_ts->clone(dst_ts),
);
- policy = &fwd->generic;
+ policy = &out->generic;
}
else
{
@@ -523,16 +542,16 @@ static policy_sa_t *policy_sa_create(private_kernel_netlink_ipsec_t *this,
}
/**
- * Destroy a policy_sa(_fwd)_t object
+ * Destroy a policy_sa(_in)_t object
*/
static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t *dir,
private_kernel_netlink_ipsec_t *this)
{
- if (*dir == POLICY_FWD)
+ if (*dir == POLICY_OUT)
{
- policy_sa_fwd_t *fwd = (policy_sa_fwd_t*)policy;
- fwd->src_ts->destroy(fwd->src_ts);
- fwd->dst_ts->destroy(fwd->dst_ts);
+ policy_sa_out_t *out = (policy_sa_out_t*)policy;
+ out->src_ts->destroy(out->src_ts);
+ out->dst_ts->destroy(out->dst_ts);
}
ipsec_sa_destroy(this, policy->sa);
free(policy);
@@ -546,13 +565,13 @@ typedef struct policy_entry_t policy_entry_t;
struct policy_entry_t {
/** Direction of this policy: in, out, forward */
- u_int8_t direction;
+ uint8_t direction;
/** Parameters of installed policy */
struct xfrm_selector sel;
/** Optional mark */
- u_int32_t mark;
+ uint32_t mark;
/** Associated route installed for this policy */
route_entry_t *route;
@@ -561,7 +580,13 @@ struct policy_entry_t {
linked_list_t *used_by;
/** reqid for this policy */
- u_int32_t reqid;
+ uint32_t reqid;
+
+ /** Number of threads waiting to work on this policy */
+ int waiting;
+
+ /** TRUE if a thread is working on this policy */
+ bool working;
};
/**
@@ -604,39 +629,73 @@ static bool policy_equals(policy_entry_t *key, policy_entry_t *other_key)
}
/**
+ * Determine number of set bits in 16 bit port mask
+ */
+static inline uint32_t port_mask_bits(uint16_t port_mask)
+{
+ uint32_t bits;
+ uint16_t bit_mask = 0x8000;
+
+ port_mask = ntohs(port_mask);
+
+ for (bits = 0; bits < 16; bits++)
+ {
+ if (!(port_mask & bit_mask))
+ {
+ break;
+ }
+ bit_mask >>= 1;
+ }
+ return bits;
+}
+
+/**
* Calculate the priority of a policy
+ *
+ * bits 0-0: restriction to network interface (0..1) 1 bit
+ * bits 1-6: src + dst port mask bits (2 * 0..16) 6 bits
+ * bits 7-7: restriction to protocol (0..1) 1 bit
+ * bits 8-16: src + dst network mask bits (2 * 0..128) 9 bits
+ * 17 bits
+ *
+ * smallest value: 000000000 0 000000 0: 0, lowest priority = 100'000
+ * largest value : 100000000 1 100000 1: 65'729, highst priority = 34'271
*/
-static inline u_int32_t get_priority(policy_entry_t *policy,
- policy_priority_t prio)
+static uint32_t get_priority(policy_entry_t *policy, policy_priority_t prio,
+ char *interface)
{
- u_int32_t priority = PRIO_BASE;
+ uint32_t priority = PRIO_BASE, sport_mask_bits, dport_mask_bits;
+
switch (prio)
{
case POLICY_PRIORITY_FALLBACK:
- priority <<= 1;
- /* fall-through */
+ priority += PRIO_BASE;
+ /* fall-through to next case */
case POLICY_PRIORITY_ROUTED:
- priority <<= 1;
- /* fall-through */
+ priority += PRIO_BASE;
+ /* fall-through to next case */
case POLICY_PRIORITY_DEFAULT:
- priority <<= 1;
- /* fall-through */
+ priority += PRIO_BASE;
+ /* fall-through to next case */
case POLICY_PRIORITY_PASS:
break;
}
- /* calculate priority based on selector size, small size = high prio */
- priority -= policy->sel.prefixlen_s;
- priority -= policy->sel.prefixlen_d;
- priority <<= 2; /* make some room for the two flags */
- priority += policy->sel.sport_mask || policy->sel.dport_mask ? 0 : 2;
- priority += policy->sel.proto ? 0 : 1;
+ sport_mask_bits = port_mask_bits(policy->sel.sport_mask);
+ dport_mask_bits = port_mask_bits(policy->sel.dport_mask);
+
+ /* calculate priority */
+ priority -= (policy->sel.prefixlen_s + policy->sel.prefixlen_d) * 256;
+ priority -= policy->sel.proto ? 128 : 0;
+ priority -= (sport_mask_bits + dport_mask_bits) * 2;
+ priority -= (interface != NULL);
+
return priority;
}
/**
* Convert the general ipsec mode to the one defined in xfrm.h
*/
-static u_int8_t mode2kernel(ipsec_mode_t mode)
+static uint8_t mode2kernel(ipsec_mode_t mode)
{
switch (mode)
{
@@ -663,7 +722,7 @@ static void host2xfrm(host_t *host, xfrm_address_t *xfrm)
/**
* Convert a struct xfrm_address to a host_t
*/
-static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port)
+static host_t* xfrm2host(int family, xfrm_address_t *xfrm, uint16_t port)
{
chunk_t chunk;
@@ -685,7 +744,7 @@ static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port)
* Convert a traffic selector address range to subnet and its mask.
*/
static void ts2subnet(traffic_selector_t* ts,
- xfrm_address_t *net, u_int8_t *mask)
+ xfrm_address_t *net, uint8_t *mask)
{
host_t *net_host;
chunk_t net_chunk;
@@ -700,7 +759,7 @@ static void ts2subnet(traffic_selector_t* ts,
* Convert a traffic selector port range to port/portmask
*/
static void ts2ports(traffic_selector_t* ts,
- u_int16_t *port, u_int16_t *mask)
+ uint16_t *port, uint16_t *mask)
{
uint16_t from, to, bitmask;
int bit;
@@ -739,10 +798,11 @@ static void ts2ports(traffic_selector_t* ts,
* Convert a pair of traffic_selectors to an xfrm_selector
*/
static struct xfrm_selector ts2selector(traffic_selector_t *src,
- traffic_selector_t *dst)
+ traffic_selector_t *dst,
+ char *interface)
{
struct xfrm_selector sel;
- u_int16_t port;
+ uint16_t port;
memset(&sel, 0, sizeof(sel));
sel.family = (src->get_type(src) == TS_IPV4_ADDR_RANGE) ? AF_INET : AF_INET6;
@@ -763,7 +823,7 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
sel.dport = htons(traffic_selector_icmp_code(port));
sel.dport_mask = sel.dport ? ~0 : 0;
}
- sel.ifindex = 0;
+ sel.ifindex = interface ? if_nametoindex(interface) : 0;
sel.user = 0;
return sel;
@@ -775,8 +835,8 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
{
u_char *addr;
- u_int8_t prefixlen;
- u_int16_t port = 0;
+ uint8_t prefixlen;
+ uint16_t port = 0;
host_t *host = NULL;
if (src)
@@ -833,7 +893,7 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this,
struct rtattr *rta;
size_t rtasize;
traffic_selector_t *src_ts, *dst_ts;
- u_int32_t reqid = 0;
+ uint32_t reqid = 0;
int proto = 0;
acquire = NLMSG_DATA(hdr);
@@ -878,8 +938,8 @@ static void process_expire(private_kernel_netlink_ipsec_t *this,
struct nlmsghdr *hdr)
{
struct xfrm_user_expire *expire;
- u_int32_t spi;
- u_int8_t protocol;
+ uint32_t spi;
+ uint8_t protocol;
host_t *dst;
expire = NLMSG_DATA(hdr);
@@ -913,7 +973,7 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this,
host_t *local = NULL, *remote = NULL;
host_t *old_src = NULL, *old_dst = NULL;
host_t *new_src = NULL, *new_dst = NULL;
- u_int32_t reqid = 0;
+ uint32_t reqid = 0;
policy_dir_t dir;
policy_id = NLMSG_DATA(hdr);
@@ -981,7 +1041,7 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this,
struct nlmsghdr *hdr)
{
struct xfrm_user_mapping *mapping;
- u_int32_t spi;
+ uint32_t spi;
mapping = NLMSG_DATA(hdr);
spi = mapping->id.spi;
@@ -1033,7 +1093,8 @@ static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd,
/* no data ready, select again */
return TRUE;
default:
- DBG1(DBG_KNL, "unable to receive from xfrm event socket");
+ DBG1(DBG_KNL, "unable to receive from XFRM event socket: %s "
+ "(%d)", strerror(errno), errno);
sleep(1);
return TRUE;
}
@@ -1061,8 +1122,8 @@ static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd,
process_mapping(this, hdr);
break;
default:
- DBG1(DBG_KNL, "received unknown event from xfrm event "
- "socket: %d", hdr->nlmsg_type);
+ DBG1(DBG_KNL, "received unknown event from XFRM event "
+ "socket: %d", hdr->nlmsg_type);
break;
}
hdr = NLMSG_NEXT(hdr, len);
@@ -1080,13 +1141,13 @@ METHOD(kernel_ipsec_t, get_features, kernel_feature_t,
* Get an SPI for a specific protocol from the kernel.
*/
static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this,
- host_t *src, host_t *dst, u_int8_t proto, u_int32_t min, u_int32_t max,
- u_int32_t *spi)
+ host_t *src, host_t *dst, uint8_t proto, uint32_t min, uint32_t max,
+ uint32_t *spi)
{
netlink_buf_t request;
struct nlmsghdr *hdr, *out;
struct xfrm_userspi_info *userspi;
- u_int32_t received_spi = 0;
+ uint32_t received_spi = 0;
size_t len;
memset(&request, 0, sizeof(request));
@@ -1147,7 +1208,7 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this,
METHOD(kernel_ipsec_t, get_spi, status_t,
private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi)
+ uint8_t protocol, uint32_t *spi)
{
if (get_spi_internal(this, src, dst, protocol,
0xc0000000, 0xcFFFFFFF, spi) != SUCCESS)
@@ -1162,9 +1223,9 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
METHOD(kernel_ipsec_t, get_cpi, status_t,
private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi)
+ uint16_t *cpi)
{
- u_int32_t received_spi = 0;
+ uint32_t received_spi = 0;
if (get_spi_internal(this, src, dst, IPPROTO_COMP,
0x100, 0xEFFF, &received_spi) != SUCCESS)
@@ -1173,13 +1234,24 @@ METHOD(kernel_ipsec_t, get_cpi, status_t,
return FAILED;
}
- *cpi = htons((u_int16_t)ntohl(received_spi));
+ *cpi = htons((uint16_t)ntohl(received_spi));
DBG2(DBG_KNL, "got CPI %.4x", ntohs(*cpi));
return SUCCESS;
}
/**
+ * Format the mark for debug messages
+ */
+static void format_mark(char *buf, int buflen, mark_t mark)
+{
+ if (mark.value)
+ {
+ snprintf(buf, buflen, " (mark %u/0x%08x)", mark.value, mark.mask);
+ }
+}
+
+/**
* Add a XFRM mark to message if required
*/
static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark)
@@ -1200,53 +1272,67 @@ static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark)
}
METHOD(kernel_ipsec_t, add_sa, status_t,
- private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
- u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound, bool update,
- linked_list_t* src_ts, linked_list_t* dst_ts)
+ private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data)
{
netlink_buf_t request;
- char *alg_name;
+ char *alg_name, markstr[32] = "";
struct nlmsghdr *hdr;
struct xfrm_usersa_info *sa;
- u_int16_t icv_size = 64;
- ipsec_mode_t original_mode = mode;
+ uint16_t icv_size = 64, ipcomp = data->ipcomp;
+ ipsec_mode_t mode = data->mode, original_mode = data->mode;
traffic_selector_t *first_src_ts, *first_dst_ts;
status_t status = FAILED;
/* if IPComp is used, we install an additional IPComp SA. if the cpi is 0
* we are in the recursive call below */
- if (ipcomp != IPCOMP_NONE && cpi != 0)
+ if (ipcomp != IPCOMP_NONE && data->cpi != 0)
{
lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}};
- add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark,
- tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED,
- chunk_empty, mode, ipcomp, 0, 0, initiator, FALSE, FALSE,
- inbound, update, src_ts, dst_ts);
+ kernel_ipsec_sa_id_t ipcomp_id = {
+ .src = id->src,
+ .dst = id->dst,
+ .spi = htonl(ntohs(data->cpi)),
+ .proto = IPPROTO_COMP,
+ .mark = id->mark,
+ };
+ kernel_ipsec_add_sa_t ipcomp_sa = {
+ .reqid = data->reqid,
+ .mode = data->mode,
+ .src_ts = data->src_ts,
+ .dst_ts = data->dst_ts,
+ .lifetime = &lft,
+ .enc_alg = ENCR_UNDEFINED,
+ .int_alg = AUTH_UNDEFINED,
+ .tfc = data->tfc,
+ .ipcomp = data->ipcomp,
+ .initiator = data->initiator,
+ .inbound = data->inbound,
+ .update = data->update,
+ };
+ add_sa(this, &ipcomp_id, &ipcomp_sa);
ipcomp = IPCOMP_NONE;
/* use transport mode ESP SA, IPComp uses tunnel mode */
mode = MODE_TRANSPORT;
}
memset(&request, 0, sizeof(request));
+ format_mark(markstr, sizeof(markstr), id->mark);
- DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u} (mark "
- "%u/0x%08x)", ntohl(spi), reqid, mark.value, mark.mask);
+ DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}%s",
+ ntohl(id->spi), data->reqid, markstr);
hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
- hdr->nlmsg_type = update ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA;
+ hdr->nlmsg_type = data->update ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info));
sa = NLMSG_DATA(hdr);
- host2xfrm(src, &sa->saddr);
- host2xfrm(dst, &sa->id.daddr);
- sa->id.spi = spi;
- sa->id.proto = protocol;
- sa->family = src->get_family(src);
+ host2xfrm(id->src, &sa->saddr);
+ host2xfrm(id->dst, &sa->id.daddr);
+ sa->id.spi = id->spi;
+ sa->id.proto = id->proto;
+ sa->family = id->src->get_family(id->src);
sa->mode = mode2kernel(mode);
switch (mode)
{
@@ -1260,10 +1346,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
* selector can be installed other traffic would get dropped */
break;
}
- if (src_ts->get_first(src_ts, (void**)&first_src_ts) == SUCCESS &&
- dst_ts->get_first(dst_ts, (void**)&first_dst_ts) == SUCCESS)
+ if (data->src_ts->get_first(data->src_ts,
+ (void**)&first_src_ts) == SUCCESS &&
+ data->dst_ts->get_first(data->dst_ts,
+ (void**)&first_dst_ts) == SUCCESS)
{
- sa->sel = ts2selector(first_src_ts, first_dst_ts);
+ sa->sel = ts2selector(first_src_ts, first_dst_ts,
+ data->interface);
if (!this->proto_port_transport)
{
/* don't install proto/port on SA. This would break
@@ -1279,18 +1368,18 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
break;
}
- sa->reqid = reqid;
- sa->lft.soft_byte_limit = XFRM_LIMIT(lifetime->bytes.rekey);
- sa->lft.hard_byte_limit = XFRM_LIMIT(lifetime->bytes.life);
- sa->lft.soft_packet_limit = XFRM_LIMIT(lifetime->packets.rekey);
- sa->lft.hard_packet_limit = XFRM_LIMIT(lifetime->packets.life);
+ sa->reqid = data->reqid;
+ sa->lft.soft_byte_limit = XFRM_LIMIT(data->lifetime->bytes.rekey);
+ sa->lft.hard_byte_limit = XFRM_LIMIT(data->lifetime->bytes.life);
+ sa->lft.soft_packet_limit = XFRM_LIMIT(data->lifetime->packets.rekey);
+ sa->lft.hard_packet_limit = XFRM_LIMIT(data->lifetime->packets.life);
/* we use lifetimes since added, not since used */
- sa->lft.soft_add_expires_seconds = lifetime->time.rekey;
- sa->lft.hard_add_expires_seconds = lifetime->time.life;
+ sa->lft.soft_add_expires_seconds = data->lifetime->time.rekey;
+ sa->lft.hard_add_expires_seconds = data->lifetime->time.life;
sa->lft.soft_use_expires_seconds = 0;
sa->lft.hard_use_expires_seconds = 0;
- switch (enc_alg)
+ switch (data->enc_alg)
{
case ENCR_UNDEFINED:
/* no encryption */
@@ -1313,71 +1402,73 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
{
struct xfrm_algo_aead *algo;
- alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
+ alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, data->enc_alg);
if (alg_name == NULL)
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
- encryption_algorithm_names, enc_alg);
+ encryption_algorithm_names, data->enc_alg);
goto failed;
}
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
- encryption_algorithm_names, enc_alg, enc_key.len * 8);
+ encryption_algorithm_names, data->enc_alg,
+ data->enc_key.len * 8);
algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_AEAD,
- sizeof(*algo) + enc_key.len);
+ sizeof(*algo) + data->enc_key.len);
if (!algo)
{
goto failed;
}
- algo->alg_key_len = enc_key.len * 8;
+ algo->alg_key_len = data->enc_key.len * 8;
algo->alg_icv_len = icv_size;
strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name));
algo->alg_name[sizeof(algo->alg_name) - 1] = '\0';
- memcpy(algo->alg_key, enc_key.ptr, enc_key.len);
+ memcpy(algo->alg_key, data->enc_key.ptr, data->enc_key.len);
break;
}
default:
{
struct xfrm_algo *algo;
- alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
+ alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, data->enc_alg);
if (alg_name == NULL)
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
- encryption_algorithm_names, enc_alg);
+ encryption_algorithm_names, data->enc_alg);
goto failed;
}
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
- encryption_algorithm_names, enc_alg, enc_key.len * 8);
+ encryption_algorithm_names, data->enc_alg,
+ data->enc_key.len * 8);
algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_CRYPT,
- sizeof(*algo) + enc_key.len);
+ sizeof(*algo) + data->enc_key.len);
if (!algo)
{
goto failed;
}
- algo->alg_key_len = enc_key.len * 8;
+ algo->alg_key_len = data->enc_key.len * 8;
strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name));
algo->alg_name[sizeof(algo->alg_name) - 1] = '\0';
- memcpy(algo->alg_key, enc_key.ptr, enc_key.len);
+ memcpy(algo->alg_key, data->enc_key.ptr, data->enc_key.len);
}
}
- if (int_alg != AUTH_UNDEFINED)
+ if (data->int_alg != AUTH_UNDEFINED)
{
u_int trunc_len = 0;
- alg_name = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
+ alg_name = lookup_algorithm(INTEGRITY_ALGORITHM, data->int_alg);
if (alg_name == NULL)
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
- integrity_algorithm_names, int_alg);
+ integrity_algorithm_names, data->int_alg);
goto failed;
}
DBG2(DBG_KNL, " using integrity algorithm %N with key size %d",
- integrity_algorithm_names, int_alg, int_key.len * 8);
+ integrity_algorithm_names, data->int_alg, data->int_key.len * 8);
- switch (int_alg)
+ switch (data->int_alg)
{
case AUTH_HMAC_MD5_128:
case AUTH_HMAC_SHA2_256_128:
@@ -1398,31 +1489,31 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
* use specified truncation size supported by newer kernels.
* also use this for untruncated MD5 and SHA1. */
algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_AUTH_TRUNC,
- sizeof(*algo) + int_key.len);
+ sizeof(*algo) + data->int_key.len);
if (!algo)
{
goto failed;
}
- algo->alg_key_len = int_key.len * 8;
+ algo->alg_key_len = data->int_key.len * 8;
algo->alg_trunc_len = trunc_len;
strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name));
algo->alg_name[sizeof(algo->alg_name) - 1] = '\0';
- memcpy(algo->alg_key, int_key.ptr, int_key.len);
+ memcpy(algo->alg_key, data->int_key.ptr, data->int_key.len);
}
else
{
struct xfrm_algo* algo;
algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_AUTH,
- sizeof(*algo) + int_key.len);
+ sizeof(*algo) + data->int_key.len);
if (!algo)
{
goto failed;
}
- algo->alg_key_len = int_key.len * 8;
+ algo->alg_key_len = data->int_key.len * 8;
strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name));
algo->alg_name[sizeof(algo->alg_name) - 1] = '\0';
- memcpy(algo->alg_key, int_key.ptr, int_key.len);
+ memcpy(algo->alg_key, data->int_key.ptr, data->int_key.len);
}
}
@@ -1451,7 +1542,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
algo->alg_name[sizeof(algo->alg_name) - 1] = '\0';
}
- if (encap)
+ if (data->encap)
{
struct xfrm_encap_tmpl *tmpl;
@@ -1461,8 +1552,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
goto failed;
}
tmpl->encap_type = UDP_ENCAP_ESPINUDP;
- tmpl->encap_sport = htons(src->get_port(src));
- tmpl->encap_dport = htons(dst->get_port(dst));
+ tmpl->encap_sport = htons(id->src->get_port(id->src));
+ tmpl->encap_dport = htons(id->dst->get_port(id->dst));
memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t));
/* encap_oa could probably be derived from the
* traffic selectors [rfc4306, p39]. In the netlink kernel
@@ -1476,14 +1567,14 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
* checks it marks them "checksum ok" so OA isn't needed. */
}
- if (!add_mark(hdr, sizeof(request), mark))
+ if (!add_mark(hdr, sizeof(request), id->mark))
{
goto failed;
}
- if (tfc && protocol == IPPROTO_ESP && mode == MODE_TUNNEL)
+ if (data->tfc && id->proto == IPPROTO_ESP && mode == MODE_TUNNEL)
{ /* the kernel supports TFC padding only for tunnel mode ESP SAs */
- u_int32_t *tfcpad;
+ uint32_t *tfcpad;
tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD,
sizeof(*tfcpad));
@@ -1491,19 +1582,25 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
{
goto failed;
}
- *tfcpad = tfc;
+ *tfcpad = data->tfc;
}
- if (protocol != IPPROTO_COMP)
+ if (id->proto != IPPROTO_COMP)
{
- if (replay_window != 0 && (esn || replay_window > 32))
+ /* generally, we don't need a replay window for outbound SAs, however,
+ * when using ESN the kernel rejects the attribute if it is 0 */
+ if (!data->inbound && data->replay_window)
+ {
+ data->replay_window = data->esn ? 1 : 0;
+ }
+ if (data->replay_window != 0 && (data->esn || data->replay_window > 32))
{
/* for ESN or larger replay windows we need the new
* XFRMA_REPLAY_ESN_VAL attribute to configure a bitmap */
struct xfrm_replay_state_esn *replay;
- u_int32_t bmp_size;
+ uint32_t bmp_size;
- bmp_size = round_up(replay_window, sizeof(u_int32_t) * 8) / 8;
+ bmp_size = round_up(data->replay_window, sizeof(uint32_t) * 8) / 8;
replay = netlink_reserve(hdr, sizeof(request), XFRMA_REPLAY_ESN_VAL,
sizeof(*replay) + bmp_size);
if (!replay)
@@ -1511,11 +1608,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
goto failed;
}
/* bmp_len contains number uf __u32's */
- replay->bmp_len = bmp_size / sizeof(u_int32_t);
- replay->replay_window = replay_window;
- DBG2(DBG_KNL, " using replay window of %u packets", replay_window);
+ replay->bmp_len = bmp_size / sizeof(uint32_t);
+ replay->replay_window = data->replay_window;
+ DBG2(DBG_KNL, " using replay window of %u packets",
+ data->replay_window);
- if (esn)
+ if (data->esn)
{
DBG2(DBG_KNL, " using extended sequence numbers (ESN)");
sa->flags |= XFRM_STATE_ESN;
@@ -1523,22 +1621,16 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
}
else
{
- DBG2(DBG_KNL, " using replay window of %u packets", replay_window);
- sa->replay_window = replay_window;
+ DBG2(DBG_KNL, " using replay window of %u packets",
+ data->replay_window);
+ sa->replay_window = data->replay_window;
}
}
if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
{
- if (mark.value)
- {
- DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x "
- "(mark %u/0x%08x)", ntohl(spi), mark.value, mark.mask);
- }
- else
- {
- DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi));
- }
+ DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x%s", ntohl(id->spi),
+ markstr);
goto failed;
}
@@ -1555,10 +1647,9 @@ failed:
* Allocates into one the replay state structure we get from the kernel.
*/
static void get_replay_state(private_kernel_netlink_ipsec_t *this,
- u_int32_t spi, u_int8_t protocol,
- host_t *dst, mark_t mark,
+ kernel_ipsec_sa_id_t *sa,
struct xfrm_replay_state_esn **replay_esn,
- u_int32_t *replay_esn_len,
+ uint32_t *replay_esn_len,
struct xfrm_replay_state **replay,
struct xfrm_lifetime_cur **lifetime)
{
@@ -1572,7 +1663,7 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this,
memset(&request, 0, sizeof(request));
DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x",
- ntohl(spi));
+ ntohl(sa->spi));
hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
@@ -1582,12 +1673,12 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this,
aevent_id = NLMSG_DATA(hdr);
aevent_id->flags = XFRM_AE_RVAL;
- host2xfrm(dst, &aevent_id->sa_id.daddr);
- aevent_id->sa_id.spi = spi;
- aevent_id->sa_id.proto = protocol;
- aevent_id->sa_id.family = dst->get_family(dst);
+ host2xfrm(sa->dst, &aevent_id->sa_id.daddr);
+ aevent_id->sa_id.spi = sa->spi;
+ aevent_id->sa_id.proto = sa->proto;
+ aevent_id->sa_id.family = sa->dst->get_family(sa->dst);
- if (!add_mark(hdr, sizeof(request), mark))
+ if (!add_mark(hdr, sizeof(request), sa->mark))
{
return;
}
@@ -1608,8 +1699,7 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this,
{
struct nlmsgerr *err = NLMSG_DATA(hdr);
DBG1(DBG_KNL, "querying replay state from SAD entry "
- "failed: %s (%d)", strerror(-err->error),
- -err->error);
+ "failed: %s (%d)", strerror(-err->error), -err->error);
break;
}
default:
@@ -1657,9 +1747,9 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this,
}
METHOD(kernel_ipsec_t, query_sa, status_t,
- private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time)
+ private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
+ time_t *time)
{
netlink_buf_t request;
struct nlmsghdr *out = NULL, *hdr;
@@ -1667,11 +1757,13 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
struct xfrm_usersa_info *sa = NULL;
status_t status = FAILED;
size_t len;
+ char markstr[32] = "";
memset(&request, 0, sizeof(request));
+ format_mark(markstr, sizeof(markstr), id->mark);
- DBG2(DBG_KNL, "querying SAD entry with SPI %.8x (mark %u/0x%08x)",
- ntohl(spi), mark.value, mark.mask);
+ DBG2(DBG_KNL, "querying SAD entry with SPI %.8x%s", ntohl(id->spi),
+ markstr);
hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
@@ -1679,12 +1771,12 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id));
sa_id = NLMSG_DATA(hdr);
- host2xfrm(dst, &sa_id->daddr);
- sa_id->spi = spi;
- sa_id->proto = protocol;
- sa_id->family = dst->get_family(dst);
+ host2xfrm(id->dst, &sa_id->daddr);
+ sa_id->spi = id->spi;
+ sa_id->proto = id->proto;
+ sa_id->family = id->dst->get_family(id->dst);
- if (!add_mark(hdr, sizeof(request), mark))
+ if (!add_mark(hdr, sizeof(request), id->mark))
{
return FAILED;
}
@@ -1705,19 +1797,9 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
{
struct nlmsgerr *err = NLMSG_DATA(hdr);
- if (mark.value)
- {
- DBG1(DBG_KNL, "querying SAD entry with SPI %.8x "
- "(mark %u/0x%08x) failed: %s (%d)",
- ntohl(spi), mark.value, mark.mask,
- strerror(-err->error), -err->error);
- }
- else
- {
- DBG1(DBG_KNL, "querying SAD entry with SPI %.8x "
- "failed: %s (%d)", ntohl(spi),
- strerror(-err->error), -err->error);
- }
+ DBG1(DBG_KNL, "querying SAD entry with SPI %.8x%s failed: "
+ "%s (%d)", ntohl(id->spi), markstr,
+ strerror(-err->error), -err->error);
break;
}
default:
@@ -1732,7 +1814,8 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
if (sa == NULL)
{
- DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi));
+ DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x%s",
+ ntohl(id->spi), markstr);
}
else
{
@@ -1758,23 +1841,33 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
}
METHOD(kernel_ipsec_t, del_sa, status_t,
- private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
+ private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data)
{
netlink_buf_t request;
struct nlmsghdr *hdr;
struct xfrm_usersa_id *sa_id;
+ char markstr[32] = "";
/* if IPComp was used, we first delete the additional IPComp SA */
- if (cpi)
- {
- del_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, 0, mark);
+ if (data->cpi)
+ {
+ kernel_ipsec_sa_id_t ipcomp_id = {
+ .src = id->src,
+ .dst = id->dst,
+ .spi = htonl(ntohs(data->cpi)),
+ .proto = IPPROTO_COMP,
+ .mark = id->mark,
+ };
+ kernel_ipsec_del_sa_t ipcomp = {};
+ del_sa(this, &ipcomp_id, &ipcomp);
}
memset(&request, 0, sizeof(request));
+ format_mark(markstr, sizeof(markstr), id->mark);
- DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x (mark %u/0x%08x)",
- ntohl(spi), mark.value, mark.mask);
+ DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x%s", ntohl(id->spi),
+ markstr);
hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
@@ -1782,12 +1875,12 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id));
sa_id = NLMSG_DATA(hdr);
- host2xfrm(dst, &sa_id->daddr);
- sa_id->spi = spi;
- sa_id->proto = protocol;
- sa_id->family = dst->get_family(dst);
+ host2xfrm(id->dst, &sa_id->daddr);
+ sa_id->spi = id->spi;
+ sa_id->proto = id->proto;
+ sa_id->family = id->dst->get_family(id->dst);
- if (!add_mark(hdr, sizeof(request), mark))
+ if (!add_mark(hdr, sizeof(request), id->mark))
{
return FAILED;
}
@@ -1795,30 +1888,21 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
switch (this->socket_xfrm->send_ack(this->socket_xfrm, hdr))
{
case SUCCESS:
- DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x (mark %u/0x%08x)",
- ntohl(spi), mark.value, mark.mask);
+ DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x%s",
+ ntohl(id->spi), markstr);
return SUCCESS;
case NOT_FOUND:
return NOT_FOUND;
default:
- if (mark.value)
- {
- DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x "
- "(mark %u/0x%08x)", ntohl(spi), mark.value, mark.mask);
- }
- else
- {
- DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x",
- ntohl(spi));
- }
+ DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x%s",
+ ntohl(id->spi), markstr);
return FAILED;
}
}
METHOD(kernel_ipsec_t, update_sa, status_t,
- private_kernel_netlink_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
- u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
- bool old_encap, bool new_encap, mark_t mark)
+ private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data)
{
netlink_buf_t request;
struct nlmsghdr *hdr, *out = NULL;
@@ -1831,19 +1915,33 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
struct xfrm_replay_state *replay = NULL;
struct xfrm_replay_state_esn *replay_esn = NULL;
struct xfrm_lifetime_cur *lifetime = NULL;
- u_int32_t replay_esn_len = 0;
+ uint32_t replay_esn_len = 0;
+ kernel_ipsec_del_sa_t del = { 0 };
status_t status = FAILED;
+ char markstr[32] = "";
/* if IPComp is used, we first update the IPComp SA */
- if (cpi)
- {
- update_sa(this, htonl(ntohs(cpi)), IPPROTO_COMP, 0,
- src, dst, new_src, new_dst, FALSE, FALSE, mark);
+ if (data->cpi)
+ {
+ kernel_ipsec_sa_id_t ipcomp_id = {
+ .src = id->src,
+ .dst = id->dst,
+ .spi = htonl(ntohs(data->cpi)),
+ .proto = IPPROTO_COMP,
+ .mark = id->mark,
+ };
+ kernel_ipsec_update_sa_t ipcomp = {
+ .new_src = data->new_src,
+ .new_dst = data->new_dst,
+ };
+ update_sa(this, &ipcomp_id, &ipcomp);
}
memset(&request, 0, sizeof(request));
+ format_mark(markstr, sizeof(markstr), id->mark);
- DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", ntohl(spi));
+ DBG2(DBG_KNL, "querying SAD entry with SPI %.8x%s for update",
+ ntohl(id->spi), markstr);
/* query the existing SA first */
hdr = &request.hdr;
@@ -1852,12 +1950,12 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id));
sa_id = NLMSG_DATA(hdr);
- host2xfrm(dst, &sa_id->daddr);
- sa_id->spi = spi;
- sa_id->proto = protocol;
- sa_id->family = dst->get_family(dst);
+ host2xfrm(id->dst, &sa_id->daddr);
+ sa_id->spi = id->spi;
+ sa_id->proto = id->proto;
+ sa_id->family = id->dst->get_family(id->dst);
- if (!add_mark(hdr, sizeof(request), mark))
+ if (!add_mark(hdr, sizeof(request), id->mark))
{
return FAILED;
}
@@ -1892,23 +1990,25 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
}
if (out_sa == NULL)
{
- DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi));
+ DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x%s",
+ ntohl(id->spi), markstr);
goto failed;
}
- get_replay_state(this, spi, protocol, dst, mark, &replay_esn,
- &replay_esn_len, &replay, &lifetime);
+ get_replay_state(this, id, &replay_esn, &replay_esn_len, &replay,
+ &lifetime);
/* delete the old SA (without affecting the IPComp SA) */
- if (del_sa(this, src, dst, spi, protocol, 0, mark) != SUCCESS)
+ if (del_sa(this, id, &del) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to delete old SAD entry with SPI %.8x",
- ntohl(spi));
+ DBG1(DBG_KNL, "unable to delete old SAD entry with SPI %.8x%s",
+ ntohl(id->spi), markstr);
goto failed;
}
- DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H",
- ntohl(spi), src, dst, new_src, new_dst);
+ DBG2(DBG_KNL, "updating SAD entry with SPI %.8x%s from %#H..%#H to "
+ "%#H..%#H", ntohl(id->spi), markstr, id->src, id->dst, data->new_src,
+ data->new_dst);
/* copy over the SA from out to request */
hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
@@ -1916,15 +2016,15 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info));
sa = NLMSG_DATA(hdr);
memcpy(sa, NLMSG_DATA(out), sizeof(struct xfrm_usersa_info));
- sa->family = new_dst->get_family(new_dst);
+ sa->family = data->new_dst->get_family(data->new_dst);
- if (!src->ip_equals(src, new_src))
+ if (!id->src->ip_equals(id->src, data->new_src))
{
- host2xfrm(new_src, &sa->saddr);
+ host2xfrm(data->new_src, &sa->saddr);
}
- if (!dst->ip_equals(dst, new_dst))
+ if (!id->dst->ip_equals(id->dst, data->new_dst))
{
- host2xfrm(new_dst, &sa->id.daddr);
+ host2xfrm(data->new_dst, &sa->id.daddr);
}
rta = XFRM_RTA(out, struct xfrm_usersa_info);
@@ -1932,13 +2032,13 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
while (RTA_OK(rta, rtasize))
{
/* copy all attributes, but not XFRMA_ENCAP if we are disabling it */
- if (rta->rta_type != XFRMA_ENCAP || new_encap)
+ if (rta->rta_type != XFRMA_ENCAP || data->new_encap)
{
if (rta->rta_type == XFRMA_ENCAP)
{ /* update encap tmpl */
tmpl = RTA_DATA(rta);
- tmpl->encap_sport = ntohs(new_src->get_port(new_src));
- tmpl->encap_dport = ntohs(new_dst->get_port(new_dst));
+ tmpl->encap_sport = ntohs(data->new_src->get_port(data->new_src));
+ tmpl->encap_dport = ntohs(data->new_dst->get_port(data->new_dst));
}
netlink_add_attribute(hdr, rta->rta_type,
chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)),
@@ -1947,7 +2047,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
rta = RTA_NEXT(rta, rtasize);
}
- if (tmpl == NULL && new_encap)
+ if (tmpl == NULL && data->new_encap)
{ /* add tmpl if we are enabling it */
tmpl = netlink_reserve(hdr, sizeof(request), XFRMA_ENCAP, sizeof(*tmpl));
if (!tmpl)
@@ -1955,8 +2055,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
goto failed;
}
tmpl->encap_type = UDP_ENCAP_ESPINUDP;
- tmpl->encap_sport = ntohs(new_src->get_port(new_src));
- tmpl->encap_dport = ntohs(new_dst->get_port(new_dst));
+ tmpl->encap_sport = ntohs(data->new_src->get_port(data->new_src));
+ tmpl->encap_dport = ntohs(data->new_dst->get_port(data->new_dst));
memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t));
}
@@ -1987,7 +2087,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
else
{
DBG1(DBG_KNL, "unable to copy replay state from old SAD entry with "
- "SPI %.8x", ntohl(spi));
+ "SPI %.8x%s", ntohl(id->spi), markstr);
}
if (lifetime)
{
@@ -2004,12 +2104,13 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
else
{
DBG1(DBG_KNL, "unable to copy usage stats from old SAD entry with "
- "SPI %.8x", ntohl(spi));
+ "SPI %.8x%s", ntohl(id->spi), markstr);
}
if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi));
+ DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x%s",
+ ntohl(id->spi), markstr);
goto failed;
}
@@ -2032,7 +2133,7 @@ METHOD(kernel_ipsec_t, flush_sas, status_t,
struct nlmsghdr *hdr;
struct xfrm_usersa_flush *flush;
struct {
- u_int8_t proto;
+ uint8_t proto;
char *name;
} protos[] = {
{ IPPROTO_AH, "AH" },
@@ -2066,6 +2167,118 @@ METHOD(kernel_ipsec_t, flush_sas, status_t,
}
/**
+ * Unlock the mutex and signal waiting threads
+ */
+static void policy_change_done(private_kernel_netlink_ipsec_t *this,
+ policy_entry_t *policy)
+{
+ policy->working = FALSE;
+ if (policy->waiting)
+ { /* don't need to wake threads waiting for other policies */
+ this->condvar->broadcast(this->condvar);
+ }
+ this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Install a route for the given policy if enabled and required
+ */
+static void install_route(private_kernel_netlink_ipsec_t *this,
+ policy_entry_t *policy, policy_sa_t *mapping, ipsec_sa_t *ipsec)
+{
+ policy_sa_out_t *out = (policy_sa_out_t*)mapping;
+ route_entry_t *route;
+ host_t *iface;
+
+ INIT(route,
+ .prefixlen = policy->sel.prefixlen_d,
+ );
+
+ if (charon->kernel->get_address_by_ts(charon->kernel, out->src_ts,
+ &route->src_ip, NULL) == SUCCESS)
+ {
+ if (!ipsec->dst->is_anyaddr(ipsec->dst))
+ {
+ route->gateway = charon->kernel->get_nexthop(charon->kernel,
+ ipsec->dst, -1, ipsec->src,
+ &route->if_name);
+ }
+ else
+ { /* for shunt policies */
+ iface = xfrm2host(policy->sel.family, &policy->sel.daddr, 0);
+ route->gateway = charon->kernel->get_nexthop(charon->kernel,
+ iface, policy->sel.prefixlen_d,
+ route->src_ip, &route->if_name);
+ iface->destroy(iface);
+ }
+ route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16);
+ memcpy(route->dst_net.ptr, &policy->sel.daddr, route->dst_net.len);
+
+ /* get the interface to install the route for, if we haven't one yet.
+ * If we have a local address, use it. Otherwise (for shunt policies)
+ * use the route's source address. */
+ if (!route->if_name)
+ {
+ iface = ipsec->src;
+ if (iface->is_anyaddr(iface))
+ {
+ iface = route->src_ip;
+ }
+ if (!charon->kernel->get_interface(charon->kernel, iface,
+ &route->if_name))
+ {
+ route_entry_destroy(route);
+ return;
+ }
+ }
+ if (policy->route)
+ {
+ route_entry_t *old = policy->route;
+ if (route_entry_equals(old, route))
+ {
+ route_entry_destroy(route);
+ return;
+ }
+ /* uninstall previously installed route */
+ if (charon->kernel->del_route(charon->kernel, old->dst_net,
+ old->prefixlen, old->gateway,
+ old->src_ip, old->if_name) != SUCCESS)
+ {
+ DBG1(DBG_KNL, "error uninstalling route installed with policy "
+ "%R === %R %N", out->src_ts, out->dst_ts, policy_dir_names,
+ policy->direction);
+ }
+ route_entry_destroy(old);
+ policy->route = NULL;
+ }
+
+ DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s", out->dst_ts,
+ route->gateway, route->src_ip, route->if_name);
+ switch (charon->kernel->add_route(charon->kernel, route->dst_net,
+ route->prefixlen, route->gateway,
+ route->src_ip, route->if_name))
+ {
+ default:
+ DBG1(DBG_KNL, "unable to install source route for %H",
+ route->src_ip);
+ /* FALL */
+ case ALREADY_DONE:
+ /* route exists, do not uninstall */
+ route_entry_destroy(route);
+ break;
+ case SUCCESS:
+ /* cache the installed route */
+ policy->route = route;
+ break;
+ }
+ }
+ else
+ {
+ free(route);
+ }
+}
+
+/**
* Add or update a policy in the kernel.
*
* Note: The mutex has to be locked when entering this function
@@ -2111,11 +2324,11 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
policy_info->lft.soft_use_expires_seconds = 0;
policy_info->lft.hard_use_expires_seconds = 0;
- if (mapping->type == POLICY_IPSEC)
+ if (mapping->type == POLICY_IPSEC && ipsec->cfg.reqid)
{
struct xfrm_user_tmpl *tmpl;
struct {
- u_int8_t proto;
+ uint8_t proto;
bool use;
} protos[] = {
{ IPPROTO_COMP, ipsec->cfg.ipcomp.transform != IPCOMP_NONE },
@@ -2136,7 +2349,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
count * sizeof(*tmpl));
if (!tmpl)
{
- this->mutex->unlock(this->mutex);
+ policy_change_done(this, policy);
return FAILED;
}
@@ -2169,7 +2382,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
if (!add_mark(hdr, sizeof(request), ipsec->mark))
{
- this->mutex->unlock(this->mutex);
+ policy_change_done(this, policy);
return FAILED;
}
this->mutex->unlock(this->mutex);
@@ -2181,169 +2394,84 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
hdr->nlmsg_type = XFRM_MSG_UPDPOLICY;
status = this->socket_xfrm->send_ack(this->socket_xfrm, hdr);
}
+
+ this->mutex->lock(this->mutex);
if (status != SUCCESS)
{
+ policy_change_done(this, policy);
return FAILED;
}
-
- /* find the policy again */
- this->mutex->lock(this->mutex);
- policy = this->policies->get(this->policies, &clone);
- if (!policy ||
- policy->used_by->find_first(policy->used_by,
- NULL, (void**)&mapping) != SUCCESS)
- { /* policy or mapping is already gone, ignore */
- this->mutex->unlock(this->mutex);
- return SUCCESS;
- }
-
/* install a route, if:
- * - this is a forward policy (to just get one for each child)
- * - we are in tunnel/BEET mode or install a bypass policy
+ * - this is an outbound policy (to just get one for each child)
* - routing is not disabled via strongswan.conf
+ * - the selector is not for a specific protocol/port
+ * - we are in tunnel/BEET mode or install a bypass policy
*/
- if (policy->direction == POLICY_FWD && this->install_routes &&
- (mapping->type != POLICY_IPSEC || ipsec->cfg.mode != MODE_TRANSPORT))
+ if (policy->direction == POLICY_OUT && this->install_routes &&
+ !policy->sel.proto && !policy->sel.dport && !policy->sel.sport)
{
- policy_sa_fwd_t *fwd = (policy_sa_fwd_t*)mapping;
- route_entry_t *route;
- host_t *iface;
-
- INIT(route,
- .prefixlen = policy->sel.prefixlen_s,
- );
-
- if (charon->kernel->get_address_by_ts(charon->kernel, fwd->dst_ts,
- &route->src_ip, NULL) == SUCCESS)
- {
- /* get the nexthop to src (src as we are in POLICY_FWD) */
- if (!ipsec->src->is_anyaddr(ipsec->src))
- {
- route->gateway = charon->kernel->get_nexthop(charon->kernel,
- ipsec->src, -1, ipsec->dst);
- }
- else
- { /* for shunt policies */
- iface = xfrm2host(policy->sel.family, &policy->sel.saddr, 0);
- route->gateway = charon->kernel->get_nexthop(charon->kernel,
- iface, policy->sel.prefixlen_s,
- route->src_ip);
- iface->destroy(iface);
- }
- route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16);
- memcpy(route->dst_net.ptr, &policy->sel.saddr, route->dst_net.len);
-
- /* get the interface to install the route for. If we have a local
- * address, use it. Otherwise (for shunt policies) use the
- * routes source address. */
- iface = ipsec->dst;
- if (iface->is_anyaddr(iface))
- {
- iface = route->src_ip;
- }
- /* install route via outgoing interface */
- if (!charon->kernel->get_interface(charon->kernel, iface,
- &route->if_name))
- {
- this->mutex->unlock(this->mutex);
- route_entry_destroy(route);
- return SUCCESS;
- }
-
- if (policy->route)
- {
- route_entry_t *old = policy->route;
- if (route_entry_equals(old, route))
- {
- this->mutex->unlock(this->mutex);
- route_entry_destroy(route);
- return SUCCESS;
- }
- /* uninstall previously installed route */
- if (charon->kernel->del_route(charon->kernel, old->dst_net,
- old->prefixlen, old->gateway,
- old->src_ip, old->if_name) != SUCCESS)
- {
- DBG1(DBG_KNL, "error uninstalling route installed with "
- "policy %R === %R %N", fwd->src_ts,
- fwd->dst_ts, policy_dir_names,
- policy->direction);
- }
- route_entry_destroy(old);
- policy->route = NULL;
- }
-
- DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s",
- fwd->src_ts, route->gateway, route->src_ip, route->if_name);
- switch (charon->kernel->add_route(charon->kernel, route->dst_net,
- route->prefixlen, route->gateway,
- route->src_ip, route->if_name))
- {
- default:
- DBG1(DBG_KNL, "unable to install source route for %H",
- route->src_ip);
- /* FALL */
- case ALREADY_DONE:
- /* route exists, do not uninstall */
- route_entry_destroy(route);
- break;
- case SUCCESS:
- /* cache the installed route */
- policy->route = route;
- break;
- }
- }
- else
+ if (mapping->type == POLICY_PASS ||
+ (mapping->type == POLICY_IPSEC && ipsec->cfg.mode != MODE_TRANSPORT))
{
- free(route);
+ install_route(this, policy, mapping, ipsec);
}
}
- this->mutex->unlock(this->mutex);
+ policy_change_done(this, policy);
return SUCCESS;
}
METHOD(kernel_ipsec_t, add_policy, status_t,
- private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_kernel_netlink_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
policy_entry_t *policy, *current;
policy_sa_t *assigned_sa, *current_sa;
enumerator_t *enumerator;
bool found = FALSE, update = TRUE;
+ char markstr[32] = "";
+ uint32_t cur_priority = 0;
+ int use_count;
/* create a policy */
INIT(policy,
- .sel = ts2selector(src_ts, dst_ts),
- .mark = mark.value & mark.mask,
- .direction = direction,
- .reqid = sa->reqid,
+ .sel = ts2selector(id->src_ts, id->dst_ts, id->interface),
+ .mark = id->mark.value & id->mark.mask,
+ .direction = id->dir,
+ .reqid = data->sa->reqid,
);
+ format_mark(markstr, sizeof(markstr), id->mark);
/* find the policy, which matches EXACTLY */
this->mutex->lock(this->mutex);
current = this->policies->get(this->policies, policy);
if (current)
{
- if (current->reqid && sa->reqid && current->reqid != sa->reqid)
+ if (current->reqid && data->sa->reqid &&
+ current->reqid != data->sa->reqid)
{
- DBG1(DBG_CFG, "unable to install policy %R === %R %N (mark "
- "%u/0x%08x) for reqid %u, the same policy for reqid %u exists",
- src_ts, dst_ts, policy_dir_names, direction,
- mark.value, mark.mask, sa->reqid, current->reqid);
+ DBG1(DBG_CFG, "unable to install policy %R === %R %N%s for reqid "
+ "%u, the same policy for reqid %u exists",
+ id->src_ts, id->dst_ts, policy_dir_names, id->dir, markstr,
+ data->sa->reqid, current->reqid);
policy_entry_destroy(this, policy);
this->mutex->unlock(this->mutex);
return INVALID_STATE;
}
/* use existing policy */
- DBG2(DBG_KNL, "policy %R === %R %N (mark %u/0x%08x) "
- "already exists, increasing refcount",
- src_ts, dst_ts, policy_dir_names, direction,
- mark.value, mark.mask);
+ DBG2(DBG_KNL, "policy %R === %R %N%s already exists, increasing "
+ "refcount", id->src_ts, id->dst_ts, policy_dir_names, id->dir,
+ markstr);
policy_entry_destroy(this, policy);
policy = current;
found = TRUE;
+
+ policy->waiting++;
+ while (policy->working)
+ {
+ this->condvar->wait(this->condvar, this->mutex);
+ }
+ policy->waiting--;
+ policy->working = TRUE;
}
else
{ /* use the new one, if we have no such policy */
@@ -2352,28 +2480,52 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
}
/* cache the assigned IPsec SA */
- assigned_sa = policy_sa_create(this, direction, type, src, dst, src_ts,
- dst_ts, mark, sa);
- assigned_sa->priority = get_priority(policy, priority);
+ assigned_sa = policy_sa_create(this, id->dir, data->type, data->src,
+ data->dst, id->src_ts, id->dst_ts, id->mark, data->sa);
+ assigned_sa->auto_priority = get_priority(policy, data->prio, id->interface);
+ assigned_sa->priority = this->get_priority ? this->get_priority(id, data)
+ : data->manual_prio;
+ assigned_sa->priority = assigned_sa->priority ?: assigned_sa->auto_priority;
/* insert the SA according to its priority */
enumerator = policy->used_by->create_enumerator(policy->used_by);
while (enumerator->enumerate(enumerator, (void**)¤t_sa))
{
- if (current_sa->priority >= assigned_sa->priority)
+ if (current_sa->priority > assigned_sa->priority)
{
break;
}
- update = FALSE;
+ if (current_sa->priority == assigned_sa->priority)
+ {
+ /* in case of equal manual prios order SAs by automatic priority */
+ if (current_sa->auto_priority > assigned_sa->auto_priority)
+ {
+ break;
+ }
+ /* prefer SAs with a reqid over those without */
+ if (current_sa->auto_priority == assigned_sa->auto_priority &&
+ (!current_sa->sa->cfg.reqid || assigned_sa->sa->cfg.reqid))
+ {
+ break;
+ }
+ }
+ if (update)
+ {
+ cur_priority = current_sa->priority;
+ update = FALSE;
+ }
}
- policy->used_by->insert_before(policy->used_by, enumerator,
- assigned_sa);
+ policy->used_by->insert_before(policy->used_by, enumerator, assigned_sa);
enumerator->destroy(enumerator);
+ use_count = policy->used_by->get_count(policy->used_by);
if (!update)
{ /* we don't update the policy if the priority is lower than that of
* the currently installed one */
- this->mutex->unlock(this->mutex);
+ policy_change_done(this, policy);
+ DBG2(DBG_KNL, "not updating policy %R === %R %N%s [priority %u,"
+ "refcount %d]", id->src_ts, id->dst_ts, policy_dir_names,
+ id->dir, markstr, cur_priority, use_count);
return SUCCESS;
}
@@ -2382,36 +2534,36 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
found = TRUE;
}
- DBG2(DBG_KNL, "%s policy %R === %R %N (mark %u/0x%08x)",
- found ? "updating" : "adding", src_ts, dst_ts,
- policy_dir_names, direction, mark.value, mark.mask);
+ DBG2(DBG_KNL, "%s policy %R === %R %N%s [priority %u, refcount %d]",
+ found ? "updating" : "adding", id->src_ts, id->dst_ts,
+ policy_dir_names, id->dir, markstr, assigned_sa->priority, use_count);
if (add_policy_internal(this, policy, assigned_sa, found) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to %s policy %R === %R %N",
- found ? "update" : "add", src_ts, dst_ts,
- policy_dir_names, direction);
+ DBG1(DBG_KNL, "unable to %s policy %R === %R %N%s",
+ found ? "update" : "add", id->src_ts, id->dst_ts,
+ policy_dir_names, id->dir, markstr);
return FAILED;
}
return SUCCESS;
}
METHOD(kernel_ipsec_t, query_policy, status_t,
- private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
- time_t *use_time)
+ private_kernel_netlink_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data, time_t *use_time)
{
netlink_buf_t request;
struct nlmsghdr *out = NULL, *hdr;
struct xfrm_userpolicy_id *policy_id;
struct xfrm_userpolicy_info *policy = NULL;
size_t len;
+ char markstr[32] = "";
memset(&request, 0, sizeof(request));
+ format_mark(markstr, sizeof(markstr), id->mark);
- DBG2(DBG_KNL, "querying policy %R === %R %N (mark %u/0x%08x)",
- src_ts, dst_ts, policy_dir_names, direction,
- mark.value, mark.mask);
+ DBG2(DBG_KNL, "querying policy %R === %R %N%s", id->src_ts, id->dst_ts,
+ policy_dir_names, id->dir, markstr);
hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
@@ -2419,10 +2571,10 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_id));
policy_id = NLMSG_DATA(hdr);
- policy_id->sel = ts2selector(src_ts, dst_ts);
- policy_id->dir = direction;
+ policy_id->sel = ts2selector(id->src_ts, id->dst_ts, id->interface);
+ policy_id->dir = id->dir;
- if (!add_mark(hdr, sizeof(request), mark))
+ if (!add_mark(hdr, sizeof(request), id->mark))
{
return FAILED;
}
@@ -2443,7 +2595,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
{
struct nlmsgerr *err = NLMSG_DATA(hdr);
DBG1(DBG_KNL, "querying policy failed: %s (%d)",
- strerror(-err->error), -err->error);
+ strerror(-err->error), -err->error);
break;
}
default:
@@ -2458,8 +2610,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
if (policy == NULL)
{
- DBG2(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts,
- policy_dir_names, direction);
+ DBG2(DBG_KNL, "unable to query policy %R === %R %N%s", id->src_ts,
+ id->dst_ts, policy_dir_names, id->dir, markstr);
free(out);
return FAILED;
}
@@ -2479,10 +2631,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t prio)
+ private_kernel_netlink_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
policy_entry_t *current, policy;
enumerator_t *enumerator;
@@ -2491,78 +2641,94 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
struct nlmsghdr *hdr;
struct xfrm_userpolicy_id *policy_id;
bool is_installed = TRUE;
- u_int32_t priority;
+ uint32_t priority, auto_priority, cur_priority;
ipsec_sa_t assigned_sa = {
- .src = src,
- .dst = dst,
- .mark = mark,
- .cfg = *sa,
+ .src = data->src,
+ .dst = data->dst,
+ .mark = id->mark,
+ .cfg = *data->sa,
};
+ char markstr[32] = "";
+ int use_count;
+ status_t status = SUCCESS;
- DBG2(DBG_KNL, "deleting policy %R === %R %N (mark %u/0x%08x)",
- src_ts, dst_ts, policy_dir_names, direction,
- mark.value, mark.mask);
+ format_mark(markstr, sizeof(markstr), id->mark);
+
+ DBG2(DBG_KNL, "deleting policy %R === %R %N%s", id->src_ts, id->dst_ts,
+ policy_dir_names, id->dir, markstr);
/* create a policy */
memset(&policy, 0, sizeof(policy_entry_t));
- policy.sel = ts2selector(src_ts, dst_ts);
- policy.mark = mark.value & mark.mask;
- policy.direction = direction;
+ policy.sel = ts2selector(id->src_ts, id->dst_ts, id->interface);
+ policy.mark = id->mark.value & id->mark.mask;
+ policy.direction = id->dir;
/* find the policy */
this->mutex->lock(this->mutex);
current = this->policies->get(this->policies, &policy);
if (!current)
{
- if (mark.value)
- {
- DBG1(DBG_KNL, "deleting policy %R === %R %N (mark %u/0x%08x) "
- "failed, not found", src_ts, dst_ts, policy_dir_names,
- direction, mark.value, mark.mask);
- }
- else
- {
- DBG1(DBG_KNL, "deleting policy %R === %R %N failed, not found",
- src_ts, dst_ts, policy_dir_names, direction);
- }
+ DBG1(DBG_KNL, "deleting policy %R === %R %N%s failed, not found",
+ id->src_ts, id->dst_ts, policy_dir_names, id->dir, markstr);
this->mutex->unlock(this->mutex);
return NOT_FOUND;
}
+ current->waiting++;
+ while (current->working)
+ {
+ this->condvar->wait(this->condvar, this->mutex);
+ }
+ current->working = TRUE;
+ current->waiting--;
/* remove mapping to SA by reqid and priority */
- priority = get_priority(current, prio);
+ auto_priority = get_priority(current, data->prio,id->interface);
+ priority = this->get_priority ? this->get_priority(id, data)
+ : data->manual_prio;
+ priority = priority ?: auto_priority;
+
enumerator = current->used_by->create_enumerator(current->used_by);
while (enumerator->enumerate(enumerator, (void**)&mapping))
{
- if (priority == mapping->priority && type == mapping->type &&
+ if (priority == mapping->priority &&
+ auto_priority == mapping->auto_priority &&
+ data->type == mapping->type &&
ipsec_sa_equals(mapping->sa, &assigned_sa))
{
current->used_by->remove_at(current->used_by, enumerator);
- policy_sa_destroy(mapping, &direction, this);
+ policy_sa_destroy(mapping, &id->dir, this);
break;
}
- is_installed = FALSE;
+ if (is_installed)
+ {
+ cur_priority = mapping->priority;
+ is_installed = FALSE;
+ }
}
enumerator->destroy(enumerator);
- if (current->used_by->get_count(current->used_by) > 0)
+ use_count = current->used_by->get_count(current->used_by);
+ if (use_count > 0)
{ /* policy is used by more SAs, keep in kernel */
DBG2(DBG_KNL, "policy still used by another CHILD_SA, not removed");
if (!is_installed)
{ /* no need to update as the policy was not installed for this SA */
- this->mutex->unlock(this->mutex);
+ policy_change_done(this, current);
+ DBG2(DBG_KNL, "not updating policy %R === %R %N%s [priority %u, "
+ "refcount %d]", id->src_ts, id->dst_ts, policy_dir_names,
+ id->dir, markstr, cur_priority, use_count);
return SUCCESS;
}
+ current->used_by->get_first(current->used_by, (void**)&mapping);
- DBG2(DBG_KNL, "updating policy %R === %R %N (mark %u/0x%08x)",
- src_ts, dst_ts, policy_dir_names, direction,
- mark.value, mark.mask);
+ DBG2(DBG_KNL, "updating policy %R === %R %N%s [priority %u, "
+ "refcount %d]", id->src_ts, id->dst_ts, policy_dir_names, id->dir,
+ markstr, mapping->priority, use_count);
- current->used_by->get_first(current->used_by, (void**)&mapping);
if (add_policy_internal(this, current, mapping, TRUE) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to update policy %R === %R %N",
- src_ts, dst_ts, policy_dir_names, direction);
+ DBG1(DBG_KNL, "unable to update policy %R === %R %N%s",
+ id->src_ts, id->dst_ts, policy_dir_names, id->dir, markstr);
return FAILED;
}
return SUCCESS;
@@ -2577,11 +2743,11 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
policy_id = NLMSG_DATA(hdr);
policy_id->sel = current->sel;
- policy_id->dir = direction;
+ policy_id->dir = id->dir;
- if (!add_mark(hdr, sizeof(request), mark))
+ if (!add_mark(hdr, sizeof(request), id->mark))
{
- this->mutex->unlock(this->mutex);
+ policy_change_done(this, current);
return FAILED;
}
@@ -2592,32 +2758,32 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
route->prefixlen, route->gateway,
route->src_ip, route->if_name) != SUCCESS)
{
- DBG1(DBG_KNL, "error uninstalling route installed with "
- "policy %R === %R %N", src_ts, dst_ts,
- policy_dir_names, direction);
+ DBG1(DBG_KNL, "error uninstalling route installed with policy "
+ "%R === %R %N%s", id->src_ts, id->dst_ts, policy_dir_names,
+ id->dir, markstr);
}
}
-
- this->policies->remove(this->policies, current);
- policy_entry_destroy(this, current);
this->mutex->unlock(this->mutex);
if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
{
- if (mark.value)
- {
- DBG1(DBG_KNL, "unable to delete policy %R === %R %N "
- "(mark %u/0x%08x)", src_ts, dst_ts, policy_dir_names,
- direction, mark.value, mark.mask);
- }
- else
- {
- DBG1(DBG_KNL, "unable to delete policy %R === %R %N",
- src_ts, dst_ts, policy_dir_names, direction);
- }
- return FAILED;
+ DBG1(DBG_KNL, "unable to delete policy %R === %R %N%s", id->src_ts,
+ id->dst_ts, policy_dir_names, id->dir, markstr);
+ status = FAILED;
}
- return SUCCESS;
+
+ this->mutex->lock(this->mutex);
+ if (!current->waiting)
+ { /* only if no other thread still needs the policy */
+ this->policies->remove(this->policies, current);
+ policy_entry_destroy(this, current);
+ this->mutex->unlock(this->mutex);
+ }
+ else
+ {
+ policy_change_done(this, current);
+ }
+ return status;
}
METHOD(kernel_ipsec_t, flush_policies, status_t,
@@ -2676,15 +2842,15 @@ static bool add_socket_bypass(private_kernel_netlink_ipsec_t *this,
policy.dir = XFRM_POLICY_OUT;
if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
{
- DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
- strerror(errno));
+ DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s (%d)",
+ strerror(errno), errno);
return FALSE;
}
policy.dir = XFRM_POLICY_IN;
if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
{
- DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
- strerror(errno));
+ DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s (%d)",
+ strerror(errno), errno);
return FALSE;
}
return TRUE;
@@ -2699,7 +2865,7 @@ typedef struct {
/** layer 4 protocol */
int proto;
/** port number, network order */
- u_int16_t port;
+ uint16_t port;
} bypass_t;
/**
@@ -2839,7 +3005,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool,
}
METHOD(kernel_ipsec_t, enable_udp_decap, bool,
- private_kernel_netlink_ipsec_t *this, int fd, int family, u_int16_t port)
+ private_kernel_netlink_ipsec_t *this, int fd, int family, uint16_t port)
{
int type = UDP_ENCAP_ESPINUDP;
@@ -2873,6 +3039,7 @@ METHOD(kernel_ipsec_t, destroy, void,
enumerator->destroy(enumerator);
this->policies->destroy(this->policies);
this->sas->destroy(this->sas);
+ this->condvar->destroy(this->condvar);
this->mutex->destroy(this->mutex);
free(this);
}
@@ -2912,6 +3079,9 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
(hashtable_equals_t)ipsec_sa_equals, 32),
.bypass = array_create(sizeof(bypass_t), 0),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
+ .get_priority = dlsym(RTLD_DEFAULT,
+ "kernel_netlink_get_priority_custom"),
.policy_update = lib->settings->get_bool(lib->settings,
"%s.plugins.kernel-netlink.policy_update", FALSE, lib->ns),
.install_routes = lib->settings->get_bool(lib->settings,
@@ -2955,7 +3125,8 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
this->socket_xfrm_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM);
if (this->socket_xfrm_events <= 0)
{
- DBG1(DBG_KNL, "unable to create XFRM event socket");
+ DBG1(DBG_KNL, "unable to create XFRM event socket: %s (%d)",
+ strerror(errno), errno);
destroy(this);
return NULL;
}
@@ -2963,7 +3134,8 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
XFRMNLGRP(MIGRATE) | XFRMNLGRP(MAPPING);
if (bind(this->socket_xfrm_events, (struct sockaddr*)&addr, sizeof(addr)))
{
- DBG1(DBG_KNL, "unable to bind XFRM event socket");
+ DBG1(DBG_KNL, "unable to bind XFRM event socket: %s (%d)",
+ strerror(errno), errno);
destroy(this);
return NULL;
}
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index f4394a1..93c2ccc 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2008-2014 Tobias Brunner
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -278,7 +278,7 @@ struct route_entry_t {
chunk_t dst_net;
/** Destination net prefixlen */
- u_int8_t prefixlen;
+ uint8_t prefixlen;
};
/**
@@ -513,12 +513,12 @@ struct private_kernel_netlink_net_t {
/**
* MTU to set on installed routes
*/
- u_int32_t mtu;
+ uint32_t mtu;
/**
* MSS to set on installed routes
*/
- u_int32_t mss;
+ uint32_t mss;
};
/**
@@ -526,7 +526,7 @@ struct private_kernel_netlink_net_t {
*/
static status_t manage_srcroute(private_kernel_netlink_net_t *this,
int nlmsg_type, int flags, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway,
+ uint8_t prefixlen, host_t *gateway,
host_t *src_ip, char *if_name);
/**
@@ -1217,7 +1217,7 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h
struct rtmsg* msg = NLMSG_DATA(hdr);
struct rtattr *rta = RTM_RTA(msg);
size_t rtasize = RTM_PAYLOAD(hdr);
- u_int32_t rta_oif = 0;
+ uint32_t rta_oif = 0;
host_t *host = NULL;
/* ignore routes added by us or in the local routing table (local addrs) */
@@ -1243,7 +1243,7 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h
case RTA_OIF:
if (RTA_PAYLOAD(rta) == sizeof(rta_oif))
{
- rta_oif = *(u_int32_t*)RTA_DATA(rta);
+ rta_oif = *(uint32_t*)RTA_DATA(rta);
}
break;
}
@@ -1297,7 +1297,8 @@ static bool receive_events(private_kernel_netlink_net_t *this, int fd,
/* no data ready, select again */
return TRUE;
default:
- DBG1(DBG_KNL, "unable to receive from rt event socket");
+ DBG1(DBG_KNL, "unable to receive from RT event socket %s (%d)",
+ strerror(errno), errno);
sleep(1);
return TRUE;
}
@@ -1501,6 +1502,32 @@ static int get_interface_index(private_kernel_netlink_net_t *this, char* name)
}
/**
+ * get the name of an interface by index (allocated)
+ */
+static char *get_interface_name_by_index(private_kernel_netlink_net_t *this,
+ int index)
+{
+ iface_entry_t *iface;
+ char *name = NULL;
+
+ DBG2(DBG_KNL, "getting iface name for index %d", index);
+
+ this->lock->read_lock(this->lock);
+ if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index,
+ (void**)&iface, &index) == SUCCESS)
+ {
+ name = strdup(iface->ifname);
+ }
+ this->lock->unlock(this->lock);
+
+ if (!name)
+ {
+ DBG1(DBG_KNL, "unable to get interface name for %d", index);
+ }
+ return name;
+}
+
+/**
* check if an address or net (addr with prefix net bits) is in
* subnet (net with net_len net bits)
*/
@@ -1545,10 +1572,10 @@ typedef struct {
chunk_t src;
chunk_t dst;
host_t *src_host;
- u_int8_t dst_len;
- u_int32_t table;
- u_int32_t oif;
- u_int32_t priority;
+ uint8_t dst_len;
+ uint32_t table;
+ uint32_t oif;
+ uint32_t priority;
} rt_entry_t;
/**
@@ -1630,20 +1657,20 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
case RTA_OIF:
if (RTA_PAYLOAD(rta) == sizeof(route->oif))
{
- route->oif = *(u_int32_t*)RTA_DATA(rta);
+ route->oif = *(uint32_t*)RTA_DATA(rta);
}
break;
case RTA_PRIORITY:
if (RTA_PAYLOAD(rta) == sizeof(route->priority))
{
- route->priority = *(u_int32_t*)RTA_DATA(rta);
+ route->priority = *(uint32_t*)RTA_DATA(rta);
}
break;
#ifdef HAVE_RTA_TABLE
case RTA_TABLE:
if (RTA_PAYLOAD(rta) == sizeof(route->table))
{
- route->table = *(u_int32_t*)RTA_DATA(rta);
+ route->table = *(uint32_t*)RTA_DATA(rta);
}
break;
#endif /* HAVE_RTA_TABLE*/
@@ -1658,7 +1685,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
*/
static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
int prefix, bool nexthop, host_t *candidate,
- u_int recursion)
+ char **iface, u_int recursion)
{
netlink_buf_t request;
struct nlmsghdr *hdr, *out, *current;
@@ -1774,16 +1801,16 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
}
route->src_host = src;
}
- /* insert route, sorted by priority and network prefix */
+ /* insert route, sorted by network prefix and priority */
enumerator = routes->create_enumerator(routes);
while (enumerator->enumerate(enumerator, &other))
{
- if (route->priority < other->priority)
+ if (route->dst_len > other->dst_len)
{
break;
}
- if (route->priority == other->priority &&
- route->dst_len > other->dst_len)
+ if (route->dst_len == other->dst_len &&
+ route->priority < other->priority)
{
break;
}
@@ -1860,7 +1887,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
if (gtw && !gtw->ip_equals(gtw, dest))
{
route->src_host = get_route(this, gtw, -1, FALSE, candidate,
- recursion + 1);
+ iface, recursion + 1);
}
DESTROY_IF(gtw);
if (route->src_host)
@@ -1878,10 +1905,18 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
enumerator->destroy(enumerator);
if (nexthop)
- { /* nexthop lookup, return gateway if any */
+ { /* nexthop lookup, return gateway and oif if any */
+ if (iface)
+ {
+ *iface = NULL;
+ }
if (best || routes->get_first(routes, (void**)&best) == SUCCESS)
{
addr = host_create_from_chunk(msg->rtm_family, best->gtw, 0);
+ if (iface && route->oif)
+ {
+ *iface = get_interface_name_by_index(this, route->oif);
+ }
}
if (!addr && !match_net)
{ /* fallback to destination address */
@@ -1901,8 +1936,16 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
if (addr)
{
- DBG2(DBG_KNL, "using %H as %s to reach %H/%d", addr,
- nexthop ? "nexthop" : "address", dest, prefix);
+ if (nexthop && iface && *iface)
+ {
+ DBG2(DBG_KNL, "using %H as nexthop and %s as dev to reach %H/%d",
+ addr, *iface, dest, prefix);
+ }
+ else
+ {
+ DBG2(DBG_KNL, "using %H as %s to reach %H/%d", addr,
+ nexthop ? "nexthop" : "address", dest, prefix);
+ }
}
else if (!recursion)
{
@@ -1915,13 +1958,14 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
METHOD(kernel_net_t, get_source_addr, host_t*,
private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
{
- return get_route(this, dest, -1, FALSE, src, 0);
+ return get_route(this, dest, -1, FALSE, src, NULL, 0);
}
METHOD(kernel_net_t, get_nexthop, host_t*,
- private_kernel_netlink_net_t *this, host_t *dest, int prefix, host_t *src)
+ private_kernel_netlink_net_t *this, host_t *dest, int prefix, host_t *src,
+ char **iface)
{
- return get_route(this, dest, prefix, TRUE, src, 0);
+ return get_route(this, dest, prefix, TRUE, src, iface, 0);
}
/**
@@ -2144,7 +2188,7 @@ METHOD(kernel_net_t, del_ip, status_t,
*/
static status_t manage_srcroute(private_kernel_netlink_net_t *this,
int nlmsg_type, int flags, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway,
+ uint8_t prefixlen, host_t *gateway,
host_t *src_ip, char *if_name)
{
netlink_buf_t request;
@@ -2160,7 +2204,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
if (this->routing_table == 0 && prefixlen == 0)
{
chunk_t half_net;
- u_int8_t half_prefixlen;
+ uint8_t half_prefixlen;
status_t status;
half_net = chunk_alloca(dst_net.len);
@@ -2206,22 +2250,22 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
if (this->mtu || this->mss)
{
chunk = chunk_alloca(RTA_LENGTH((sizeof(struct rtattr) +
- sizeof(u_int32_t)) * 2));
+ sizeof(uint32_t)) * 2));
chunk.len = 0;
rta = (struct rtattr*)chunk.ptr;
if (this->mtu)
{
rta->rta_type = RTAX_MTU;
- rta->rta_len = RTA_LENGTH(sizeof(u_int32_t));
- memcpy(RTA_DATA(rta), &this->mtu, sizeof(u_int32_t));
+ rta->rta_len = RTA_LENGTH(sizeof(uint32_t));
+ memcpy(RTA_DATA(rta), &this->mtu, sizeof(uint32_t));
chunk.len = rta->rta_len;
}
if (this->mss)
{
rta = (struct rtattr*)(chunk.ptr + RTA_ALIGN(chunk.len));
rta->rta_type = RTAX_ADVMSS;
- rta->rta_len = RTA_LENGTH(sizeof(u_int32_t));
- memcpy(RTA_DATA(rta), &this->mss, sizeof(u_int32_t));
+ rta->rta_len = RTA_LENGTH(sizeof(uint32_t));
+ memcpy(RTA_DATA(rta), &this->mss, sizeof(uint32_t));
chunk.len = RTA_ALIGN(chunk.len) + rta->rta_len;
}
netlink_add_attribute(hdr, RTA_METRICS, chunk, sizeof(request));
@@ -2231,7 +2275,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
}
METHOD(kernel_net_t, add_route, status_t,
- private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
+ private_kernel_netlink_net_t *this, chunk_t dst_net, uint8_t prefixlen,
host_t *gateway, host_t *src_ip, char *if_name)
{
status_t status;
@@ -2262,7 +2306,7 @@ METHOD(kernel_net_t, add_route, status_t,
}
METHOD(kernel_net_t, del_route, status_t,
- private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
+ private_kernel_netlink_net_t *this, chunk_t dst_net, uint8_t prefixlen,
host_t *gateway, host_t *src_ip, char *if_name)
{
status_t status;
@@ -2384,7 +2428,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this)
* create or delete a rule to use our routing table
*/
static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
- int family, u_int32_t table, u_int32_t prio)
+ int family, uint32_t table, uint32_t prio)
{
netlink_buf_t request;
struct nlmsghdr *hdr;
@@ -2644,7 +2688,8 @@ kernel_netlink_net_t *kernel_netlink_net_create()
this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
if (this->socket_events < 0)
{
- DBG1(DBG_KNL, "unable to create RT event socket");
+ DBG1(DBG_KNL, "unable to create RT event socket: %s (%d)",
+ strerror(errno), errno);
destroy(this);
return NULL;
}
@@ -2652,7 +2697,8 @@ kernel_netlink_net_t *kernel_netlink_net_create()
RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE | RTMGRP_LINK;
if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr)))
{
- DBG1(DBG_KNL, "unable to bind RT event socket");
+ DBG1(DBG_KNL, "unable to bind RT event socket: %s (%d)",
+ strerror(errno), errno);
destroy(this);
return NULL;
}
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
index f7ce992..7165b65 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -309,7 +309,7 @@ static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in,
while (!entry->complete)
{
if (this->parallel &&
- lib->watcher->get_state(lib->watcher) == WATCHER_RUNNING)
+ lib->watcher->get_state(lib->watcher) != WATCHER_STOPPED)
{
if (this->timeout)
{
@@ -594,13 +594,15 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
}
if (this->socket == -1)
{
- DBG1(DBG_KNL, "unable to create netlink socket");
+ DBG1(DBG_KNL, "unable to create netlink socket: %s (%d)",
+ strerror(errno), errno);
destroy(this);
return NULL;
}
if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr)))
{
- DBG1(DBG_KNL, "unable to bind netlink socket");
+ DBG1(DBG_KNL, "unable to bind netlink socket: %s (%d)",
+ strerror(errno), errno);
destroy(this);
return NULL;
}
diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in
index f2876a2..8866f13 100644
--- a/src/libcharon/plugins/kernel_pfkey/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/kernel_pfkey
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index d505f1c..1b22ea5 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2008-2015 Tobias Brunner
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -141,17 +141,17 @@
#define SOL_UDP IPPROTO_UDP
#endif
-/** base priority for installed policies */
-#define PRIO_BASE 384
+/** Base priority for installed policies */
+#define PRIO_BASE 100000
#ifdef __APPLE__
/** from xnu/bsd/net/pfkeyv2.h */
#define SADB_X_EXT_NATT 0x002
struct sadb_sa_2 {
struct sadb_sa sa;
- u_int16_t sadb_sa_natt_port;
- u_int16_t sadb_reserved0;
- u_int32_t sadb_reserved1;
+ uint16_t sadb_sa_natt_port;
+ uint16_t sadb_reserved0;
+ uint32_t sadb_reserved1;
};
#endif
@@ -286,7 +286,7 @@ struct route_entry_t {
chunk_t dst_net;
/** destination net prefixlen */
- u_int8_t prefixlen;
+ uint8_t prefixlen;
/** reference to exclude route, if any */
exclude_route_t *exclude;
@@ -352,7 +352,7 @@ static bool ipsec_sa_equals(ipsec_sa_t *sa, ipsec_sa_t *other_sa)
{
return sa->src->ip_equals(sa->src, other_sa->src) &&
sa->dst->ip_equals(sa->dst, other_sa->dst) &&
- memeq(&sa->cfg, &other_sa->cfg, sizeof(ipsec_sa_cfg_t));
+ ipsec_sa_cfg_equals(&sa->cfg, &other_sa->cfg);
}
/**
@@ -400,14 +400,17 @@ static void ipsec_sa_destroy(private_kernel_pfkey_ipsec_t *this,
}
typedef struct policy_sa_t policy_sa_t;
-typedef struct policy_sa_in_t policy_sa_in_t;
+typedef struct policy_sa_out_t policy_sa_out_t;
/**
* Mapping between a policy and an IPsec SA.
*/
struct policy_sa_t {
/** Priority assigned to the policy when installed with this SA */
- u_int32_t priority;
+ uint32_t priority;
+
+ /** Base priority assigned to the policy when installed with this SA */
+ uint32_t auto_priority;
/** Type of the policy */
policy_type_t type;
@@ -417,10 +420,10 @@ struct policy_sa_t {
};
/**
- * For input policies we also cache the traffic selectors in order to install
+ * For outbound policies we also cache the traffic selectors in order to install
* the route.
*/
-struct policy_sa_in_t {
+struct policy_sa_out_t {
/** Generic interface */
policy_sa_t generic;
@@ -440,14 +443,14 @@ static policy_sa_t *policy_sa_create(private_kernel_pfkey_ipsec_t *this,
{
policy_sa_t *policy;
- if (dir == POLICY_IN)
+ if (dir == POLICY_OUT)
{
- policy_sa_in_t *in;
- INIT(in,
+ policy_sa_out_t *out;
+ INIT(out,
.src_ts = src_ts->clone(src_ts),
.dst_ts = dst_ts->clone(dst_ts),
);
- policy = &in->generic;
+ policy = &out->generic;
}
else
{
@@ -464,11 +467,11 @@ static policy_sa_t *policy_sa_create(private_kernel_pfkey_ipsec_t *this,
static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t *dir,
private_kernel_pfkey_ipsec_t *this)
{
- if (*dir == POLICY_IN)
+ if (*dir == POLICY_OUT)
{
- policy_sa_in_t *in = (policy_sa_in_t*)policy;
- in->src_ts->destroy(in->src_ts);
- in->dst_ts->destroy(in->dst_ts);
+ policy_sa_out_t *out = (policy_sa_out_t*)policy;
+ out->src_ts->destroy(out->src_ts);
+ out->dst_ts->destroy(out->dst_ts);
}
ipsec_sa_destroy(this, policy->sa);
free(policy);
@@ -481,19 +484,19 @@ typedef struct policy_entry_t policy_entry_t;
*/
struct policy_entry_t {
/** Index assigned by the kernel */
- u_int32_t index;
+ uint32_t index;
/** Direction of this policy: in, out, forward */
- u_int8_t direction;
+ uint8_t direction;
/** Parameters of installed policy */
struct {
/** Subnet and port */
host_t *net;
/** Subnet mask */
- u_int8_t mask;
+ uint8_t mask;
/** Protocol */
- u_int8_t proto;
+ uint8_t proto;
} src, dst;
/** Associated route installed for this policy */
@@ -514,8 +517,8 @@ static policy_entry_t *create_policy_entry(traffic_selector_t *src_ts,
INIT(policy,
.direction = dir,
);
- u_int16_t port;
- u_int8_t proto;
+ uint16_t port;
+ uint8_t proto;
src_ts->to_subnet(src_ts, &policy->src.net, &policy->src.mask);
dst_ts->to_subnet(dst_ts, &policy->dst.net, &policy->dst.mask);
@@ -583,40 +586,51 @@ static inline bool policy_entry_equals(policy_entry_t *current,
* compare the given kernel index with that of a policy
*/
static inline bool policy_entry_match_byindex(policy_entry_t *current,
- u_int32_t *index)
+ uint32_t *index)
{
return current->index == *index;
}
/**
* Calculate the priority of a policy
+ *
+ * This is the same formula we use in the kernel-netlink interface, but some
+ * features are currently not or only partially supported by PF_KEY.
+ *
+ * bits 0-0: reserved for interface restriction (0..1) 1 bit
+ * bits 1-6: src + dst port mask bits (2 * 0..16) 6 bits
+ * bits 7-7: restriction to protocol (0..1) 1 bit
+ * bits 8-16: src + dst network mask bits (2 * 0..128) 9 bits
+ * 17 bits
+ *
+ * smallest value: 000000000 0 000000 0: 0, lowest priority = 100'000
+ * largest value : 100000000 1 100000 0: 65'728, highst priority = 34'272
*/
-static inline u_int32_t get_priority(policy_entry_t *policy,
+static inline uint32_t get_priority(policy_entry_t *policy,
policy_priority_t prio)
{
- u_int32_t priority = PRIO_BASE;
+ uint32_t priority = PRIO_BASE;
+
switch (prio)
{
case POLICY_PRIORITY_FALLBACK:
- priority <<= 1;
+ priority += PRIO_BASE;
/* fall-through */
case POLICY_PRIORITY_ROUTED:
- priority <<= 1;
+ priority += PRIO_BASE;
/* fall-through */
case POLICY_PRIORITY_DEFAULT:
- priority <<= 1;
- /* fall-trough */
+ priority += PRIO_BASE;
+ /* fall-through */
case POLICY_PRIORITY_PASS:
break;
}
- /* calculate priority based on selector size, small size = high prio */
- priority -= policy->src.mask;
- priority -= policy->dst.mask;
- priority <<= 2; /* make some room for the two flags */
- priority += policy->src.net->get_port(policy->src.net) ||
- policy->dst.net->get_port(policy->dst.net) ?
- 0 : 2;
- priority += policy->src.proto != IPSEC_PROTO_ANY ? 0 : 1;
+
+ /* calculate priority */
+ priority -= (policy->src.mask + policy->dst.mask) * 256;
+ priority -= policy->src.proto != IPSEC_PROTO_ANY ? 128 : 0;
+ priority -= policy->src.net->get_port(policy->src.net) ? 32 : 0;
+ priority -= policy->dst.net->get_port(policy->dst.net) ? 32 : 0;
return priority;
}
@@ -697,7 +711,7 @@ ENUM(sadb_ext_type_names, SADB_EXT_RESERVED, SADB_EXT_MAX,
/**
* convert a protocol identifier to the PF_KEY sa type
*/
-static u_int8_t proto2satype(u_int8_t proto)
+static uint8_t proto2satype(uint8_t proto)
{
switch (proto)
{
@@ -715,7 +729,7 @@ static u_int8_t proto2satype(u_int8_t proto)
/**
* convert a PF_KEY sa type to a protocol identifier
*/
-static u_int8_t satype2proto(u_int8_t satype)
+static uint8_t satype2proto(uint8_t satype)
{
switch (satype)
{
@@ -733,7 +747,7 @@ static u_int8_t satype2proto(u_int8_t satype)
/**
* convert the general ipsec mode to the one defined in ipsec.h
*/
-static u_int8_t mode2kernel(ipsec_mode_t mode)
+static uint8_t mode2kernel(ipsec_mode_t mode)
{
switch (mode)
{
@@ -753,7 +767,7 @@ static u_int8_t mode2kernel(ipsec_mode_t mode)
/**
* convert the general policy direction to the one defined in ipsec.h
*/
-static u_int8_t dir2kernel(policy_dir_t dir)
+static uint8_t dir2kernel(policy_dir_t dir)
{
switch (dir)
{
@@ -773,7 +787,7 @@ static u_int8_t dir2kernel(policy_dir_t dir)
/**
* convert the policy type to the one defined in ipsec.h
*/
-static inline u_int16_t type2kernel(policy_type_t type)
+static inline uint16_t type2kernel(policy_type_t type)
{
switch (type)
{
@@ -791,7 +805,7 @@ static inline u_int16_t type2kernel(policy_type_t type)
/**
* convert the policy direction in ipsec.h to the general one.
*/
-static policy_dir_t kernel2dir(u_int8_t dir)
+static policy_dir_t kernel2dir(uint8_t dir)
{
switch (dir)
{
@@ -898,7 +912,7 @@ static kernel_algorithm_t compression_algs[] = {
static int lookup_algorithm(transform_type_t type, int ikev2)
{
kernel_algorithm_t *list;
- u_int16_t alg = 0;
+ uint16_t alg = 0;
switch (type)
{
@@ -929,7 +943,7 @@ static int lookup_algorithm(transform_type_t type, int ikev2)
/**
* Helper to set a port in a sockaddr_t, the port has to be in host order
*/
-static void set_port(sockaddr_t *addr, u_int16_t port)
+static void set_port(sockaddr_t *addr, uint16_t port)
{
switch (addr->sa_family)
{
@@ -971,8 +985,8 @@ static size_t hostcpy(void *dest, host_t *host, bool include_port)
/**
* add a host to the given sadb_msg
*/
-static void add_addr_ext(struct sadb_msg *msg, host_t *host, u_int16_t type,
- u_int8_t proto, u_int8_t prefixlen, bool include_port)
+static void add_addr_ext(struct sadb_msg *msg, host_t *host, uint16_t type,
+ uint8_t proto, uint8_t prefixlen, bool include_port)
{
struct sadb_address *addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg);
size_t len;
@@ -988,7 +1002,7 @@ static void add_addr_ext(struct sadb_msg *msg, host_t *host, u_int16_t type,
/**
* adds an empty address extension to the given sadb_msg
*/
-static void add_anyaddr_ext(struct sadb_msg *msg, int family, u_int8_t type)
+static void add_anyaddr_ext(struct sadb_msg *msg, int family, uint8_t type)
{
socklen_t len = (family == AF_INET) ? sizeof(struct sockaddr_in) :
sizeof(struct sockaddr_in6);
@@ -1039,7 +1053,7 @@ static traffic_selector_t* sadb_address2ts(struct sadb_address *address)
{
traffic_selector_t *ts;
host_t *host;
- u_int8_t proto;
+ uint8_t proto;
proto = address->sadb_address_proto;
proto = proto == IPSEC_PROTO_ANY ? 0 : proto;
@@ -1240,7 +1254,7 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this,
struct sadb_msg* msg)
{
pfkey_msg_t response;
- u_int32_t index, reqid = 0;
+ uint32_t index, reqid = 0;
traffic_selector_t *src_ts, *dst_ts;
policy_entry_t *policy;
policy_sa_t *sa;
@@ -1292,8 +1306,8 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this,
struct sadb_msg* msg)
{
pfkey_msg_t response;
- u_int8_t protocol;
- u_int32_t spi;
+ uint8_t protocol;
+ uint32_t spi;
host_t *dst;
bool hard;
@@ -1330,7 +1344,7 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this,
pfkey_msg_t response;
traffic_selector_t *src_ts, *dst_ts;
policy_dir_t dir;
- u_int32_t reqid = 0;
+ uint32_t reqid = 0;
host_t *local = NULL, *remote = NULL;
DBG2(DBG_KNL, "received an SADB_X_MIGRATE");
@@ -1350,13 +1364,13 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this,
if (response.x_kmaddress)
{
sockaddr_t *local_addr, *remote_addr;
- u_int32_t local_len;
+ uint32_t local_len;
local_addr = (sockaddr_t*)&response.x_kmaddress[1];
local = host_create_from_sockaddr(local_addr);
local_len = (local_addr->sa_family == AF_INET6)?
sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in);
- remote_addr = (sockaddr_t*)((u_int8_t*)local_addr + local_len);
+ remote_addr = (sockaddr_t*)((uint8_t*)local_addr + local_len);
remote = host_create_from_sockaddr(remote_addr);
DBG2(DBG_KNL, " kmaddress: %H...%H", local, remote);
}
@@ -1384,7 +1398,7 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this,
struct sadb_msg* msg)
{
pfkey_msg_t response;
- u_int32_t spi;
+ uint32_t spi;
sockaddr_t *sa;
host_t *dst, *new;
@@ -1517,14 +1531,14 @@ static bool receive_events(private_kernel_pfkey_ipsec_t *this, int fd,
*/
static status_t get_spi_internal(private_kernel_pfkey_ipsec_t *this,
- host_t *src, host_t *dst, u_int8_t proto, u_int32_t min, u_int32_t max,
- u_int32_t *spi)
+ host_t *src, host_t *dst, uint8_t proto, uint32_t min, uint32_t max,
+ uint32_t *spi)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
struct sadb_spirange *range;
pfkey_msg_t response;
- u_int32_t received_spi = 0;
+ uint32_t received_spi = 0;
size_t len;
memset(&request, 0, sizeof(request));
@@ -1570,7 +1584,7 @@ static status_t get_spi_internal(private_kernel_pfkey_ipsec_t *this,
METHOD(kernel_ipsec_t, get_spi, status_t,
private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi)
+ uint8_t protocol, uint32_t *spi)
{
if (get_spi_internal(this, src, dst, protocol,
0xc0000000, 0xcFFFFFFF, spi) != SUCCESS)
@@ -1585,9 +1599,9 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
METHOD(kernel_ipsec_t, get_cpi, status_t,
private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi)
+ uint16_t *cpi)
{
- u_int32_t received_spi = 0;
+ uint32_t received_spi = 0;
DBG2(DBG_KNL, "getting CPI");
@@ -1598,20 +1612,15 @@ METHOD(kernel_ipsec_t, get_cpi, status_t,
return FAILED;
}
- *cpi = htons((u_int16_t)ntohl(received_spi));
+ *cpi = htons((uint16_t)ntohl(received_spi));
DBG2(DBG_KNL, "got CPI %.4x", ntohs(*cpi));
return SUCCESS;
}
METHOD(kernel_ipsec_t, add_sa, status_t,
- private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi,
- u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
- lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound, bool update,
- linked_list_t *src_ts, linked_list_t *dst_ts)
+ private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1620,22 +1629,42 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
struct sadb_lifetime *lft;
struct sadb_key *key;
size_t len;
+ uint16_t ipcomp = data->ipcomp;
+ ipsec_mode_t mode = data->mode;
/* if IPComp is used, we install an additional IPComp SA. if the cpi is 0
* we are in the recursive call below */
- if (ipcomp != IPCOMP_NONE && cpi != 0)
+ if (ipcomp != IPCOMP_NONE && data->cpi != 0)
{
lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}};
- add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark,
- tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED,
- chunk_empty, mode, ipcomp, 0, 0, FALSE, FALSE, FALSE, inbound,
- update, NULL, NULL);
+ kernel_ipsec_sa_id_t ipcomp_id = {
+ .src = id->src,
+ .dst = id->dst,
+ .spi = htonl(ntohs(data->cpi)),
+ .proto = IPPROTO_COMP,
+ .mark = id->mark,
+ };
+ kernel_ipsec_add_sa_t ipcomp_sa = {
+ .reqid = data->reqid,
+ .mode = data->mode,
+ .src_ts = data->src_ts,
+ .dst_ts = data->dst_ts,
+ .lifetime = &lft,
+ .enc_alg = ENCR_UNDEFINED,
+ .int_alg = AUTH_UNDEFINED,
+ .tfc = data->tfc,
+ .ipcomp = data->ipcomp,
+ .initiator = data->initiator,
+ .inbound = data->inbound,
+ .update = data->update,
+ };
+ add_sa(this, &ipcomp_id, &ipcomp_sa);
ipcomp = IPCOMP_NONE;
/* use transport mode ESP SA, IPComp uses tunnel mode */
mode = MODE_TRANSPORT;
}
- if (update)
+ if (data->update)
{
/* As we didn't know the reqid during SPI allocation, we used reqid
* zero. Unfortunately we can't SADB_UPDATE to the new reqid, hence we
@@ -1643,10 +1672,16 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
* selector does not count for that, therefore we have to delete
* that state before installing the new SA to avoid deleting the
* the new state after installing it. */
- mark_t zeromark = {0, 0};
-
- if (this->public.interface.del_sa(&this->public.interface,
- src, dst, spi, protocol, 0, zeromark) != SUCCESS)
+ kernel_ipsec_sa_id_t del_id = {
+ .src = id->src,
+ .dst = id->dst,
+ .spi = id->spi,
+ .proto = id->proto,
+ };
+ kernel_ipsec_del_sa_t del = { 0 };
+
+ if (this->public.interface.del_sa(&this->public.interface, &del_id,
+ &del) != SUCCESS)
{
DBG1(DBG_KNL, "deleting SPI allocation SA failed");
}
@@ -1655,20 +1690,20 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
memset(&request, 0, sizeof(request));
DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}",
- ntohl(spi), reqid);
+ ntohl(id->spi), data->reqid);
msg = (struct sadb_msg*)request;
msg->sadb_msg_version = PF_KEY_V2;
msg->sadb_msg_type = SADB_ADD;
- msg->sadb_msg_satype = proto2satype(protocol);
+ msg->sadb_msg_satype = proto2satype(id->proto);
msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
#ifdef __APPLE__
- if (encap)
+ if (data->encap)
{
struct sadb_sa_2 *sa_2;
sa_2 = (struct sadb_sa_2*)PFKEY_EXT_ADD_NEXT(msg);
- sa_2->sadb_sa_natt_port = dst->get_port(dst);
+ sa_2->sadb_sa_natt_port = id->dst->get_port(id->dst);
sa = &sa_2->sa;
sa->sadb_sa_flags |= SADB_X_EXT_NATT;
len = sizeof(struct sadb_sa_2);
@@ -1681,22 +1716,29 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
}
sa->sadb_sa_exttype = SADB_EXT_SA;
sa->sadb_sa_len = PFKEY_LEN(len);
- sa->sadb_sa_spi = spi;
- if (protocol == IPPROTO_COMP)
+ sa->sadb_sa_spi = id->spi;
+ if (id->proto == IPPROTO_COMP)
{
- sa->sadb_sa_encrypt = lookup_algorithm(COMPRESSION_ALGORITHM, ipcomp);
+ sa->sadb_sa_encrypt = lookup_algorithm(COMPRESSION_ALGORITHM,
+ ipcomp);
}
else
{
/* Linux interprets sadb_sa_replay as number of packets/bits in the
- * replay window, whereas on BSD it's the size of the window in bytes */
+ * replay window, whereas on BSD it's the size of the window in bytes.
+ * Only set for the inbound SA as it's not relevant for the outbound
+ * SA and might waste memory with large windows. */
+ if (data->inbound)
+ {
#ifdef __linux__
- sa->sadb_sa_replay = min(replay_window, 32);
+ sa->sadb_sa_replay = min(data->replay_window, 32);
#else
- sa->sadb_sa_replay = (replay_window + 7) / 8;
+ sa->sadb_sa_replay = (data->replay_window + 7) / 8;
#endif
- sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg);
- sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg);
+ }
+ sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, data->int_alg);
+ sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM,
+ data->enc_alg);
}
PFKEY_EXT_ADD(msg, sa);
@@ -1704,86 +1746,88 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange));
sa2->sadb_x_sa2_mode = mode2kernel(mode);
- sa2->sadb_x_sa2_reqid = reqid;
+ sa2->sadb_x_sa2_reqid = data->reqid;
PFKEY_EXT_ADD(msg, sa2);
- add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE);
- add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE);
+ add_addr_ext(msg, id->src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE);
+ add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE);
lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg);
lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime));
- lft->sadb_lifetime_allocations = lifetime->packets.rekey;
- lft->sadb_lifetime_bytes = lifetime->bytes.rekey;
- lft->sadb_lifetime_addtime = lifetime->time.rekey;
+ lft->sadb_lifetime_allocations = data->lifetime->packets.rekey;
+ lft->sadb_lifetime_bytes = data->lifetime->bytes.rekey;
+ lft->sadb_lifetime_addtime = data->lifetime->time.rekey;
lft->sadb_lifetime_usetime = 0; /* we only use addtime */
PFKEY_EXT_ADD(msg, lft);
lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg);
lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime));
- lft->sadb_lifetime_allocations = lifetime->packets.life;
- lft->sadb_lifetime_bytes = lifetime->bytes.life;
- lft->sadb_lifetime_addtime = lifetime->time.life;
+ lft->sadb_lifetime_allocations = data->lifetime->packets.life;
+ lft->sadb_lifetime_bytes = data->lifetime->bytes.life;
+ lft->sadb_lifetime_addtime = data->lifetime->time.life;
lft->sadb_lifetime_usetime = 0; /* we only use addtime */
PFKEY_EXT_ADD(msg, lft);
- if (enc_alg != ENCR_UNDEFINED)
+ if (data->enc_alg != ENCR_UNDEFINED)
{
if (!sa->sadb_sa_encrypt)
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
- encryption_algorithm_names, enc_alg);
+ encryption_algorithm_names, data->enc_alg);
return FAILED;
}
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
- encryption_algorithm_names, enc_alg, enc_key.len * 8);
+ encryption_algorithm_names, data->enc_alg, data->enc_key.len * 8);
key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg);
key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
- key->sadb_key_bits = enc_key.len * 8;
- key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + enc_key.len);
- memcpy(key + 1, enc_key.ptr, enc_key.len);
+ key->sadb_key_bits = data->enc_key.len * 8;
+ key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + data->enc_key.len);
+ memcpy(key + 1, data->enc_key.ptr, data->enc_key.len);
PFKEY_EXT_ADD(msg, key);
}
- if (int_alg != AUTH_UNDEFINED)
+ if (data->int_alg != AUTH_UNDEFINED)
{
if (!sa->sadb_sa_auth)
{
DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
- integrity_algorithm_names, int_alg);
+ integrity_algorithm_names, data->int_alg);
return FAILED;
}
DBG2(DBG_KNL, " using integrity algorithm %N with key size %d",
- integrity_algorithm_names, int_alg, int_key.len * 8);
+ integrity_algorithm_names, data->int_alg, data->int_key.len * 8);
key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg);
key->sadb_key_exttype = SADB_EXT_KEY_AUTH;
- key->sadb_key_bits = int_key.len * 8;
- key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + int_key.len);
- memcpy(key + 1, int_key.ptr, int_key.len);
+ key->sadb_key_bits = data->int_key.len * 8;
+ key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + data->int_key.len);
+ memcpy(key + 1, data->int_key.ptr, data->int_key.len);
PFKEY_EXT_ADD(msg, key);
}
#ifdef HAVE_NATT
- if (encap)
+ if (data->encap)
{
- add_encap_ext(msg, src, dst);
+ add_encap_ext(msg, id->src, id->dst);
}
#endif /*HAVE_NATT*/
if (pfkey_send(this, msg, &out, &len) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi));
+ DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x",
+ ntohl(id->spi));
return FAILED;
}
else if (out->sadb_msg_errno)
{
DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x: %s (%d)",
- ntohl(spi), strerror(out->sadb_msg_errno), out->sadb_msg_errno);
+ ntohl(id->spi), strerror(out->sadb_msg_errno),
+ out->sadb_msg_errno);
free(out);
return FAILED;
}
@@ -1793,9 +1837,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
}
METHOD(kernel_ipsec_t, update_sa, status_t,
- private_kernel_pfkey_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
- u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap, mark_t mark)
+ private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1806,72 +1849,84 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
/* we can't update the SA if any of the ip addresses have changed.
* that's because we can't use SADB_UPDATE and by deleting and readding the
* SA the sequence numbers would get lost */
- if (!src->ip_equals(src, new_src) ||
- !dst->ip_equals(dst, new_dst))
+ if (!id->src->ip_equals(id->src, data->new_src) ||
+ !id->dst->ip_equals(id->dst, data->new_dst))
{
DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x: address "
- "changes are not supported", ntohl(spi));
+ "changes are not supported", ntohl(id->spi));
return NOT_SUPPORTED;
}
/* if IPComp is used, we first update the IPComp SA */
- if (cpi)
- {
- update_sa(this, htonl(ntohs(cpi)), IPPROTO_COMP, 0,
- src, dst, new_src, new_dst, FALSE, FALSE, mark);
+ if (data->cpi)
+ {
+ kernel_ipsec_sa_id_t ipcomp_id = {
+ .src = id->src,
+ .dst = id->dst,
+ .spi = htonl(ntohs(data->cpi)),
+ .proto = IPPROTO_COMP,
+ .mark = id->mark,
+ };
+ kernel_ipsec_update_sa_t ipcomp = {
+ .new_src = data->new_src,
+ .new_dst = data->new_dst,
+ };
+ update_sa(this, &ipcomp_id, &ipcomp);
}
memset(&request, 0, sizeof(request));
- DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi));
+ DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update",
+ ntohl(id->spi));
msg = (struct sadb_msg*)request;
msg->sadb_msg_version = PF_KEY_V2;
msg->sadb_msg_type = SADB_GET;
- msg->sadb_msg_satype = proto2satype(protocol);
+ msg->sadb_msg_satype = proto2satype(id->proto);
msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
sa->sadb_sa_exttype = SADB_EXT_SA;
sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa));
- sa->sadb_sa_spi = spi;
+ sa->sadb_sa_spi = id->spi;
PFKEY_EXT_ADD(msg, sa);
/* the kernel wants a SADB_EXT_ADDRESS_SRC to be present even though
* it is not used for anything. */
- add_anyaddr_ext(msg, dst->get_family(dst), SADB_EXT_ADDRESS_SRC);
- add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE);
+ add_anyaddr_ext(msg, id->dst->get_family(id->dst), SADB_EXT_ADDRESS_SRC);
+ add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE);
if (pfkey_send(this, msg, &out, &len) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi));
+ DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x",
+ ntohl(id->spi));
return FAILED;
}
else if (out->sadb_msg_errno)
{
DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x: %s (%d)",
- ntohl(spi), strerror(out->sadb_msg_errno),
- out->sadb_msg_errno);
+ ntohl(id->spi), strerror(out->sadb_msg_errno),
+ out->sadb_msg_errno);
free(out);
return FAILED;
}
else if (parse_pfkey_message(out, &response) != SUCCESS)
{
DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x: parsing "
- "response from kernel failed", ntohl(spi));
+ "response from kernel failed", ntohl(id->spi));
free(out);
return FAILED;
}
DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H",
- ntohl(spi), src, dst, new_src, new_dst);
+ ntohl(id->spi), id->src, id->dst, data->new_src, data->new_dst);
memset(&request, 0, sizeof(request));
msg = (struct sadb_msg*)request;
msg->sadb_msg_version = PF_KEY_V2;
msg->sadb_msg_type = SADB_UPDATE;
- msg->sadb_msg_satype = proto2satype(protocol);
+ msg->sadb_msg_satype = proto2satype(id->proto);
msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
#ifdef __APPLE__
@@ -1880,9 +1935,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
sa_2 = (struct sadb_sa_2*)PFKEY_EXT_ADD_NEXT(msg);
sa_2->sa.sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa_2));
memcpy(&sa_2->sa, response.sa, sizeof(struct sadb_sa));
- if (encap)
+ if (data->encap)
{
- sa_2->sadb_sa_natt_port = new_dst->get_port(new_dst);
+ sa_2->sadb_sa_natt_port = data->new_dst->get_port(data->new_dst);
sa_2->sa.sadb_sa_flags |= SADB_X_EXT_NATT;
}
}
@@ -1908,9 +1963,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
}
#ifdef HAVE_NATT
- if (new_encap)
+ if (data->new_encap)
{
- add_encap_ext(msg, new_src, new_dst);
+ add_encap_ext(msg, data->new_src, data->new_dst);
}
#endif /*HAVE_NATT*/
@@ -1918,14 +1973,14 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
if (pfkey_send(this, msg, &out, &len) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi));
+ DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x",
+ ntohl(id->spi));
return FAILED;
}
else if (out->sadb_msg_errno)
{
DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x: %s (%d)",
- ntohl(spi), strerror(out->sadb_msg_errno),
- out->sadb_msg_errno);
+ ntohl(id->spi), strerror(out->sadb_msg_errno), out->sadb_msg_errno);
free(out);
return FAILED;
}
@@ -1935,9 +1990,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
}
METHOD(kernel_ipsec_t, query_sa, status_t,
- private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time)
+ private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
+ time_t *time)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1947,42 +2002,44 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
memset(&request, 0, sizeof(request));
- DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi));
+ DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(id->spi));
msg = (struct sadb_msg*)request;
msg->sadb_msg_version = PF_KEY_V2;
msg->sadb_msg_type = SADB_GET;
- msg->sadb_msg_satype = proto2satype(protocol);
+ msg->sadb_msg_satype = proto2satype(id->proto);
msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
sa->sadb_sa_exttype = SADB_EXT_SA;
sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa));
- sa->sadb_sa_spi = spi;
+ sa->sadb_sa_spi = id->spi;
PFKEY_EXT_ADD(msg, sa);
/* the Linux Kernel doesn't care for the src address, but other systems do
* (e.g. FreeBSD)
*/
- add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE);
- add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE);
+ add_addr_ext(msg, id->src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE);
+ add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE);
if (pfkey_send(this, msg, &out, &len) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi));
+ DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x",
+ ntohl(id->spi));
return FAILED;
}
else if (out->sadb_msg_errno)
{
DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x: %s (%d)",
- ntohl(spi), strerror(out->sadb_msg_errno),
- out->sadb_msg_errno);
+ ntohl(id->spi), strerror(out->sadb_msg_errno),
+ out->sadb_msg_errno);
free(out);
return FAILED;
}
else if (parse_pfkey_message(out, &response) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi));
+ DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x",
+ ntohl(id->spi));
free(out);
return FAILED;
}
@@ -2013,8 +2070,8 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
}
METHOD(kernel_ipsec_t, del_sa, status_t,
- private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
+ private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -2022,48 +2079,57 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
size_t len;
/* if IPComp was used, we first delete the additional IPComp SA */
- if (cpi)
+ if (data->cpi)
{
- del_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, 0, mark);
+ kernel_ipsec_sa_id_t ipcomp_id = {
+ .src = id->src,
+ .dst = id->dst,
+ .spi = htonl(ntohs(data->cpi)),
+ .proto = IPPROTO_COMP,
+ .mark = id->mark,
+ };
+ kernel_ipsec_del_sa_t ipcomp = { 0 };
+ del_sa(this, &ipcomp_id, &ipcomp);
}
memset(&request, 0, sizeof(request));
- DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi));
+ DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(id->spi));
msg = (struct sadb_msg*)request;
msg->sadb_msg_version = PF_KEY_V2;
msg->sadb_msg_type = SADB_DELETE;
- msg->sadb_msg_satype = proto2satype(protocol);
+ msg->sadb_msg_satype = proto2satype(id->proto);
msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
sa->sadb_sa_exttype = SADB_EXT_SA;
sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa));
- sa->sadb_sa_spi = spi;
+ sa->sadb_sa_spi = id->spi;
PFKEY_EXT_ADD(msg, sa);
/* the Linux Kernel doesn't care for the src address, but other systems do
* (e.g. FreeBSD)
*/
- add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE);
- add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE);
+ add_addr_ext(msg, id->src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE);
+ add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE);
if (pfkey_send(this, msg, &out, &len) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi));
+ DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x",
+ ntohl(id->spi));
return FAILED;
}
else if (out->sadb_msg_errno)
{
DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x: %s (%d)",
- ntohl(spi), strerror(out->sadb_msg_errno),
- out->sadb_msg_errno);
+ ntohl(id->spi), strerror(out->sadb_msg_errno),
+ out->sadb_msg_errno);
free(out);
return FAILED;
}
- DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi));
+ DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(id->spi));
free(out);
return SUCCESS;
}
@@ -2074,7 +2140,7 @@ METHOD(kernel_ipsec_t, flush_sas, status_t,
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
struct {
- u_int8_t proto;
+ uint8_t proto;
char *name;
} protos[] = {
{ SADB_SATYPE_AH, "AH" },
@@ -2138,7 +2204,7 @@ static void add_exclude_route(private_kernel_pfkey_ipsec_t *this,
if (!route->exclude)
{
DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src);
- gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL);
+ gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL, NULL);
if (gtw)
{
char *if_name = NULL;
@@ -2226,56 +2292,58 @@ static void remove_exclude_route(private_kernel_pfkey_ipsec_t *this,
}
/**
- * Try to install a route to the given inbound policy
+ * Try to install a route to the given outbound policy
*/
static bool install_route(private_kernel_pfkey_ipsec_t *this,
- policy_entry_t *policy, policy_sa_in_t *in)
+ policy_entry_t *policy, policy_sa_out_t *out)
{
route_entry_t *route, *old;
host_t *host, *src, *dst;
bool is_virtual;
- if (charon->kernel->get_address_by_ts(charon->kernel, in->dst_ts, &host,
+ if (charon->kernel->get_address_by_ts(charon->kernel, out->src_ts, &host,
&is_virtual) != SUCCESS)
{
return FALSE;
}
- /* switch src/dst, as we handle an IN policy */
- src = in->generic.sa->dst;
- dst = in->generic.sa->src;
-
INIT(route,
- .prefixlen = policy->src.mask,
+ .prefixlen = policy->dst.mask,
.src_ip = host,
- .dst_net = chunk_clone(policy->src.net->get_address(policy->src.net)),
+ .dst_net = chunk_clone(policy->dst.net->get_address(policy->dst.net)),
);
+ src = out->generic.sa->src;
+ dst = out->generic.sa->dst;
+
if (!dst->is_anyaddr(dst))
{
route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1,
- src);
+ src, &route->if_name);
/* if the IP is virtual, we install the route over the interface it has
* been installed on. Otherwise we use the interface we use for IKE, as
* this is required for example on Linux. */
if (is_virtual)
{
+ free(route->if_name);
+ route->if_name = NULL;
src = route->src_ip;
}
}
else
{ /* for shunt policies */
route->gateway = charon->kernel->get_nexthop(charon->kernel,
- policy->src.net, policy->src.mask,
- route->src_ip);
+ policy->dst.net, policy->dst.mask,
+ route->src_ip, &route->if_name);
/* we don't have a source address, use the address we found */
src = route->src_ip;
}
/* get interface for route, using source address */
- if (!charon->kernel->get_interface(charon->kernel, src, &route->if_name))
+ if (!route->if_name &&
+ !charon->kernel->get_interface(charon->kernel, src, &route->if_name))
{
route_entry_destroy(route);
return FALSE;
@@ -2296,7 +2364,7 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
old->src_ip, old->if_name) != SUCCESS)
{
DBG1(DBG_KNL, "error uninstalling route installed with policy "
- "%R === %R %N", in->src_ts, in->dst_ts,
+ "%R === %R %N", out->src_ts, out->dst_ts,
policy_dir_names, policy->direction);
}
route_entry_destroy(old);
@@ -2306,22 +2374,22 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
/* if remote traffic selector covers the IKE peer, add an exclude route */
if (charon->kernel->get_features(charon->kernel) & KERNEL_REQUIRE_EXCLUDE_ROUTE)
{
- if (in->src_ts->is_host(in->src_ts, dst))
+ if (out->dst_ts->is_host(out->dst_ts, dst))
{
DBG1(DBG_KNL, "can't install route for %R === %R %N, conflicts "
- "with IKE traffic", in->src_ts, in->dst_ts, policy_dir_names,
+ "with IKE traffic", out->src_ts, out->dst_ts, policy_dir_names,
policy->direction);
route_entry_destroy(route);
return FALSE;
}
- if (in->src_ts->includes(in->src_ts, dst))
+ if (out->dst_ts->includes(out->dst_ts, dst))
{
- add_exclude_route(this, route, in->generic.sa->dst, dst);
+ add_exclude_route(this, route, out->generic.sa->src, dst);
}
}
DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s",
- in->src_ts, route->gateway, route->src_ip, route->if_name);
+ out->dst_ts, route->gateway, route->src_ip, route->if_name);
switch (charon->kernel->add_route(charon->kernel, route->dst_net,
route->prefixlen, route->gateway,
@@ -2338,7 +2406,7 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
return TRUE;
default:
DBG1(DBG_KNL, "installing route failed: %R via %H src %H dev %s",
- in->src_ts, route->gateway, route->src_ip, route->if_name);
+ out->dst_ts, route->gateway, route->src_ip, route->if_name);
remove_exclude_route(this, route);
route_entry_destroy(route);
return FALSE;
@@ -2381,53 +2449,56 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this,
pol->sadb_x_policy_priority = mapping->priority;
#endif
- /* one or more sadb_x_ipsecrequest extensions are added to the
- * sadb_x_policy extension */
- proto_mode = ipsec->cfg.mode;
+ if (mapping->type == POLICY_IPSEC && ipsec->cfg.reqid)
+ {
+ /* one or more sadb_x_ipsecrequest extensions are added to the
+ * sadb_x_policy extension */
+ proto_mode = ipsec->cfg.mode;
+
+ req = (struct sadb_x_ipsecrequest*)(pol + 1);
- req = (struct sadb_x_ipsecrequest*)(pol + 1);
+ if (ipsec->cfg.ipcomp.transform != IPCOMP_NONE)
+ {
+ req->sadb_x_ipsecrequest_proto = IPPROTO_COMP;
+
+ /* !!! the length here MUST be in octets instead of 64 bit words */
+ req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest);
+ req->sadb_x_ipsecrequest_mode = mode2kernel(ipsec->cfg.mode);
+ req->sadb_x_ipsecrequest_reqid = ipsec->cfg.reqid;
+ req->sadb_x_ipsecrequest_level = (policy->direction == POLICY_OUT) ?
+ IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_USE;
+ if (ipsec->cfg.mode == MODE_TUNNEL)
+ {
+ len = hostcpy(req + 1, ipsec->src, FALSE);
+ req->sadb_x_ipsecrequest_len += len;
+ len = hostcpy((char*)(req + 1) + len, ipsec->dst, FALSE);
+ req->sadb_x_ipsecrequest_len += len;
+ /* use transport mode for other SAs */
+ proto_mode = MODE_TRANSPORT;
+ }
- if (ipsec->cfg.ipcomp.transform != IPCOMP_NONE)
- {
- req->sadb_x_ipsecrequest_proto = IPPROTO_COMP;
+ pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len);
+ req = (struct sadb_x_ipsecrequest*)((char*)(req) +
+ req->sadb_x_ipsecrequest_len);
+ }
+ req->sadb_x_ipsecrequest_proto = ipsec->cfg.esp.use ? IPPROTO_ESP
+ : IPPROTO_AH;
/* !!! the length here MUST be in octets instead of 64 bit words */
req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest);
- req->sadb_x_ipsecrequest_mode = mode2kernel(ipsec->cfg.mode);
+ req->sadb_x_ipsecrequest_mode = mode2kernel(proto_mode);
req->sadb_x_ipsecrequest_reqid = ipsec->cfg.reqid;
- req->sadb_x_ipsecrequest_level = (policy->direction == POLICY_OUT) ?
- IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_USE;
- if (ipsec->cfg.mode == MODE_TUNNEL)
+ req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
+ if (proto_mode == MODE_TUNNEL)
{
len = hostcpy(req + 1, ipsec->src, FALSE);
req->sadb_x_ipsecrequest_len += len;
len = hostcpy((char*)(req + 1) + len, ipsec->dst, FALSE);
req->sadb_x_ipsecrequest_len += len;
- /* use transport mode for other SAs */
- proto_mode = MODE_TRANSPORT;
}
pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len);
- req = (struct sadb_x_ipsecrequest*)((char*)(req) +
- req->sadb_x_ipsecrequest_len);
- }
-
- req->sadb_x_ipsecrequest_proto = ipsec->cfg.esp.use ? IPPROTO_ESP
- : IPPROTO_AH;
- /* !!! the length here MUST be in octets instead of 64 bit words */
- req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest);
- req->sadb_x_ipsecrequest_mode = mode2kernel(proto_mode);
- req->sadb_x_ipsecrequest_reqid = ipsec->cfg.reqid;
- req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
- if (proto_mode == MODE_TUNNEL)
- {
- len = hostcpy(req + 1, ipsec->src, FALSE);
- req->sadb_x_ipsecrequest_len += len;
- len = hostcpy((char*)(req + 1) + len, ipsec->dst, FALSE);
- req->sadb_x_ipsecrequest_len += len;
}
-
- pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len);
PFKEY_EXT_ADD(msg, pol);
add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto,
@@ -2492,37 +2563,42 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this,
free(out);
/* install a route, if:
- * - this is an inbound policy (to just get one for each child)
- * - we are in tunnel mode or install a bypass policy
+ * - this is an outbound policy (to just get one for each child)
* - routing is not disabled via strongswan.conf
+ * - the selector is not for a specific protocol/port
+ * - we are in tunnel mode or install a bypass policy
*/
- if (policy->direction == POLICY_IN && this->install_routes &&
- (mapping->type != POLICY_IPSEC || ipsec->cfg.mode != MODE_TRANSPORT))
+ if (policy->direction == POLICY_OUT && this->install_routes &&
+ policy->src.proto == IPSEC_PROTO_ANY &&
+ !policy->src.net->get_port(policy->src.net) &&
+ !policy->dst.net->get_port(policy->dst.net))
{
- install_route(this, policy, (policy_sa_in_t*)mapping);
+ if (mapping->type == POLICY_PASS ||
+ (mapping->type == POLICY_IPSEC && ipsec->cfg.mode != MODE_TRANSPORT))
+ {
+ install_route(this, policy, (policy_sa_out_t*)mapping);
+ }
}
this->mutex->unlock(this->mutex);
return SUCCESS;
}
METHOD(kernel_ipsec_t, add_policy, status_t,
- private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_kernel_pfkey_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
policy_entry_t *policy, *found = NULL;
policy_sa_t *assigned_sa, *current_sa;
enumerator_t *enumerator;
bool update = TRUE;
- if (dir2kernel(direction) == IPSEC_DIR_INVALID)
+ if (dir2kernel(id->dir) == IPSEC_DIR_INVALID)
{ /* FWD policies are not supported on all platforms */
return SUCCESS;
}
/* create a policy */
- policy = create_policy_entry(src_ts, dst_ts, direction);
+ policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir);
/* find a matching policy */
this->mutex->lock(this->mutex);
@@ -2531,7 +2607,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
(void**)&found, policy) == SUCCESS)
{ /* use existing policy */
DBG2(DBG_KNL, "policy %R === %R %N already exists, increasing "
- "refcount", src_ts, dst_ts, policy_dir_names, direction);
+ "refcount", id->src_ts, id->dst_ts, policy_dir_names, id->dir);
policy_entry_destroy(policy, this);
policy = found;
}
@@ -2542,18 +2618,35 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
}
/* cache the assigned IPsec SA */
- assigned_sa = policy_sa_create(this, direction, type, src, dst, src_ts,
- dst_ts, sa);
- assigned_sa->priority = get_priority(policy, priority);
+ assigned_sa = policy_sa_create(this, id->dir, data->type, data->src,
+ data->dst, id->src_ts, id->dst_ts, data->sa);
+ assigned_sa->auto_priority = get_priority(policy, data->prio);
+ assigned_sa->priority = data->manual_prio ? data->manual_prio :
+ assigned_sa->auto_priority;
+
/* insert the SA according to its priority */
enumerator = policy->used_by->create_enumerator(policy->used_by);
while (enumerator->enumerate(enumerator, (void**)¤t_sa))
{
- if (current_sa->priority >= assigned_sa->priority)
+ if (current_sa->priority > assigned_sa->priority)
{
break;
}
+ if (current_sa->priority == assigned_sa->priority)
+ {
+ /* in case of equal manual prios order SAs by automatic priority */
+ if (current_sa->auto_priority > assigned_sa->auto_priority)
+ {
+ break;
+ }
+ /* prefer SAs with a reqid over those without */
+ if (current_sa->auto_priority == assigned_sa->auto_priority &&
+ (!current_sa->sa->cfg.reqid || assigned_sa->sa->cfg.reqid))
+ {
+ break;
+ }
+ }
update = FALSE;
}
policy->used_by->insert_before(policy->used_by, enumerator, assigned_sa);
@@ -2567,23 +2660,22 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
}
DBG2(DBG_KNL, "%s policy %R === %R %N",
- found ? "updating" : "adding", src_ts, dst_ts,
- policy_dir_names, direction);
+ found ? "updating" : "adding", id->src_ts, id->dst_ts,
+ policy_dir_names, id->dir);
if (add_policy_internal(this, policy, assigned_sa, found) != SUCCESS)
{
DBG1(DBG_KNL, "unable to %s policy %R === %R %N",
- found ? "update" : "add", src_ts, dst_ts,
- policy_dir_names, direction);
+ found ? "update" : "add", id->src_ts, id->dst_ts,
+ policy_dir_names, id->dir);
return FAILED;
}
return SUCCESS;
}
METHOD(kernel_ipsec_t, query_policy, status_t,
- private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
- time_t *use_time)
+ private_kernel_pfkey_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data, time_t *use_time)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -2592,16 +2684,16 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
pfkey_msg_t response;
size_t len;
- if (dir2kernel(direction) == IPSEC_DIR_INVALID)
+ if (dir2kernel(id->dir) == IPSEC_DIR_INVALID)
{ /* FWD policies are not supported on all platforms */
return NOT_FOUND;
}
- DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts,
- policy_dir_names, direction);
+ DBG2(DBG_KNL, "querying policy %R === %R %N", id->src_ts, id->dst_ts,
+ policy_dir_names, id->dir);
/* create a policy */
- policy = create_policy_entry(src_ts, dst_ts, direction);
+ policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir);
/* find a matching policy */
this->mutex->lock(this->mutex);
@@ -2609,8 +2701,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
(linked_list_match_t)policy_entry_equals,
(void**)&found, policy) != SUCCESS)
{
- DBG1(DBG_KNL, "querying policy %R === %R %N failed, not found", src_ts,
- dst_ts, policy_dir_names, direction);
+ DBG1(DBG_KNL, "querying policy %R === %R %N failed, not found",
+ id->src_ts, id->dst_ts, policy_dir_names, id->dir);
policy_entry_destroy(policy, this);
this->mutex->unlock(this->mutex);
return NOT_FOUND;
@@ -2630,7 +2722,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
pol->sadb_x_policy_id = policy->index;
pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy));
- pol->sadb_x_policy_dir = dir2kernel(direction);
+ pol->sadb_x_policy_dir = dir2kernel(id->dir);
pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
PFKEY_EXT_ADD(msg, pol);
@@ -2643,30 +2735,31 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
if (pfkey_send(this, msg, &out, &len) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts,
- policy_dir_names, direction);
+ DBG1(DBG_KNL, "unable to query policy %R === %R %N", id->src_ts,
+ id->dst_ts, policy_dir_names, id->dir);
return FAILED;
}
else if (out->sadb_msg_errno)
{
- DBG1(DBG_KNL, "unable to query policy %R === %R %N: %s (%d)", src_ts,
- dst_ts, policy_dir_names, direction,
- strerror(out->sadb_msg_errno), out->sadb_msg_errno);
+ DBG1(DBG_KNL, "unable to query policy %R === %R %N: %s (%d)",
+ id->src_ts, id->dst_ts, policy_dir_names, id->dir,
+ strerror(out->sadb_msg_errno), out->sadb_msg_errno);
free(out);
return FAILED;
}
else if (parse_pfkey_message(out, &response) != SUCCESS)
{
DBG1(DBG_KNL, "unable to query policy %R === %R %N: parsing response "
- "from kernel failed", src_ts, dst_ts, policy_dir_names,
- direction);
+ "from kernel failed", id->src_ts, id->dst_ts, policy_dir_names,
+ id->dir);
free(out);
return FAILED;
}
else if (response.lft_current == NULL)
{
DBG2(DBG_KNL, "unable to query policy %R === %R %N: kernel reports no "
- "use time", src_ts, dst_ts, policy_dir_names, direction);
+ "use time", id->src_ts, id->dst_ts, policy_dir_names,
+ id->dir);
free(out);
return FAILED;
}
@@ -2686,10 +2779,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t prio)
+ private_kernel_pfkey_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -2698,24 +2789,24 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
policy_sa_t *mapping, *to_remove = NULL;
enumerator_t *enumerator;
bool first = TRUE, is_installed = TRUE;
- u_int32_t priority;
+ uint32_t priority, auto_priority;
size_t len;
ipsec_sa_t assigned_sa = {
- .src = src,
- .dst = dst,
- .cfg = *sa,
+ .src = data->src,
+ .dst = data->dst,
+ .cfg = *data->sa,
};
- if (dir2kernel(direction) == IPSEC_DIR_INVALID)
+ if (dir2kernel(id->dir) == IPSEC_DIR_INVALID)
{ /* FWD policies are not supported on all platforms */
return SUCCESS;
}
- DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts,
- policy_dir_names, direction);
+ DBG2(DBG_KNL, "deleting policy %R === %R %N", id->src_ts, id->dst_ts,
+ policy_dir_names, id->dir);
/* create a policy */
- policy = create_policy_entry(src_ts, dst_ts, direction);
+ policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir);
/* find a matching policy */
this->mutex->lock(this->mutex);
@@ -2723,8 +2814,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
(linked_list_match_t)policy_entry_equals,
(void**)&found, policy) != SUCCESS)
{
- DBG1(DBG_KNL, "deleting policy %R === %R %N failed, not found", src_ts,
- dst_ts, policy_dir_names, direction);
+ DBG1(DBG_KNL, "deleting policy %R === %R %N failed, not found",
+ id->src_ts, id->dst_ts, policy_dir_names, id->dir);
policy_entry_destroy(policy, this);
this->mutex->unlock(this->mutex);
return NOT_FOUND;
@@ -2734,11 +2825,14 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
/* remove mapping to SA by reqid and priority, if multiple match, which
* could happen when rekeying due to an address change, remove the oldest */
- priority = get_priority(policy, prio);
+ auto_priority = get_priority(policy, data->prio);
+ priority = data->manual_prio ? data->manual_prio : auto_priority;
enumerator = policy->used_by->create_enumerator(policy->used_by);
while (enumerator->enumerate(enumerator, (void**)&mapping))
{
if (priority == mapping->priority &&
+ auto_priority == mapping->auto_priority &&
+ data->type == mapping->type &&
ipsec_sa_equals(mapping->sa, &assigned_sa))
{
to_remove = mapping;
@@ -2762,7 +2856,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
if (policy->used_by->get_count(policy->used_by) > 0)
{ /* policy is used by more SAs, keep in kernel */
DBG2(DBG_KNL, "policy still used by another CHILD_SA, not removed");
- policy_sa_destroy(mapping, &direction, this);
+ policy_sa_destroy(mapping, &id->dir, this);
if (!is_installed)
{ /* no need to update as the policy was not installed for this SA */
@@ -2770,13 +2864,13 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
return SUCCESS;
}
- DBG2(DBG_KNL, "updating policy %R === %R %N", src_ts, dst_ts,
- policy_dir_names, direction);
+ DBG2(DBG_KNL, "updating policy %R === %R %N", id->src_ts, id->dst_ts,
+ policy_dir_names, id->dir);
policy->used_by->get_first(policy->used_by, (void**)&mapping);
if (add_policy_internal(this, policy, mapping, TRUE) != SUCCESS)
{
DBG1(DBG_KNL, "unable to update policy %R === %R %N",
- src_ts, dst_ts, policy_dir_names, direction);
+ id->src_ts, id->dst_ts, policy_dir_names, id->dir);
return FAILED;
}
return SUCCESS;
@@ -2793,7 +2887,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg);
pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy));
- pol->sadb_x_policy_dir = dir2kernel(direction);
+ pol->sadb_x_policy_dir = dir2kernel(id->dir);
pol->sadb_x_policy_type = type2kernel(mapping->type);
PFKEY_EXT_ADD(msg, pol);
@@ -2810,28 +2904,28 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
route->src_ip, route->if_name) != SUCCESS)
{
DBG1(DBG_KNL, "error uninstalling route installed with "
- "policy %R === %R %N", src_ts, dst_ts,
- policy_dir_names, direction);
+ "policy %R === %R %N", id->src_ts, id->dst_ts,
+ policy_dir_names, id->dir);
}
remove_exclude_route(this, route);
}
this->policies->remove(this->policies, found, NULL);
- policy_sa_destroy(mapping, &direction, this);
+ policy_sa_destroy(mapping, &id->dir, this);
policy_entry_destroy(policy, this);
this->mutex->unlock(this->mutex);
if (pfkey_send(this, msg, &out, &len) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts,
- policy_dir_names, direction);
+ DBG1(DBG_KNL, "unable to delete policy %R === %R %N", id->src_ts,
+ id->dst_ts, policy_dir_names, id->dir);
return FAILED;
}
else if (out->sadb_msg_errno)
{
- DBG1(DBG_KNL, "unable to delete policy %R === %R %N: %s (%d)", src_ts,
- dst_ts, policy_dir_names, direction,
- strerror(out->sadb_msg_errno), out->sadb_msg_errno);
+ DBG1(DBG_KNL, "unable to delete policy %R === %R %N: %s (%d)",
+ id->src_ts, id->dst_ts, policy_dir_names, id->dir,
+ strerror(out->sadb_msg_errno), out->sadb_msg_errno);
free(out);
return FAILED;
}
@@ -2876,7 +2970,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t,
* Register a socket for ACQUIRE/EXPIRE messages
*/
static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this,
- u_int8_t satype)
+ uint8_t satype)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -2931,7 +3025,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool,
}
memset(&policy, 0, sizeof(policy));
- policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
+ policy.sadb_x_policy_len = sizeof(policy) / sizeof(uint64_t);
policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
@@ -2953,7 +3047,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool,
}
METHOD(kernel_ipsec_t, enable_udp_decap, bool,
- private_kernel_pfkey_ipsec_t *this, int fd, int family, u_int16_t port)
+ private_kernel_pfkey_ipsec_t *this, int fd, int family, uint16_t port)
{
#ifndef __APPLE__
int type = UDP_ENCAP_ESPINUDP;
diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in
index 77d83cb..1c3f491 100644
--- a/src/libcharon/plugins/kernel_pfroute/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/kernel_pfroute
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
index 4eebdfd..236e341 100644
--- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2013 Tobias Brunner
+ * Copyright (C) 2009-2016 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -209,7 +209,7 @@ struct route_entry_t {
chunk_t dst_net;
/** Destination net prefixlen */
- u_int8_t prefixlen;
+ uint8_t prefixlen;
};
/**
@@ -420,7 +420,7 @@ struct private_kernel_pfroute_net_t
* Forward declaration
*/
static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
- chunk_t dst_net, u_int8_t prefixlen,
+ chunk_t dst_net, uint8_t prefixlen,
host_t *gateway, char *if_name);
/**
@@ -1381,7 +1381,7 @@ static void add_rt_ifname(struct rt_msghdr *hdr, int type, char *name)
* Add or remove a route
*/
static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
- chunk_t dst_net, u_int8_t prefixlen,
+ chunk_t dst_net, uint8_t prefixlen,
host_t *gateway, char *if_name)
{
struct {
@@ -1473,7 +1473,7 @@ static status_t manage_route(private_kernel_pfroute_net_t *this, int op,
}
METHOD(kernel_net_t, add_route, status_t,
- private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
+ private_kernel_pfroute_net_t *this, chunk_t dst_net, uint8_t prefixlen,
host_t *gateway, host_t *src_ip, char *if_name)
{
status_t status;
@@ -1502,7 +1502,7 @@ METHOD(kernel_net_t, add_route, status_t,
}
METHOD(kernel_net_t, del_route, status_t,
- private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen,
+ private_kernel_pfroute_net_t *this, chunk_t dst_net, uint8_t prefixlen,
host_t *gateway, host_t *src_ip, char *if_name)
{
status_t status;
@@ -1533,7 +1533,7 @@ METHOD(kernel_net_t, del_route, status_t,
* address.
*/
static host_t *get_route(private_kernel_pfroute_net_t *this, bool nexthop,
- host_t *dest, host_t *src)
+ host_t *dest, host_t *src, char **iface)
{
struct {
struct rt_msghdr hdr;
@@ -1612,6 +1612,15 @@ retry:
host = gtw;
}
}
+ if (type == RTAX_IFP && addr->sa_family == AF_LINK)
+ {
+ struct sockaddr_dl *sdl = (struct sockaddr_dl*)addr;
+ if (iface)
+ {
+ free(*iface);
+ *iface = strndup(sdl->sdl_data, sdl->sdl_nlen);
+ }
+ }
}
else
{
@@ -1680,13 +1689,18 @@ retry:
METHOD(kernel_net_t, get_source_addr, host_t*,
private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
{
- return get_route(this, FALSE, dest, src);
+ return get_route(this, FALSE, dest, src, NULL);
}
METHOD(kernel_net_t, get_nexthop, host_t*,
- private_kernel_pfroute_net_t *this, host_t *dest, int prefix, host_t *src)
+ private_kernel_pfroute_net_t *this, host_t *dest, int prefix, host_t *src,
+ char **iface)
{
- return get_route(this, TRUE, dest, src);
+ if (iface)
+ {
+ *iface = NULL;
+ }
+ return get_route(this, TRUE, dest, src, iface);
}
/**
diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in
index cfe643f..e002b4f 100644
--- a/src/libcharon/plugins/kernel_wfp/Makefile.in
+++ b/src/libcharon/plugins/kernel_wfp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
noinst_PROGRAMS = ipsecdump$(EXEEXT)
subdir = src/libcharon/plugins/kernel_wfp
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -211,12 +220,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -266,6 +277,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -300,6 +312,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -411,6 +424,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -479,7 +493,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_wfp/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/kernel_wfp/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -809,6 +822,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
tags tags-am uninstall uninstall-am \
uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
index e1c4298..6ad26b7 100644
--- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
+++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
@@ -45,7 +45,7 @@ struct private_kernel_wfp_ipsec_t {
/**
* Mix value to distribute SPI allocation randomly
*/
- u_int32_t mixspi;
+ uint32_t mixspi;
/**
* IKE bypass filters, as UINT64 filter LUID
@@ -103,16 +103,16 @@ struct private_kernel_wfp_ipsec_t {
*/
typedef struct {
/** SPI for this SA */
- u_int32_t spi;
+ uint32_t spi;
/** protocol, IPPROTO_ESP/IPPROTO_AH */
- u_int8_t protocol;
+ uint8_t protocol;
/** hard lifetime of SA */
- u_int32_t lifetime;
+ uint32_t lifetime;
/** destination host address for this SPI */
host_t *dst;
struct {
/** algorithm */
- u_int16_t alg;
+ uint16_t alg;
/** key */
chunk_t key;
} integ, encr;
@@ -144,13 +144,13 @@ typedef struct {
/** policy destinaiton addresses */
traffic_selector_t *dst;
/** WFP allocated LUID for inbound filter ID */
- u_int64_t policy_in;
+ uint64_t policy_in;
/** WFP allocated LUID for outbound filter ID */
- u_int64_t policy_out;
+ uint64_t policy_out;
/** WFP allocated LUID for forward inbound filter ID, tunnel mode only */
- u_int64_t policy_fwd_in;
+ uint64_t policy_fwd_in;
/** WFP allocated LUID for forward outbound filter ID, tunnel mode only */
- u_int64_t policy_fwd_out;
+ uint64_t policy_fwd_out;
/** have installed a route for it? */
bool route;
} sp_entry_t;
@@ -170,7 +170,7 @@ static void sp_entry_destroy(sp_entry_t *sp)
*/
typedef struct {
/** reqid of entry */
- u_int32_t reqid;
+ uint32_t reqid;
/** outer address on local host */
host_t *local;
/** outer address on remote host */
@@ -186,17 +186,17 @@ typedef struct {
/** UDP encapsulation */
bool encap;
/** provider context, for tunnel mode only */
- u_int64_t provider;
+ uint64_t provider;
/** WFP allocated LUID for SA context */
- u_int64_t sa_id;
+ uint64_t sa_id;
/** WFP allocated LUID for tunnel mode IP-IPv4 inbound filter */
- u_int64_t ip_ipv4_in;
+ uint64_t ip_ipv4_in;
/** WFP allocated LUID for tunnel mode IP-IPv4 outbound filter */
- u_int64_t ip_ipv4_out;
+ uint64_t ip_ipv4_out;
/** WFP allocated LUID for tunnel mode IP-IPv6 inbound filter */
- u_int64_t ip_ipv6_in;
+ uint64_t ip_ipv6_in;
/** WFP allocated LUID for tunnel mode IP-IPv6 outbound filter */
- u_int64_t ip_ipv6_out;
+ uint64_t ip_ipv6_out;
} entry_t;
/**
@@ -206,7 +206,7 @@ typedef struct {
/** destination net of route */
host_t *dst;
/** prefix length of dst */
- u_int8_t mask;
+ uint8_t mask;
/** source address for route */
host_t *src;
/** gateway of route, NULL if directly attached */
@@ -348,9 +348,9 @@ static FWPM_FILTER_CONDITION0 *append_condition(FWPM_FILTER_CONDITION0 *conds[],
/**
* Convert an IPv4 prefix to a host order subnet mask
*/
-static u_int32_t prefix2mask(u_int8_t prefix)
+static uint32_t prefix2mask(uint8_t prefix)
{
- u_int8_t netmask[4] = {};
+ uint8_t netmask[4] = {};
int i;
for (i = 0; i < sizeof(netmask); i++)
@@ -370,7 +370,7 @@ static u_int32_t prefix2mask(u_int8_t prefix)
* Convert a 16-bit range to a WFP condition
*/
static void range2cond(FWPM_FILTER_CONDITION0 *cond,
- u_int16_t from, u_int16_t to)
+ uint16_t from, uint16_t to)
{
if (from == to)
{
@@ -399,11 +399,11 @@ static bool ts2condition(traffic_selector_t *ts, const GUID *target,
FWPM_FILTER_CONDITION0 *cond;
FWP_BYTE_ARRAY16 *addr;
FWP_RANGE0 *range;
- u_int16_t from_port, to_port;
+ uint16_t from_port, to_port;
void *from, *to;
- u_int8_t proto;
+ uint8_t proto;
host_t *net;
- u_int8_t prefix;
+ uint8_t prefix;
from = ts->get_from_address(ts).ptr;
to = ts->get_to_address(ts).ptr;
@@ -496,7 +496,7 @@ static bool ts2condition(traffic_selector_t *ts, const GUID *target,
{
if (target == &FWPM_CONDITION_IP_LOCAL_ADDRESS)
{
- u_int8_t from_type, to_type, from_code, to_code;
+ uint8_t from_type, to_type, from_code, to_code;
from_type = traffic_selector_icmp_type(from_port);
to_type = traffic_selector_icmp_type(to_port);
@@ -736,7 +736,7 @@ static bool install_sp(private_kernel_wfp_ipsec_t *this, sp_entry_t *sp,
*/
static bool install_ipip_ale(private_kernel_wfp_ipsec_t *this,
host_t *local, host_t *remote, GUID *context,
- bool inbound, int proto, u_int64_t *filter_id)
+ bool inbound, int proto, uint64_t *filter_id)
{
traffic_selector_t *lts, *rts;
FWPM_FILTER_CONDITION0 *conds = NULL;
@@ -1013,7 +1013,7 @@ static bool install_sa(private_kernel_wfp_ipsec_t *this, entry_t *entry,
.ipVersion = version,
};
struct {
- u_int16_t alg;
+ uint16_t alg;
chunk_t key;
} integ = {}, encr = {};
DWORD res;
@@ -1099,9 +1099,9 @@ static bool install_sa(private_kernel_wfp_ipsec_t *this, entry_t *entry,
*/
static void host2address6(host_t *host, void *out)
{
- u_int32_t *src, *dst = out;
+ uint32_t *src, *dst = out;
- src = (u_int32_t*)host->get_address(host).ptr;
+ src = (uint32_t*)host->get_address(host).ptr;
dst[0] = untoh32(&src[3]);
dst[1] = untoh32(&src[2]);
@@ -1273,7 +1273,7 @@ static bool generate_guid(private_kernel_wfp_ipsec_t *this, GUID *guid)
{
return FALSE;
}
- ok = rng->get_bytes(rng, sizeof(GUID), (u_int8_t*)guid);
+ ok = rng->get_bytes(rng, sizeof(GUID), (uint8_t*)guid);
rng->destroy(rng);
return ok;
}
@@ -1379,7 +1379,7 @@ static bool install_tunnel_sps(private_kernel_wfp_ipsec_t *this, entry_t *entry)
* Reduce refcount, or uninstall a route if all refs gone
*/
static bool uninstall_route(private_kernel_wfp_ipsec_t *this,
- host_t *dst, u_int8_t mask, host_t *src, host_t *gtw)
+ host_t *dst, uint8_t mask, host_t *src, host_t *gtw)
{
route_t *route, key = {
.dst = dst,
@@ -1421,7 +1421,7 @@ static bool uninstall_route(private_kernel_wfp_ipsec_t *this,
* Install a single route, or refcount if exists
*/
static bool install_route(private_kernel_wfp_ipsec_t *this,
- host_t *dst, u_int8_t mask, host_t *src, host_t *gtw)
+ host_t *dst, uint8_t mask, host_t *src, host_t *gtw)
{
route_t *route, key = {
.dst = dst,
@@ -1476,7 +1476,7 @@ static bool manage_route(private_kernel_wfp_ipsec_t *this,
bool add)
{
host_t *src, *dst, *gtw;
- u_int8_t mask;
+ uint8_t mask;
bool done;
if (!dst_ts->to_subnet(dst_ts, &dst, &mask))
@@ -1489,7 +1489,7 @@ static bool manage_route(private_kernel_wfp_ipsec_t *this,
dst->destroy(dst);
return FALSE;
}
- gtw = charon->kernel->get_nexthop(charon->kernel, remote, -1, local);
+ gtw = charon->kernel->get_nexthop(charon->kernel, remote, -1, local, NULL);
if (add)
{
done = install_route(this, dst, mask, src, gtw);
@@ -1578,7 +1578,7 @@ static bool install(private_kernel_wfp_ipsec_t *this, entry_t *entry)
*/
typedef struct {
/** reqid this trap is installed for */
- u_int32_t reqid;
+ uint32_t reqid;
/** is this a forward policy trap for tunnel mode? */
bool fwd;
/** do we have installed a route for this trap policy? */
@@ -1629,7 +1629,7 @@ static u_int hash_trap(trap_t *trap)
static void acquire(private_kernel_wfp_ipsec_t *this, UINT64 filter_id,
traffic_selector_t *src, traffic_selector_t *dst)
{
- u_int32_t reqid = 0;
+ uint32_t reqid = 0;
trap_t *trap, key = {
.filter_id = filter_id,
};
@@ -1654,7 +1654,7 @@ static void acquire(private_kernel_wfp_ipsec_t *this, UINT64 filter_id,
* Create a single host traffic selector from an FWP address definition
*/
static traffic_selector_t *addr2ts(FWP_IP_VERSION version, void *data,
- u_int8_t protocol, u_int16_t from_port, u_int16_t to_port)
+ uint8_t protocol, uint16_t from_port, uint16_t to_port)
{
ts_type_t type;
UINT32 ints[4];
@@ -1689,9 +1689,9 @@ static void WINAPI event_callback(void *user, const FWPM_NET_EVENT1 *event)
{
private_kernel_wfp_ipsec_t *this = user;
traffic_selector_t *local = NULL, *remote = NULL;
- u_int8_t protocol = 0;
- u_int16_t from_local = 0, to_local = 65535;
- u_int16_t from_remote = 0, to_remote = 65535;
+ uint8_t protocol = 0;
+ uint16_t from_local = 0, to_local = 65535;
+ uint16_t from_remote = 0, to_remote = 65535;
if ((event->header.flags & FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET) &&
(event->header.flags & FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET))
@@ -1861,7 +1861,7 @@ static bool uninstall_trap(private_kernel_wfp_ipsec_t *this, trap_t *trap)
* Create and install a new trap entry
*/
static bool add_trap(private_kernel_wfp_ipsec_t *this,
- u_int32_t reqid, bool fwd, host_t *local, host_t *remote,
+ uint32_t reqid, bool fwd, host_t *local, host_t *remote,
traffic_selector_t *src, traffic_selector_t *dst)
{
trap_t *trap;
@@ -1893,7 +1893,7 @@ static bool add_trap(private_kernel_wfp_ipsec_t *this,
* Uninstall and remove a new trap entry
*/
static bool remove_trap(private_kernel_wfp_ipsec_t *this,
- u_int32_t reqid, bool fwd,
+ uint32_t reqid, bool fwd,
traffic_selector_t *src, traffic_selector_t *dst)
{
enumerator_t *enumerator;
@@ -1949,10 +1949,10 @@ static bool init_spi(private_kernel_wfp_ipsec_t *this)
{
return FALSE;
}
- ok = rng->get_bytes(rng, sizeof(this->nextspi), (u_int8_t*)&this->nextspi);
+ ok = rng->get_bytes(rng, sizeof(this->nextspi), (uint8_t*)&this->nextspi);
if (ok)
{
- ok = rng->get_bytes(rng, sizeof(this->mixspi), (u_int8_t*)&this->mixspi);
+ ok = rng->get_bytes(rng, sizeof(this->mixspi), (uint8_t*)&this->mixspi);
}
rng->destroy(rng);
return ok;
@@ -1966,7 +1966,7 @@ static u_int permute(u_int x, u_int p)
u_int qr;
x = x % p;
- qr = ((u_int64_t)x * x) % p;
+ qr = ((uint64_t)x * x) % p;
if (x <= p / 2)
{
return qr;
@@ -1976,7 +1976,7 @@ static u_int permute(u_int x, u_int p)
METHOD(kernel_ipsec_t, get_spi, status_t,
private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi)
+ uint8_t protocol, uint32_t *spi)
{
/* To avoid sequencial SPIs, we use a one-to-one permuation function on
* an incrementing counter, that is a full period PRNG for the range we
@@ -1993,7 +1993,7 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
METHOD(kernel_ipsec_t, get_cpi, status_t,
private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi)
+ uint16_t *cpi)
{
return NOT_SUPPORTED;
}
@@ -2005,7 +2005,7 @@ typedef struct {
/* backref to kernel backend */
private_kernel_wfp_ipsec_t *this;
/* SPI of expiring SA */
- u_int32_t spi;
+ uint32_t spi;
/* destination address of expiring SA */
host_t *dst;
/* is this a hard expire, or a rekey request? */
@@ -2027,7 +2027,7 @@ static void expire_data_destroy(expire_data_t *data)
static job_requeue_t expire_job(expire_data_t *data)
{
private_kernel_wfp_ipsec_t *this = data->this;
- u_int8_t protocol;
+ uint8_t protocol;
entry_t *entry = NULL;
sa_entry_t key = {
.spi = data->spi,
@@ -2074,8 +2074,8 @@ static job_requeue_t expire_job(expire_data_t *data)
/**
* Schedule an expire event for an SA
*/
-static void schedule_expire(private_kernel_wfp_ipsec_t *this, u_int32_t spi,
- host_t *dst, u_int32_t lifetime, bool hard)
+static void schedule_expire(private_kernel_wfp_ipsec_t *this, uint32_t spi,
+ host_t *dst, uint32_t lifetime, bool hard)
{
expire_data_t *data;
@@ -2093,57 +2093,55 @@ static void schedule_expire(private_kernel_wfp_ipsec_t *this, u_int32_t spi,
}
METHOD(kernel_ipsec_t, add_sa, status_t,
- private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
- u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound, bool update,
- linked_list_t *src_ts, linked_list_t *dst_ts)
+ private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data)
{
host_t *local, *remote;
entry_t *entry;
- if (inbound)
+ if (data->inbound)
{
/* comes first, create new entry */
- local = dst->clone(dst);
- remote = src->clone(src);
+ local = id->dst->clone(id->dst);
+ remote = id->src->clone(id->src);
INIT(entry,
- .reqid = reqid,
+ .reqid = data->reqid,
.isa = {
- .spi = spi,
+ .spi = id->spi,
.dst = local,
- .protocol = protocol,
- .lifetime = lifetime->time.life,
+ .protocol = id->proto,
+ .lifetime = data->lifetime->time.life,
.encr = {
- .alg = enc_alg,
- .key = chunk_clone(enc_key),
+ .alg = data->enc_alg,
+ .key = chunk_clone(data->enc_key),
},
.integ = {
- .alg = int_alg,
- .key = chunk_clone(int_key),
+ .alg = data->int_alg,
+ .key = chunk_clone(data->int_key),
},
},
.sps = array_create(0, 0),
.local = local,
.remote = remote,
- .mode = mode,
- .encap = encap,
+ .mode = data->mode,
+ .encap = data->encap,
);
- if (lifetime->time.life)
+ if (data->lifetime->time.life)
{
- schedule_expire(this, spi, local, lifetime->time.life, TRUE);
+ schedule_expire(this, id->spi, local,
+ data->lifetime->time.life, TRUE);
}
- if (lifetime->time.rekey && lifetime->time.rekey != lifetime->time.life)
+ if (data->lifetime->time.rekey &&
+ data->lifetime->time.rekey != data->lifetime->time.life)
{
- schedule_expire(this, spi, local, lifetime->time.rekey, FALSE);
+ schedule_expire(this, id->spi, local,
+ data->lifetime->time.rekey, FALSE);
}
this->mutex->lock(this->mutex);
- this->tsas->put(this->tsas, (void*)(uintptr_t)reqid, entry);
+ this->tsas->put(this->tsas, (void*)(uintptr_t)data->reqid, entry);
this->isas->put(this->isas, &entry->isa, entry);
this->mutex->unlock(this->mutex);
}
@@ -2151,29 +2149,29 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
{
/* comes after inbound, update entry */
this->mutex->lock(this->mutex);
- entry = this->tsas->remove(this->tsas, (void*)(uintptr_t)reqid);
+ entry = this->tsas->remove(this->tsas, (void*)(uintptr_t)data->reqid);
this->mutex->unlock(this->mutex);
if (!entry)
{
DBG1(DBG_KNL, "adding outbound SA failed, no inbound SA found "
- "for reqid %u ", reqid);
+ "for reqid %u ", data->reqid);
return NOT_FOUND;
}
/* TODO: should we check for local/remote, mode etc.? */
entry->osa = (sa_entry_t){
- .spi = spi,
+ .spi = id->spi,
.dst = entry->remote,
- .protocol = protocol,
- .lifetime = lifetime->time.life,
+ .protocol = id->proto,
+ .lifetime = data->lifetime->time.life,
.encr = {
- .alg = enc_alg,
- .key = chunk_clone(enc_key),
+ .alg = data->enc_alg,
+ .key = chunk_clone(data->enc_key),
},
.integ = {
- .alg = int_alg,
- .key = chunk_clone(int_key),
+ .alg = data->int_alg,
+ .key = chunk_clone(data->int_key),
},
};
@@ -2186,14 +2184,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
}
METHOD(kernel_ipsec_t, update_sa, status_t,
- private_kernel_wfp_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
- u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap, mark_t mark)
+ private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data)
{
entry_t *entry;
sa_entry_t key = {
- .dst = dst,
- .spi = spi,
+ .dst = id->dst,
+ .spi = id->spi,
};
UINT64 sa_id = 0;
IPSEC_SA_CONTEXT1 *ctx;
@@ -2233,16 +2230,16 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
DBG1(DBG_KNL, "getting WFP SA context for updated failed: 0x%08x", res);
return FAILED;
}
- if (!hosts2traffic(this, new_dst, new_src, &ctx->inboundSa->traffic) ||
- !hosts2traffic(this, new_dst, new_src, &ctx->outboundSa->traffic))
+ if (!hosts2traffic(this, data->new_dst, data->new_src, &ctx->inboundSa->traffic) ||
+ !hosts2traffic(this, data->new_dst, data->new_src, &ctx->outboundSa->traffic))
{
FwpmFreeMemory0((void**)&ctx);
return FAILED;
}
- if (new_encap != encap)
+ if (data->new_encap != data->encap)
{
- if (new_encap)
+ if (data->new_encap)
{
ctx->inboundSa->udpEncapsulation = &ports;
ctx->outboundSa->udpEncapsulation = &ports;
@@ -2273,8 +2270,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
entry->local->destroy(entry->local);
entry->remote->destroy(entry->remote);
- entry->local = new_dst->clone(new_dst);
- entry->remote = new_src->clone(new_src);
+ entry->local = data->new_dst->clone(data->new_dst);
+ entry->remote = data->new_src->clone(data->new_src);
entry->isa.dst = entry->local;
entry->osa.dst = entry->remote;
@@ -2290,9 +2287,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
}
METHOD(kernel_ipsec_t, query_sa, status_t,
- private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes,
- u_int64_t *packets, time_t *time)
+ private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
+ time_t *time)
{
/* It does not seem that WFP provides any means of getting per-SA traffic
* statistics. IPsecGetStatistics0/1() provides global stats, and
@@ -2302,13 +2299,13 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
}
METHOD(kernel_ipsec_t, del_sa, status_t,
- private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
+ private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data)
{
entry_t *entry;
sa_entry_t key = {
- .dst = dst,
- .spi = spi,
+ .dst = id->dst,
+ .spi = id->spi,
};
this->mutex->lock(this->mutex);
@@ -2341,25 +2338,23 @@ METHOD(kernel_ipsec_t, flush_sas, status_t,
}
METHOD(kernel_ipsec_t, add_policy, status_t,
- private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority)
+ private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
status_t status = SUCCESS;
entry_t *entry;
sp_entry_t *sp;
sa_entry_t key = {
- .spi = sa->esp.use ? sa->esp.spi : sa->ah.spi,
- .dst = dst,
+ .spi = data->sa->esp.use ? data->sa->esp.spi : data->sa->ah.spi,
+ .dst = data->dst,
};
- if (sa->esp.use && sa->ah.use)
+ if (data->sa->esp.use && data->sa->ah.use)
{
return NOT_SUPPORTED;
}
- switch (type)
+ switch (data->type)
{
case POLICY_IPSEC:
break;
@@ -2368,7 +2363,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
return NOT_SUPPORTED;
}
- switch (direction)
+ switch (id->dir)
{
case POLICY_OUT:
break;
@@ -2380,18 +2375,20 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
return NOT_SUPPORTED;
}
- switch (priority)
+ switch (data->prio)
{
case POLICY_PRIORITY_DEFAULT:
break;
case POLICY_PRIORITY_ROUTED:
- if (!add_trap(this, sa->reqid, FALSE, src, dst, src_ts, dst_ts))
+ if (!add_trap(this, data->sa->reqid, FALSE, data->src, data->dst,
+ id->src_ts, id->dst_ts))
{
return FAILED;
}
- if (sa->mode == MODE_TUNNEL)
+ if (data->sa->mode == MODE_TUNNEL)
{
- if (!add_trap(this, sa->reqid, TRUE, src, dst, src_ts, dst_ts))
+ if (!add_trap(this, data->sa->reqid, TRUE, data->src, data->dst,
+ id->src_ts, id->dst_ts))
{
return FAILED;
}
@@ -2406,14 +2403,14 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
entry = this->osas->get(this->osas, &key);
if (entry)
{
- if (sa->mode == MODE_TUNNEL || array_count(entry->sps) == 0)
+ if (data->sa->mode == MODE_TUNNEL || array_count(entry->sps) == 0)
{
INIT(sp,
- .src = src_ts->clone(src_ts),
- .dst = dst_ts->clone(dst_ts),
+ .src = id->src_ts->clone(id->src_ts),
+ .dst = id->dst_ts->clone(id->dst_ts),
);
array_insert(entry->sps, -1, sp);
- if (array_count(entry->sps) == sa->policy_count)
+ if (array_count(entry->sps) == data->sa->policy_count)
{
if (!install(this, entry))
{
@@ -2442,25 +2439,24 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
}
METHOD(kernel_ipsec_t, query_policy, status_t,
- private_kernel_wfp_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
- time_t *use_time)
+ private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data, time_t *use_time)
{
/* see query_sa() for some notes */
return NOT_SUPPORTED;
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
- if (direction == POLICY_OUT && priority == POLICY_PRIORITY_ROUTED)
+ if (id->dir == POLICY_OUT && data->prio == POLICY_PRIORITY_ROUTED)
{
- if (remove_trap(this, sa->reqid, FALSE, src_ts, dst_ts))
+ if (remove_trap(this, data->sa->reqid, FALSE, id->src_ts,
+ id->dst_ts))
{
- remove_trap(this, sa->reqid, TRUE, src_ts, dst_ts);
+ remove_trap(this, data->sa->reqid, TRUE, id->src_ts,
+ id->dst_ts);
return SUCCESS;
}
return NOT_FOUND;
@@ -2479,7 +2475,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t,
* Add a bypass policy for a specific UDP port
*/
static bool add_bypass(private_kernel_wfp_ipsec_t *this,
- int family, u_int16_t port, bool inbound, UINT64 *luid)
+ int family, uint16_t port, bool inbound, UINT64 *luid)
{
FWPM_FILTER_CONDITION0 *cond, *conds = NULL;
int count = 0;
@@ -2547,7 +2543,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool,
} saddr;
int addrlen = sizeof(saddr);
UINT64 filter_out, filter_in = 0;
- u_int16_t port;
+ uint16_t port;
if (getsockname(fd, &saddr.sa, &addrlen) == SOCKET_ERROR)
{
@@ -2584,7 +2580,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool,
}
METHOD(kernel_ipsec_t, enable_udp_decap, bool,
- private_kernel_wfp_ipsec_t *this, int fd, int family, u_int16_t port)
+ private_kernel_wfp_ipsec_t *this, int fd, int family, uint16_t port)
{
return FALSE;
}
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index 63bbf19..e0c2cba 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/led
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/led/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/led/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index 14fcd6f..856bdd8 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = load-tester$(EXEEXT)
subdir = src/libcharon/plugins/load_tester
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -213,12 +222,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -268,6 +279,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -302,6 +314,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -413,6 +426,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -478,7 +492,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -852,6 +865,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/load_tester/load_tester.c b/src/libcharon/plugins/load_tester/load_tester.c
index f5a998e..94b934d 100644
--- a/src/libcharon/plugins/load_tester/load_tester.c
+++ b/src/libcharon/plugins/load_tester/load_tester.c
@@ -65,7 +65,7 @@ static FILE* make_connection()
static int initiate(unsigned int count, unsigned int delay)
{
FILE *stream;
- char c;
+ int c;
stream = make_connection();
if (!stream)
diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c
index 8f6abde..28421c2 100644
--- a/src/libcharon/plugins/load_tester/load_tester_config.c
+++ b/src/libcharon/plugins/load_tester/load_tester_config.c
@@ -124,7 +124,7 @@ struct private_load_tester_config_t {
/**
* Current port for unique initiator ports
*/
- u_int16_t unique_port;
+ uint16_t unique_port;
/**
* IKE_SA rekeying delay
@@ -154,7 +154,7 @@ struct private_load_tester_config_t {
/**
* Dynamic source port, if used
*/
- u_int16_t port;
+ uint16_t port;
/**
* IKE version to use for load testing
@@ -454,8 +454,8 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str,
/**
* Parse a protoport specifier
*/
-static bool parse_protoport(char *token, u_int16_t *from_port,
- u_int16_t *to_port, u_int8_t *protocol)
+static bool parse_protoport(char *token, uint16_t *from_port,
+ uint16_t *to_port, uint8_t *protocol)
{
char *sep, *port = "", *endptr;
struct protoent *proto;
@@ -494,7 +494,7 @@ static bool parse_protoport(char *token, u_int16_t *from_port,
{
return FALSE;
}
- *protocol = (u_int8_t)p;
+ *protocol = (uint8_t)p;
}
}
if (streq(port, "%any"))
@@ -557,8 +557,8 @@ static void add_ts(private_load_tester_config_t *this,
{
enumerator_t *enumerator;
char *subnet, *pos;
- u_int16_t from_port, to_port;
- u_int8_t proto;
+ uint16_t from_port, to_port;
+ uint8_t proto;
enumerator = enumerator_create_token(string, ",", " ");
while (enumerator->enumerate(enumerator, &subnet))
@@ -688,13 +688,25 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
peer_cfg_t *peer_cfg;
char local[32], *remote;
host_t *addr;
- ipsec_mode_t mode = MODE_TUNNEL;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = this->child_rekey * 2,
- .rekey = this->child_rekey,
- .jitter = 0
- }
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_SEND_IF_ASKED,
+ .unique = UNIQUE_NO,
+ .keyingtries = 1,
+ .rekey_time = this->ike_rekey,
+ .over_time = this->ike_rekey,
+ .no_mobike = TRUE,
+ .dpd = this->dpd_delay,
+ .dpd_timeout = this->dpd_timeout,
+ };
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = this->child_rekey * 2,
+ .rekey = this->child_rekey,
+ .jitter = 0
+ },
+ },
+ .mode = MODE_TUNNEL,
};
if (num)
@@ -737,14 +749,8 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
FRAGMENTATION_NO, 0);
}
ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
- peer_cfg = peer_cfg_create("load-test", ike_cfg,
- CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */
- this->ike_rekey, 0, /* rekey, reauth */
- 0, this->ike_rekey, /* jitter, overtime */
- FALSE, FALSE, TRUE, /* mobike, aggressive, pull */
- this->dpd_delay, /* dpd_delay */
- this->dpd_timeout, /* dpd_timeout */
- FALSE, NULL, NULL);
+ peer_cfg = peer_cfg_create("load-test", ike_cfg, &peer);
+
if (this->vip)
{
peer_cfg->add_virtual_ip(peer_cfg, this->vip->clone(this->vip));
@@ -768,17 +774,15 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
{
if (streq(this->mode, "transport"))
{
- mode = MODE_TRANSPORT;
+ child.mode = MODE_TRANSPORT;
}
else if (streq(this->mode, "beet"))
{
- mode = MODE_BEET;
+ child.mode = MODE_BEET;
}
}
- child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, mode,
- ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
- 0, 0, NULL, NULL, 0);
+ child_cfg = child_cfg_create("load-test", &child);
child_cfg->add_proposal(child_cfg, this->esp->clone(this->esp));
if (num)
diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c
index d62c729..2f48296 100644
--- a/src/libcharon/plugins/load_tester/load_tester_creds.c
+++ b/src/libcharon/plugins/load_tester/load_tester_creds.c
@@ -57,7 +57,7 @@ struct private_load_tester_creds_t {
/**
* serial number to issue certificates
*/
- u_int32_t serial;
+ uint32_t serial;
/**
* Preshared key for IKE
@@ -307,7 +307,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
identification_t *dn = NULL;
linked_list_t *sans;
char buf[128];
- u_int32_t serial;
+ uint32_t serial;
time_t now;
if (this->ca == NULL)
diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
index 6a86bb8..4e20c8f 100644
--- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
@@ -36,7 +36,7 @@ struct private_load_tester_ipsec_t {
METHOD(kernel_ipsec_t, get_spi, status_t,
private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi)
+ uint8_t protocol, uint32_t *spi)
{
*spi = (uint32_t)ref_get(&this->spi);
return SUCCESS;
@@ -44,69 +44,58 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
METHOD(kernel_ipsec_t, get_cpi, status_t,
private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi)
+ uint16_t *cpi)
{
return FAILED;
}
METHOD(kernel_ipsec_t, add_sa, status_t,
- private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
- u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound, bool update,
- linked_list_t *src_ts, linked_list_t *dst_ts)
+ private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data)
{
return SUCCESS;
}
METHOD(kernel_ipsec_t, update_sa, status_t,
- private_load_tester_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
- u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src,
- host_t *new_dst, bool encap, bool new_encap, mark_t mark)
+ private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data)
{
return SUCCESS;
}
METHOD(kernel_ipsec_t, query_sa, status_t,
- private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time)
+ private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
+ time_t *time)
{
return NOT_SUPPORTED;
}
METHOD(kernel_ipsec_t, del_sa, status_t,
- private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
+ private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data)
{
return SUCCESS;
}
METHOD(kernel_ipsec_t, add_policy, status_t,
- private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_load_tester_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
return SUCCESS;
}
METHOD(kernel_ipsec_t, query_policy, status_t,
- private_load_tester_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
- time_t *use_time)
+ private_load_tester_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data, time_t *use_time)
{
*use_time = 1;
return SUCCESS;
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_load_tester_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
return SUCCESS;
}
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index 9b56d94..69aa379 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = lookip$(EXEEXT)
subdir = src/libcharon/plugins/lookip
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -209,12 +218,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -264,6 +275,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -298,6 +310,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -409,6 +422,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/lookip/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/lookip/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -839,6 +852,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in
index 5cc6549..78525bf 100644
--- a/src/libcharon/plugins/maemo/Makefile.in
+++ b/src/libcharon/plugins/maemo/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/maemo
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -805,6 +818,8 @@ uninstall-am: uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in
$(AM_V_GEN) \
diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c
index 2e96f8f..3e5861b 100644
--- a/src/libcharon/plugins/maemo/maemo_service.c
+++ b/src/libcharon/plugins/maemo/maemo_service.c
@@ -236,12 +236,23 @@ static gboolean initiate_connection(private_maemo_service_t *this,
traffic_selector_t *ts;
auth_cfg_t *auth;
certificate_t *cert;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = 10800, /* 3h */
- .rekey = 10200, /* 2h50min */
- .jitter = 300 /* 5min */
- }
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_SEND_IF_ASKED,
+ .unique = UNIQUE_REPLACE,
+ .keyingtries = 1,
+ .rekey_time = 36000, /* 10h */
+ .jitter_time = 600, /* 10min */
+ .over_time = 600, /* 10min */
+ };
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = 10800, /* 3h */
+ .rekey = 10200, /* 2h50min */
+ .jitter = 300 /* 5min */
+ },
+ },
+ .mode = MODE_TUNNEL,
};
if (this->status == VPN_STATUS_CONNECTED ||
@@ -329,14 +340,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
- peer_cfg = peer_cfg_create(this->current, ike_cfg,
- CERT_SEND_IF_ASKED,
- UNIQUE_REPLACE, 1, /* keyingtries */
- 36000, 0, /* rekey 10h, reauth none */
- 600, 600, /* jitter, over 10min */
- TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
- 0, 0, /* DPD delay, timeout */
- FALSE, NULL, NULL); /* mediation */
+ peer_cfg = peer_cfg_create(this->current, ike_cfg, &peer);
peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
auth = auth_cfg_create();
@@ -348,9 +352,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
auth->add(auth, AUTH_RULE_IDENTITY, gateway);
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
- child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */,
- TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
- ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0);
+ child_cfg = child_cfg_create(this->current, &child);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index 32c4284..fe301a7 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/medcli
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -779,6 +792,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
index 25b1383..4452739 100644
--- a/src/libcharon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@@ -82,12 +82,25 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
child_cfg_t *child_cfg;
chunk_t me, other;
char *address, *local_net, *remote_net;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = this->rekey * 60 + this->rekey,
- .rekey = this->rekey,
- .jitter = this->rekey
- }
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_NEVER_SEND,
+ .unique = UNIQUE_REPLACE,
+ .keyingtries = 1,
+ .rekey_time = this->rekey * 60,
+ .jitter_time = this->rekey * 5,
+ .over_time = this->rekey * 3,
+ .dpd = this->dpd,
+ .mediation = TRUE,
+ };
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = this->rekey * 60 + this->rekey,
+ .rekey = this->rekey,
+ .jitter = this->rekey
+ },
+ },
+ .mode = MODE_TUNNEL,
};
/* query mediation server config:
@@ -107,14 +120,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
- med_cfg = peer_cfg_create(
- "mediation", ike_cfg,
- CERT_NEVER_SEND, UNIQUE_REPLACE,
- 1, this->rekey*60, 0, /* keytries, rekey, reauth */
- this->rekey*5, this->rekey*3, /* jitter, overtime */
- TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
- this->dpd, 0, /* DPD delay, timeout */
- TRUE, NULL, NULL); /* mediation, med by, peer id */
+ med_cfg = peer_cfg_create("mediation", ike_cfg, &peer);
e->destroy(e);
auth = auth_cfg_create();
@@ -144,15 +150,10 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
DESTROY_IF(e);
return NULL;
}
- peer_cfg = peer_cfg_create(
- name, this->ike->get_ref(this->ike),
- CERT_NEVER_SEND, UNIQUE_REPLACE,
- 1, this->rekey*60, 0, /* keytries, rekey, reauth */
- this->rekey*5, this->rekey*3, /* jitter, overtime */
- TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
- this->dpd, 0, /* DPD delay, timeout */
- FALSE, med_cfg, /* mediation, med by */
- identification_create_from_encoding(ID_KEY_ID, other));
+ peer.mediation = FALSE;
+ peer.mediated_by = med_cfg;
+ peer.peer_id = identification_create_from_encoding(ID_KEY_ID, other);
+ peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
@@ -165,9 +166,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
identification_create_from_encoding(ID_KEY_ID, other));
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
- child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
- ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
- 0, 0, NULL, NULL, 0);
+ child_cfg = child_cfg_create(name, &child);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
@@ -205,12 +204,24 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
chunk_t me, other;
child_cfg_t *child_cfg;
auth_cfg_t *auth;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = this->rekey * 60 + this->rekey,
- .rekey = this->rekey,
- .jitter = this->rekey
- }
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_NEVER_SEND,
+ .unique = UNIQUE_REPLACE,
+ .keyingtries = 1,
+ .rekey_time = this->rekey * 60,
+ .jitter_time = this->rekey * 5,
+ .over_time = this->rekey * 3,
+ .dpd = this->dpd,
+ };
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = this->rekey * 60 + this->rekey,
+ .rekey = this->rekey,
+ .jitter = this->rekey
+ },
+ },
+ .mode = MODE_TUNNEL,
};
DESTROY_IF(this->current);
@@ -220,14 +231,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
this->current = NULL;
return FALSE;
}
- this->current = peer_cfg_create(
- name, this->ike->get_ref(this->ike),
- CERT_NEVER_SEND, UNIQUE_REPLACE,
- 1, this->rekey*60, 0, /* keytries, rekey, reauth */
- this->rekey*5, this->rekey*3, /* jitter, overtime */
- TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
- this->dpd, 0, /* DPD delay, timeout */
- FALSE, NULL, NULL); /* mediation, med by, peer id */
+ this->current = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
@@ -240,9 +244,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
identification_create_from_encoding(ID_KEY_ID, other));
this->current->add_auth_cfg(this->current, auth, FALSE);
- child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
- ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
- 0, 0, NULL, NULL, 0);
+ child_cfg = child_cfg_create(name, &child);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index de0217a..d4154fe 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/medsrv
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c
index 02d805e..be7f481 100644
--- a/src/libcharon/plugins/medsrv/medsrv_config.c
+++ b/src/libcharon/plugins/medsrv/medsrv_config.c
@@ -87,14 +87,18 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
if (e->enumerate(e, &name))
{
- peer_cfg = peer_cfg_create(
- name, this->ike->get_ref(this->ike),
- CERT_NEVER_SEND, UNIQUE_REPLACE,
- 1, this->rekey*60, 0, /* keytries, rekey, reauth */
- this->rekey*5, this->rekey*3, /* jitter, overtime */
- TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
- this->dpd, 0, /* DPD delay, timeout */
- TRUE, NULL, NULL); /* mediation, med by, peer id */
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_NEVER_SEND,
+ .unique = UNIQUE_REPLACE,
+ .keyingtries = 1,
+ .rekey_time = this->rekey * 60,
+ .jitter_time = this->rekey * 5,
+ .over_time = this->rekey * 3,
+ .dpd = this->dpd,
+ .mediation = TRUE,
+ };
+ peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike),
+ &peer);
e->destroy(e);
auth = auth_cfg_create();
diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in
index 6a1a81f..ec488de 100644
--- a/src/libcharon/plugins/osx_attr/Makefile.in
+++ b/src/libcharon/plugins/osx_attr/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/osx_attr
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/osx_attr/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/osx_attr/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/p_cscf/Makefile.am b/src/libcharon/plugins/p_cscf/Makefile.am
index 1e00a56..f37f3f5 100644
--- a/src/libcharon/plugins/p_cscf/Makefile.am
+++ b/src/libcharon/plugins/p_cscf/Makefile.am
@@ -1,6 +1,5 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon
AM_CFLAGS = \
diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in
index 7f78db8..67ab4bf 100644
--- a/src/libcharon/plugins/p_cscf/Makefile.in
+++ b/src/libcharon/plugins/p_cscf/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/p_cscf
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -433,7 +447,6 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon
AM_CFLAGS = \
@@ -462,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/p_cscf/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/p_cscf/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index 3f39ba2..9b7ab4c 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/radattr
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +417,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/radattr/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/radattr/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in
index 70d97cc..38b709e 100644
--- a/src/libcharon/plugins/resolve/Makefile.in
+++ b/src/libcharon/plugins/resolve/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/resolve
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/resolve/resolve_handler.c b/src/libcharon/plugins/resolve/resolve_handler.c
index ec3decc..9077b51 100644
--- a/src/libcharon/plugins/resolve/resolve_handler.c
+++ b/src/libcharon/plugins/resolve/resolve_handler.c
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2016 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -21,6 +21,8 @@
#include <unistd.h>
#include <utils/debug.h>
+#include <utils/process.h>
+#include <collections/array.h>
#include <threading/mutex.h>
/* path to resolvconf executable */
@@ -47,12 +49,12 @@ struct private_resolve_handler_t {
char *file;
/**
- * use resolvconf instead of writing directly to resolv.conf
+ * Use resolvconf instead of writing directly to resolv.conf
*/
bool use_resolvconf;
/**
- * prefix to be used for interface names sent to resolvconf
+ * Prefix to be used for interface names sent to resolvconf
*/
char *iface_prefix;
@@ -60,13 +62,55 @@ struct private_resolve_handler_t {
* Mutex to access file exclusively
*/
mutex_t *mutex;
+
+ /**
+ * Reference counting for DNS servers dns_server_t
+ */
+ array_t *servers;
};
/**
+ * Reference counting for DNS servers
+ */
+typedef struct {
+
+ /**
+ * DNS server address
+ */
+ host_t *server;
+
+ /**
+ * Reference count
+ */
+ u_int refcount;
+
+} dns_server_t;
+
+/**
+ * Compare a server and a stored reference
+ */
+static int dns_server_find(const void *a, const void *b)
+{
+ host_t *server = (host_t*)a;
+ dns_server_t *item = (dns_server_t*)b;
+ return chunk_compare(server->get_address(server),
+ item->server->get_address(item->server));
+}
+
+/**
+ * Sort references by DNS server
+ */
+static int dns_server_sort(const void *a, const void *b, void *user)
+{
+ const dns_server_t *da = a, *db = b;
+ return chunk_compare(da->server->get_address(da->server),
+ db->server->get_address(db->server));
+}
+
+/**
* Writes the given nameserver to resolv.conf
*/
-static bool write_nameserver(private_resolve_handler_t *this,
- identification_t *server, host_t *addr)
+static bool write_nameserver(private_resolve_handler_t *this, host_t *addr)
{
FILE *in, *out;
char buf[1024];
@@ -79,8 +123,7 @@ static bool write_nameserver(private_resolve_handler_t *this,
out = fopen(this->file, "w");
if (out)
{
- fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr,
- server);
+ fprintf(out, "nameserver %H # by strongSwan\n", addr);
DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file);
handled = TRUE;
@@ -104,8 +147,7 @@ static bool write_nameserver(private_resolve_handler_t *this,
/**
* Removes the given nameserver from resolv.conf
*/
-static void remove_nameserver(private_resolve_handler_t *this,
- identification_t *server, host_t *addr)
+static void remove_nameserver(private_resolve_handler_t *this, host_t *addr)
{
FILE *in, *out;
char line[1024], matcher[512];
@@ -119,8 +161,7 @@ static void remove_nameserver(private_resolve_handler_t *this,
if (out)
{
snprintf(matcher, sizeof(matcher),
- "nameserver %H # by strongSwan, from %Y\n",
- addr, server);
+ "nameserver %H # by strongSwan\n", addr);
/* copy all, but matching line */
while (fgets(line, sizeof(line), in))
@@ -144,50 +185,91 @@ static void remove_nameserver(private_resolve_handler_t *this,
/**
* Add or remove the given nameserver by invoking resolvconf.
*/
-static bool invoke_resolvconf(private_resolve_handler_t *this,
- identification_t *server, host_t *addr,
+static bool invoke_resolvconf(private_resolve_handler_t *this, host_t *addr,
bool install)
{
- char cmd[128];
- bool success = TRUE;
+ process_t *process;
+ FILE *shell;
+ int in, out, retval;
/* we use the nameserver's IP address as part of the interface name to
* make them unique */
- if (snprintf(cmd, sizeof(cmd), "%s %s %s%H", RESOLVCONF_EXEC,
- install ? "-a" : "-d", this->iface_prefix, addr) >= sizeof(cmd))
+ process = process_start_shell(NULL, install ? &in : NULL, &out, NULL,
+ "2>&1 %s %s %s%H", RESOLVCONF_EXEC,
+ install ? "-a" : "-d", this->iface_prefix, addr);
+
+ if (!process)
{
return FALSE;
}
-
if (install)
{
- FILE *out;
-
- out = popen(cmd, "w");
- if (!out)
+ shell = fdopen(in, "w");
+ if (shell)
{
- return FALSE;
+ DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr);
+ fprintf(shell, "nameserver %H\n", addr);
+ fclose(shell);
}
- DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr);
- fprintf(out, "nameserver %H\n", addr);
- success = !ferror(out);
- if (pclose(out))
+ else
{
+ close(in);
+ close(out);
+ process->wait(process, NULL);
return FALSE;
}
}
else
{
- ignore_result(system(cmd));
+ DBG1(DBG_IKE, "removing DNS server %H via resolvconf", addr);
+ }
+ shell = fdopen(out, "r");
+ if (shell)
+ {
+ while (TRUE)
+ {
+ char resp[128], *e;
+
+ if (fgets(resp, sizeof(resp), shell) == NULL)
+ {
+ if (ferror(shell))
+ {
+ DBG1(DBG_IKE, "error reading from resolvconf");
+ }
+ break;
+ }
+ else
+ {
+ e = resp + strlen(resp);
+ if (e > resp && e[-1] == '\n')
+ {
+ e[-1] = '\0';
+ }
+ DBG1(DBG_IKE, "resolvconf: %s", resp);
+ }
+ }
+ fclose(shell);
+ }
+ else
+ {
+ close(out);
+ }
+ if (!process->wait(process, &retval) || retval != EXIT_SUCCESS)
+ {
+ if (install)
+ { /* revert changes when installing fails */
+ invoke_resolvconf(this, addr, FALSE);
+ return FALSE;
+ }
}
- return success;
+ return TRUE;
}
METHOD(attribute_handler_t, handle, bool,
private_resolve_handler_t *this, ike_sa_t *ike_sa,
configuration_attribute_type_t type, chunk_t data)
{
- identification_t *server;
+ dns_server_t *found = NULL;
host_t *addr;
bool handled;
@@ -208,16 +290,34 @@ METHOD(attribute_handler_t, handle, bool,
DESTROY_IF(addr);
return FALSE;
}
- server = ike_sa->get_other_id(ike_sa);
this->mutex->lock(this->mutex);
- if (this->use_resolvconf)
+ if (array_bsearch(this->servers, addr, dns_server_find, &found) == -1)
{
- handled = invoke_resolvconf(this, server, addr, TRUE);
+ if (this->use_resolvconf)
+ {
+ handled = invoke_resolvconf(this, addr, TRUE);
+ }
+ else
+ {
+ handled = write_nameserver(this, addr);
+ }
+ if (handled)
+ {
+ INIT(found,
+ .server = addr->clone(addr),
+ .refcount = 1,
+ );
+ array_insert_create(&this->servers, ARRAY_TAIL, found);
+ array_sort(this->servers, dns_server_sort, NULL);
+ }
}
else
{
- handled = write_nameserver(this, server, addr);
+ DBG1(DBG_IKE, "DNS server %H already installed, increasing refcount",
+ addr);
+ found->refcount++;
+ handled = TRUE;
}
this->mutex->unlock(this->mutex);
addr->destroy(addr);
@@ -233,9 +333,9 @@ METHOD(attribute_handler_t, release, void,
private_resolve_handler_t *this, ike_sa_t *ike_sa,
configuration_attribute_type_t type, chunk_t data)
{
- identification_t *server;
+ dns_server_t *found = NULL;
host_t *addr;
- int family;
+ int family, idx;
switch (type)
{
@@ -249,16 +349,30 @@ METHOD(attribute_handler_t, release, void,
return;
}
addr = host_create_from_chunk(family, data, 0);
- server = ike_sa->get_other_id(ike_sa);
this->mutex->lock(this->mutex);
- if (this->use_resolvconf)
- {
- invoke_resolvconf(this, server, addr, FALSE);
- }
- else
+ idx = array_bsearch(this->servers, addr, dns_server_find, &found);
+ if (idx != -1)
{
- remove_nameserver(this, server, addr);
+ if (--found->refcount > 0)
+ {
+ DBG1(DBG_IKE, "DNS server %H still used, decreasing refcount",
+ addr);
+ }
+ else
+ {
+ if (this->use_resolvconf)
+ {
+ invoke_resolvconf(this, addr, FALSE);
+ }
+ else
+ {
+ remove_nameserver(this, addr);
+ }
+ array_remove(this->servers, idx, NULL);
+ found->server->destroy(found->server);
+ free(found);
+ }
}
this->mutex->unlock(this->mutex);
@@ -341,6 +455,7 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*,
METHOD(resolve_handler_t, destroy, void,
private_resolve_handler_t *this)
{
+ array_destroy(this->servers);
this->mutex->destroy(this->mutex);
free(this);
}
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 221cda7..72a168c 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/smp
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c
index 56b19c7..56891b2 100644
--- a/src/libcharon/plugins/smp/smp.c
+++ b/src/libcharon/plugins/smp/smp.c
@@ -374,7 +374,7 @@ static void request_control_terminate(xmlTextReaderPtr reader,
xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT)
{
const char *str;
- u_int32_t id;
+ uint32_t id;
status_t status;
str = xmlTextReaderConstValue(reader);
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index 3dcfaf4..112d8d2 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/socket_default
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index 6e432d9..ba22b0c 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -84,12 +84,12 @@ struct private_socket_default_socket_t {
/**
* Configured port (or random, if initially 0)
*/
- u_int16_t port;
+ uint16_t port;
/**
* Configured port for NAT-T (or random, if initially 0)
*/
- u_int16_t natt;
+ uint16_t natt;
/**
* IPv4 socket (500 or port)
@@ -114,22 +114,22 @@ struct private_socket_default_socket_t {
/**
* DSCP value set on IPv4 socket
*/
- u_int8_t dscp4;
+ uint8_t dscp4;
/**
* DSCP value set on IPv4 socket for NAT-T (4500 or natt)
*/
- u_int8_t dscp4_natt;
+ uint8_t dscp4_natt;
/**
* DSCP value set on IPv6 socket (500 or port)
*/
- u_int8_t dscp6;
+ uint8_t dscp6;
/**
* DSCP value set on IPv6 socket for NAT-T (4500 or natt)
*/
- u_int8_t dscp6_natt;
+ uint8_t dscp6_natt;
/**
* Maximum packet size to receive
@@ -153,7 +153,7 @@ struct private_socket_default_socket_t {
*/
#ifdef IP_PKTINFO
-static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port)
+static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port)
{
struct sockaddr_in dst = {
.sin_family = AF_INET,
@@ -174,7 +174,7 @@ static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port)
#elif defined(IP_RECVDSTADDR)
-static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port)
+static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port)
{
struct sockaddr_in dst = {
.sin_family = AF_INET,
@@ -193,7 +193,7 @@ static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port)
#else /* IP_PKTINFO || IP_RECVDSTADDR */
-static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port)
+static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port)
{
return NULL;
}
@@ -206,7 +206,7 @@ static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port)
*/
#ifdef HAVE_IN6_PKTINFO
-static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port)
+static host_t *get_dst_v6(struct cmsghdr *cmsgptr, uint16_t port)
{
struct in6_pktinfo *pktinfo;
struct sockaddr_in6 dst = {
@@ -225,7 +225,7 @@ static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port)
#else /* HAVE_IN6_PKTINFO */
-static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port)
+static host_t *get_dst_v6(struct cmsghdr *cmsgptr, uint16_t port)
{
return NULL;
}
@@ -241,7 +241,7 @@ METHOD(socket_t, receiver, status_t,
host_t *source = NULL, *dest = NULL;
int i, rr, index, bytes_read = 0, selected = -1;
bool oldstate;
- u_int16_t port = 0;
+ uint16_t port = 0;
struct pollfd pfd[] = {
{ .fd = this->ipv4, .events = POLLIN },
{ .fd = this->ipv4_natt, .events = POLLIN },
@@ -464,7 +464,7 @@ METHOD(socket_t, sender, status_t,
host_t *src, *dst;
struct msghdr msg;
struct iovec iov;
- u_int8_t *dscp;
+ uint8_t *dscp;
src = packet->get_source(packet);
dst = packet->get_destination(packet);
@@ -521,7 +521,7 @@ METHOD(socket_t, sender, status_t,
{
if (family == AF_INET)
{
- u_int8_t ds4;
+ uint8_t ds4;
ds4 = packet->get_dscp(packet) << 2;
if (setsockopt(skt, SOL_IP, IP_TOS, &ds4, sizeof(ds4)) == 0)
@@ -584,7 +584,7 @@ METHOD(socket_t, sender, status_t,
return SUCCESS;
}
-METHOD(socket_t, get_port, u_int16_t,
+METHOD(socket_t, get_port, uint16_t,
private_socket_default_socket_t *this, bool nat_t)
{
return nat_t ? this->natt : this->port;
@@ -610,7 +610,7 @@ METHOD(socket_t, supported_families, socket_family_t,
* open a socket to send and receive packets
*/
static int open_socket(private_socket_default_socket_t *this,
- int family, u_int16_t *port)
+ int family, uint16_t *port)
{
int on = TRUE;
union {
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index 88bc22f..9f5f4a2 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/socket_dynamic
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
index b89cae4..ba92e10 100644
--- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
@@ -107,7 +107,7 @@ struct dynsock_t {
/**
* Bound source port
*/
- u_int16_t port;
+ uint16_t port;
};
/**
@@ -324,7 +324,7 @@ METHOD(socket_t, receiver, status_t,
/**
* Get the port allocated dynamically using bind()
*/
-static bool get_dynamic_port(int fd, int family, u_int16_t *port)
+static bool get_dynamic_port(int fd, int family, uint16_t *port)
{
union {
struct sockaddr_storage ss;
@@ -367,7 +367,7 @@ static bool get_dynamic_port(int fd, int family, u_int16_t *port)
* open a socket to send and receive packets
*/
static int open_socket(private_socket_dynamic_socket_t *this,
- int family, u_int16_t *port)
+ int family, uint16_t *port)
{
union {
struct sockaddr_storage ss;
@@ -481,7 +481,7 @@ static dynsock_t *get_any_socket(private_socket_dynamic_socket_t *this,
* Find/Create a socket to send from host
*/
static dynsock_t *find_socket(private_socket_dynamic_socket_t *this,
- int family, u_int16_t port)
+ int family, uint16_t port)
{
dynsock_t *skt, lookup = {
.family = family,
@@ -636,7 +636,7 @@ METHOD(socket_t, sender, status_t,
return SUCCESS;
}
-METHOD(socket_t, get_port, u_int16_t,
+METHOD(socket_t, get_port, uint16_t,
private_socket_dynamic_socket_t *this, bool nat_t)
{
/* we return 0 here for users that have no explicit port configured, the
diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in
index 6830110..1b6b9f6 100644
--- a/src/libcharon/plugins/socket_win/Makefile.in
+++ b/src/libcharon/plugins/socket_win/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/socket_win
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_win/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/socket_win/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/socket_win/socket_win_socket.c b/src/libcharon/plugins/socket_win/socket_win_socket.c
index 94af08e..c42783c 100644
--- a/src/libcharon/plugins/socket_win/socket_win_socket.c
+++ b/src/libcharon/plugins/socket_win/socket_win_socket.c
@@ -51,7 +51,7 @@ struct private_socket_win_socket_t {
/**
* Port for each socket
*/
- u_int16_t ports[SOCKET_COUNT];
+ uint16_t ports[SOCKET_COUNT];
/**
* IPv4/IPv6 dual-use sockets
@@ -205,7 +205,7 @@ METHOD(socket_t, receiver, status_t,
METHOD(socket_t, sender, status_t,
private_socket_win_socket_t *this, packet_t *packet)
{
- u_int16_t port;
+ uint16_t port;
int i = -1, j;
host_t *src, *dst;
WSAMSG msg;
@@ -316,7 +316,7 @@ METHOD(socket_t, sender, status_t,
return SUCCESS;
}
-METHOD(socket_t, get_port, u_int16_t,
+METHOD(socket_t, get_port, uint16_t,
private_socket_win_socket_t *this, bool nat)
{
return this->ports[nat != 0];
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index b09379b..b9cae90 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/sql
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c
index ce24d18..bbc20dc 100644
--- a/src/libcharon/plugins/sql/sql_config.c
+++ b/src/libcharon/plugins/sql/sql_config.c
@@ -170,12 +170,22 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e)
if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown,
&hostaccess, &mode, &start, &dpd, &close, &ipcomp, &reqid))
{
- lifetime_cfg_t lft = {
- .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter }
+ child_cfg_create_t child = {
+ .mode = mode,
+ .reqid = reqid,
+ .ipcomp = ipcomp,
+ .lifetime = {
+ .time = {
+ .life = lifetime, .rekey = rekeytime, .jitter = jitter
+ },
+ },
+ .start_action = start,
+ .dpd_action = dpd,
+ .close_action = close,
+ .updown = updown,
+ .hostaccess = hostaccess,
};
- child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode,
- start, dpd, close, ipcomp, 0, reqid,
- NULL, NULL, 0);
+ child_cfg = child_cfg_create(name, &child);
add_esp_proposals(this, child_cfg, id);
add_traffic_selectors(this, child_cfg, id);
return child_cfg;
@@ -290,6 +300,7 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id)
return ike_cfg;
}
+#ifdef ME
/**
* Query a peer config by its id
*/
@@ -322,6 +333,7 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id)
}
return peer_cfg;
}
+#endif /* ME */
/**
* Check if the two IDs match (the first one is optional)
@@ -353,7 +365,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
&mediation, &mediated_by, &p_type, &p_data))
{
identification_t *local_id, *remote_id, *peer_id = NULL;
- peer_cfg_t *peer_cfg, *mediated_cfg;
+ peer_cfg_t *peer_cfg, *mediated_cfg = NULL;
ike_cfg_t *ike;
host_t *vip = NULL;
auth_cfg_t *auth;
@@ -367,22 +379,38 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
continue;
}
ike = get_ike_cfg_by_id(this, ike_cfg);
+
+#ifdef ME
mediated_cfg = mediated_by ? get_peer_cfg_by_id(this, mediated_by) : NULL;
if (p_type)
{
peer_id = identification_create_from_encoding(p_type, p_data);
}
+#endif
if (virtual)
{
vip = host_create_from_string(virtual, 0);
}
if (ike)
{
- peer_cfg = peer_cfg_create(
- name, ike, cert_policy, uniqueid,
- keyingtries, rekeytime, reauthtime, jitter, overtime,
- mobike, FALSE, TRUE, dpd_delay, 0,
- mediation, mediated_cfg, peer_id);
+ peer_cfg_create_t peer = {
+ .cert_policy = cert_policy,
+ .unique = uniqueid,
+ .keyingtries = keyingtries,
+ .rekey_time = rekeytime,
+ .reauth_time = reauthtime,
+ .jitter_time = jitter,
+ .over_time = overtime,
+ .no_mobike = !mobike,
+ .dpd = dpd_delay,
+#ifdef ME
+ .mediation = mediation,
+ .mediated_by = mediated_cfg,
+ .peer_id = peer_id,
+#endif /* ME */
+ };
+
+ peer_cfg = peer_cfg_create(name, ike, &peer);
if (vip)
{
peer_cfg->add_virtual_ip(peer_cfg, vip);
diff --git a/src/libcharon/plugins/sql/sql_logger.c b/src/libcharon/plugins/sql/sql_logger.c
index 0fa06ea..46a8940 100644
--- a/src/libcharon/plugins/sql/sql_logger.c
+++ b/src/libcharon/plugins/sql/sql_logger.c
@@ -63,7 +63,7 @@ METHOD(logger_t, log_, void,
chunk_t local_spi, remote_spi;
host_t *local_host, *remote_host;
identification_t *local_id, *remote_id;
- u_int64_t ispi, rspi;
+ uint64_t ispi, rspi;
ike_sa_id_t *id;
id = ike_sa->get_id(ike_sa);
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 2b22b33..9f63cb0 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/stroke
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -474,7 +488,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -796,6 +809,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index d0eb2aa..f2d1104 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -252,7 +252,7 @@ static void swap_ends(stroke_msg_t *msg)
static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg)
{
ike_cfg_t *ike_cfg;
- u_int16_t ikeport;
+ uint16_t ikeport;
char me[256], other[256];
swap_ends(msg);
@@ -616,12 +616,17 @@ static mem_pool_t *create_pool_range(char *str)
static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
stroke_msg_t *msg, ike_cfg_t *ike_cfg)
{
- identification_t *peer_id = NULL;
- peer_cfg_t *mediated_by = NULL;
- unique_policy_t unique;
- u_int32_t rekey = 0, reauth = 0, over, jitter;
peer_cfg_t *peer_cfg;
auth_cfg_t *auth_cfg;
+ peer_cfg_create_t peer = {
+ .cert_policy = msg->add_conn.me.sendcert,
+ .keyingtries = msg->add_conn.rekey.tries,
+ .no_mobike = !msg->add_conn.mobike,
+ .aggressive = msg->add_conn.aggressive,
+ .push_mode = msg->add_conn.pushmode,
+ .dpd = msg->add_conn.dpd.delay,
+ .dpd_timeout = msg->add_conn.dpd.timeout,
+ };
#ifdef ME
if (msg->add_conn.ikeme.mediation && msg->add_conn.ikeme.mediated_by)
@@ -633,14 +638,17 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
if (msg->add_conn.ikeme.mediation)
{
+ peer.mediation = TRUE;
/* force unique connections for mediation connections */
msg->add_conn.unique = 1;
}
if (msg->add_conn.ikeme.mediated_by)
{
- mediated_by = charon->backends->get_peer_cfg_by_name(charon->backends,
- msg->add_conn.ikeme.mediated_by);
+ peer_cfg_t *mediated_by;
+
+ mediated_by = charon->backends->get_peer_cfg_by_name(
+ charon->backends, msg->add_conn.ikeme.mediated_by);
if (!mediated_by)
{
DBG1(DBG_CFG, "mediation connection '%s' not found, aborting",
@@ -655,58 +663,55 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
mediated_by->destroy(mediated_by);
return NULL;
}
+ peer.mediated_by = mediated_by;
if (msg->add_conn.ikeme.peerid)
{
- peer_id = identification_create_from_string(msg->add_conn.ikeme.peerid);
+ peer.peer_id = identification_create_from_string(
+ msg->add_conn.ikeme.peerid);
}
else if (msg->add_conn.other.id)
{
- peer_id = identification_create_from_string(msg->add_conn.other.id);
+ peer.peer_id = identification_create_from_string(
+ msg->add_conn.other.id);
}
}
#endif /* ME */
- jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100;
- over = msg->add_conn.rekey.margin;
+ peer.jitter_time = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100;
+ peer.over_time = msg->add_conn.rekey.margin;
if (msg->add_conn.rekey.reauth)
{
- reauth = msg->add_conn.rekey.ike_lifetime - over;
+ peer.reauth_time = msg->add_conn.rekey.ike_lifetime - peer.over_time;
}
else
{
- rekey = msg->add_conn.rekey.ike_lifetime - over;
+ peer.rekey_time = msg->add_conn.rekey.ike_lifetime - peer.over_time;
}
switch (msg->add_conn.unique)
{
case 1: /* yes */
case 2: /* replace */
- unique = UNIQUE_REPLACE;
+ peer.unique = UNIQUE_REPLACE;
break;
case 3: /* keep */
- unique = UNIQUE_KEEP;
+ peer.unique = UNIQUE_KEEP;
break;
case 4: /* never */
- unique = UNIQUE_NEVER;
+ peer.unique = UNIQUE_NEVER;
break;
default: /* no */
- unique = UNIQUE_NO;
+ peer.unique = UNIQUE_NO;
break;
}
if (msg->add_conn.dpd.action == 0)
{ /* dpdaction=none disables DPD */
- msg->add_conn.dpd.delay = 0;
+ peer.dpd = 0;
}
/* other.sourceip is managed in stroke_attributes. If it is set, we define
* the pool name as the connection name, which the attribute provider
* uses to serve pool addresses. */
- peer_cfg = peer_cfg_create(msg->add_conn.name, ike_cfg,
- msg->add_conn.me.sendcert, unique,
- msg->add_conn.rekey.tries, rekey, reauth, jitter, over,
- msg->add_conn.mobike, msg->add_conn.aggressive,
- msg->add_conn.pushmode == 0,
- msg->add_conn.dpd.delay, msg->add_conn.dpd.timeout,
- msg->add_conn.ikeme.mediation, mediated_by, peer_id);
+ peer_cfg = peer_cfg_create(msg->add_conn.name, ike_cfg, &peer);
if (msg->add_conn.other.sourceip)
{
@@ -883,8 +888,8 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
/**
* Parse a protoport specifier
*/
-static bool parse_protoport(char *token, u_int16_t *from_port,
- u_int16_t *to_port, u_int8_t *protocol)
+static bool parse_protoport(char *token, uint16_t *from_port,
+ uint16_t *to_port, uint8_t *protocol)
{
char *sep, *port = "", *endptr;
struct protoent *proto;
@@ -923,7 +928,7 @@ static bool parse_protoport(char *token, u_int16_t *from_port,
{
return FALSE;
}
- *protocol = (u_int8_t)p;
+ *protocol = (uint8_t)p;
}
}
if (streq(port, "%any"))
@@ -1002,8 +1007,8 @@ static void add_ts(private_stroke_config_t *this,
{
enumerator_t *enumerator;
char *subnet, *pos;
- u_int16_t from_port, to_port;
- u_int8_t proto;
+ uint16_t from_port, to_port;
+ uint8_t proto;
enumerator = enumerator_create_token(end->subnets, ",", " ");
while (enumerator->enumerate(enumerator, &subnet))
@@ -1070,45 +1075,50 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
stroke_msg_t *msg)
{
child_cfg_t *child_cfg;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = msg->add_conn.rekey.ipsec_lifetime,
- .rekey = msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin,
- .jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = msg->add_conn.rekey.ipsec_lifetime,
+ .rekey = msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin,
+ .jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100
+ },
+ .bytes = {
+ .life = msg->add_conn.rekey.life_bytes,
+ .rekey = msg->add_conn.rekey.life_bytes - msg->add_conn.rekey.margin_bytes,
+ .jitter = msg->add_conn.rekey.margin_bytes * msg->add_conn.rekey.fuzz / 100
+ },
+ .packets = {
+ .life = msg->add_conn.rekey.life_packets,
+ .rekey = msg->add_conn.rekey.life_packets - msg->add_conn.rekey.margin_packets,
+ .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100
+ },
},
- .bytes = {
- .life = msg->add_conn.rekey.life_bytes,
- .rekey = msg->add_conn.rekey.life_bytes - msg->add_conn.rekey.margin_bytes,
- .jitter = msg->add_conn.rekey.margin_bytes * msg->add_conn.rekey.fuzz / 100
+ .mark_in = {
+ .value = msg->add_conn.mark_in.value,
+ .mask = msg->add_conn.mark_in.mask
},
- .packets = {
- .life = msg->add_conn.rekey.life_packets,
- .rekey = msg->add_conn.rekey.life_packets - msg->add_conn.rekey.margin_packets,
- .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100
- }
- };
- mark_t mark_in = {
- .value = msg->add_conn.mark_in.value,
- .mask = msg->add_conn.mark_in.mask
- };
- mark_t mark_out = {
- .value = msg->add_conn.mark_out.value,
- .mask = msg->add_conn.mark_out.mask
+ .mark_out = {
+ .value = msg->add_conn.mark_out.value,
+ .mask = msg->add_conn.mark_out.mask
+ },
+ .reqid = msg->add_conn.reqid,
+ .mode = msg->add_conn.mode,
+ .proxy_mode = msg->add_conn.proxy_mode,
+ .ipcomp = msg->add_conn.ipcomp,
+ .tfc = msg->add_conn.tfc,
+ .inactivity = msg->add_conn.inactivity,
+ .dpd_action = map_action(msg->add_conn.dpd.action),
+ .close_action = map_action(msg->add_conn.close_action),
+ .updown = msg->add_conn.me.updown,
+ .hostaccess = msg->add_conn.me.hostaccess,
+ .suppress_policies = !msg->add_conn.install_policy,
};
- child_cfg = child_cfg_create(
- msg->add_conn.name, &lifetime, msg->add_conn.me.updown,
- msg->add_conn.me.hostaccess, msg->add_conn.mode, ACTION_NONE,
- map_action(msg->add_conn.dpd.action),
- map_action(msg->add_conn.close_action), msg->add_conn.ipcomp,
- msg->add_conn.inactivity, msg->add_conn.reqid,
- &mark_in, &mark_out, msg->add_conn.tfc);
+ child_cfg = child_cfg_create(msg->add_conn.name, &child);
if (msg->add_conn.replay_window != -1)
{
child_cfg->set_replay_window(child_cfg, msg->add_conn.replay_window);
}
- child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
- msg->add_conn.install_policy);
add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
add_ts(this, &msg->add_conn.other, child_cfg, FALSE);
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index 36da5ff..fb60d39 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -198,7 +198,7 @@ METHOD(stroke_control_t, initiate, void,
/**
* Parse a terminate/rekey specifier
*/
-static bool parse_specifier(char *string, u_int32_t *id,
+static bool parse_specifier(char *string, uint32_t *id,
char **name, bool *child, bool *all)
{
int len;
@@ -266,7 +266,7 @@ static bool parse_specifier(char *string, u_int32_t *id,
* Report the result of a terminate() call to console
*/
static void report_terminate_status(private_stroke_control_t *this,
- status_t status, FILE *out, u_int32_t id, bool child)
+ status_t status, FILE *out, uint32_t id, bool child)
{
char *prefix, *postfix;
@@ -300,7 +300,7 @@ static void report_terminate_status(private_stroke_control_t *this,
/**
* Call the charon controller to terminate a CHILD_SA
*/
-static void charon_terminate(private_stroke_control_t *this, u_int32_t id,
+static void charon_terminate(private_stroke_control_t *this, uint32_t id,
stroke_msg_t *msg, FILE *out, bool child)
{
if (msg->output_verbosity >= 0)
@@ -336,7 +336,7 @@ METHOD(stroke_control_t, terminate, void,
private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
{
char *name;
- u_int32_t id;
+ uint32_t id;
bool child, all;
ike_sa_t *ike_sa;
enumerator_t *enumerator;
@@ -424,7 +424,7 @@ METHOD(stroke_control_t, rekey, void,
private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
{
char *name;
- u_int32_t id;
+ uint32_t id;
bool child, all, finished = FALSE;
ike_sa_t *ike_sa;
enumerator_t *enumerator;
@@ -591,13 +591,13 @@ METHOD(stroke_control_t, purge_ike, void,
/**
* Find an existing CHILD_SA/reqid
*/
-static u_int32_t find_reqid(child_cfg_t *child_cfg)
+static uint32_t find_reqid(child_cfg_t *child_cfg)
{
enumerator_t *enumerator, *children;
child_sa_t *child_sa;
ike_sa_t *ike_sa;
char *name;
- u_int32_t reqid;
+ uint32_t reqid;
reqid = charon->traps->find_reqid(charon->traps, child_cfg);
if (reqid)
@@ -636,7 +636,7 @@ static void charon_route(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
char *name, FILE *out)
{
ipsec_mode_t mode;
- u_int32_t reqid;
+ uint32_t reqid;
mode = child_cfg->get_mode(child_cfg);
if (mode == MODE_PASS || mode == MODE_DROP)
@@ -731,7 +731,7 @@ METHOD(stroke_control_t, unroute, void,
{
child_sa_t *child_sa;
enumerator_t *enumerator;
- u_int32_t id = 0;
+ uint32_t id = 0;
if (charon->shunts->uninstall(charon->shunts, msg->unroute.name))
{
diff --git a/src/libcharon/plugins/stroke/stroke_counter.c b/src/libcharon/plugins/stroke/stroke_counter.c
index 5fa1fb1..e93fd4e 100644
--- a/src/libcharon/plugins/stroke/stroke_counter.c
+++ b/src/libcharon/plugins/stroke/stroke_counter.c
@@ -58,7 +58,7 @@ struct private_stroke_counter_t {
/**
* Global counter values
*/
- u_int64_t counter[COUNTER_MAX];
+ uint64_t counter[COUNTER_MAX];
/**
* Counters for specific connection names, char* => entry_t
@@ -78,7 +78,7 @@ typedef struct {
/** connection name */
char *name;
/** counter values for connection */
- u_int64_t counter[COUNTER_MAX];
+ uint64_t counter[COUNTER_MAX];
} entry_t;
/**
@@ -290,7 +290,7 @@ METHOD(listener_t, message_hook, bool,
* Print a single counter value to out
*/
static void print_counter(FILE *out, stroke_counter_type_t type,
- u_int64_t counter)
+ uint64_t counter)
{
fprintf(out, "%-18N %12llu\n", stroke_counter_type_names, type, counter);
}
@@ -300,7 +300,7 @@ static void print_counter(FILE *out, stroke_counter_type_t type,
*/
static void print_one(private_stroke_counter_t *this, FILE *out, char *name)
{
- u_int64_t counter[COUNTER_MAX];
+ uint64_t counter[COUNTER_MAX];
entry_t *entry;
int i;
@@ -365,7 +365,7 @@ static void print_all(private_stroke_counter_t *this, FILE *out)
*/
static void print_global(private_stroke_counter_t *this, FILE *out)
{
- u_int64_t counter[COUNTER_MAX];
+ uint64_t counter[COUNTER_MAX];
int i;
this->lock->lock(this->lock);
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 4292888..929e6fc 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -754,6 +754,8 @@ typedef struct {
chunk_t keyid;
/** number of tries */
int try;
+ /** provided PIN */
+ shared_key_t *shared;
} pin_cb_data_t;
/**
@@ -798,7 +800,9 @@ static shared_key_t* pin_cb(pin_cb_data_t *data, shared_key_type_t type,
{
*match_other = ID_MATCH_NONE;
}
- return shared_key_create(SHARED_PIN, chunk_clone(secret));
+ DESTROY_IF(data->shared);
+ data->shared = shared_key_create(SHARED_PIN, chunk_clone(secret));
+ return data->shared->get_ref(data->shared);
}
}
return NULL;
@@ -815,7 +819,7 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr,
private_key_t *key = NULL;
u_int slot;
chunk_t chunk;
- shared_key_t *shared;
+ shared_key_t *shared = NULL;
identification_t *id;
mem_cred_t *mem = NULL;
callback_cred_t *cb = NULL;
@@ -867,10 +871,11 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr,
return TRUE;
}
/* use callback credential set to prompt for the pin */
- pin_data.prompt = prompt;
- pin_data.card = smartcard;
- pin_data.keyid = chunk;
- pin_data.try = 0;
+ pin_data = (pin_cb_data_t){
+ .prompt = prompt,
+ .card = smartcard,
+ .keyid = chunk,
+ };
cb = callback_cred_create_shared((void*)pin_cb, &pin_data);
lib->credmgr->add_local_set(lib->credmgr, &cb->set, FALSE);
}
@@ -880,30 +885,48 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr,
shared = shared_key_create(SHARED_PIN, secret);
id = identification_create_from_encoding(ID_KEY_ID, chunk);
mem = mem_cred_create();
- mem->add_shared(mem, shared, id, NULL);
+ mem->add_shared(mem, shared->get_ref(shared), id, NULL);
lib->credmgr->add_local_set(lib->credmgr, &mem->set, FALSE);
}
/* unlock: smartcard needs the pin and potentially calls public set */
key = (private_key_t*)load_from_smartcard(format, slot, module, keyid,
CRED_PRIVATE_KEY, KEY_ANY);
+
+ if (key)
+ {
+ DBG1(DBG_CFG, " loaded private key from %.*s", (int)sc.len, sc.ptr);
+ secrets->add_key(secrets, key);
+ }
if (mem)
{
+ if (!key)
+ {
+ shared->destroy(shared);
+ shared = NULL;
+ }
lib->credmgr->remove_local_set(lib->credmgr, &mem->set);
mem->destroy(mem);
}
if (cb)
{
+ if (key)
+ {
+ shared = pin_data.shared;
+ }
+ else
+ {
+ DESTROY_IF(pin_data.shared);
+ }
lib->credmgr->remove_local_set(lib->credmgr, &cb->set);
cb->destroy(cb);
}
- chunk_clear(&chunk);
-
- if (key)
+ if (shared)
{
- DBG1(DBG_CFG, " loaded private key from %.*s", (int)sc.len, sc.ptr);
- secrets->add_key(secrets, key);
+ id = identification_create_from_encoding(ID_KEY_ID, chunk);
+ secrets->add_shared(secrets, shared, id, NULL);
}
+ chunk_clear(&chunk);
return TRUE;
}
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index 0371c70..6c5703a 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -206,7 +206,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
{
time_t use_in, use_out, rekey, now;
- u_int64_t bytes_in, bytes_out, packets_in, packets_out;
+ uint64_t bytes_in, bytes_out, packets_in, packets_out;
proposal_t *proposal;
linked_list_t *my_ts, *other_ts;
child_cfg_t *config;
@@ -244,7 +244,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
proposal = child_sa->get_proposal(child_sa);
if (proposal)
{
- u_int16_t alg, ks;
+ uint16_t alg, ks;
bool first = TRUE;
if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM,
@@ -286,7 +286,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
{
fprintf(out, " (%" PRIu64 " pkt%s, %" PRIu64 "s ago)",
packets_in, (packets_in == 1) ? "": "s",
- (u_int64_t)(now - use_in));
+ (uint64_t)(now - use_in));
}
child_sa->get_usestats(child_sa, FALSE,
@@ -296,7 +296,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
{
fprintf(out, " (%" PRIu64 " pkt%s, %" PRIu64 "s ago)",
packets_out, (packets_out == 1) ? "": "s",
- (u_int64_t)(now - use_out));
+ (uint64_t)(now - use_out));
}
fprintf(out, ", rekeying ");
@@ -474,7 +474,7 @@ METHOD(stroke_list_t, status, void,
ike_version_t ike_version;
char *pool;
host_t *host;
- u_int32_t dpd;
+ uint32_t dpd;
time_t since, now;
u_int size, online, offline, i;
struct utsname utsname;
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index ee32dbc..4f74836 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -613,7 +613,7 @@ static void stroke_config(private_stroke_socket_t *this,
static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
{
stroke_msg_t *msg;
- u_int16_t len;
+ uint16_t len;
FILE *out;
/* read length */
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 0daff44..125e3c1 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/systime_fix
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/systime_fix/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/systime_fix/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index f124a1b..0ea265e 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/tnc_ifmap
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -406,6 +419,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -473,7 +487,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/tnc_ifmap/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/tnc_ifmap/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -791,6 +804,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
index 2bad4fa..ad4f2f8 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
@@ -145,7 +145,7 @@ tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload)
{
private_tnc_ifmap_listener_t *this;
job_t *job;
- u_int32_t reschedule;
+ uint32_t reschedule;
INIT(this,
.public = {
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c
index f2c00a5..ea48338 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c
@@ -40,7 +40,7 @@ struct private_tnc_ifmap_renew_session_job_t {
/**
* Reschedule time interval in seconds
*/
- u_int32_t reschedule;
+ uint32_t reschedule;
};
METHOD(job_t, destroy, void,
@@ -83,7 +83,7 @@ METHOD(job_t, get_priority, job_priority_t,
* Described in header
*/
tnc_ifmap_renew_session_job_t *tnc_ifmap_renew_session_job_create(
- tnc_ifmap_soap_t *ifmap, u_int32_t reschedule)
+ tnc_ifmap_soap_t *ifmap, uint32_t reschedule)
{
private_tnc_ifmap_renew_session_job_t *this;
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h
index f1587a1..18a3d57 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h
@@ -46,6 +46,6 @@ struct tnc_ifmap_renew_session_job_t {
* @param reschedule reschedule time in seconds
*/
tnc_ifmap_renew_session_job_t *tnc_ifmap_renew_session_job_create(
- tnc_ifmap_soap_t *ifmap, u_int32_t reschedule);
+ tnc_ifmap_soap_t *ifmap, uint32_t reschedule);
#endif /** TNC_IFMAP_RENEW_SESSION_JOB_H_ @}*/
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
index a652e70..8e69de0 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
@@ -186,7 +186,7 @@ METHOD(tnc_ifmap_soap_t, purgePublisher, bool,
* Create an access-request based on device_name and ike_sa_id
*/
static xmlNodePtr create_access_request(private_tnc_ifmap_soap_t *this,
- u_int32_t id)
+ uint32_t id)
{
xmlNodePtr node;
char buf[BUF_LEN];
@@ -415,7 +415,7 @@ METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool,
identification_t *id, *eap_id, *group;
host_t *host;
auth_cfg_t *auth;
- u_int32_t ike_sa_id;
+ uint32_t ike_sa_id;
bool is_user = FALSE, first = TRUE, success;
/* extract relevant data from IKE_SA*/
@@ -584,7 +584,7 @@ METHOD(tnc_ifmap_soap_t, publish_virtual_ips, bool,
{
tnc_ifmap_soap_msg_t *soap_msg;
xmlNodePtr request, node;
- u_int32_t ike_sa_id;
+ uint32_t ike_sa_id;
enumerator_t *enumerator;
host_t *vip;
bool success;
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index bfd8cf8..f2398c3 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/tnc_pdp
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -207,12 +216,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -262,6 +273,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -296,6 +308,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -407,6 +420,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -476,7 +490,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/tnc_pdp/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/tnc_pdp/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -791,6 +804,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
index 91456f8..17f0cd4 100644
--- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
@@ -74,7 +74,7 @@ struct private_tnc_pdp_t {
/**
* PT-TLS port of the server
*/
- u_int16_t pt_tls_port;
+ uint16_t pt_tls_port;
/**
* PT-TLS IPv4 socket
@@ -158,7 +158,7 @@ static void free_client_entry(client_entry_t *this)
/**
* Open IPv4 or IPv6 UDP socket
*/
-static int open_udp_socket(int family, u_int16_t port)
+static int open_udp_socket(int family, uint16_t port)
{
int on = TRUE;
struct sockaddr_storage addr;
@@ -233,7 +233,7 @@ static int open_udp_socket(int family, u_int16_t port)
/**
* Open IPv4 or IPv6 TCP socket
*/
-static int open_tcp_socket(int family, u_int16_t port)
+static int open_tcp_socket(int family, uint16_t port)
{
int on = TRUE;
struct sockaddr_storage addr;
@@ -339,8 +339,8 @@ static void send_message(private_tnc_pdp_t *this, radius_message_t *message,
/**
* Encrypt a MS-MPPE-Send/Recv-Key
*/
-static chunk_t encrypt_mppe_key(private_tnc_pdp_t *this, u_int8_t type,
- chunk_t key, u_int16_t *salt,
+static chunk_t encrypt_mppe_key(private_tnc_pdp_t *this, uint8_t type,
+ chunk_t key, uint16_t *salt,
radius_message_t *request)
{
chunk_t a, r, seed, data;
@@ -420,8 +420,8 @@ static void send_response(private_tnc_pdp_t *this, radius_message_t *request,
{
radius_message_t *response;
chunk_t data, recv, send;
- u_int32_t tunnel_type;
- u_int16_t salt = 0;
+ uint32_t tunnel_type;
+ uint16_t salt = 0;
response = radius_message_create(code);
data = eap->get_data(eap);
@@ -477,7 +477,7 @@ static void process_eap(private_tnc_pdp_t *this, radius_message_t *request,
eap_payload_t *in, *out = NULL;
eap_method_t *method;
eap_type_t eap_type;
- u_int32_t eap_vendor;
+ uint32_t eap_vendor;
chunk_t data, message = chunk_empty, msk = chunk_empty;
chunk_t user_name = chunk_empty, nas_id = chunk_empty;
identification_t *group = NULL;
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index a1c64ca..84eed9a 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/uci
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c
index 2a8e403..e0578fe 100644
--- a/src/libcharon/plugins/uci/uci_config.c
+++ b/src/libcharon/plugins/uci/uci_config.c
@@ -126,12 +126,23 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
child_cfg_t *child_cfg;
ike_cfg_t *ike_cfg;
auth_cfg_t *auth;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = create_rekey(esp_rekey) + 300,
- .rekey = create_rekey(esp_rekey),
- .jitter = 300
- }
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_SEND_IF_ASKED,
+ .unique = UNIQUE_NO,
+ .keyingtries = 1,
+ .jitter_time = 1800,
+ .over_time = 900,
+ .dpd = 60,
+ };
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = create_rekey(esp_rekey) + 300,
+ .rekey = create_rekey(esp_rekey),
+ .jitter = 300
+ },
+ },
+ .mode = MODE_TUNNEL,
};
/* defaults */
@@ -157,13 +168,8 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
remote_addr, IKEV2_UDP_PORT,
FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
- this->peer_cfg = peer_cfg_create(
- name, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
- 1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */
- 1800, 900, /* jitter, overtime */
- TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
- 60, 0, /* DPD delay, timeout */
- FALSE, NULL, NULL); /* mediation, med by, peer id */
+ peer.rekey_time = create_rekey(ike_rekey);
+ this->peer_cfg = peer_cfg_create(name, ike_cfg, &peer);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
auth->add(auth, AUTH_RULE_IDENTITY,
@@ -179,9 +185,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
}
this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE);
- child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
- ACTION_NONE, ACTION_NONE, ACTION_NONE,
- FALSE, 0, 0, NULL, NULL, 0);
+ child_cfg = child_cfg_create(name, &child);
child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index 00bb149..cfc1c5f 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/unity
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/unity/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/unity/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/unity/unity_handler.c b/src/libcharon/plugins/unity/unity_handler.c
index 9fc9be6..5707278 100644
--- a/src/libcharon/plugins/unity/unity_handler.c
+++ b/src/libcharon/plugins/unity/unity_handler.c
@@ -206,7 +206,9 @@ static job_requeue_t add_exclude_async(entry_t *entry)
{
enumerator_t *enumerator;
child_cfg_t *child_cfg;
- lifetime_cfg_t lft = { .time = { .life = 0 } };
+ child_cfg_create_t child = {
+ .mode = MODE_PASS,
+ };
ike_sa_t *ike_sa;
char name[128];
host_t *host;
@@ -216,9 +218,7 @@ static job_requeue_t add_exclude_async(entry_t *entry)
{
create_shunt_name(ike_sa, entry->ts, name, sizeof(name));
- child_cfg = child_cfg_create(name, &lft, NULL, TRUE, MODE_PASS,
- ACTION_NONE, ACTION_NONE, ACTION_NONE,
- FALSE, 0, 0, NULL, NULL, FALSE);
+ child_cfg = child_cfg_create(name, &child);
child_cfg->add_traffic_selector(child_cfg, FALSE,
entry->ts->clone(entry->ts));
host = ike_sa->get_my_host(ike_sa);
diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c
index 1e297a3..07f5f9b 100644
--- a/src/libcharon/plugins/unity/unity_provider.c
+++ b/src/libcharon/plugins/unity/unity_provider.c
@@ -53,7 +53,7 @@ static void append_ts(bio_writer_t *writer, traffic_selector_t *ts)
{
host_t *net, *mask;
chunk_t padding;
- u_int8_t bits;
+ uint8_t bits;
if (!ts->to_subnet(ts, &net, &bits))
{
@@ -115,7 +115,7 @@ METHOD(enumerator_t, attribute_destroy, void,
*/
static bool use_ts(traffic_selector_t *ts)
{
- u_int8_t mask;
+ uint8_t mask;
host_t *net;
if (ts->get_type(ts) != TS_IPV4_ADDR_RANGE)
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 863e144..612535d 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/updown
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c
index e51caab..6a1581c 100644
--- a/src/libcharon/plugins/updown/updown_listener.c
+++ b/src/libcharon/plugins/updown/updown_listener.c
@@ -55,7 +55,7 @@ typedef struct cache_entry_t cache_entry_t;
*/
struct cache_entry_t {
/** requid of the CHILD_SA */
- u_int32_t reqid;
+ uint32_t reqid;
/** cached interface name */
char *iface;
};
@@ -63,7 +63,7 @@ struct cache_entry_t {
/**
* Insert an interface name to the cache
*/
-static void cache_iface(private_updown_listener_t *this, u_int32_t reqid,
+static void cache_iface(private_updown_listener_t *this, uint32_t reqid,
char *iface)
{
cache_entry_t *entry = malloc_thing(cache_entry_t);
@@ -77,7 +77,7 @@ static void cache_iface(private_updown_listener_t *this, u_int32_t reqid,
/**
* Remove a cached interface name and return it.
*/
-static char* uncache_iface(private_updown_listener_t *this, u_int32_t reqid)
+static char* uncache_iface(private_updown_listener_t *this, uint32_t reqid)
{
enumerator_t *enumerator;
cache_entry_t *entry;
@@ -257,7 +257,7 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa,
{
host_t *me, *other, *host;
char *iface;
- u_int8_t mask;
+ uint8_t mask;
mark_t mark;
bool is_host, is_ipv6;
int out;
@@ -344,13 +344,13 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa,
}
push_vip_env(this, ike_sa, envp, countof(envp), TRUE);
push_vip_env(this, ike_sa, envp, countof(envp), FALSE);
- mark = config->get_mark(config, TRUE);
+ mark = child_sa->get_mark(child_sa, TRUE);
if (mark.value)
{
push_env(envp, countof(envp), "PLUTO_MARK_IN=%u/0x%08x",
mark.value, mark.mask);
}
- mark = config->get_mark(config, FALSE);
+ mark = child_sa->get_mark(child_sa, FALSE);
if (mark.value)
{
push_env(envp, countof(envp), "PLUTO_MARK_OUT=%u/0x%08x",
diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in
index 86ed007..b943c09 100644
--- a/src/libcharon/plugins/vici/Makefile.in
+++ b/src/libcharon/plugins/vici/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -84,8 +94,6 @@ check_PROGRAMS = $(am__EXEEXT_1)
@USE_PYTHON_EGGS_TRUE at am__append_2 = python
@USE_PERL_CPAN_TRUE at am__append_3 = perl
subdir = src/libcharon/plugins/vici
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -99,6 +107,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -274,6 +283,7 @@ am__tty_colors = { \
fi; \
}
DIST_SUBDIRS = ruby python perl
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -305,6 +315,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -354,6 +365,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -388,6 +400,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -499,6 +512,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -602,7 +616,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/vici/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -1319,6 +1332,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \
tags tags-am uninstall uninstall-am \
uninstall-ipseclibLTLIBRARIES uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index 52929bd..cf5a85a 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -277,8 +277,8 @@ Terminates an SA while streaming _control-log_ events.
{
child = <terminate a CHILD_SA by configuration name>
ike = <terminate an IKE_SA by configuration name>
- child_id = <terminate a CHILD_SA by its reqid>
- ike_id = <terminate an IKE_SA by its unique id>
+ child-id = <terminate a CHILD_SA by its reqid>
+ ike-id = <terminate an IKE_SA by its unique id>
timeout = <timeout in ms before returning>
loglevel = <loglevel to issue "control-log" events for>
} => {
@@ -337,7 +337,7 @@ events.
{
noblock = <use non-blocking mode if key is set>
ike = <filter listed IKE_SAs by its name>
- ike_id = <filter listed IKE_SA by its unique id>
+ ike-id = <filter listed IKE_SA by its unique id>
} => {
# completes after streaming list-sa events
}
@@ -734,6 +734,8 @@ _list-conns_ command.
<list of valid remote IKE endpoint addresses>
]
version = <IKE version as string, IKEv1|IKEv2 or 0 for any>
+ reauth_time = <IKE_SA reauthentication interval in seconds>
+ rekey_time = <IKE_SA rekeying interval in seconds>
local*, remote* = { # multiple local and remote auth sections
class = <authentication type>
@@ -758,6 +760,9 @@ _list-conns_ command.
children = {
<CHILD_SA config name>* = {
mode = <IPsec mode>
+ rekey_time = <CHILD_SA rekeying interval in seconds>
+ rekey_bytes = <CHILD_SA rekeying interval in bytes>
+ rekey_packets = <CHILD_SA rekeying interval in packets>
local-ts = [
<list of local traffic selectors>
]
diff --git a/src/libcharon/plugins/vici/libvici.c b/src/libcharon/plugins/vici/libvici.c
index 7c98c8b..0b549a5 100644
--- a/src/libcharon/plugins/vici/libvici.c
+++ b/src/libcharon/plugins/vici/libvici.c
@@ -123,7 +123,7 @@ static bool read_error(vici_conn_t *conn, int err)
/**
* Handle a command response message
*/
-static bool handle_response(vici_conn_t *conn, u_int32_t len)
+static bool handle_response(vici_conn_t *conn, uint32_t len)
{
chunk_t buf;
@@ -140,11 +140,11 @@ static bool handle_response(vici_conn_t *conn, u_int32_t len)
/**
* Dispatch received event message
*/
-static bool handle_event(vici_conn_t *conn, u_int32_t len)
+static bool handle_event(vici_conn_t *conn, uint32_t len)
{
vici_message_t *message;
event_t *event;
- u_int8_t namelen;
+ uint8_t namelen;
char name[257], *buf;
if (len < sizeof(namelen))
@@ -198,8 +198,8 @@ static bool handle_event(vici_conn_t *conn, u_int32_t len)
CALLBACK(on_read, bool,
vici_conn_t *conn, stream_t *stream)
{
- u_int32_t len;
- u_int8_t op;
+ uint32_t len;
+ uint8_t op;
ssize_t hlen;
hlen = stream->read(stream, &len, sizeof(len), FALSE);
@@ -358,8 +358,8 @@ vici_res_t* vici_submit(vici_req_t *req, vici_conn_t *conn)
vici_message_t *message;
vici_res_t *res;
chunk_t data;
- u_int32_t len;
- u_int8_t namelen, op;
+ uint32_t len;
+ uint8_t namelen, op;
message = req->b->finalize(req->b);
if (!message)
@@ -678,8 +678,8 @@ void vici_free_res(vici_res_t *res)
int vici_register(vici_conn_t *conn, char *name, vici_event_cb_t cb, void *user)
{
event_t *event;
- u_int32_t len;
- u_int8_t namelen, op;
+ uint32_t len;
+ uint8_t namelen, op;
int ret = 1;
op = cb ? VICI_EVENT_REGISTER : VICI_EVENT_UNREGISTER;
diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in
index 550d3e9..e32e966 100644
--- a/src/libcharon/plugins/vici/perl/Makefile.in
+++ b/src/libcharon/plugins/vici/perl/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,7 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/vici/perl
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -116,12 +126,14 @@ am__can_run_installinfo = \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -316,6 +330,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -370,7 +385,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/perl/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/vici/perl/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -547,6 +561,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
all-local: Vici-Session/pm_to_blib
diff --git a/src/libcharon/plugins/vici/python/MANIFEST.in b/src/libcharon/plugins/vici/python/MANIFEST.in
index 1aba38f..9d5d250 100644
--- a/src/libcharon/plugins/vici/python/MANIFEST.in
+++ b/src/libcharon/plugins/vici/python/MANIFEST.in
@@ -1 +1,2 @@
include LICENSE
+include README.rst
diff --git a/src/libcharon/plugins/vici/python/Makefile.am b/src/libcharon/plugins/vici/python/Makefile.am
index 5936f2a..20a6f43 100644
--- a/src/libcharon/plugins/vici/python/Makefile.am
+++ b/src/libcharon/plugins/vici/python/Makefile.am
@@ -1,4 +1,4 @@
-EXTRA_DIST = LICENSE MANIFEST.in \
+EXTRA_DIST = LICENSE README.rst MANIFEST.in \
setup.py.in \
vici/test/__init__.py \
vici/test/test_protocol.py \
@@ -10,26 +10,34 @@ EXTRA_DIST = LICENSE MANIFEST.in \
$(srcdir)/setup.py: $(srcdir)/setup.py.in
$(AM_V_GEN) sed \
- -e "s:@EGG_VERSION@:$(PACKAGE_VERSION):" \
+ -e "s:@EGG_VERSION@:$(PYTHON_PACKAGE_VERSION):" \
$(srcdir)/setup.py.in > $@
-all-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+all-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
-dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py
+dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py
(cd $(srcdir); $(PYTHON) setup.py bdist_egg \
-b $(shell readlink -f $(builddir))/build \
-d $(shell readlink -f $(builddir))/dist)
+package: $(EXTRA_DIST) $(srcdir)/setup.py
+ (cd $(srcdir); $(PYTHON) setup.py sdist \
+ -d $(shell readlink -f $(builddir))/dist \
+ bdist_wheel --universal \
+ -d $(shell readlink -f $(builddir))/dist)
+
clean-local:
(cd $(srcdir); [ ! -f setup.py ] || $(PYTHON) setup.py clean -a)
rm -rf $(srcdir)/setup.py $(srcdir)/vici.egg-info $(builddir)/dist
if PYTHON_EGGS_INSTALL
-install-exec-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+install-exec-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
$(EASY_INSTALL) $(PYTHONEGGINSTALLDIR) \
- dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+ dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
endif
if USE_PY_TEST
TESTS = $(PY_TEST)
endif
+
+.PHONY: package
diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in
index 894a7e2..7d1c642 100644
--- a/src/libcharon/plugins/vici/python/Makefile.in
+++ b/src/libcharon/plugins/vici/python/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,7 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/vici/python
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -138,12 +148,14 @@ am__tty_colors = { \
std='�[m'; \
fi; \
}
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -193,6 +205,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -227,6 +240,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -338,6 +352,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -366,7 +381,7 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-EXTRA_DIST = LICENSE MANIFEST.in \
+EXTRA_DIST = LICENSE README.rst MANIFEST.in \
setup.py.in \
vici/test/__init__.py \
vici/test/test_protocol.py \
@@ -392,7 +407,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/python/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/vici/python/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -663,26 +677,36 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
$(srcdir)/setup.py: $(srcdir)/setup.py.in
$(AM_V_GEN) sed \
- -e "s:@EGG_VERSION@:$(PACKAGE_VERSION):" \
+ -e "s:@EGG_VERSION@:$(PYTHON_PACKAGE_VERSION):" \
$(srcdir)/setup.py.in > $@
-all-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+all-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
-dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py
+dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py
(cd $(srcdir); $(PYTHON) setup.py bdist_egg \
-b $(shell readlink -f $(builddir))/build \
-d $(shell readlink -f $(builddir))/dist)
+package: $(EXTRA_DIST) $(srcdir)/setup.py
+ (cd $(srcdir); $(PYTHON) setup.py sdist \
+ -d $(shell readlink -f $(builddir))/dist \
+ bdist_wheel --universal \
+ -d $(shell readlink -f $(builddir))/dist)
+
clean-local:
(cd $(srcdir); [ ! -f setup.py ] || $(PYTHON) setup.py clean -a)
rm -rf $(srcdir)/setup.py $(srcdir)/vici.egg-info $(builddir)/dist
- at PYTHON_EGGS_INSTALL_TRUE@install-exec-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+ at PYTHON_EGGS_INSTALL_TRUE@install-exec-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
@PYTHON_EGGS_INSTALL_TRUE@ $(EASY_INSTALL) $(PYTHONEGGINSTALLDIR) \
- at PYTHON_EGGS_INSTALL_TRUE@ dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+ at PYTHON_EGGS_INSTALL_TRUE@ dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+
+.PHONY: package
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/vici/python/README.rst b/src/libcharon/plugins/vici/python/README.rst
new file mode 100644
index 0000000..3990f63
--- /dev/null
+++ b/src/libcharon/plugins/vici/python/README.rst
@@ -0,0 +1,24 @@
+About
+-----
+
+The strongSwan VICI protocol allows external applications to monitor, configure
+and control the IKE daemon charon. This Python package provides a native client
+side implementation of the VICI protocol, well suited to script automated tasks
+in a reliable way.
+
+
+Example Usage
+-------------
+
+.. code-block:: python
+
+ >>> import vici
+ >>> s = vici.Session()
+ >>> s.version()
+ OrderedDict([('daemon', b'charon'), ('version', b'5.4.0'),
+ ('sysname', b'Linux'), ('release', b'3.13.0-27-generic'), ('machine', b'x86_64')])
+ >>> s.load_pool({"p1": {"addrs": "10.0.0.0/24"}})
+ OrderedDict([('success', b'yes')])
+ >>> s.get_pools()
+ OrderedDict([('p1', OrderedDict([('base', b'10.0.0.0'), ('size', b'254'),
+ ('online', b'0'), ('offline', b'0')]))])
diff --git a/src/libcharon/plugins/vici/python/setup.py.in b/src/libcharon/plugins/vici/python/setup.py.in
index 0e4ad82..62b0c58 100644
--- a/src/libcharon/plugins/vici/python/setup.py.in
+++ b/src/libcharon/plugins/vici/python/setup.py.in
@@ -1,25 +1,21 @@
from setuptools import setup
-
-long_description = (
- "The strongSwan VICI protocol allows external application to monitor, "
- "configure and control the IKE daemon charon. This python package provides "
- "a native client side implementation of the VICI protocol, well suited to "
- "script automated tasks in a reliable way."
-)
+with open('README.rst') as file:
+ long_description = file.read()
setup(
name="vici",
version="@EGG_VERSION@",
- description="Native python interface for strongSwan VICI",
- author="Bjorn Schuberg",
+ description="Native Python interface for strongSwan's VICI protocol",
+ long_description=long_description,
+ author="strongSwan Project",
+ author_email="info at strongswan.org",
url="https://wiki.strongswan.org/projects/strongswan/wiki/Vici",
license="MIT",
packages=["vici"],
- long_description=long_description,
include_package_data=True,
classifiers=(
- "Development Status :: 3 - Alpha",
+ "Development Status :: 5 - Production/Stable",
"Intended Audience :: Developers",
"Intended Audience :: System Administrators",
"License :: OSI Approved :: MIT License",
diff --git a/src/libcharon/plugins/vici/python/vici/protocol.py b/src/libcharon/plugins/vici/python/vici/protocol.py
index 855a7b2..4951817 100644
--- a/src/libcharon/plugins/vici/python/vici/protocol.py
+++ b/src/libcharon/plugins/vici/python/vici/protocol.py
@@ -20,15 +20,22 @@ class Transport(object):
self.socket.sendall(struct.pack("!I", len(packet)) + packet)
def receive(self):
- raw_length = self.socket.recv(self.HEADER_LENGTH)
+ raw_length = self._recvall(self.HEADER_LENGTH)
length, = struct.unpack("!I", raw_length)
- payload = self.socket.recv(length)
+ payload = self._recvall(length)
return payload
def close(self):
self.socket.shutdown(socket.SHUT_RDWR)
self.socket.close()
+ def _recvall(self, count):
+ """Ensure to read count bytes from the socket"""
+ data = b""
+ while len(data) < count:
+ data += self.socket.recv(count - len(data))
+ return data
+
class Packet(object):
CMD_REQUEST = 0 # Named request message
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
index b87d83d..aceb28a 100644
--- a/src/libcharon/plugins/vici/ruby/Makefile.in
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,7 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/vici/ruby
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -116,12 +126,14 @@ am__can_run_installinfo = \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -316,6 +330,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -360,7 +375,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -455,8 +469,8 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
- at RUBY_GEMS_INSTALL_FALSE@uninstall-local:
@RUBY_GEMS_INSTALL_FALSE at install-data-local:
+ at RUBY_GEMS_INSTALL_FALSE@uninstall-local:
clean: clean-am
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
@@ -538,6 +552,8 @@ uninstall-am: uninstall-local
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-local
+.PRECIOUS: Makefile
+
vici.gemspec: $(srcdir)/vici.gemspec.in
$(AM_V_GEN) sed \
diff --git a/src/libcharon/plugins/vici/suites/test_socket.c b/src/libcharon/plugins/vici/suites/test_socket.c
index 8d545c6..d0c0fa7 100644
--- a/src/libcharon/plugins/vici/suites/test_socket.c
+++ b/src/libcharon/plugins/vici/suites/test_socket.c
@@ -32,7 +32,7 @@ static void echo_inbound(void *user, u_int id, chunk_t buf)
ck_assert_int_eq(data->id, id);
/* count number of bytes, including the header */
- data->bytes += buf.len + sizeof(u_int32_t);
+ data->bytes += buf.len + sizeof(uint32_t);
/* echo back data chunk */
data->s->send(data->s, id, chunk_clone(buf));
}
@@ -81,7 +81,7 @@ START_TEST(test_echo)
0x00,0x00,0x00,0x0A, 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x02A,
);
char buf[m.len];
- u_int32_t len;
+ uint32_t len;
lib->processor->set_threads(lib->processor, 4);
diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c
index 9064d3d..e0d9b4a 100644
--- a/src/libcharon/plugins/vici/vici_attribute.c
+++ b/src/libcharon/plugins/vici/vici_attribute.c
@@ -233,7 +233,7 @@ static bool have_vips_from_pool(mem_pool_t *pool, linked_list_t *vips)
enumerator_t *enumerator;
host_t *host;
chunk_t start, end, current;
- u_int32_t size;
+ uint32_t size;
bool found = FALSE;
host = pool->get_base(pool);
@@ -477,10 +477,10 @@ CALLBACK(pool_li, bool,
{
if (host->get_family(host) == AF_INET)
{ /* IPv4 attributes contain a subnet mask */
- u_int32_t netmask = 0;
+ uint32_t netmask = 0;
if (mask)
- { /* shifting u_int32_t by 32 or more is undefined */
+ { /* shifting uint32_t by 32 or more is undefined */
mask = 32 - mask;
netmask = htonl((0xFFFFFFFF >> mask) << mask);
}
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 6ebbedc..d919e1d 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -57,22 +57,32 @@
/**
* Magic value for an undefined lifetime
*/
-#define LFT_UNDEFINED (~(u_int64_t)0)
+#define LFT_UNDEFINED (~(uint64_t)0)
/**
* Default IKE rekey time
*/
-#define LFT_DEFAULT_IKE_REKEY (4 * 60 * 60)
+#define LFT_DEFAULT_IKE_REKEY_TIME (4 * 60 * 60)
/**
* Default CHILD rekey time
*/
-#define LFT_DEFAULT_CHILD_REKEY (1 * 60 * 60)
+#define LFT_DEFAULT_CHILD_REKEY_TIME (1 * 60 * 60)
+
+/**
+ * Default CHILD rekey bytes
+ */
+#define LFT_DEFAULT_CHILD_REKEY_BYTES 0
+
+/**
+ * Default CHILD rekey packets
+ */
+#define LFT_DEFAULT_CHILD_REKEY_PACKETS 0
/**
* Undefined replay window
*/
-#define REPLAY_UNDEFINED (~(u_int32_t)0)
+#define REPLAY_UNDEFINED (~(uint32_t)0)
typedef struct private_vici_config_t private_vici_config_t;
@@ -242,7 +252,7 @@ typedef struct {
typedef struct {
request_data_t *request;
auth_cfg_t *cfg;
- u_int32_t round;
+ uint32_t round;
} auth_data_t;
/**
@@ -259,20 +269,20 @@ static void free_auth_data(auth_data_t *data)
*/
typedef struct {
request_data_t *request;
- u_int32_t version;
+ uint32_t version;
bool aggressive;
bool encap;
bool mobike;
bool send_certreq;
bool pull;
cert_policy_t send_cert;
- u_int64_t dpd_delay;
- u_int64_t dpd_timeout;
+ uint64_t dpd_delay;
+ uint64_t dpd_timeout;
fragmentation_t fragmentation;
unique_policy_t unique;
- u_int32_t keyingtries;
- u_int32_t local_port;
- u_int32_t remote_port;
+ uint32_t keyingtries;
+ uint32_t local_port;
+ uint32_t remote_port;
char *local_addrs;
char *remote_addrs;
linked_list_t *local;
@@ -281,10 +291,10 @@ typedef struct {
linked_list_t *children;
linked_list_t *vips;
char *pools;
- u_int64_t reauth_time;
- u_int64_t rekey_time;
- u_int64_t over_time;
- u_int64_t rand_time;
+ uint64_t reauth_time;
+ uint64_t rekey_time;
+ uint64_t over_time;
+ uint64_t rand_time;
} peer_data_t;
/**
@@ -422,24 +432,12 @@ static void free_peer_data(peer_data_t *data)
*/
typedef struct {
request_data_t *request;
- lifetime_cfg_t lft;
- char* updown;
- bool hostaccess;
- bool ipcomp;
- bool policies;
- ipsec_mode_t mode;
- u_int32_t replay_window;
- action_t dpd_action;
- action_t start_action;
- action_t close_action;
- u_int32_t reqid;
- u_int32_t tfc;
- mark_t mark_in;
- mark_t mark_out;
- u_int64_t inactivity;
linked_list_t *proposals;
linked_list_t *local_ts;
linked_list_t *remote_ts;
+ uint32_t replay_window;
+ bool policies;
+ child_cfg_create_t cfg;
} child_data_t;
/**
@@ -447,35 +445,39 @@ typedef struct {
*/
static void log_child_data(child_data_t *data, char *name)
{
+ child_cfg_create_t *cfg = &data->cfg;
+
DBG2(DBG_CFG, " child %s:", name);
- DBG2(DBG_CFG, " rekey_time = %llu", data->lft.time.rekey);
- DBG2(DBG_CFG, " life_time = %llu", data->lft.time.life);
- DBG2(DBG_CFG, " rand_time = %llu", data->lft.time.jitter);
- DBG2(DBG_CFG, " rekey_bytes = %llu", data->lft.bytes.rekey);
- DBG2(DBG_CFG, " life_bytes = %llu", data->lft.bytes.life);
- DBG2(DBG_CFG, " rand_bytes = %llu", data->lft.bytes.jitter);
- DBG2(DBG_CFG, " rekey_packets = %llu", data->lft.packets.rekey);
- DBG2(DBG_CFG, " life_packets = %llu", data->lft.packets.life);
- DBG2(DBG_CFG, " rand_packets = %llu", data->lft.packets.jitter);
- DBG2(DBG_CFG, " updown = %s", data->updown);
- DBG2(DBG_CFG, " hostaccess = %u", data->hostaccess);
- DBG2(DBG_CFG, " ipcomp = %u", data->ipcomp);
- DBG2(DBG_CFG, " mode = %N", ipsec_mode_names, data->mode);
+ DBG2(DBG_CFG, " rekey_time = %llu", cfg->lifetime.time.rekey);
+ DBG2(DBG_CFG, " life_time = %llu", cfg->lifetime.time.life);
+ DBG2(DBG_CFG, " rand_time = %llu", cfg->lifetime.time.jitter);
+ DBG2(DBG_CFG, " rekey_bytes = %llu", cfg->lifetime.bytes.rekey);
+ DBG2(DBG_CFG, " life_bytes = %llu", cfg->lifetime.bytes.life);
+ DBG2(DBG_CFG, " rand_bytes = %llu", cfg->lifetime.bytes.jitter);
+ DBG2(DBG_CFG, " rekey_packets = %llu", cfg->lifetime.packets.rekey);
+ DBG2(DBG_CFG, " life_packets = %llu", cfg->lifetime.packets.life);
+ DBG2(DBG_CFG, " rand_packets = %llu", cfg->lifetime.packets.jitter);
+ DBG2(DBG_CFG, " updown = %s", cfg->updown);
+ DBG2(DBG_CFG, " hostaccess = %u", cfg->hostaccess);
+ DBG2(DBG_CFG, " ipcomp = %u", cfg->ipcomp);
+ DBG2(DBG_CFG, " mode = %N", ipsec_mode_names, cfg->mode);
DBG2(DBG_CFG, " policies = %u", data->policies);
if (data->replay_window != REPLAY_UNDEFINED)
{
DBG2(DBG_CFG, " replay_window = %u", data->replay_window);
}
- DBG2(DBG_CFG, " dpd_action = %N", action_names, data->dpd_action);
- DBG2(DBG_CFG, " start_action = %N", action_names, data->start_action);
- DBG2(DBG_CFG, " close_action = %N", action_names, data->close_action);
- DBG2(DBG_CFG, " reqid = %u", data->reqid);
- DBG2(DBG_CFG, " tfc = %d", data->tfc);
+ DBG2(DBG_CFG, " dpd_action = %N", action_names, cfg->dpd_action);
+ DBG2(DBG_CFG, " start_action = %N", action_names, cfg->start_action);
+ DBG2(DBG_CFG, " close_action = %N", action_names, cfg->close_action);
+ DBG2(DBG_CFG, " reqid = %u", cfg->reqid);
+ DBG2(DBG_CFG, " tfc = %d", cfg->tfc);
+ DBG2(DBG_CFG, " priority = %d", cfg->priority);
+ DBG2(DBG_CFG, " interface = %s", cfg->interface);
DBG2(DBG_CFG, " mark_in = %u/%u",
- data->mark_in.value, data->mark_in.mask);
+ cfg->mark_in.value, cfg->mark_in.mask);
DBG2(DBG_CFG, " mark_out = %u/%u",
- data->mark_out.value, data->mark_out.mask);
- DBG2(DBG_CFG, " inactivity = %llu", data->inactivity);
+ cfg->mark_out.value, cfg->mark_out.mask);
+ DBG2(DBG_CFG, " inactivity = %llu", cfg->inactivity);
DBG2(DBG_CFG, " proposals = %#P", data->proposals);
DBG2(DBG_CFG, " local_ts = %#R", data->local_ts);
DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts);
@@ -492,7 +494,8 @@ static void free_child_data(child_data_t *data)
offsetof(traffic_selector_t, destroy));
data->remote_ts->destroy_offset(data->remote_ts,
offsetof(traffic_selector_t, destroy));
- free(data->updown);
+ free(data->cfg.updown);
+ free(data->cfg.interface);
}
/**
@@ -568,8 +571,8 @@ CALLBACK(parse_ts, bool,
struct protoent *protoent;
struct servent *svc;
long int p;
- u_int16_t from = 0, to = 0xffff;
- u_int8_t proto = 0;
+ uint16_t from = 0, to = 0xffff;
+ uint8_t proto = 0;
if (!vici_stringify(v, buf, sizeof(buf)))
{
@@ -613,7 +616,7 @@ CALLBACK(parse_ts, bool,
{
return FALSE;
}
- proto = (u_int8_t)p;
+ proto = (uint8_t)p;
}
}
if (streq(port, "opaque"))
@@ -809,10 +812,10 @@ CALLBACK(parse_action, bool,
}
/**
- * Parse a u_int32_t
+ * Parse a uint32_t
*/
CALLBACK(parse_uint32, bool,
- u_int32_t *out, chunk_t v)
+ uint32_t *out, chunk_t v)
{
char buf[16], *end;
u_long l;
@@ -831,10 +834,10 @@ CALLBACK(parse_uint32, bool,
}
/**
- * Parse a u_int64_t
+ * Parse a uint64_t
*/
CALLBACK(parse_uint64, bool,
- u_int64_t *out, chunk_t v)
+ uint64_t *out, chunk_t v)
{
char buf[16], *end;
unsigned long long l;
@@ -856,7 +859,7 @@ CALLBACK(parse_uint64, bool,
* Parse a relative time
*/
CALLBACK(parse_time, bool,
- u_int64_t *out, chunk_t v)
+ uint64_t *out, chunk_t v)
{
char buf[16], *end;
u_long l;
@@ -906,7 +909,7 @@ CALLBACK(parse_time, bool,
* Parse byte volume
*/
CALLBACK(parse_bytes, bool,
- u_int64_t *out, chunk_t v)
+ uint64_t *out, chunk_t v)
{
char buf[16], *end;
unsigned long long l;
@@ -968,7 +971,7 @@ CALLBACK(parse_mark, bool,
* Parse TFC padding option
*/
CALLBACK(parse_tfc, bool,
- u_int32_t *out, chunk_t v)
+ uint32_t *out, chunk_t v)
{
if (chunk_equals(v, chunk_from_str("mtu")))
{
@@ -1327,29 +1330,31 @@ CALLBACK(child_kv, bool,
child_data_t *child, vici_message_t *message, char *name, chunk_t value)
{
parse_rule_t rules[] = {
- { "updown", parse_string, &child->updown },
- { "hostaccess", parse_bool, &child->hostaccess },
- { "mode", parse_mode, &child->mode },
- { "policies", parse_bool, &child->policies },
- { "replay_window", parse_uint32, &child->replay_window },
- { "rekey_time", parse_time, &child->lft.time.rekey },
- { "life_time", parse_time, &child->lft.time.life },
- { "rand_time", parse_time, &child->lft.time.jitter },
- { "rekey_bytes", parse_bytes, &child->lft.bytes.rekey },
- { "life_bytes", parse_bytes, &child->lft.bytes.life },
- { "rand_bytes", parse_bytes, &child->lft.bytes.jitter },
- { "rekey_packets", parse_uint64, &child->lft.packets.rekey },
- { "life_packets", parse_uint64, &child->lft.packets.life },
- { "rand_packets", parse_uint64, &child->lft.packets.jitter },
- { "dpd_action", parse_action, &child->dpd_action },
- { "start_action", parse_action, &child->start_action },
- { "close_action", parse_action, &child->close_action },
- { "ipcomp", parse_bool, &child->ipcomp },
- { "inactivity", parse_time, &child->inactivity },
- { "reqid", parse_uint32, &child->reqid },
- { "mark_in", parse_mark, &child->mark_in },
- { "mark_out", parse_mark, &child->mark_out },
- { "tfc_padding", parse_tfc, &child->tfc },
+ { "updown", parse_string, &child->cfg.updown },
+ { "hostaccess", parse_bool, &child->cfg.hostaccess },
+ { "mode", parse_mode, &child->cfg.mode },
+ { "policies", parse_bool, &child->policies },
+ { "replay_window", parse_uint32, &child->replay_window },
+ { "rekey_time", parse_time, &child->cfg.lifetime.time.rekey },
+ { "life_time", parse_time, &child->cfg.lifetime.time.life },
+ { "rand_time", parse_time, &child->cfg.lifetime.time.jitter },
+ { "rekey_bytes", parse_bytes, &child->cfg.lifetime.bytes.rekey },
+ { "life_bytes", parse_bytes, &child->cfg.lifetime.bytes.life },
+ { "rand_bytes", parse_bytes, &child->cfg.lifetime.bytes.jitter },
+ { "rekey_packets", parse_uint64, &child->cfg.lifetime.packets.rekey },
+ { "life_packets", parse_uint64, &child->cfg.lifetime.packets.life },
+ { "rand_packets", parse_uint64, &child->cfg.lifetime.packets.jitter },
+ { "dpd_action", parse_action, &child->cfg.dpd_action },
+ { "start_action", parse_action, &child->cfg.start_action },
+ { "close_action", parse_action, &child->cfg.close_action },
+ { "ipcomp", parse_bool, &child->cfg.ipcomp },
+ { "inactivity", parse_time, &child->cfg.inactivity },
+ { "reqid", parse_uint32, &child->cfg.reqid },
+ { "mark_in", parse_mark, &child->cfg.mark_in },
+ { "mark_out", parse_mark, &child->cfg.mark_out },
+ { "tfc_padding", parse_tfc, &child->cfg.tfc },
+ { "priority", parse_uint32, &child->cfg.priority },
+ { "interface", parse_string, &child->cfg.interface },
};
return parse_rules(rules, countof(rules), name, value,
@@ -1430,6 +1435,42 @@ CALLBACK(peer_kv, bool,
&peer->request->reply);
}
+/**
+ * Check and update lifetimes
+ */
+static void check_lifetimes(lifetime_cfg_t *lft)
+{
+ /* if no hard lifetime specified, add one at soft lifetime + 10% */
+ if (lft->time.life == LFT_UNDEFINED)
+ {
+ lft->time.life = lft->time.rekey * 110 / 100;
+ }
+ if (lft->bytes.life == LFT_UNDEFINED)
+ {
+ lft->bytes.life = lft->bytes.rekey * 110 / 100;
+ }
+ if (lft->packets.life == LFT_UNDEFINED)
+ {
+ lft->packets.life = lft->packets.rekey * 110 / 100;
+ }
+ /* if no rand time defined, use difference of hard and soft */
+ if (lft->time.jitter == LFT_UNDEFINED)
+ {
+ lft->time.jitter = lft->time.life -
+ min(lft->time.life, lft->time.rekey);
+ }
+ if (lft->bytes.jitter == LFT_UNDEFINED)
+ {
+ lft->bytes.jitter = lft->bytes.life -
+ min(lft->bytes.life, lft->bytes.rekey);
+ }
+ if (lft->packets.jitter == LFT_UNDEFINED)
+ {
+ lft->packets.jitter = lft->packets.life -
+ min(lft->packets.life, lft->packets.rekey);
+ }
+}
+
CALLBACK(children_sn, bool,
peer_data_t *peer, vici_message_t *message, vici_parse_context_t *ctx,
char *name)
@@ -1439,29 +1480,28 @@ CALLBACK(children_sn, bool,
.proposals = linked_list_create(),
.local_ts = linked_list_create(),
.remote_ts = linked_list_create(),
- .mode = MODE_TUNNEL,
.policies = TRUE,
.replay_window = REPLAY_UNDEFINED,
- .dpd_action = ACTION_NONE,
- .start_action = ACTION_NONE,
- .close_action = ACTION_NONE,
- .lft = {
- .time = {
- .rekey = LFT_DEFAULT_CHILD_REKEY,
- .life = LFT_UNDEFINED,
- .jitter = LFT_UNDEFINED,
- },
- .bytes = {
- .rekey = LFT_UNDEFINED,
- .life = LFT_UNDEFINED,
- .jitter = LFT_UNDEFINED,
+ .cfg = {
+ .mode = MODE_TUNNEL,
+ .lifetime = {
+ .time = {
+ .rekey = LFT_DEFAULT_CHILD_REKEY_TIME,
+ .life = LFT_UNDEFINED,
+ .jitter = LFT_UNDEFINED,
+ },
+ .bytes = {
+ .rekey = LFT_DEFAULT_CHILD_REKEY_BYTES,
+ .life = LFT_UNDEFINED,
+ .jitter = LFT_UNDEFINED,
+ },
+ .packets = {
+ .rekey = LFT_DEFAULT_CHILD_REKEY_PACKETS,
+ .life = LFT_UNDEFINED,
+ .jitter = LFT_UNDEFINED,
+ },
},
- .packets = {
- .rekey = LFT_UNDEFINED,
- .life = LFT_UNDEFINED,
- .jitter = LFT_UNDEFINED,
- },
- }
+ },
};
child_cfg_t *cfg;
proposal_t *proposal;
@@ -1496,55 +1536,13 @@ CALLBACK(children_sn, bool,
child.proposals->insert_last(child.proposals, proposal);
}
}
+ child.cfg.suppress_policies = !child.policies;
- /* if no hard lifetime specified, add one at soft lifetime + 10% */
- if (child.lft.time.life == LFT_UNDEFINED)
- {
- child.lft.time.life = child.lft.time.rekey * 110 / 100;
- }
- if (child.lft.bytes.life == LFT_UNDEFINED)
- {
- child.lft.bytes.life = child.lft.bytes.rekey * 110 / 100;
- }
- if (child.lft.packets.life == LFT_UNDEFINED)
- {
- child.lft.packets.life = child.lft.packets.rekey * 110 / 100;
- }
- /* if no soft lifetime specified, add one at hard lifetime - 10% */
- if (child.lft.bytes.rekey == LFT_UNDEFINED)
- {
- child.lft.bytes.rekey = child.lft.bytes.life * 90 / 100;
- }
- if (child.lft.packets.rekey == LFT_UNDEFINED)
- {
- child.lft.packets.rekey = child.lft.packets.life * 90 / 100;
- }
- /* if no rand time defined, use difference of hard and soft */
- if (child.lft.time.jitter == LFT_UNDEFINED)
- {
- child.lft.time.jitter = child.lft.time.life -
- min(child.lft.time.life, child.lft.time.rekey);
- }
- if (child.lft.bytes.jitter == LFT_UNDEFINED)
- {
- child.lft.bytes.jitter = child.lft.bytes.life -
- min(child.lft.bytes.life, child.lft.bytes.rekey);
- }
- if (child.lft.packets.jitter == LFT_UNDEFINED)
- {
- child.lft.packets.jitter = child.lft.packets.life -
- min(child.lft.packets.life, child.lft.packets.rekey);
- }
+ check_lifetimes(&child.cfg.lifetime);
log_child_data(&child, name);
- cfg = child_cfg_create(name, &child.lft, child.updown,
- child.hostaccess, child.mode, child.start_action,
- child.dpd_action, child.close_action, child.ipcomp,
- child.inactivity, child.reqid, &child.mark_in,
- &child.mark_out, child.tfc);
-
- cfg->set_mipv6_options(cfg, FALSE, child.policies);
+ cfg = child_cfg_create(name, &child.cfg);
if (child.replay_window != REPLAY_UNDEFINED)
{
@@ -1649,12 +1647,12 @@ CALLBACK(peer_sn, bool,
/**
* Find reqid of an existing CHILD_SA
*/
-static u_int32_t find_reqid(child_cfg_t *cfg)
+static uint32_t find_reqid(child_cfg_t *cfg)
{
enumerator_t *enumerator, *children;
child_sa_t *child_sa;
ike_sa_t *ike_sa;
- u_int32_t reqid;
+ uint32_t reqid;
reqid = charon->traps->find_reqid(charon->traps, cfg);
if (reqid)
@@ -1723,7 +1721,7 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
enumerator_t *enumerator, *children;
child_sa_t *child_sa;
ike_sa_t *ike_sa;
- u_int32_t id = 0, others;
+ uint32_t id = 0, others;
array_t *ids = NULL, *ikeids = NULL;
char *name;
@@ -1987,6 +1985,7 @@ CALLBACK(config_sn, bool,
.rand_time = LFT_UNDEFINED,
};
enumerator_t *enumerator;
+ peer_cfg_create_t cfg;
peer_cfg_t *peer_cfg;
ike_cfg_t *ike_cfg;
child_cfg_t *child_cfg;
@@ -2046,7 +2045,7 @@ CALLBACK(config_sn, bool,
if (peer.rekey_time == LFT_UNDEFINED && peer.reauth_time == LFT_UNDEFINED)
{
/* apply a default rekey time if no rekey/reauth time set */
- peer.rekey_time = LFT_DEFAULT_IKE_REKEY;
+ peer.rekey_time = LFT_DEFAULT_IKE_REKEY_TIME;
peer.reauth_time = 0;
}
if (peer.rekey_time == LFT_UNDEFINED)
@@ -2083,12 +2082,22 @@ CALLBACK(config_sn, bool,
peer.local_addrs, peer.local_port,
peer.remote_addrs, peer.remote_port,
peer.fragmentation, 0);
- peer_cfg = peer_cfg_create(name, ike_cfg, peer.send_cert, peer.unique,
- peer.keyingtries, peer.rekey_time, peer.reauth_time,
- peer.rand_time, peer.over_time, peer.mobike,
- peer.aggressive, peer.pull,
- peer.dpd_delay, peer.dpd_timeout,
- FALSE, NULL, NULL);
+
+ cfg = (peer_cfg_create_t){
+ .cert_policy = peer.send_cert,
+ .unique = peer.unique,
+ .keyingtries = peer.keyingtries,
+ .rekey_time = peer.rekey_time,
+ .reauth_time = peer.reauth_time,
+ .jitter_time = peer.rand_time,
+ .over_time = peer.over_time,
+ .no_mobike = !peer.mobike,
+ .aggressive = peer.aggressive,
+ .push_mode = !peer.pull,
+ .dpd = peer.dpd_delay,
+ .dpd_timeout = peer.dpd_timeout,
+ };
+ peer_cfg = peer_cfg_create(name, ike_cfg, &cfg);
while (peer.local->remove_first(peer.local,
(void**)&auth) == SUCCESS)
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index c526d2f..4400381 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -507,12 +507,12 @@ CALLBACK(redirect, vici_message_t*,
/**
* Find reqid of an existing CHILD_SA
*/
-static u_int32_t find_reqid(child_cfg_t *cfg)
+static uint32_t find_reqid(child_cfg_t *cfg)
{
enumerator_t *enumerator, *children;
child_sa_t *child_sa;
ike_sa_t *ike_sa;
- u_int32_t reqid;
+ uint32_t reqid;
reqid = charon->traps->find_reqid(charon->traps, cfg);
if (reqid)
@@ -583,7 +583,7 @@ CALLBACK(uninstall, vici_message_t*,
{
child_sa_t *child_sa;
enumerator_t *enumerator;
- u_int32_t reqid = 0;
+ uint32_t reqid = 0;
char *child;
child = request->get_str(request, NULL, "child");
diff --git a/src/libcharon/plugins/vici/vici_dispatcher.c b/src/libcharon/plugins/vici/vici_dispatcher.c
index 31292d6..ffe0d61 100644
--- a/src/libcharon/plugins/vici/vici_dispatcher.c
+++ b/src/libcharon/plugins/vici/vici_dispatcher.c
@@ -119,10 +119,10 @@ static void send_op(private_vici_dispatcher_t *this, u_int id,
bio_writer_t *writer;
u_int len;
- len = sizeof(u_int8_t);
+ len = sizeof(uint8_t);
if (name)
{
- len += sizeof(u_int8_t) + strlen(name);
+ len += sizeof(uint8_t) + strlen(name);
}
if (message)
{
@@ -308,7 +308,7 @@ CALLBACK(inbound, void,
{
bio_reader_t *reader;
chunk_t chunk;
- u_int8_t type;
+ uint8_t type;
char name[257];
reader = bio_reader_create(data);
diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c
index fb6e8a1..58b8967 100644
--- a/src/libcharon/plugins/vici/vici_message.c
+++ b/src/libcharon/plugins/vici/vici_message.c
@@ -137,7 +137,7 @@ typedef struct {
METHOD(enumerator_t, parse_enumerate, bool,
parse_enumerator_t *this, vici_type_t *out, char **name, chunk_t *value)
{
- u_int8_t type;
+ uint8_t type;
chunk_t data;
if (!this->reader->remaining(this->reader) ||
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 284c23e..04cea00 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -86,8 +86,8 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b,
child_sa_t *child, time_t now)
{
time_t t;
- u_int64_t bytes, packets;
- u_int16_t alg, ks;
+ uint64_t bytes, packets;
+ uint16_t alg, ks;
proposal_t *proposal;
enumerator_t *enumerator;
traffic_selector_t *ts;
@@ -152,7 +152,7 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b,
b->add_kv(b, "packets-in", "%" PRIu64, packets);
if (t)
{
- b->add_kv(b, "use-in", "%"PRIu64, (u_int64_t)(now - t));
+ b->add_kv(b, "use-in", "%"PRIu64, (uint64_t)(now - t));
}
child->get_usestats(child, FALSE, &t, &bytes, &packets);
@@ -160,7 +160,7 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b,
b->add_kv(b, "packets-out", "%"PRIu64, packets);
if (t)
{
- b->add_kv(b, "use-out", "%"PRIu64, (u_int64_t)(now - t));
+ b->add_kv(b, "use-out", "%"PRIu64, (uint64_t)(now - t));
}
t = child->get_lifetime(child, FALSE);
@@ -272,7 +272,7 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
ike_sa_id_t *id;
identification_t *eap;
proposal_t *proposal;
- u_int16_t alg, ks;
+ uint16_t alg, ks;
host_t *host;
b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa));
@@ -682,9 +682,11 @@ CALLBACK(list_conns, vici_message_t*,
peer_cfg_t *peer_cfg;
ike_cfg_t *ike_cfg;
child_cfg_t *child_cfg;
- char *ike, *str;
+ char *ike, *str, *interface;
+ uint32_t manual_prio;
linked_list_t *list;
traffic_selector_t *ts;
+ lifetime_cfg_t *lft;
vici_builder_t *b;
ike = request->get_str(request, NULL, "ike");
@@ -725,6 +727,10 @@ CALLBACK(list_conns, vici_message_t*,
b->add_kv(b, "version", "%N", ike_version_names,
peer_cfg->get_ike_version(peer_cfg));
+ b->add_kv(b, "reauth_time", "%u",
+ peer_cfg->get_reauth_time(peer_cfg, FALSE));
+ b->add_kv(b, "rekey_time", "%u",
+ peer_cfg->get_rekey_time(peer_cfg, FALSE));
build_auth_cfgs(peer_cfg, TRUE, b);
build_auth_cfgs(peer_cfg, FALSE, b);
@@ -739,6 +745,12 @@ CALLBACK(list_conns, vici_message_t*,
b->add_kv(b, "mode", "%N", ipsec_mode_names,
child_cfg->get_mode(child_cfg));
+ lft = child_cfg->get_lifetime(child_cfg, FALSE);
+ b->add_kv(b, "rekey_time", "%"PRIu64, lft->time.rekey);
+ b->add_kv(b, "rekey_bytes", "%"PRIu64, lft->bytes.rekey);
+ b->add_kv(b, "rekey_packets", "%"PRIu64, lft->packets.rekey);
+ free(lft);
+
b->begin_list(b, "local-ts");
list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
selectors = list->create_enumerator(list);
@@ -761,6 +773,18 @@ CALLBACK(list_conns, vici_message_t*,
list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
b->end_list(b /* remote-ts */);
+ interface = child_cfg->get_interface(child_cfg);
+ if (interface)
+ {
+ b->add_kv(b, "interface", "%s", interface);
+ }
+
+ manual_prio = child_cfg->get_manual_prio(child_cfg);
+ if (manual_prio)
+ {
+ b->add_kv(b, "priority", "%u", manual_prio);
+ }
+
b->end_section(b);
}
children->destroy(children);
diff --git a/src/libcharon/plugins/vici/vici_socket.c b/src/libcharon/plugins/vici/vici_socket.c
index 67fd7e8..2a55fd0 100644
--- a/src/libcharon/plugins/vici/vici_socket.c
+++ b/src/libcharon/plugins/vici/vici_socket.c
@@ -95,11 +95,11 @@ typedef struct {
/** bytes of length header sent/received */
u_char hdrlen;
/** bytes of length header */
- char hdr[sizeof(u_int32_t)];
+ char hdr[sizeof(uint32_t)];
/** send/receive buffer on heap */
chunk_t buf;
/** bytes sent/received in buffer */
- u_int32_t done;
+ uint32_t done;
} msg_buf_t;
/**
@@ -411,7 +411,7 @@ CALLBACK(on_write, bool,
static bool do_read(private_vici_socket_t *this, entry_t *entry,
stream_t *stream, char *errmsg, size_t errlen)
{
- u_int32_t msglen;
+ uint32_t msglen;
ssize_t len;
/* assemble the length header first */
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index 549ef6b..47fcf91 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = whitelist$(EXEEXT)
subdir = src/libcharon/plugins/whitelist
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -210,12 +219,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -265,6 +276,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -299,6 +311,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -410,6 +423,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -470,7 +484,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/whitelist/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/whitelist/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -840,6 +853,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index 6992df8..0e88f8e 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/xauth_eap
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_eap/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/xauth_eap/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/xauth_eap/xauth_eap.c b/src/libcharon/plugins/xauth_eap/xauth_eap.c
index f21d026..9e103be 100644
--- a/src/libcharon/plugins/xauth_eap/xauth_eap.c
+++ b/src/libcharon/plugins/xauth_eap/xauth_eap.c
@@ -113,7 +113,7 @@ static bool verify_eap(private_xauth_eap_t *this, eap_method_t *backend)
eap_payload_t *request, *response;
eap_method_t *frontend;
eap_type_t type;
- u_int32_t vendor;
+ uint32_t vendor;
status_t status;
if (backend->initiate(backend, &request) != NEED_MORE)
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index 057a734..e20b46f 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/xauth_generic
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_generic/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/xauth_generic/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index 6b0104e..b8adbbf 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/xauth_noauth
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_noauth/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/xauth_noauth/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index ae6a4d0..79c4666 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/xauth_pam
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_pam/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/xauth_pam/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c
index 207f534..cd4a4ca 100644
--- a/src/libcharon/processing/jobs/acquire_job.c
+++ b/src/libcharon/processing/jobs/acquire_job.c
@@ -32,7 +32,7 @@ struct private_acquire_job_t {
/**
* reqid of the child to rekey
*/
- u_int32_t reqid;
+ uint32_t reqid;
/**
* acquired source traffic selector
@@ -70,7 +70,7 @@ METHOD(job_t, get_priority, job_priority_t,
/*
* Described in header
*/
-acquire_job_t *acquire_job_create(u_int32_t reqid,
+acquire_job_t *acquire_job_create(uint32_t reqid,
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts)
{
diff --git a/src/libcharon/processing/jobs/acquire_job.h b/src/libcharon/processing/jobs/acquire_job.h
index 2b5bf48..4d31f05 100644
--- a/src/libcharon/processing/jobs/acquire_job.h
+++ b/src/libcharon/processing/jobs/acquire_job.h
@@ -47,7 +47,7 @@ struct acquire_job_t {
* @param dst_ts destination traffic selector
* @return acquire_job_t object
*/
-acquire_job_t *acquire_job_create(u_int32_t reqid,
+acquire_job_t *acquire_job_create(uint32_t reqid,
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts);
diff --git a/src/libcharon/processing/jobs/adopt_children_job.c b/src/libcharon/processing/jobs/adopt_children_job.c
index c396890..ff8e78b 100644
--- a/src/libcharon/processing/jobs/adopt_children_job.c
+++ b/src/libcharon/processing/jobs/adopt_children_job.c
@@ -64,7 +64,7 @@ METHOD(job_t, execute, job_requeue_t,
ike_sa_id_t *id;
ike_sa_t *ike_sa;
child_sa_t *child_sa;
- u_int32_t unique;
+ uint32_t unique;
ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->id);
if (ike_sa)
diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.c b/src/libcharon/processing/jobs/delete_child_sa_job.c
index 0d85883..70dbc1b 100644
--- a/src/libcharon/processing/jobs/delete_child_sa_job.c
+++ b/src/libcharon/processing/jobs/delete_child_sa_job.c
@@ -38,7 +38,7 @@ struct private_delete_child_sa_job_t {
/**
* inbound SPI of the CHILD_SA
*/
- u_int32_t spi;
+ uint32_t spi;
/**
* SA destination address
@@ -89,7 +89,7 @@ METHOD(job_t, get_priority, job_priority_t,
* Described in header
*/
delete_child_sa_job_t *delete_child_sa_job_create(protocol_id_t protocol,
- u_int32_t spi, host_t *dst, bool expired)
+ uint32_t spi, host_t *dst, bool expired)
{
private_delete_child_sa_job_t *this;
diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.h b/src/libcharon/processing/jobs/delete_child_sa_job.h
index 6fa5364..349f5de 100644
--- a/src/libcharon/processing/jobs/delete_child_sa_job.h
+++ b/src/libcharon/processing/jobs/delete_child_sa_job.h
@@ -51,6 +51,6 @@ struct delete_child_sa_job_t {
* @return delete_child_sa_job_t object
*/
delete_child_sa_job_t *delete_child_sa_job_create(protocol_id_t protocol,
- u_int32_t spi, host_t *dst, bool expired);
+ uint32_t spi, host_t *dst, bool expired);
#endif /** DELETE_CHILD_SA_JOB_H_ @}*/
diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c
index f0f90ee..bf16e51 100644
--- a/src/libcharon/processing/jobs/inactivity_job.c
+++ b/src/libcharon/processing/jobs/inactivity_job.c
@@ -32,12 +32,12 @@ struct private_inactivity_job_t {
/**
* Unique CHILD_SA identifier to check
*/
- u_int32_t id;
+ uint32_t id;
/**
* Inactivity timeout
*/
- u_int32_t timeout;
+ uint32_t timeout;
/**
* Close IKE_SA if last remaining CHILD inactive?
@@ -55,7 +55,7 @@ METHOD(job_t, execute, job_requeue_t,
private_inactivity_job_t *this)
{
ike_sa_t *ike_sa;
- u_int32_t reschedule = 0;
+ uint32_t reschedule = 0;
ike_sa = charon->child_sa_manager->checkout_by_id(charon->child_sa_manager,
this->id, NULL);
@@ -63,7 +63,7 @@ METHOD(job_t, execute, job_requeue_t,
{
enumerator_t *enumerator;
child_sa_t *child_sa;
- u_int32_t delete = 0;
+ uint32_t delete = 0;
protocol_id_t proto = 0;
int children = 0;
status_t status = SUCCESS;
@@ -136,7 +136,7 @@ METHOD(job_t, get_priority, job_priority_t,
/**
* See header
*/
-inactivity_job_t *inactivity_job_create(u_int32_t unique_id, u_int32_t timeout,
+inactivity_job_t *inactivity_job_create(uint32_t unique_id, uint32_t timeout,
bool close_ike)
{
private_inactivity_job_t *this;
diff --git a/src/libcharon/processing/jobs/inactivity_job.h b/src/libcharon/processing/jobs/inactivity_job.h
index ff19fe5..240782f 100644
--- a/src/libcharon/processing/jobs/inactivity_job.h
+++ b/src/libcharon/processing/jobs/inactivity_job.h
@@ -47,7 +47,7 @@ struct inactivity_job_t {
* @param close_ike close IKE_SA if the last remaining CHILD_SA is inactive?
* @return inactivity checking job
*/
-inactivity_job_t *inactivity_job_create(u_int32_t unique_id, u_int32_t timeout,
+inactivity_job_t *inactivity_job_create(uint32_t unique_id, uint32_t timeout,
bool close_ike);
#endif /** INACTIVITY_JOB_H_ @}*/
diff --git a/src/libcharon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c
index 097dbdf..461ba11 100644
--- a/src/libcharon/processing/jobs/migrate_job.c
+++ b/src/libcharon/processing/jobs/migrate_job.c
@@ -34,7 +34,7 @@ struct private_migrate_job_t {
/**
* reqid of the CHILD_SA if it already exists
*/
- u_int32_t reqid;
+ uint32_t reqid;
/**
* source traffic selector
@@ -144,7 +144,7 @@ METHOD(job_t, get_priority, job_priority_t,
/*
* Described in header
*/
-migrate_job_t *migrate_job_create(u_int32_t reqid,
+migrate_job_t *migrate_job_create(uint32_t reqid,
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
policy_dir_t dir,
diff --git a/src/libcharon/processing/jobs/migrate_job.h b/src/libcharon/processing/jobs/migrate_job.h
index 0f2b9aa..140635b 100644
--- a/src/libcharon/processing/jobs/migrate_job.h
+++ b/src/libcharon/processing/jobs/migrate_job.h
@@ -54,7 +54,7 @@ struct migrate_job_t {
* @param remote remote host address to be used in the IKE_SA
* @return migrate_job_t object
*/
-migrate_job_t *migrate_job_create(u_int32_t reqid,
+migrate_job_t *migrate_job_create(uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t dir, host_t *local, host_t *remote);
diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c
index 057876b..d76f4f6 100644
--- a/src/libcharon/processing/jobs/rekey_child_sa_job.c
+++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c
@@ -38,7 +38,7 @@ struct private_rekey_child_sa_job_t {
/**
* inbound SPI of the CHILD_SA
*/
- u_int32_t spi;
+ uint32_t spi;
/**
* SA destination address
@@ -86,7 +86,7 @@ METHOD(job_t, get_priority, job_priority_t,
* Described in header
*/
rekey_child_sa_job_t *rekey_child_sa_job_create(protocol_id_t protocol,
- u_int32_t spi, host_t *dst)
+ uint32_t spi, host_t *dst)
{
private_rekey_child_sa_job_t *this;
diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.h b/src/libcharon/processing/jobs/rekey_child_sa_job.h
index 364bb5a..1de06fd 100644
--- a/src/libcharon/processing/jobs/rekey_child_sa_job.h
+++ b/src/libcharon/processing/jobs/rekey_child_sa_job.h
@@ -49,5 +49,5 @@ struct rekey_child_sa_job_t {
* @return rekey_child_sa_job_t object
*/
rekey_child_sa_job_t *rekey_child_sa_job_create(protocol_id_t protocol,
- u_int32_t spi, host_t *dst);
+ uint32_t spi, host_t *dst);
#endif /** REKEY_CHILD_SA_JOB_H_ @}*/
diff --git a/src/libcharon/processing/jobs/rekey_ike_sa_job.c b/src/libcharon/processing/jobs/rekey_ike_sa_job.c
index 403d826..148db2f 100644
--- a/src/libcharon/processing/jobs/rekey_ike_sa_job.c
+++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.c
@@ -49,11 +49,11 @@ METHOD(job_t, destroy, void,
/**
* Check if we should delay a reauth, and by how many seconds
*/
-static u_int32_t get_retry_delay(ike_sa_t *ike_sa)
+static uint32_t get_retry_delay(ike_sa_t *ike_sa)
{
enumerator_t *enumerator;
child_sa_t *child_sa;
- u_int32_t retry = 0;
+ uint32_t retry = 0;
/* avoid reauth collisions for certain IKE_SA/CHILD_SA states */
if (ike_sa->get_state(ike_sa) != IKE_ESTABLISHED)
@@ -87,7 +87,7 @@ METHOD(job_t, execute, job_requeue_t,
{
ike_sa_t *ike_sa;
status_t status = SUCCESS;
- u_int32_t retry = 0;
+ uint32_t retry = 0;
ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
this->ike_sa_id);
diff --git a/src/libcharon/processing/jobs/retransmit_job.c b/src/libcharon/processing/jobs/retransmit_job.c
index 48c3268..4daa418 100644
--- a/src/libcharon/processing/jobs/retransmit_job.c
+++ b/src/libcharon/processing/jobs/retransmit_job.c
@@ -32,7 +32,7 @@ struct private_retransmit_job_t {
/**
* Message ID of the request to resend.
*/
- u_int32_t message_id;
+ uint32_t message_id;
/**
* ID of the IKE_SA which the message belongs to.
@@ -79,7 +79,7 @@ METHOD(job_t, get_priority, job_priority_t,
/*
* Described in header.
*/
-retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa_id)
+retransmit_job_t *retransmit_job_create(uint32_t message_id,ike_sa_id_t *ike_sa_id)
{
private_retransmit_job_t *this;
diff --git a/src/libcharon/processing/jobs/retransmit_job.h b/src/libcharon/processing/jobs/retransmit_job.h
index c454553..595513c 100644
--- a/src/libcharon/processing/jobs/retransmit_job.h
+++ b/src/libcharon/processing/jobs/retransmit_job.h
@@ -49,7 +49,7 @@ struct retransmit_job_t {
* @param ike_sa_id identification of the ike_sa as ike_sa_id_t
* @return retransmit_job_t object
*/
-retransmit_job_t *retransmit_job_create(u_int32_t message_id,
+retransmit_job_t *retransmit_job_create(uint32_t message_id,
ike_sa_id_t *ike_sa_id);
#endif /** RETRANSMIT_JOB_H_ @}*/
diff --git a/src/libcharon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c
index 862506d..3360b7d 100644
--- a/src/libcharon/processing/jobs/update_sa_job.c
+++ b/src/libcharon/processing/jobs/update_sa_job.c
@@ -41,7 +41,7 @@ struct private_update_sa_job_t {
/**
* SPI of the CHILD_SA
*/
- u_int32_t spi;
+ uint32_t spi;
/**
* Old SA destination address
@@ -92,7 +92,7 @@ METHOD(job_t, get_priority, job_priority_t,
* Described in header
*/
update_sa_job_t *update_sa_job_create(protocol_id_t protocol,
- u_int32_t spi, host_t *dst, host_t *new)
+ uint32_t spi, host_t *dst, host_t *new)
{
private_update_sa_job_t *this;
diff --git a/src/libcharon/processing/jobs/update_sa_job.h b/src/libcharon/processing/jobs/update_sa_job.h
index 9c19f5b..ed978dc 100644
--- a/src/libcharon/processing/jobs/update_sa_job.h
+++ b/src/libcharon/processing/jobs/update_sa_job.h
@@ -49,6 +49,6 @@ struct update_sa_job_t {
* @return update_sa_job_t object
*/
update_sa_job_t *update_sa_job_create(protocol_id_t protocol,
- u_int32_t spi, host_t *dst, host_t *new);
+ uint32_t spi, host_t *dst, host_t *new);
#endif /** UPDATE_SA_JOB_H_ @}*/
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 56b7cb5..8a405d9 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -1,9 +1,10 @@
/*
- * Copyright (C) 2006-2015 Tobias Brunner
+ * Coypright (C) 2016 Andreas Steffen
+ * Copyright (C) 2006-2016 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -63,22 +64,22 @@ struct private_child_sa_t {
/**
* our actually used SPI, 0 if unused
*/
- u_int32_t my_spi;
+ uint32_t my_spi;
/**
* others used SPI, 0 if unused
*/
- u_int32_t other_spi;
+ uint32_t other_spi;
/**
* our Compression Parameter Index (CPI) used, 0 if unused
*/
- u_int16_t my_cpi;
+ uint16_t my_cpi;
/**
* others Compression Parameter Index (CPI) used, 0 if unused
*/
- u_int16_t other_cpi;
+ uint16_t other_cpi;
/**
* Array for local traffic selectors
@@ -98,7 +99,7 @@ struct private_child_sa_t {
/**
* reqid used for this child_sa
*/
- u_int32_t reqid;
+ uint32_t reqid;
/**
* Did we allocate/confirm and must release the reqid?
@@ -113,7 +114,7 @@ struct private_child_sa_t {
/*
* Unique CHILD_SA identifier
*/
- u_int32_t unique_id;
+ uint32_t unique_id;
/**
* inbound mark used for this child_sa
@@ -198,28 +199,28 @@ struct private_child_sa_t {
/**
* last number of inbound bytes
*/
- u_int64_t my_usebytes;
+ uint64_t my_usebytes;
/**
* last number of outbound bytes
*/
- u_int64_t other_usebytes;
+ uint64_t other_usebytes;
/**
* last number of inbound packets
*/
- u_int64_t my_usepackets;
+ uint64_t my_usepackets;
/**
* last number of outbound bytes
*/
- u_int64_t other_usepackets;
+ uint64_t other_usepackets;
};
/**
* convert an IKEv2 specific protocol identifier to the IP protocol identifier.
*/
-static inline u_int8_t proto_ike2ip(protocol_id_t protocol)
+static inline uint8_t proto_ike2ip(protocol_id_t protocol)
{
switch (protocol)
{
@@ -238,13 +239,13 @@ METHOD(child_sa_t, get_name, char*,
return this->config->get_name(this->config);
}
-METHOD(child_sa_t, get_reqid, u_int32_t,
+METHOD(child_sa_t, get_reqid, uint32_t,
private_child_sa_t *this)
{
return this->reqid;
}
-METHOD(child_sa_t, get_unique_id, u_int32_t,
+METHOD(child_sa_t, get_unique_id, uint32_t,
private_child_sa_t *this)
{
return this->unique_id;
@@ -269,13 +270,13 @@ METHOD(child_sa_t, get_state, child_sa_state_t,
return this->state;
}
-METHOD(child_sa_t, get_spi, u_int32_t,
+METHOD(child_sa_t, get_spi, uint32_t,
private_child_sa_t *this, bool inbound)
{
return inbound ? this->my_spi : this->other_spi;
}
-METHOD(child_sa_t, get_cpi, u_int16_t,
+METHOD(child_sa_t, get_cpi, uint16_t,
private_child_sa_t *this, bool inbound)
{
return inbound ? this->my_cpi : this->other_cpi;
@@ -461,17 +462,24 @@ METHOD(child_sa_t, create_policy_enumerator, enumerator_t*,
static status_t update_usebytes(private_child_sa_t *this, bool inbound)
{
status_t status = FAILED;
- u_int64_t bytes, packets;
+ uint64_t bytes, packets;
time_t time;
if (inbound)
{
if (this->my_spi)
{
- status = charon->kernel->query_sa(charon->kernel, this->other_addr,
- this->my_addr, this->my_spi,
- proto_ike2ip(this->protocol), this->mark_in,
- &bytes, &packets, &time);
+ kernel_ipsec_sa_id_t id = {
+ .src = this->other_addr,
+ .dst = this->my_addr,
+ .spi = this->my_spi,
+ .proto = proto_ike2ip(this->protocol),
+ .mark = this->mark_in,
+ };
+ kernel_ipsec_query_sa_t query = {};
+
+ status = charon->kernel->query_sa(charon->kernel, &id, &query,
+ &bytes, &packets, &time);
if (status == SUCCESS)
{
if (bytes > this->my_usebytes)
@@ -492,10 +500,17 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound)
{
if (this->other_spi)
{
- status = charon->kernel->query_sa(charon->kernel, this->my_addr,
- this->other_addr, this->other_spi,
- proto_ike2ip(this->protocol), this->mark_out,
- &bytes, &packets, &time);
+ kernel_ipsec_sa_id_t id = {
+ .src = this->my_addr,
+ .dst = this->other_addr,
+ .spi = this->other_spi,
+ .proto = proto_ike2ip(this->protocol),
+ .mark = this->mark_out,
+ };
+ kernel_ipsec_query_sa_t query = {};
+
+ status = charon->kernel->query_sa(charon->kernel, &id, &query,
+ &bytes, &packets, &time);
if (status == SUCCESS)
{
if (bytes > this->other_usebytes)
@@ -531,15 +546,24 @@ static bool update_usetime(private_child_sa_t *this, bool inbound)
if (inbound)
{
- if (charon->kernel->query_policy(charon->kernel, other_ts,
- my_ts, POLICY_IN, this->mark_in, &in) == SUCCESS)
+ kernel_ipsec_policy_id_t id = {
+ .dir = POLICY_IN,
+ .src_ts = other_ts,
+ .dst_ts = my_ts,
+ .mark = this->mark_in,
+ };
+ kernel_ipsec_query_policy_t query = {};
+
+ if (charon->kernel->query_policy(charon->kernel, &id, &query,
+ &in) == SUCCESS)
{
last_use = max(last_use, in);
}
if (this->mode != MODE_TRANSPORT)
{
- if (charon->kernel->query_policy(charon->kernel, other_ts,
- my_ts, POLICY_FWD, this->mark_in, &fwd) == SUCCESS)
+ id.dir = POLICY_FWD;
+ if (charon->kernel->query_policy(charon->kernel, &id, &query,
+ &fwd) == SUCCESS)
{
last_use = max(last_use, fwd);
}
@@ -547,8 +571,17 @@ static bool update_usetime(private_child_sa_t *this, bool inbound)
}
else
{
- if (charon->kernel->query_policy(charon->kernel, my_ts,
- other_ts, POLICY_OUT, this->mark_out, &out) == SUCCESS)
+ kernel_ipsec_policy_id_t id = {
+ .dir = POLICY_OUT,
+ .src_ts = my_ts,
+ .dst_ts = other_ts,
+ .mark = this->mark_out,
+ .interface = this->config->get_interface(this->config),
+ };
+ kernel_ipsec_query_policy_t query = {};
+
+ if (charon->kernel->query_policy(charon->kernel, &id, &query,
+ &out) == SUCCESS)
{
last_use = max(last_use, out);
}
@@ -573,7 +606,7 @@ static bool update_usetime(private_child_sa_t *this, bool inbound)
METHOD(child_sa_t, get_usestats, void,
private_child_sa_t *this, bool inbound,
- time_t *time, u_int64_t *bytes, u_int64_t *packets)
+ time_t *time, uint64_t *bytes, uint64_t *packets)
{
if ((!bytes && !packets) || update_usebytes(this, inbound) != FAILED)
{
@@ -625,7 +658,7 @@ METHOD(child_sa_t, get_installtime, time_t,
return this->install_time;
}
-METHOD(child_sa_t, alloc_spi, u_int32_t,
+METHOD(child_sa_t, alloc_spi, uint32_t,
private_child_sa_t *this, protocol_id_t protocol)
{
if (charon->kernel->get_spi(charon->kernel, this->other_addr, this->my_addr,
@@ -639,7 +672,7 @@ METHOD(child_sa_t, alloc_spi, u_int32_t,
return 0;
}
-METHOD(child_sa_t, alloc_cpi, u_int16_t,
+METHOD(child_sa_t, alloc_cpi, uint16_t,
private_child_sa_t *this)
{
if (charon->kernel->get_cpi(charon->kernel, this->other_addr, this->my_addr,
@@ -651,16 +684,18 @@ METHOD(child_sa_t, alloc_cpi, u_int16_t,
}
METHOD(child_sa_t, install, status_t,
- private_child_sa_t *this, chunk_t encr, chunk_t integ, u_int32_t spi,
- u_int16_t cpi, bool initiator, bool inbound, bool tfcv3,
+ private_child_sa_t *this, chunk_t encr, chunk_t integ, uint32_t spi,
+ uint16_t cpi, bool initiator, bool inbound, bool tfcv3,
linked_list_t *my_ts, linked_list_t *other_ts)
{
- u_int16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size;
- u_int16_t esn = NO_EXT_SEQ_NUMBERS;
+ uint16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size;
+ uint16_t esn = NO_EXT_SEQ_NUMBERS;
linked_list_t *src_ts = NULL, *dst_ts = NULL;
time_t now;
+ kernel_ipsec_sa_id_t id;
+ kernel_ipsec_add_sa_t sa;
lifetime_cfg_t *lifetime;
- u_int32_t tfc = 0;
+ uint32_t tfc = 0;
host_t *src, *dst;
status_t status;
bool update = FALSE;
@@ -716,7 +751,7 @@ METHOD(child_sa_t, install, status_t,
this->reqid_allocated = TRUE;
}
- lifetime = this->config->get_lifetime(this->config);
+ lifetime = this->config->get_lifetime(this->config, TRUE);
now = time_monotonic(NULL);
if (lifetime->time.rekey)
@@ -752,12 +787,36 @@ METHOD(child_sa_t, install, status_t,
dst_ts = other_ts;
}
- status = charon->kernel->add_sa(charon->kernel,
- src, dst, spi, proto_ike2ip(this->protocol), this->reqid,
- inbound ? this->mark_in : this->mark_out, tfc,
- lifetime, enc_alg, encr, int_alg, integ, this->mode,
- this->ipcomp, cpi, this->config->get_replay_window(this->config),
- initiator, this->encap, esn, inbound, update, src_ts, dst_ts);
+ id = (kernel_ipsec_sa_id_t){
+ .src = src,
+ .dst = dst,
+ .spi = spi,
+ .proto = proto_ike2ip(this->protocol),
+ .mark = inbound ? this->mark_in : this->mark_out,
+ };
+ sa = (kernel_ipsec_add_sa_t){
+ .reqid = this->reqid,
+ .mode = this->mode,
+ .src_ts = src_ts,
+ .dst_ts = dst_ts,
+ .interface = inbound ? NULL : this->config->get_interface(this->config),
+ .lifetime = lifetime,
+ .enc_alg = enc_alg,
+ .enc_key = encr,
+ .int_alg = int_alg,
+ .int_key = integ,
+ .replay_window = this->config->get_replay_window(this->config),
+ .tfc = tfc,
+ .ipcomp = this->ipcomp,
+ .cpi = cpi,
+ .encap = this->encap,
+ .esn = esn,
+ .initiator = initiator,
+ .inbound = inbound,
+ .update = update,
+ };
+
+ status = charon->kernel->add_sa(charon->kernel, &id, &sa);
free(lifetime);
@@ -825,24 +884,62 @@ static void prepare_sa_cfg(private_child_sa_t *this, ipsec_sa_cfg_t *my_sa,
static status_t install_policies_internal(private_child_sa_t *this,
host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts,
traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa,
- ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority)
+ ipsec_sa_cfg_t *other_sa, policy_type_t type,
+ policy_priority_t priority, uint32_t manual_prio)
{
+ kernel_ipsec_policy_id_t out_id = {
+ .dir = POLICY_OUT,
+ .src_ts = my_ts,
+ .dst_ts = other_ts,
+ .mark = this->mark_out,
+ .interface = this->config->get_interface(this->config),
+ }, in_id = {
+ .dir = POLICY_IN,
+ .src_ts = other_ts,
+ .dst_ts = my_ts,
+ .mark = this->mark_in,
+ };
+ kernel_ipsec_manage_policy_t out_policy = {
+ .type = type,
+ .prio = priority,
+ .manual_prio = manual_prio,
+ .src = my_addr,
+ .dst = other_addr,
+ .sa = other_sa,
+ }, in_policy = {
+ .type = type,
+ .prio = priority,
+ .manual_prio = manual_prio,
+ .src = other_addr,
+ .dst = my_addr,
+ .sa = my_sa,
+ };
status_t status = SUCCESS;
- status |= charon->kernel->add_policy(charon->kernel,
- my_addr, other_addr, my_ts, other_ts,
- POLICY_OUT, type, other_sa,
- this->mark_out, priority);
-
- status |= charon->kernel->add_policy(charon->kernel,
- other_addr, my_addr, other_ts, my_ts,
- POLICY_IN, type, my_sa,
- this->mark_in, priority);
+
+ status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy);
+ status |= charon->kernel->add_policy(charon->kernel, &in_id, &in_policy);
if (this->mode != MODE_TRANSPORT)
{
- status |= charon->kernel->add_policy(charon->kernel,
- other_addr, my_addr, other_ts, my_ts,
- POLICY_FWD, type, my_sa,
- this->mark_in, priority);
+ in_id.dir = POLICY_FWD;
+ status |= charon->kernel->add_policy(charon->kernel, &in_id, &in_policy);
+
+ /* install an "outbound" FWD policy in case there is a drop policy
+ * matching outbound forwarded traffic, to allow another tunnel to use
+ * the reversed subnets and do the same we don't set a reqid (this also
+ * allows the kernel backend to distinguish between the two types of
+ * FWD policies). To avoid problems with symmetrically overlapping
+ * policies of two SAs we install them with reduced priority. As they
+ * basically act as bypass policies for drop policies we use a higher
+ * priority than is used for them. */
+ out_id.dir = POLICY_FWD;
+ other_sa->reqid = 0;
+ if (priority == POLICY_PRIORITY_DEFAULT)
+ {
+ out_policy.prio = POLICY_PRIORITY_ROUTED;
+ }
+ status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy);
+ /* reset the reqid for any other further policies */
+ other_sa->reqid = this->reqid;
}
return status;
}
@@ -853,20 +950,52 @@ static status_t install_policies_internal(private_child_sa_t *this,
static void del_policies_internal(private_child_sa_t *this,
host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts,
traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa,
- ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority)
+ ipsec_sa_cfg_t *other_sa, policy_type_t type,
+ policy_priority_t priority, uint32_t manual_prio)
{
+ kernel_ipsec_policy_id_t out_id = {
+ .dir = POLICY_OUT,
+ .src_ts = my_ts,
+ .dst_ts = other_ts,
+ .mark = this->mark_out,
+ .interface = this->config->get_interface(this->config),
+ }, in_id = {
+ .dir = POLICY_IN,
+ .src_ts = other_ts,
+ .dst_ts = my_ts,
+ .mark = this->mark_in,
+ };
+ kernel_ipsec_manage_policy_t out_policy = {
+ .type = type,
+ .prio = priority,
+ .manual_prio = manual_prio,
+ .src = my_addr,
+ .dst = other_addr,
+ .sa = other_sa,
+ }, in_policy = {
+ .type = type,
+ .prio = priority,
+ .manual_prio = manual_prio,
+ .src = other_addr,
+ .dst = my_addr,
+ .sa = my_sa,
+ };
- charon->kernel->del_policy(charon->kernel,
- my_addr, other_addr, my_ts, other_ts, POLICY_OUT, type,
- other_sa, this->mark_out, priority);
- charon->kernel->del_policy(charon->kernel,
- other_addr, my_addr, other_ts, my_ts, POLICY_IN,
- type, my_sa, this->mark_in, priority);
+ charon->kernel->del_policy(charon->kernel, &out_id, &out_policy);
+ charon->kernel->del_policy(charon->kernel, &in_id, &in_policy);
if (this->mode != MODE_TRANSPORT)
{
- charon->kernel->del_policy(charon->kernel,
- other_addr, my_addr, other_ts, my_ts, POLICY_FWD,
- type, my_sa, this->mark_in, priority);
+ in_id.dir = POLICY_FWD;
+ charon->kernel->del_policy(charon->kernel, &in_id, &in_policy);
+
+ out_id.dir = POLICY_FWD;
+ other_sa->reqid = 0;
+ if (priority == POLICY_PRIORITY_DEFAULT)
+ {
+ out_policy.prio = POLICY_PRIORITY_ROUTED;
+ }
+ charon->kernel->del_policy(charon->kernel, &out_id, &out_policy);
+ other_sa->reqid = this->reqid;
}
}
@@ -912,8 +1041,10 @@ METHOD(child_sa_t, add_policies, status_t,
{
policy_priority_t priority;
ipsec_sa_cfg_t my_sa, other_sa;
+ uint32_t manual_prio;
prepare_sa_cfg(this, &my_sa, &other_sa);
+ manual_prio = this->config->get_manual_prio(this->config);
/* if we're not in state CHILD_INSTALLING (i.e. if there is no SAD
* entry) we install a trap policy */
@@ -927,18 +1058,20 @@ METHOD(child_sa_t, add_policies, status_t,
{
/* install outbound drop policy to avoid packets leaving unencrypted
* when updating policies */
- if (priority == POLICY_PRIORITY_DEFAULT && require_policy_update())
+ if (priority == POLICY_PRIORITY_DEFAULT && manual_prio == 0 &&
+ require_policy_update())
{
status |= install_policies_internal(this, this->my_addr,
this->other_addr, my_ts, other_ts,
&my_sa, &other_sa, POLICY_DROP,
- POLICY_PRIORITY_FALLBACK);
+ POLICY_PRIORITY_FALLBACK, 0);
}
/* install policies */
status |= install_policies_internal(this, this->my_addr,
this->other_addr, my_ts, other_ts,
- &my_sa, &other_sa, POLICY_IPSEC, priority);
+ &my_sa, &other_sa, POLICY_IPSEC,
+ priority, manual_prio);
if (status != SUCCESS)
{
@@ -994,11 +1127,22 @@ METHOD(child_sa_t, update, status_t,
/* update our (initiator) SA */
if (this->my_spi)
{
- if (charon->kernel->update_sa(charon->kernel,
- this->my_spi, proto_ike2ip(this->protocol),
- this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0,
- this->other_addr, this->my_addr, other, me,
- this->encap, encap, this->mark_in) == NOT_SUPPORTED)
+ kernel_ipsec_sa_id_t id = {
+ .src = this->other_addr,
+ .dst = this->my_addr,
+ .spi = this->my_spi,
+ .proto = proto_ike2ip(this->protocol),
+ .mark = this->mark_in,
+ };
+ kernel_ipsec_update_sa_t sa = {
+ .cpi = this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0,
+ .new_src = other,
+ .new_dst = me,
+ .encap = this->encap,
+ .new_encap = encap,
+ };
+ if (charon->kernel->update_sa(charon->kernel, &id,
+ &sa) == NOT_SUPPORTED)
{
set_state(this, old);
return NOT_SUPPORTED;
@@ -1008,11 +1152,22 @@ METHOD(child_sa_t, update, status_t,
/* update his (responder) SA */
if (this->other_spi)
{
- if (charon->kernel->update_sa(charon->kernel,
- this->other_spi, proto_ike2ip(this->protocol),
- this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0,
- this->my_addr, this->other_addr, me, other,
- this->encap, encap, this->mark_out) == NOT_SUPPORTED)
+ kernel_ipsec_sa_id_t id = {
+ .src = this->my_addr,
+ .dst = this->other_addr,
+ .spi = this->other_spi,
+ .proto = proto_ike2ip(this->protocol),
+ .mark = this->mark_out,
+ };
+ kernel_ipsec_update_sa_t sa = {
+ .cpi = this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0,
+ .new_src = me,
+ .new_dst = other,
+ .encap = this->encap,
+ .new_encap = encap,
+ };
+ if (charon->kernel->update_sa(charon->kernel, &id,
+ &sa) == NOT_SUPPORTED)
{
set_state(this, old);
return NOT_SUPPORTED;
@@ -1028,18 +1183,21 @@ METHOD(child_sa_t, update, status_t,
ipsec_sa_cfg_t my_sa, other_sa;
enumerator_t *enumerator;
traffic_selector_t *my_ts, *other_ts;
+ uint32_t manual_prio;
prepare_sa_cfg(this, &my_sa, &other_sa);
+ manual_prio = this->config->get_manual_prio(this->config);
/* always use high priorities, as hosts getting updated are INSTALLED */
enumerator = create_policy_enumerator(this);
while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
{
traffic_selector_t *old_my_ts = NULL, *old_other_ts = NULL;
+
/* remove old policies first */
del_policies_internal(this, this->my_addr, this->other_addr,
- my_ts, other_ts, &my_sa, &other_sa,
- POLICY_IPSEC, POLICY_PRIORITY_DEFAULT);
+ my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC,
+ POLICY_PRIORITY_DEFAULT, manual_prio);
/* check if we have to update a "dynamic" traffic selector */
if (!me->ip_equals(me, this->my_addr) &&
@@ -1062,17 +1220,20 @@ METHOD(child_sa_t, update, status_t,
/* reinstall updated policies */
install_policies_internal(this, me, other, my_ts, other_ts,
&my_sa, &other_sa, POLICY_IPSEC,
- POLICY_PRIORITY_DEFAULT);
+ POLICY_PRIORITY_DEFAULT, manual_prio);
/* update fallback policies after the new policy is in place */
- del_policies_internal(this, this->my_addr, this->other_addr,
- old_my_ts ?: my_ts,
- old_other_ts ?: other_ts,
- &my_sa, &other_sa, POLICY_DROP,
- POLICY_PRIORITY_FALLBACK);
- install_policies_internal(this, me, other, my_ts, other_ts,
+ if (manual_prio == 0)
+ {
+ del_policies_internal(this, this->my_addr, this->other_addr,
+ old_my_ts ?: my_ts,
+ old_other_ts ?: other_ts,
+ &my_sa, &other_sa, POLICY_DROP,
+ POLICY_PRIORITY_FALLBACK, 0);
+ install_policies_internal(this, me, other, my_ts, other_ts,
&my_sa, &other_sa, POLICY_DROP,
- POLICY_PRIORITY_FALLBACK);
+ POLICY_PRIORITY_FALLBACK, 0);
+ }
DESTROY_IF(old_my_ts);
DESTROY_IF(old_other_ts);
}
@@ -1115,20 +1276,24 @@ METHOD(child_sa_t, destroy, void,
if (this->config->install_policy(this->config))
{
ipsec_sa_cfg_t my_sa, other_sa;
+ uint32_t manual_prio;
prepare_sa_cfg(this, &my_sa, &other_sa);
+ manual_prio = this->config->get_manual_prio(this->config);
/* delete all policies in the kernel */
enumerator = create_policy_enumerator(this);
while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
{
del_policies_internal(this, this->my_addr, this->other_addr,
- my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, priority);
- if (priority == POLICY_PRIORITY_DEFAULT && require_policy_update())
+ my_ts, other_ts, &my_sa, &other_sa,
+ POLICY_IPSEC, priority, manual_prio);
+ if (priority == POLICY_PRIORITY_DEFAULT && manual_prio == 0 &&
+ require_policy_update())
{
del_policies_internal(this, this->my_addr, this->other_addr,
- my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP,
- POLICY_PRIORITY_FALLBACK);
+ my_ts, other_ts, &my_sa, &other_sa,
+ POLICY_DROP, POLICY_PRIORITY_FALLBACK, 0);
}
}
enumerator->destroy(enumerator);
@@ -1137,17 +1302,31 @@ METHOD(child_sa_t, destroy, void,
/* delete SAs in the kernel, if they are set up */
if (this->my_spi)
{
- charon->kernel->del_sa(charon->kernel,
- this->other_addr, this->my_addr, this->my_spi,
- proto_ike2ip(this->protocol), this->my_cpi,
- this->mark_in);
+ kernel_ipsec_sa_id_t id = {
+ .src = this->other_addr,
+ .dst = this->my_addr,
+ .spi = this->my_spi,
+ .proto = proto_ike2ip(this->protocol),
+ .mark = this->mark_in,
+ };
+ kernel_ipsec_del_sa_t sa = {
+ .cpi = this->my_cpi,
+ };
+ charon->kernel->del_sa(charon->kernel, &id, &sa);
}
if (this->other_spi)
{
- charon->kernel->del_sa(charon->kernel,
- this->my_addr, this->other_addr, this->other_spi,
- proto_ike2ip(this->protocol), this->other_cpi,
- this->mark_out);
+ kernel_ipsec_sa_id_t id = {
+ .src = this->my_addr,
+ .dst = this->other_addr,
+ .spi = this->other_spi,
+ .proto = proto_ike2ip(this->protocol),
+ .mark = this->mark_out,
+ };
+ kernel_ipsec_del_sa_t sa = {
+ .cpi = this->other_cpi,
+ };
+ charon->kernel->del_sa(charon->kernel, &id, &sa);
}
if (this->reqid_allocated)
@@ -1174,7 +1353,7 @@ METHOD(child_sa_t, destroy, void,
static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local)
{
host_t *host = NULL;
- u_int8_t mask;
+ uint8_t mask;
enumerator_t *enumerator;
linked_list_t *ts_list, *list;
traffic_selector_t *ts;
@@ -1207,11 +1386,12 @@ static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local)
* Described in header.
*/
child_sa_t * child_sa_create(host_t *me, host_t* other,
- child_cfg_t *config, u_int32_t rekey, bool encap,
+ child_cfg_t *config, uint32_t rekey, bool encap,
u_int mark_in, u_int mark_out)
{
private_child_sa_t *this;
- static refcount_t unique_id = 0, unique_mark = 0, mark;
+ static refcount_t unique_id = 0, unique_mark = 0;
+ refcount_t mark;
INIT(this,
.public = {
diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h
index debe8eb..bc7df99 100644
--- a/src/libcharon/sa/child_sa.h
+++ b/src/libcharon/sa/child_sa.h
@@ -128,7 +128,7 @@ struct child_sa_t {
*
* @return reqid of the CHILD SA
*/
- u_int32_t (*get_reqid)(child_sa_t *this);
+ uint32_t (*get_reqid)(child_sa_t *this);
/**
* Get the unique numerical identifier for this CHILD_SA.
@@ -138,7 +138,7 @@ struct child_sa_t {
*
* @return unique CHILD_SA identifier
*/
- u_int32_t (*get_unique_id)(child_sa_t *this);
+ uint32_t (*get_unique_id)(child_sa_t *this);
/**
* Get the config used to set up this child sa.
@@ -171,7 +171,7 @@ struct child_sa_t {
* @param inbound TRUE to get inbound SPI, FALSE for outbound.
* @return SPI of the CHILD SA
*/
- u_int32_t (*get_spi) (child_sa_t *this, bool inbound);
+ uint32_t (*get_spi) (child_sa_t *this, bool inbound);
/**
* Get the CPI of this CHILD_SA.
@@ -183,7 +183,7 @@ struct child_sa_t {
* @param inbound TRUE to get inbound CPI, FALSE for outbound.
* @return CPI of the CHILD SA
*/
- u_int16_t (*get_cpi) (child_sa_t *this, bool inbound);
+ uint16_t (*get_cpi) (child_sa_t *this, bool inbound);
/**
* Get the protocol which this CHILD_SA uses to protect traffic.
@@ -300,7 +300,7 @@ struct child_sa_t {
* @param[out] packets number of processed packets (NULL to ignore)
*/
void (*get_usestats)(child_sa_t *this, bool inbound, time_t *time,
- u_int64_t *bytes, u_int64_t *packets);
+ uint64_t *bytes, uint64_t *packets);
/**
* Get the mark used with this CHILD_SA.
@@ -335,14 +335,14 @@ struct child_sa_t {
* @param spi SPI output pointer
* @return SPI, 0 on failure
*/
- u_int32_t (*alloc_spi)(child_sa_t *this, protocol_id_t protocol);
+ uint32_t (*alloc_spi)(child_sa_t *this, protocol_id_t protocol);
/**
* Allocate a CPI to use for IPComp.
*
* @return CPI, 0 on failure
*/
- u_int16_t (*alloc_cpi)(child_sa_t *this);
+ uint16_t (*alloc_cpi)(child_sa_t *this);
/**
* Install an IPsec SA for one direction.
@@ -359,7 +359,7 @@ struct child_sa_t {
* @return SUCCESS or FAILED
*/
status_t (*install)(child_sa_t *this, chunk_t encr, chunk_t integ,
- u_int32_t spi, u_int16_t cpi,
+ uint32_t spi, uint16_t cpi,
bool initiator, bool inbound, bool tfcv3,
linked_list_t *my_ts, linked_list_t *other_ts);
/**
@@ -404,7 +404,7 @@ struct child_sa_t {
* @return child_sa_t object
*/
child_sa_t * child_sa_create(host_t *me, host_t *other, child_cfg_t *config,
- u_int32_t reqid, bool encap,
+ uint32_t reqid, bool encap,
u_int mark_in, u_int mark_out);
#endif /** CHILD_SA_H_ @}*/
diff --git a/src/libcharon/sa/child_sa_manager.c b/src/libcharon/sa/child_sa_manager.c
index 071a119..13f22cf 100644
--- a/src/libcharon/sa/child_sa_manager.c
+++ b/src/libcharon/sa/child_sa_manager.c
@@ -59,11 +59,11 @@ typedef struct {
/** the associated IKE_SA */
ike_sa_id_t *ike_id;
/** unique CHILD_SA identifier */
- u_int32_t unique_id;
+ uint32_t unique_id;
/** inbound SPI */
- u_int32_t spi_in;
+ uint32_t spi_in;
/** outbound SPI */
- u_int32_t spi_out;
+ uint32_t spi_out;
/** inbound host address */
host_t *host_in;
/** outbound host address and port */
@@ -202,7 +202,7 @@ METHOD(child_sa_manager_t, remove_, void,
* Check out an IKE_SA for a given CHILD_SA
*/
static ike_sa_t *checkout_ikesa(private_child_sa_manager_t *this,
- ike_sa_id_t *id, u_int32_t unique_id, child_sa_t **child_sa)
+ ike_sa_id_t *id, uint32_t unique_id, child_sa_t **child_sa)
{
enumerator_t *enumerator;
child_sa_t *current;
@@ -238,7 +238,7 @@ static ike_sa_t *checkout_ikesa(private_child_sa_manager_t *this,
}
METHOD(child_sa_manager_t, checkout_by_id, ike_sa_t*,
- private_child_sa_manager_t *this, u_int32_t unique_id,
+ private_child_sa_manager_t *this, uint32_t unique_id,
child_sa_t **child_sa)
{
ike_sa_id_t *id;
@@ -262,11 +262,11 @@ METHOD(child_sa_manager_t, checkout_by_id, ike_sa_t*,
}
METHOD(child_sa_manager_t, checkout, ike_sa_t*,
- private_child_sa_manager_t *this, protocol_id_t protocol, u_int32_t spi,
+ private_child_sa_manager_t *this, protocol_id_t protocol, uint32_t spi,
host_t *dst, child_sa_t **child_sa)
{
ike_sa_id_t *id;
- u_int32_t unique_id;
+ uint32_t unique_id;
child_entry_t *entry, key = {
.spi_in = spi,
.spi_out = spi,
diff --git a/src/libcharon/sa/child_sa_manager.h b/src/libcharon/sa/child_sa_manager.h
index 4d57528..f1d6ad9 100644
--- a/src/libcharon/sa/child_sa_manager.h
+++ b/src/libcharon/sa/child_sa_manager.h
@@ -59,7 +59,7 @@ struct child_sa_manager_t {
* @return IKE_SA, NULL if not found
*/
ike_sa_t *(*checkout)(child_sa_manager_t *this,
- protocol_id_t protocol, u_int32_t spi, host_t *dst,
+ protocol_id_t protocol, uint32_t spi, host_t *dst,
child_sa_t **child_sa);
/**
@@ -72,7 +72,7 @@ struct child_sa_manager_t {
* @param child_sa returns CHILD_SA managed by IKE_SA
* @return IKE_SA, NULL if not found
*/
- ike_sa_t *(*checkout_by_id)(child_sa_manager_t *this, u_int32_t unique_id,
+ ike_sa_t *(*checkout_by_id)(child_sa_manager_t *this, uint32_t unique_id,
child_sa_t **child_sa);
/**
diff --git a/src/libcharon/sa/eap/eap_manager.c b/src/libcharon/sa/eap/eap_manager.c
index 1886307..e4fcbc8 100644
--- a/src/libcharon/sa/eap/eap_manager.c
+++ b/src/libcharon/sa/eap/eap_manager.c
@@ -35,7 +35,7 @@ struct eap_entry_t {
/**
* vendor ID, 0 for default EAP methods
*/
- u_int32_t vendor;
+ uint32_t vendor;
/**
* Role of the method returned by the constructor, EAP_SERVER or EAP_PEER
@@ -70,7 +70,7 @@ struct private_eap_manager_t {
};
METHOD(eap_manager_t, add_method, void,
- private_eap_manager_t *this, eap_type_t type, u_int32_t vendor,
+ private_eap_manager_t *this, eap_type_t type, uint32_t vendor,
eap_role_t role, eap_constructor_t constructor)
{
eap_entry_t *entry = malloc_thing(eap_entry_t);
@@ -109,7 +109,7 @@ METHOD(eap_manager_t, remove_method, void,
* filter the registered methods
*/
static bool filter_methods(uintptr_t role, eap_entry_t **entry,
- eap_type_t *type, void *in, u_int32_t *vendor)
+ eap_type_t *type, void *in, uint32_t *vendor)
{
if ((*entry)->role != (eap_role_t)role)
{
@@ -144,7 +144,7 @@ METHOD(eap_manager_t, create_enumerator, enumerator_t*,
}
METHOD(eap_manager_t, create_instance, eap_method_t*,
- private_eap_manager_t *this, eap_type_t type, u_int32_t vendor,
+ private_eap_manager_t *this, eap_type_t type, uint32_t vendor,
eap_role_t role, identification_t *server, identification_t *peer)
{
enumerator_t *enumerator;
diff --git a/src/libcharon/sa/eap/eap_manager.h b/src/libcharon/sa/eap/eap_manager.h
index e318ef5..4ed1cae 100644
--- a/src/libcharon/sa/eap/eap_manager.h
+++ b/src/libcharon/sa/eap/eap_manager.h
@@ -44,7 +44,7 @@ struct eap_manager_t {
* @param role EAP role of the registered method
* @param constructor constructor function, returns an eap_method_t
*/
- void (*add_method)(eap_manager_t *this, eap_type_t type, u_int32_t vendor,
+ void (*add_method)(eap_manager_t *this, eap_type_t type, uint32_t vendor,
eap_role_t role, eap_constructor_t constructor);
/**
@@ -61,7 +61,7 @@ struct eap_manager_t {
* even though it is registered as method with this manager).
*
* @param role EAP role of methods to enumerate
- * @return enumerator over (eap_type_t type, u_int32_t vendor)
+ * @return enumerator over (eap_type_t type, uint32_t vendor)
*/
enumerator_t* (*create_enumerator)(eap_manager_t *this, eap_role_t role);
@@ -76,7 +76,7 @@ struct eap_manager_t {
* @return EAP method instance, NULL if no constructor found
*/
eap_method_t* (*create_instance)(eap_manager_t *this, eap_type_t type,
- u_int32_t vendor, eap_role_t role,
+ uint32_t vendor, eap_role_t role,
identification_t *server,
identification_t *peer);
diff --git a/src/libcharon/sa/eap/eap_method.h b/src/libcharon/sa/eap/eap_method.h
index 689c0f9..8e25f7d 100644
--- a/src/libcharon/sa/eap/eap_method.h
+++ b/src/libcharon/sa/eap/eap_method.h
@@ -96,7 +96,7 @@ struct eap_method_t {
* @param vendor pointer receiving vendor identifier for type, 0 for none
* @return type of the EAP method
*/
- eap_type_t (*get_type) (eap_method_t *this, u_int32_t *vendor);
+ eap_type_t (*get_type) (eap_method_t *this, uint32_t *vendor);
/**
* Check if this EAP method authenticates the server.
@@ -126,7 +126,7 @@ struct eap_method_t {
*
* @return current EAP identifier
*/
- u_int8_t (*get_identifier) (eap_method_t *this);
+ uint8_t (*get_identifier) (eap_method_t *this);
/**
* Set the EAP identifier to a deterministic value, overwriting
@@ -134,7 +134,7 @@ struct eap_method_t {
*
* @param identifier current EAP identifier
*/
- void (*set_identifier) (eap_method_t *this, u_int8_t identifier);
+ void (*set_identifier) (eap_method_t *this, uint8_t identifier);
/**
* Get authentication details performed by this EAP method.
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index bcbff32..009277d 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2006-2016 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -71,6 +71,7 @@ ENUM(ike_sa_state_names, IKE_CREATED, IKE_DESTROYING,
"ESTABLISHED",
"PASSIVE",
"REKEYING",
+ "REKEYED",
"DELETING",
"DESTROYING",
);
@@ -101,7 +102,7 @@ struct private_ike_sa_t {
/**
* unique numerical ID for this IKE_SA.
*/
- u_int32_t unique_id;
+ uint32_t unique_id;
/**
* Current state of the IKE_SA
@@ -233,12 +234,12 @@ struct private_ike_sa_t {
/**
* number pending UPDATE_SA_ADDRESS (MOBIKE)
*/
- u_int32_t pending_updates;
+ uint32_t pending_updates;
/**
* NAT keep alive interval
*/
- u_int32_t keepalive_interval;
+ uint32_t keepalive_interval;
/**
* The schedueld keep alive job, if any
@@ -249,7 +250,7 @@ struct private_ike_sa_t {
* interval for retries during initiation (e.g. if DNS resolution failed),
* 0 to disable (default)
*/
- u_int32_t retry_initiate_interval;
+ uint32_t retry_initiate_interval;
/**
* TRUE if a retry_initiate_job has been queued
@@ -259,12 +260,12 @@ struct private_ike_sa_t {
/**
* Timestamps for this IKE_SA
*/
- u_int32_t stats[STAT_MAX];
+ uint32_t stats[STAT_MAX];
/**
* how many times we have retried so far (keyingtries)
*/
- u_int32_t keyingtry;
+ uint32_t keyingtry;
/**
* local host address to be used for IKE, set via MIGRATE kernel message
@@ -343,7 +344,7 @@ static time_t get_use_time(private_ike_sa_t* this, bool inbound)
return use_time;
}
-METHOD(ike_sa_t, get_unique_id, u_int32_t,
+METHOD(ike_sa_t, get_unique_id, uint32_t,
private_ike_sa_t *this)
{
return this->unique_id;
@@ -359,7 +360,7 @@ METHOD(ike_sa_t, get_name, char*,
return "(unnamed)";
}
-METHOD(ike_sa_t, get_statistic, u_int32_t,
+METHOD(ike_sa_t, get_statistic, uint32_t,
private_ike_sa_t *this, statistic_t kind)
{
if (kind < STAT_MAX)
@@ -370,7 +371,7 @@ METHOD(ike_sa_t, get_statistic, u_int32_t,
}
METHOD(ike_sa_t, set_statistic, void,
- private_ike_sa_t *this, statistic_t kind, u_int32_t value)
+ private_ike_sa_t *this, statistic_t kind, uint32_t value)
{
if (kind < STAT_MAX)
{
@@ -604,7 +605,7 @@ METHOD(ike_sa_t, set_proposal, void,
}
METHOD(ike_sa_t, set_message_id, void,
- private_ike_sa_t *this, bool initiate, u_int32_t mid)
+ private_ike_sa_t *this, bool initiate, uint32_t mid)
{
if (initiate)
{
@@ -814,7 +815,7 @@ METHOD(ike_sa_t, set_state, void,
this->state == IKE_PASSIVE)
{
job_t *job;
- u_int32_t t;
+ uint32_t t;
/* calculate rekey, reauth and lifetime */
this->stats[STAT_ESTABLISHED] = time_monotonic(NULL);
@@ -1035,12 +1036,12 @@ METHOD(ike_sa_t, has_mapping_changed, bool,
}
METHOD(ike_sa_t, set_pending_updates, void,
- private_ike_sa_t *this, u_int32_t updates)
+ private_ike_sa_t *this, uint32_t updates)
{
this->pending_updates = updates;
}
-METHOD(ike_sa_t, get_pending_updates, u_int32_t,
+METHOD(ike_sa_t, get_pending_updates, uint32_t,
private_ike_sa_t *this)
{
return this->pending_updates;
@@ -1203,6 +1204,7 @@ METHOD(ike_sa_t, generate_message_fragmented, status_t,
packet_t *packet;
status_t status;
bool use_frags = FALSE;
+ bool pre_generated = FALSE;
if (this->ike_cfg)
{
@@ -1237,14 +1239,21 @@ METHOD(ike_sa_t, generate_message_fragmented, status_t,
return SUCCESS;
}
+ pre_generated = message->is_encoded(message);
this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
message->set_ike_sa_id(message, this->ike_sa_id);
- charon->bus->message(charon->bus, message, FALSE, TRUE);
+ if (!pre_generated)
+ {
+ charon->bus->message(charon->bus, message, FALSE, TRUE);
+ }
status = message->fragment(message, this->keymat, this->fragment_size,
&fragments);
if (status == SUCCESS)
{
- charon->bus->message(charon->bus, message, FALSE, FALSE);
+ if (!pre_generated)
+ {
+ charon->bus->message(charon->bus, message, FALSE, FALSE);
+ }
*packets = enumerator_create_filter(fragments, (void*)filter_fragments,
this, NULL);
}
@@ -1432,7 +1441,7 @@ static void resolve_hosts(private_ike_sa_t *this)
}
METHOD(ike_sa_t, initiate, status_t,
- private_ike_sa_t *this, child_cfg_t *child_cfg, u_int32_t reqid,
+ private_ike_sa_t *this, child_cfg_t *child_cfg, uint32_t reqid,
traffic_selector_t *tsi, traffic_selector_t *tsr)
{
bool defer_initiate = FALSE;
@@ -1642,7 +1651,7 @@ METHOD(ike_sa_t, add_child_sa, void,
}
METHOD(ike_sa_t, get_child_sa, child_sa_t*,
- private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi, bool inbound)
+ private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi, bool inbound)
{
enumerator_t *enumerator;
child_sa_t *current, *found = NULL;
@@ -1721,7 +1730,7 @@ METHOD(ike_sa_t, remove_child_sa, void,
}
METHOD(ike_sa_t, rekey_child_sa, status_t,
- private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
+ private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi)
{
if (this->state == IKE_PASSIVE)
{
@@ -1732,7 +1741,7 @@ METHOD(ike_sa_t, rekey_child_sa, status_t,
}
METHOD(ike_sa_t, delete_child_sa, status_t,
- private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi, bool expired)
+ private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi, bool expired)
{
if (this->state == IKE_PASSIVE)
{
@@ -1744,7 +1753,7 @@ METHOD(ike_sa_t, delete_child_sa, status_t,
}
METHOD(ike_sa_t, destroy_child_sa, status_t,
- private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
+ private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi)
{
enumerator_t *enumerator;
child_sa_t *child_sa;
@@ -2301,7 +2310,7 @@ METHOD(ike_sa_t, redirect, status_t,
}
METHOD(ike_sa_t, retransmit, status_t,
- private_ike_sa_t *this, u_int32_t message_id)
+ private_ike_sa_t *this, uint32_t message_id)
{
if (this->state == IKE_PASSIVE)
{
@@ -2316,7 +2325,7 @@ METHOD(ike_sa_t, retransmit, status_t,
case IKE_CONNECTING:
{
/* retry IKE_SA_INIT/Main Mode if we have multiple keyingtries */
- u_int32_t tries = this->peer_cfg->get_keyingtries(this->peer_cfg);
+ uint32_t tries = this->peer_cfg->get_keyingtries(this->peer_cfg);
charon->bus->alert(charon->bus, ALERT_PEER_INIT_UNREACHABLE,
this->keyingtry);
this->keyingtry++;
@@ -2348,7 +2357,8 @@ METHOD(ike_sa_t, retransmit, status_t,
reestablish(this);
break;
}
- if (this->state != IKE_CONNECTING)
+ if (this->state != IKE_CONNECTING &&
+ this->state != IKE_REKEYED)
{
charon->bus->ike_updown(charon->bus, &this->public, FALSE);
}
@@ -2358,9 +2368,9 @@ METHOD(ike_sa_t, retransmit, status_t,
}
METHOD(ike_sa_t, set_auth_lifetime, status_t,
- private_ike_sa_t *this, u_int32_t lifetime)
+ private_ike_sa_t *this, uint32_t lifetime)
{
- u_int32_t diff, hard, soft, now;
+ uint32_t diff, hard, soft, now;
bool send_update;
diff = this->peer_cfg->get_over_time(this->peer_cfg);
@@ -2500,6 +2510,7 @@ METHOD(ike_sa_t, roam, status_t,
case IKE_DELETING:
case IKE_DESTROYING:
case IKE_PASSIVE:
+ case IKE_REKEYED:
return SUCCESS;
default:
break;
@@ -2609,6 +2620,12 @@ METHOD(ike_sa_t, queue_task, void,
this->task_manager->queue_task(this->task_manager, task);
}
+METHOD(ike_sa_t, queue_task_delayed, void,
+ private_ike_sa_t *this, task_t *task, uint32_t delay)
+{
+ this->task_manager->queue_task_delayed(this->task_manager, task, delay);
+}
+
METHOD(ike_sa_t, inherit_pre, void,
private_ike_sa_t *this, ike_sa_t *other_public)
{
@@ -2927,6 +2944,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
.create_task_enumerator = _create_task_enumerator,
.flush_queue = _flush_queue,
.queue_task = _queue_task,
+ .queue_task_delayed = _queue_task_delayed,
#ifdef ME
.act_as_mediation_server = _act_as_mediation_server,
.get_server_reflexive_host = _get_server_reflexive_host,
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 836360e..6f5040d 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2006-2016 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -58,12 +58,12 @@ typedef struct ike_sa_t ike_sa_t;
/**
* After which time rekeying should be retried if it failed, in seconds.
*/
-#define RETRY_INTERVAL 30
+#define RETRY_INTERVAL 15
/**
* Jitter to subtract from RETRY_INTERVAL to randomize rekey retry.
*/
-#define RETRY_JITTER 20
+#define RETRY_JITTER 10
/**
* Number of redirects allowed within REDIRECT_LOOP_DETECT_PERIOD.
@@ -309,6 +309,11 @@ enum ike_sa_state_t {
IKE_REKEYING,
/**
+ * IKE_SA has been rekeyed (or is redundant)
+ */
+ IKE_REKEYED,
+
+ /**
* IKE_SA is in progress of deletion
*/
IKE_DELETING,
@@ -353,7 +358,7 @@ struct ike_sa_t {
*
* @return unique ID
*/
- u_int32_t (*get_unique_id) (ike_sa_t *this);
+ uint32_t (*get_unique_id) (ike_sa_t *this);
/**
* Get the state of the IKE_SA.
@@ -382,7 +387,7 @@ struct ike_sa_t {
* @param kind kind of requested value
* @return value as integer
*/
- u_int32_t (*get_statistic)(ike_sa_t *this, statistic_t kind);
+ uint32_t (*get_statistic)(ike_sa_t *this, statistic_t kind);
/**
* Set statistic value of the IKE_SA.
@@ -390,7 +395,7 @@ struct ike_sa_t {
* @param kind kind of value to update
* @param value value as integer
*/
- void (*set_statistic)(ike_sa_t *this, statistic_t kind, u_int32_t value);
+ void (*set_statistic)(ike_sa_t *this, statistic_t kind, uint32_t value);
/**
* Get the own host address.
@@ -557,7 +562,7 @@ struct ike_sa_t {
* @param initiate TRUE to set message ID for initiating
* @param mid message id to set
*/
- void (*set_message_id)(ike_sa_t *this, bool initiate, u_int32_t mid);
+ void (*set_message_id)(ike_sa_t *this, bool initiate, uint32_t mid);
/**
* Add an additional address for the peer.
@@ -630,14 +635,14 @@ struct ike_sa_t {
*
* @return number of pending updates
*/
- u_int32_t (*get_pending_updates)(ike_sa_t *this);
+ uint32_t (*get_pending_updates)(ike_sa_t *this);
/**
* Set the number of queued MOBIKE address updates.
*
* @param updates number of pending updates
*/
- void (*set_pending_updates)(ike_sa_t *this, u_int32_t updates);
+ void (*set_pending_updates)(ike_sa_t *this, uint32_t updates);
#ifdef ME
/**
@@ -752,7 +757,7 @@ struct ike_sa_t {
* - DESTROY_ME if initialization failed
*/
status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg,
- u_int32_t reqid, traffic_selector_t *tsi,
+ uint32_t reqid, traffic_selector_t *tsi,
traffic_selector_t *tsr);
/**
@@ -850,7 +855,7 @@ struct ike_sa_t {
* - SUCCESS
* - NOT_FOUND if request doesn't have to be retransmited
*/
- status_t (*retransmit) (ike_sa_t *this, u_int32_t message_id);
+ status_t (*retransmit) (ike_sa_t *this, uint32_t message_id);
/**
* Sends a DPD request to the peer.
@@ -924,7 +929,7 @@ struct ike_sa_t {
* @return child_sa, or NULL if none found
*/
child_sa_t* (*get_child_sa) (ike_sa_t *this, protocol_id_t protocol,
- u_int32_t spi, bool inbound);
+ uint32_t spi, bool inbound);
/**
* Get the number of CHILD_SAs.
@@ -958,7 +963,7 @@ struct ike_sa_t {
* - NOT_FOUND, if IKE_SA has no such CHILD_SA
* - SUCCESS, if rekeying initiated
*/
- status_t (*rekey_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi);
+ status_t (*rekey_child_sa) (ike_sa_t *this, protocol_id_t protocol, uint32_t spi);
/**
* Close the CHILD SA with the specified protocol/SPI.
@@ -975,7 +980,7 @@ struct ike_sa_t {
* - SUCCESS, if delete message sent
*/
status_t (*delete_child_sa)(ike_sa_t *this, protocol_id_t protocol,
- u_int32_t spi, bool expired);
+ uint32_t spi, bool expired);
/**
* Destroy a CHILD SA with the specified protocol/SPI.
@@ -988,7 +993,7 @@ struct ike_sa_t {
* - NOT_FOUND, if IKE_SA has no such CHILD_SA
* - SUCCESS
*/
- status_t (*destroy_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi);
+ status_t (*destroy_child_sa) (ike_sa_t *this, protocol_id_t protocol, uint32_t spi);
/**
* Rekey the IKE_SA.
@@ -1028,7 +1033,7 @@ struct ike_sa_t {
* @param lifetime lifetime in seconds
* @return DESTROY_ME to destroy the IKE_SA
*/
- status_t (*set_auth_lifetime)(ike_sa_t *this, u_int32_t lifetime);
+ status_t (*set_auth_lifetime)(ike_sa_t *this, uint32_t lifetime);
/**
* Add a virtual IP to use for this IKE_SA and its children.
@@ -1119,6 +1124,15 @@ struct ike_sa_t {
void (*queue_task)(ike_sa_t *this, task_t *task);
/**
+ * Queue a task in the manager, but delay its initiation for at least the
+ * given number of seconds.
+ *
+ * @param task task to queue
+ * @param delay minimum delay in s before initiating the task
+ */
+ void (*queue_task_delayed)(ike_sa_t *this, task_t *task, uint32_t delay);
+
+ /**
* Inherit required attributes to new SA before rekeying.
*
* Some properties of the SA must be applied before starting IKE_SA
diff --git a/src/libcharon/sa/ike_sa_id.c b/src/libcharon/sa/ike_sa_id.c
index e520864..b4e66ed 100644
--- a/src/libcharon/sa/ike_sa_id.c
+++ b/src/libcharon/sa/ike_sa_id.c
@@ -34,17 +34,17 @@ struct private_ike_sa_id_t {
/**
* Major IKE version of IKE_SA.
*/
- u_int8_t ike_version;
+ uint8_t ike_version;
/**
* SPI of initiator.
*/
- u_int64_t initiator_spi;
+ uint64_t initiator_spi;
/**
* SPI of responder.
*/
- u_int64_t responder_spi;
+ uint64_t responder_spi;
/**
* Role for specific IKE_SA.
@@ -52,31 +52,31 @@ struct private_ike_sa_id_t {
bool is_initiator_flag;
};
-METHOD(ike_sa_id_t, get_ike_version, u_int8_t,
+METHOD(ike_sa_id_t, get_ike_version, uint8_t,
private_ike_sa_id_t *this)
{
return this->ike_version;
}
METHOD(ike_sa_id_t, set_responder_spi, void,
- private_ike_sa_id_t *this, u_int64_t responder_spi)
+ private_ike_sa_id_t *this, uint64_t responder_spi)
{
this->responder_spi = responder_spi;
}
METHOD(ike_sa_id_t, set_initiator_spi, void,
- private_ike_sa_id_t *this, u_int64_t initiator_spi)
+ private_ike_sa_id_t *this, uint64_t initiator_spi)
{
this->initiator_spi = initiator_spi;
}
-METHOD(ike_sa_id_t, get_initiator_spi, u_int64_t,
+METHOD(ike_sa_id_t, get_initiator_spi, uint64_t,
private_ike_sa_id_t *this)
{
return this->initiator_spi;
}
-METHOD(ike_sa_id_t, get_responder_spi, u_int64_t,
+METHOD(ike_sa_id_t, get_responder_spi, uint64_t,
private_ike_sa_id_t *this)
{
return this->responder_spi;
@@ -134,8 +134,8 @@ METHOD(ike_sa_id_t, destroy, void,
/*
* Described in header.
*/
-ike_sa_id_t * ike_sa_id_create(u_int8_t ike_version, u_int64_t initiator_spi,
- u_int64_t responder_spi, bool is_initiator_flag)
+ike_sa_id_t * ike_sa_id_create(uint8_t ike_version, uint64_t initiator_spi,
+ uint64_t responder_spi, bool is_initiator_flag)
{
private_ike_sa_id_t *this;
diff --git a/src/libcharon/sa/ike_sa_id.h b/src/libcharon/sa/ike_sa_id.h
index 5eb754e..b3a9ef6 100644
--- a/src/libcharon/sa/ike_sa_id.h
+++ b/src/libcharon/sa/ike_sa_id.h
@@ -41,7 +41,7 @@ struct ike_sa_id_t {
*
* @return IKE version
*/
- u_int8_t (*get_ike_version) (ike_sa_id_t *this);
+ uint8_t (*get_ike_version) (ike_sa_id_t *this);
/**
* Set the SPI of the responder.
@@ -50,28 +50,28 @@ struct ike_sa_id_t {
*
* @param responder_spi SPI of responder to set
*/
- void (*set_responder_spi) (ike_sa_id_t *this, u_int64_t responder_spi);
+ void (*set_responder_spi) (ike_sa_id_t *this, uint64_t responder_spi);
/**
* Set the SPI of the initiator.
*
* @param initiator_spi SPI to set
*/
- void (*set_initiator_spi) (ike_sa_id_t *this, u_int64_t initiator_spi);
+ void (*set_initiator_spi) (ike_sa_id_t *this, uint64_t initiator_spi);
/**
* Get the initiator SPI.
*
* @return SPI of the initiator
*/
- u_int64_t (*get_initiator_spi) (ike_sa_id_t *this);
+ uint64_t (*get_initiator_spi) (ike_sa_id_t *this);
/**
* Get the responder SPI.
*
* @return SPI of the responder
*/
- u_int64_t (*get_responder_spi) (ike_sa_id_t *this);
+ uint64_t (*get_responder_spi) (ike_sa_id_t *this);
/**
* Check if two ike_sa_id_t objects are equal.
@@ -131,7 +131,7 @@ struct ike_sa_id_t {
* @param is_initiaor TRUE if we are the original initiator
* @return ike_sa_id_t object
*/
-ike_sa_id_t * ike_sa_id_create(u_int8_t ike_version, u_int64_t initiator_spi,
- u_int64_t responder_spi, bool is_initiaor);
+ike_sa_id_t * ike_sa_id_create(uint8_t ike_version, uint64_t initiator_spi,
+ uint64_t responder_spi, bool is_initiaor);
#endif /** IKE_SA_ID_H_ @}*/
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 307ea3b..ce44207 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -113,7 +113,7 @@ struct entry_t {
/**
* message ID or hash of currently processing message, -1 if none
*/
- u_int32_t processing;
+ uint32_t processing;
};
/**
@@ -265,7 +265,7 @@ struct init_hash_t {
chunk_t hash;
/** our SPI allocated for the IKE_SA based on this message */
- u_int64_t our_spi;
+ uint64_t our_spi;
};
typedef struct segment_t segment_t;
@@ -977,9 +977,9 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr
/**
* Get a random SPI for new IKE_SAs
*/
-static u_int64_t get_spi(private_ike_sa_manager_t *this)
+static uint64_t get_spi(private_ike_sa_manager_t *this)
{
- u_int64_t spi;
+ uint64_t spi;
this->spi_lock->read_lock(this->spi_lock);
if (this->spi_cb.cb)
@@ -987,7 +987,7 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this)
spi = this->spi_cb.cb(this->spi_cb.data);
}
else if (!this->rng ||
- !this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi))
+ !this->rng->get_bytes(this->rng, sizeof(spi), (uint8_t*)&spi))
{
spi = 0;
}
@@ -1007,8 +1007,8 @@ static bool get_init_hash(hasher_t *hasher, message_t *message, chunk_t *hash)
if (message->get_first_payload_type(message) == PLV1_FRAGMENT)
{ /* only hash the source IP, port and SPI for fragmented init messages */
- u_int16_t port;
- u_int64_t spi;
+ uint16_t port;
+ uint64_t spi;
src = message->get_source(message);
if (!hasher->allocate_hash(hasher, src->get_address(src), NULL))
@@ -1050,13 +1050,13 @@ static bool get_init_hash(hasher_t *hasher, message_t *message, chunk_t *hash)
* FAILED if the SPI allocation failed
*/
static status_t check_and_put_init_hash(private_ike_sa_manager_t *this,
- chunk_t init_hash, u_int64_t *our_spi)
+ chunk_t init_hash, uint64_t *our_spi)
{
table_item_t *item;
u_int row, segment;
mutex_t *mutex;
init_hash_t *init;
- u_int64_t spi;
+ uint64_t spi;
row = chunk_hash(init_hash) & this->table_mask;
segment = row & this->segment_mask;
@@ -1174,8 +1174,8 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*,
{
ike_sa_id_t *ike_sa_id;
ike_sa_t *ike_sa;
- u_int8_t ike_version;
- u_int64_t spi;
+ uint8_t ike_version;
+ uint64_t spi;
ike_version = version == IKEV1 ? IKEV1_MAJOR_VERSION : IKEV2_MAJOR_VERSION;
@@ -1208,7 +1208,7 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*,
/**
* Get the message ID or message hash to detect early retransmissions
*/
-static u_int32_t get_message_id_or_hash(message_t *message)
+static uint32_t get_message_id_or_hash(message_t *message)
{
if (message->get_major_version(message) == IKEV1_MAJOR_VERSION)
{
@@ -1273,7 +1273,7 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
if (is_init)
{
hasher_t *hasher;
- u_int64_t our_spi;
+ uint64_t our_spi;
chunk_t hash;
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
@@ -1415,7 +1415,8 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
{
continue;
}
- if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING)
+ if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING ||
+ entry->ike_sa->get_state(entry->ike_sa) == IKE_REKEYED)
{ /* skip IKE_SAs which are not usable, wake other waiting threads */
entry->condvar->signal(entry->condvar);
continue;
@@ -1455,7 +1456,7 @@ out:
}
METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*,
- private_ike_sa_manager_t *this, u_int32_t id)
+ private_ike_sa_manager_t *this, uint32_t id)
{
enumerator_t *enumerator;
entry_t *entry;
@@ -2094,10 +2095,41 @@ METHOD(ike_sa_manager_t, set_spi_cb, void,
this->spi_lock->unlock(this->spi_lock);
}
+/**
+ * Destroy all entries
+ */
+static void destroy_all_entries(private_ike_sa_manager_t *this)
+{
+ enumerator_t *enumerator;
+ entry_t *entry;
+ u_int segment;
+
+ enumerator = create_table_enumerator(this);
+ while (enumerator->enumerate(enumerator, &entry, &segment))
+ {
+ charon->bus->set_sa(charon->bus, entry->ike_sa);
+ if (entry->half_open)
+ {
+ remove_half_open(this, entry);
+ }
+ if (entry->my_id && entry->other_id)
+ {
+ remove_connected_peers(this, entry);
+ }
+ if (entry->init_hash.ptr)
+ {
+ remove_init_hash(this, entry->init_hash);
+ }
+ remove_entry_at((private_enumerator_t*)enumerator);
+ entry_destroy(entry);
+ }
+ enumerator->destroy(enumerator);
+ charon->bus->set_sa(charon->bus, NULL);
+}
+
METHOD(ike_sa_manager_t, flush, void,
private_ike_sa_manager_t *this)
{
- /* destroy all list entries */
enumerator_t *enumerator;
entry_t *entry;
u_int segment;
@@ -2153,31 +2185,11 @@ METHOD(ike_sa_manager_t, flush, void,
DBG2(DBG_MGR, "destroy all entries");
/* Step 4: destroy all entries */
- enumerator = create_table_enumerator(this);
- while (enumerator->enumerate(enumerator, &entry, &segment))
- {
- charon->bus->set_sa(charon->bus, entry->ike_sa);
- if (entry->half_open)
- {
- remove_half_open(this, entry);
- }
- if (entry->my_id && entry->other_id)
- {
- remove_connected_peers(this, entry);
- }
- if (entry->init_hash.ptr)
- {
- remove_init_hash(this, entry->init_hash);
- }
- remove_entry_at((private_enumerator_t*)enumerator);
- entry_destroy(entry);
- }
- enumerator->destroy(enumerator);
- charon->bus->set_sa(charon->bus, NULL);
+ destroy_all_entries(this);
unlock_all_segments(this);
this->spi_lock->write_lock(this->spi_lock);
- this->rng->destroy(this->rng);
+ DESTROY_IF(this->rng);
this->rng = NULL;
this->spi_cb.cb = NULL;
this->spi_cb.data = NULL;
@@ -2189,7 +2201,11 @@ METHOD(ike_sa_manager_t, destroy, void,
{
u_int i;
- /* these are already cleared in flush() above */
+ /* in case new SAs were checked in after flush() was called */
+ lock_all_segments(this);
+ destroy_all_entries(this);
+ unlock_all_segments(this);
+
free(this->ike_sa_table);
free(this->half_open_table);
free(this->connected_peers_table);
diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h
index f1b7c25..4298c54 100644
--- a/src/libcharon/sa/ike_sa_manager.h
+++ b/src/libcharon/sa/ike_sa_manager.h
@@ -38,7 +38,7 @@ typedef struct ike_sa_manager_t ike_sa_manager_t;
* @param data data supplied during registration of the callback
* @return allocated SPI, 0 on failure
*/
-typedef u_int64_t (*spi_cb_t)(void *data);
+typedef uint64_t (*spi_cb_t)(void *data);
/**
* Manages and synchronizes access to all IKE_SAs.
@@ -147,7 +147,7 @@ struct ike_sa_manager_t {
* - checked out IKE_SA, if found
* - NULL, if not found
*/
- ike_sa_t* (*checkout_by_id) (ike_sa_manager_t* this, u_int32_t id);
+ ike_sa_t* (*checkout_by_id) (ike_sa_manager_t* this, uint32_t id);
/**
* Check out an IKE_SA by the policy/connection name.
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c
index e428966..be6b03b 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@@ -32,7 +32,7 @@ typedef struct private_keymat_v1_t private_keymat_v1_t;
*/
typedef struct {
/** message ID */
- u_int32_t mid;
+ uint32_t mid;
/** current IV */
chunk_t iv;
/** last block of encrypted message */
@@ -128,7 +128,7 @@ static void iv_data_destroy(iv_data_t *this)
*/
typedef struct {
/** message ID */
- u_int32_t mid;
+ uint32_t mid;
/** Ni_b (Nonce from first message) */
chunk_t n_i;
/** Nr_b (Nonce from second message) */
@@ -272,7 +272,7 @@ static bool expand_skeyid_e(chunk_t skeyid_e, size_t key_size, prf_t *prf,
static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e)
{
private_aead_t *this;
- u_int16_t alg, key_size;
+ uint16_t alg, key_size;
crypter_t *crypter;
chunk_t ka;
@@ -324,7 +324,7 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e)
/**
* Converts integrity algorithm to PRF algorithm
*/
-static u_int16_t auth_to_prf(u_int16_t alg)
+static uint16_t auth_to_prf(uint16_t alg)
{
switch (alg)
{
@@ -348,7 +348,7 @@ static u_int16_t auth_to_prf(u_int16_t alg)
/**
* Converts integrity algorithm to hash algorithm
*/
-static u_int16_t auth_to_hash(u_int16_t alg)
+static uint16_t auth_to_hash(uint16_t alg)
{
switch (alg)
{
@@ -370,7 +370,7 @@ static u_int16_t auth_to_hash(u_int16_t alg)
/**
* Adjust the key length for PRF algorithms that expect a fixed key length.
*/
-static void adjust_keylen(u_int16_t alg, chunk_t *key)
+static void adjust_keylen(uint16_t alg, chunk_t *key)
{
switch (alg)
{
@@ -393,10 +393,10 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
{
chunk_t g_xy, g_xi, g_xr, dh_me, spi_i, spi_r, nonces, data, skeyid_e;
chunk_t skeyid;
- u_int16_t alg;
+ uint16_t alg;
- spi_i = chunk_alloca(sizeof(u_int64_t));
- spi_r = chunk_alloca(sizeof(u_int64_t));
+ spi_i = chunk_alloca(sizeof(uint64_t));
+ spi_r = chunk_alloca(sizeof(uint64_t));
if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL))
{ /* no PRF negotiated, use HMAC version of integrity algorithm instead */
@@ -431,8 +431,8 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
}
DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &g_xy);
- *((u_int64_t*)spi_i.ptr) = id->get_initiator_spi(id);
- *((u_int64_t*)spi_r.ptr) = id->get_responder_spi(id);
+ *((uint64_t*)spi_i.ptr) = id->get_initiator_spi(id);
+ *((uint64_t*)spi_r.ptr) = id->get_responder_spi(id);
nonces = chunk_cata("cc", nonce_i, nonce_r);
switch (auth)
@@ -585,11 +585,11 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
METHOD(keymat_v1_t, derive_child_keys, bool,
private_keymat_v1_t *this, proposal_t *proposal, diffie_hellman_t *dh,
- u_int32_t spi_i, u_int32_t spi_r, chunk_t nonce_i, chunk_t nonce_r,
+ uint32_t spi_i, uint32_t spi_r, chunk_t nonce_i, chunk_t nonce_r,
chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r)
{
- u_int16_t enc_alg, int_alg, enc_size = 0, int_size = 0;
- u_int8_t protocol;
+ uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0;
+ uint8_t protocol;
prf_plus_t *prf_plus;
chunk_t seed, secret = chunk_empty;
bool success = FALSE;
@@ -725,7 +725,7 @@ failure:
METHOD(keymat_v1_t, create_hasher, bool,
private_keymat_v1_t *this, proposal_t *proposal)
{
- u_int16_t alg;
+ uint16_t alg;
if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL) ||
(alg = auth_to_hash(alg)) == HASH_UNKNOWN)
{
@@ -754,7 +754,7 @@ METHOD(keymat_v1_t, get_hash, bool,
ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id, chunk_t *hash)
{
chunk_t data;
- u_int64_t spi, spi_other;
+ uint64_t spi, spi_other;
/* HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b )
* HASH_R = prf(SKEYID, g^xr | g^xi | CKY-R | CKY-I | SAi_b | IDir_b )
@@ -810,7 +810,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator)
{
payload_t *payload, *next;
enumerator_t *enumerator;
- u_int32_t *lenpos;
+ uint32_t *lenpos;
if (message->is_encoded(message))
{ /* inbound, although the message is generated, we cannot access the
@@ -850,7 +850,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator)
* Try to find data about a Quick Mode with the given message ID,
* if none is found, state is generated.
*/
-static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid)
+static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, uint32_t mid)
{
enumerator_t *enumerator;
qm_data_t *qm, *found = NULL;
@@ -885,7 +885,7 @@ static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid)
METHOD(keymat_v1_t, get_hash_phase2, bool,
private_keymat_v1_t *this, message_t *message, chunk_t *hash)
{
- u_int32_t mid, mid_n;
+ uint32_t mid, mid_n;
chunk_t data = chunk_empty;
bool add_message = TRUE;
char *name = "Hash";
@@ -993,7 +993,7 @@ static bool generate_iv(private_keymat_v1_t *this, iv_data_t *iv)
else
{
/* initial phase 2 IV = hash(last_phase1_block | mid) */
- u_int32_t net;;
+ uint32_t net;;
chunk_t data;
net = htonl(iv->mid);
@@ -1014,7 +1014,7 @@ static bool generate_iv(private_keymat_v1_t *this, iv_data_t *iv)
/**
* Try to find an IV for the given message ID, if not found, generate it.
*/
-static iv_data_t *lookup_iv(private_keymat_v1_t *this, u_int32_t mid)
+static iv_data_t *lookup_iv(private_keymat_v1_t *this, uint32_t mid)
{
enumerator_t *enumerator;
iv_data_t *iv, *found = NULL;
@@ -1057,7 +1057,7 @@ static iv_data_t *lookup_iv(private_keymat_v1_t *this, u_int32_t mid)
}
METHOD(keymat_v1_t, get_iv, bool,
- private_keymat_v1_t *this, u_int32_t mid, chunk_t *out)
+ private_keymat_v1_t *this, uint32_t mid, chunk_t *out)
{
iv_data_t *iv;
@@ -1071,7 +1071,7 @@ METHOD(keymat_v1_t, get_iv, bool,
}
METHOD(keymat_v1_t, update_iv, bool,
- private_keymat_v1_t *this, u_int32_t mid, chunk_t last_block)
+ private_keymat_v1_t *this, uint32_t mid, chunk_t last_block)
{
iv_data_t *iv = lookup_iv(this, mid);
if (iv)
@@ -1084,7 +1084,7 @@ METHOD(keymat_v1_t, update_iv, bool,
}
METHOD(keymat_v1_t, confirm_iv, bool,
- private_keymat_v1_t *this, u_int32_t mid)
+ private_keymat_v1_t *this, uint32_t mid)
{
iv_data_t *iv = lookup_iv(this, mid);
if (iv)
diff --git a/src/libcharon/sa/ikev1/keymat_v1.h b/src/libcharon/sa/ikev1/keymat_v1.h
index cc9f3b3..46eeea8 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.h
+++ b/src/libcharon/sa/ikev1/keymat_v1.h
@@ -72,7 +72,7 @@ struct keymat_v1_t {
* @param integ_r allocated responders integrity key
*/
bool (*derive_child_keys)(keymat_v1_t *this, proposal_t *proposal,
- diffie_hellman_t *dh, u_int32_t spi_i, u_int32_t spi_r,
+ diffie_hellman_t *dh, uint32_t spi_i, uint32_t spi_r,
chunk_t nonce_i, chunk_t nonce_r,
chunk_t *encr_i, chunk_t *integ_i,
chunk_t *encr_r, chunk_t *integ_r);
@@ -127,7 +127,7 @@ struct keymat_v1_t {
* @param iv chunk receiving IV, internal data
* @return TRUE if IV allocated successfully
*/
- bool (*get_iv)(keymat_v1_t *this, u_int32_t mid, chunk_t *iv);
+ bool (*get_iv)(keymat_v1_t *this, uint32_t mid, chunk_t *iv);
/**
* Updates the IV for the next message with the given message ID.
@@ -141,7 +141,7 @@ struct keymat_v1_t {
* @param last_block last block of encrypted message (gets cloned)
* @return TRUE if IV updated successfully
*/
- bool (*update_iv)(keymat_v1_t *this, u_int32_t mid, chunk_t last_block);
+ bool (*update_iv)(keymat_v1_t *this, uint32_t mid, chunk_t last_block);
/**
* Confirms the updated IV for the given message ID.
@@ -152,7 +152,7 @@ struct keymat_v1_t {
* @param mid message ID
* @return TRUE if IV confirmed successfully
*/
- bool (*confirm_iv)(keymat_v1_t *this, u_int32_t mid);
+ bool (*confirm_iv)(keymat_v1_t *this, uint32_t mid);
};
/**
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 3c601a4..b0c4f5f 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2007-2015 Tobias Brunner
+ * Copyright (C) 2007-2016 Tobias Brunner
* Copyright (C) 2007-2011 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -67,7 +67,7 @@ struct exchange_t {
/**
* Message ID used for this transaction
*/
- u_int32_t mid;
+ uint32_t mid;
/**
* generated packet for retransmission
@@ -104,12 +104,12 @@ struct private_task_manager_t {
/**
* Message ID of the last response
*/
- u_int32_t mid;
+ uint32_t mid;
/**
* Hash of a previously received message
*/
- u_int32_t hash;
+ uint32_t hash;
/**
* packet(s) for retransmission
@@ -119,7 +119,7 @@ struct private_task_manager_t {
/**
* Sequence number of the last sent message
*/
- u_int32_t seqnr;
+ uint32_t seqnr;
/**
* how many times we have retransmitted so far
@@ -135,12 +135,12 @@ struct private_task_manager_t {
/**
* Message ID of the exchange
*/
- u_int32_t mid;
+ uint32_t mid;
/**
* Hashes of old responses we can ignore
*/
- u_int32_t old_hashes[MAX_OLD_HASHES];
+ uint32_t old_hashes[MAX_OLD_HASHES];
/**
* Position in old hash array
@@ -150,7 +150,7 @@ struct private_task_manager_t {
/**
* Sequence number of the last sent message
*/
- u_int32_t seqnr;
+ uint32_t seqnr;
/**
* how many times we have retransmitted so far
@@ -212,12 +212,12 @@ struct private_task_manager_t {
/**
* Sequence number for sending DPD requests
*/
- u_int32_t dpd_send;
+ uint32_t dpd_send;
/**
* Sequence number for received DPD requests
*/
- u_int32_t dpd_recv;
+ uint32_t dpd_recv;
};
/**
@@ -341,11 +341,11 @@ static bool generate_message(private_task_manager_t *this, message_t *message,
/**
* Retransmit a packet (or its fragments)
*/
-static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr,
+static status_t retransmit_packet(private_task_manager_t *this, uint32_t seqnr,
u_int mid, u_int retransmitted, array_t *packets)
{
packet_t *packet;
- u_int32_t t;
+ uint32_t t;
array_get(packets, 0, &packet);
if (retransmitted > this->retransmit_tries)
@@ -354,14 +354,15 @@ static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr,
charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, packet);
return DESTROY_ME;
}
- t = (u_int32_t)(this->retransmit_timeout * 1000.0 *
+ t = (uint32_t)(this->retransmit_timeout * 1000.0 *
pow(this->retransmit_base, retransmitted));
if (retransmitted)
{
DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u",
retransmitted, seqnr < RESPONDING_SEQ ? "request" : "response",
mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ);
- charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet);
+ charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet,
+ retransmitted);
}
send_packets(this, packets);
lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*)
@@ -370,7 +371,7 @@ static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr,
}
METHOD(task_manager_t, retransmit, status_t,
- private_task_manager_t *this, u_int32_t seqnr)
+ private_task_manager_t *this, uint32_t seqnr)
{
status_t status = SUCCESS;
@@ -514,26 +515,26 @@ METHOD(task_manager_t, initiate, status_t,
new_mid = TRUE;
break;
}
- if (!mode_config_expected(this) &&
- activate_task(this, TASK_QUICK_MODE))
+ if (activate_task(this, TASK_ISAKMP_DELETE))
{
- exchange = QUICK_MODE;
+ exchange = INFORMATIONAL_V1;
new_mid = TRUE;
break;
}
- if (activate_task(this, TASK_INFORMATIONAL))
+ if (activate_task(this, TASK_QUICK_DELETE))
{
exchange = INFORMATIONAL_V1;
new_mid = TRUE;
break;
}
- if (activate_task(this, TASK_QUICK_DELETE))
+ if (!mode_config_expected(this) &&
+ activate_task(this, TASK_QUICK_MODE))
{
- exchange = INFORMATIONAL_V1;
+ exchange = QUICK_MODE;
new_mid = TRUE;
break;
}
- if (activate_task(this, TASK_ISAKMP_DELETE))
+ if (activate_task(this, TASK_INFORMATIONAL))
{
exchange = INFORMATIONAL_V1;
new_mid = TRUE;
@@ -807,7 +808,7 @@ static void send_notify(private_task_manager_t *this, message_t *request,
message_t *response;
array_t *packets = NULL;
host_t *me, *other;
- u_int32_t mid;
+ uint32_t mid;
if (request->get_exchange_type(request) == INFORMATIONAL_V1)
{ /* don't respond to INFORMATIONAL requests to avoid a notify war */
@@ -857,7 +858,7 @@ static bool process_dpd(private_task_manager_t *this, message_t *message)
{
notify_payload_t *notify;
notify_type_t type;
- u_int32_t seq;
+ uint32_t seq;
chunk_t data;
type = DPD_R_U_THERE;
@@ -910,7 +911,7 @@ static bool process_dpd(private_task_manager_t *this, message_t *message)
* Check if we already have a quick mode task queued for the exchange with the
* given message ID
*/
-static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid)
+static bool have_quick_mode_task(private_task_manager_t *this, uint32_t mid)
{
enumerator_t *enumerator;
quick_mode_t *qm;
@@ -935,9 +936,9 @@ static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid)
}
/**
- * Check if we still have an aggressive mode task queued
+ * Check if we still have a specific task queued
*/
-static bool have_aggressive_mode_task(private_task_manager_t *this)
+static bool have_task_queued(private_task_manager_t *this, task_type_t type)
{
enumerator_t *enumerator;
task_t *task;
@@ -946,7 +947,7 @@ static bool have_aggressive_mode_task(private_task_manager_t *this)
enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
while (enumerator->enumerate(enumerator, &task))
{
- if (task->get_type(task) == TASK_AGGRESSIVE_MODE)
+ if (task->get_type(task) == type)
{
found = TRUE;
break;
@@ -1180,6 +1181,12 @@ static status_t process_response(private_task_manager_t *this,
}
enumerator->destroy(enumerator);
+ if (this->initiating.retransmitted)
+ {
+ packet_t *packet = NULL;
+ array_get(this->initiating.packets, 0, &packet);
+ charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet);
+ }
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
clear_packets(this->initiating.packets);
@@ -1305,7 +1312,7 @@ static status_t queue_message(private_task_manager_t *this, message_t *msg)
METHOD(task_manager_t, process_message, status_t,
private_task_manager_t *this, message_t *msg)
{
- u_int32_t hash, mid, i;
+ uint32_t hash, mid, i;
host_t *me, *other;
status_t status;
@@ -1405,7 +1412,7 @@ METHOD(task_manager_t, process_message, status_t,
/* drop XAuth/Mode Config/Quick Mode messages until we received the last
* Aggressive Mode message. since Informational messages are not
* retransmitted we queue them. */
- if (have_aggressive_mode_task(this))
+ if (have_task_queued(this, TASK_AGGRESSIVE_MODE))
{
if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
{
@@ -1427,6 +1434,13 @@ METHOD(task_manager_t, process_message, status_t,
return queue_message(this, msg);
}
+ /* some peers send INITIAL_CONTACT notifies during XAuth, cache it */
+ if (have_task_queued(this, TASK_XAUTH) &&
+ msg->get_exchange_type(msg) == INFORMATIONAL_V1)
+ {
+ return queue_message(this, msg);
+ }
+
msg->set_request(msg, TRUE);
charon->bus->message(charon->bus, msg, TRUE, FALSE);
status = parse_message(this, msg);
@@ -1499,8 +1513,8 @@ static bool has_queued(private_task_manager_t *this, task_type_t type)
return found;
}
-METHOD(task_manager_t, queue_task, void,
- private_task_manager_t *this, task_t *task)
+METHOD(task_manager_t, queue_task_delayed, void,
+ private_task_manager_t *this, task_t *task, uint32_t delay)
{
task_type_t type = task->get_type(task);
@@ -1521,6 +1535,12 @@ METHOD(task_manager_t, queue_task, void,
this->queued_tasks->insert_last(this->queued_tasks, task);
}
+METHOD(task_manager_t, queue_task, void,
+ private_task_manager_t *this, task_t *task)
+{
+ queue_task_delayed(this, task, 0);
+}
+
METHOD(task_manager_t, queue_ike, void,
private_task_manager_t *this)
{
@@ -1660,7 +1680,7 @@ METHOD(task_manager_t, queue_mobike, void,
}
METHOD(task_manager_t, queue_child, void,
- private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
+ private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid,
traffic_selector_t *tsi, traffic_selector_t *tsr)
{
quick_mode_t *task;
@@ -1739,7 +1759,7 @@ static traffic_selector_t* get_first_ts(child_sa_t *child_sa, bool local)
}
METHOD(task_manager_t, queue_child_rekey, void,
- private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
+ private_task_manager_t *this, protocol_id_t protocol, uint32_t spi)
{
child_sa_t *child_sa;
child_cfg_t *cfg;
@@ -1754,6 +1774,7 @@ METHOD(task_manager_t, queue_child_rekey, void,
{
if (is_redundant(this, child_sa))
{
+ child_sa->set_state(child_sa, CHILD_REKEYED);
queue_task(this, (task_t*)quick_delete_create(this->ike_sa,
protocol, spi, FALSE, FALSE));
}
@@ -1774,7 +1795,7 @@ METHOD(task_manager_t, queue_child_rekey, void,
}
METHOD(task_manager_t, queue_child_delete, void,
- private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi,
+ private_task_manager_t *this, protocol_id_t protocol, uint32_t spi,
bool expired)
{
queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol,
@@ -1785,7 +1806,7 @@ METHOD(task_manager_t, queue_dpd, void,
private_task_manager_t *this)
{
peer_cfg_t *peer_cfg;
- u_int32_t t, retransmit;
+ uint32_t t, retransmit;
queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE,
this->dpd_send++));
@@ -1798,7 +1819,7 @@ METHOD(task_manager_t, queue_dpd, void,
/* use the same timeout as a retransmitting IKE message would have */
for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++)
{
- t += (u_int32_t)(this->retransmit_timeout * 1000.0 *
+ t += (uint32_t)(this->retransmit_timeout * 1000.0 *
pow(this->retransmit_base, retransmit));
}
}
@@ -1871,7 +1892,7 @@ METHOD(task_manager_t, incr_mid, void,
}
METHOD(task_manager_t, reset, void,
- private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
+ private_task_manager_t *this, uint32_t initiate, uint32_t respond)
{
enumerator_t *enumerator;
task_t *task;
@@ -1960,6 +1981,7 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
.task_manager = {
.process_message = _process_message,
.queue_task = _queue_task,
+ .queue_task_delayed = _queue_task_delayed,
.queue_ike = _queue_ike,
.queue_ike_rekey = _queue_ike_rekey,
.queue_ike_reauth = _queue_ike_reauth,
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 710bf1c..9b5f676 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -77,7 +77,7 @@ struct private_aggressive_mode_t {
/**
* Negotiated SA lifetime
*/
- u_int32_t lifetime;
+ uint32_t lifetime;
/**
* Negotiated authentication method
@@ -164,7 +164,7 @@ static status_t send_notify(private_aggressive_mode_t *this, notify_type_t type)
{
notify_payload_t *notify;
ike_sa_id_t *ike_sa_id;
- u_int64_t spi_i, spi_r;
+ uint64_t spi_i, spi_r;
chunk_t spi;
notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY,
@@ -219,7 +219,7 @@ METHOD(task_t, build_i, status_t,
linked_list_t *proposals;
identification_t *id;
packet_t *packet;
- u_int16_t group;
+ uint16_t group;
DBG0(DBG_IKE, "initiating Aggressive Mode IKE_SA %s[%d] to %H",
this->ike_sa->get_name(this->ike_sa),
@@ -377,7 +377,8 @@ METHOD(task_t, process_r, status_t,
id_payload_t *id_payload;
identification_t *id;
linked_list_t *list;
- u_int16_t group;
+ uint16_t group;
+ bool prefer_configured;
this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
DBG0(DBG_IKE, "%H is initiating a Aggressive Mode IKE_SA",
@@ -401,8 +402,10 @@ METHOD(task_t, process_r, status_t,
}
list = sa_payload->get_proposals(sa_payload);
+ prefer_configured = lib->settings->get_bool(lib->settings,
+ "%s.prefer_configured_proposals", TRUE, lib->ns);
this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
- list, FALSE);
+ list, FALSE, prefer_configured);
list->destroy_offset(list, offsetof(proposal_t, destroy));
if (!this->proposal)
{
@@ -629,7 +632,7 @@ METHOD(task_t, process_i, status_t,
id_payload_t *id_payload;
identification_t *id, *cid;
linked_list_t *list;
- u_int32_t lifetime;
+ uint32_t lifetime;
sa_payload = (sa_payload_t*)message->get_payload(message,
PLV1_SECURITY_ASSOCIATION);
@@ -640,7 +643,7 @@ METHOD(task_t, process_i, status_t,
}
list = sa_payload->get_proposals(sa_payload);
this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
- list, FALSE);
+ list, FALSE, TRUE);
list->destroy_offset(list, offsetof(proposal_t, destroy));
if (!this->proposal)
{
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c
index a56805a..df0293d 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c
@@ -81,7 +81,7 @@ METHOD(task_t, process_r, status_t,
payload_t *payload;
delete_payload_t *delete_payload;
ike_sa_id_t *id;
- u_int64_t spi_i, spi_r;
+ uint64_t spi_i, spi_r;
bool found = FALSE;
/* some peers send DELETE payloads for other IKE_SAs, e.g. those for expired
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c
index 5522e92..840d352 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c
@@ -33,7 +33,7 @@ struct private_isakmp_dpd_t {
/**
* Sequence number.
*/
- u_int32_t seqnr;
+ uint32_t seqnr;
/**
* DPD notify type
@@ -51,8 +51,8 @@ METHOD(task_t, build, status_t,
{
notify_payload_t *notify;
ike_sa_id_t *ike_sa_id;
- u_int64_t spi_i, spi_r;
- u_int32_t seqnr;
+ uint64_t spi_i, spi_r;
+ uint32_t seqnr;
chunk_t spi;
notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY,
@@ -100,7 +100,7 @@ METHOD(task_t, destroy, void,
* Described in header.
*/
isakmp_dpd_t *isakmp_dpd_create(ike_sa_t *ike_sa, notify_type_t type,
- u_int32_t seqnr)
+ uint32_t seqnr)
{
private_isakmp_dpd_t *this;
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h
index 06a0175..9a69b42 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h
@@ -47,6 +47,6 @@ struct isakmp_dpd_t {
* @return ISAKMP_DPD task to handle by the task_manager
*/
isakmp_dpd_t *isakmp_dpd_create(ike_sa_t *ike_sa, notify_type_t type,
- u_int32_t seqnr);
+ uint32_t seqnr);
#endif /** ISAKMP_DPD_H_ @}*/
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
index cb1a313..d17948c 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
@@ -129,8 +129,8 @@ static chunk_t generate_natd_hash(private_isakmp_natd_t *this,
{
hasher_t *hasher;
chunk_t natd_chunk, natd_hash;
- u_int64_t spi_i, spi_r;
- u_int16_t port;
+ uint64_t spi_i, spi_r;
+ uint16_t port;
hasher = this->keymat->get_hasher(this->keymat);
if (!hasher)
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index 0162fd8..f28b83e 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -170,7 +170,7 @@ static struct {
* for fragmentation of base ISAKMP messages (Cisco adds that and thus sends
* 0xc0000000)
*/
-static const u_int32_t fragmentation_ike = 0x80000000;
+static const uint32_t fragmentation_ike = 0x80000000;
static bool is_known_vid(chunk_t data, int i)
{
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 3ea4a2a..628ea0d 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -77,7 +77,7 @@ struct private_main_mode_t {
/**
* Negotiated SA lifetime
*/
- u_int32_t lifetime;
+ uint32_t lifetime;
/**
* Negotiated authentication method
@@ -173,7 +173,7 @@ static status_t send_notify(private_main_mode_t *this, notify_type_t type)
{
notify_payload_t *notify;
ike_sa_id_t *ike_sa_id;
- u_int64_t spi_i, spi_r;
+ uint64_t spi_i, spi_r;
chunk_t spi;
notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY,
@@ -215,7 +215,7 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message,
host_t *host;
notify_payload_t *notify;
ike_sa_id_t *ike_sa_id;
- u_int64_t spi_i, spi_r;
+ uint64_t spi_i, spi_r;
chunk_t spi;
idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE);
@@ -303,7 +303,7 @@ METHOD(task_t, build_i, status_t,
}
case MM_SA:
{
- u_int16_t group;
+ uint16_t group;
if (!this->ph1->create_hasher(this->ph1))
{
@@ -367,7 +367,7 @@ METHOD(task_t, process_r, status_t,
{
linked_list_t *list;
sa_payload_t *sa_payload;
- bool private;
+ bool private, prefer_configured;
this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
DBG0(DBG_IKE, "%H is initiating a Main Mode IKE_SA",
@@ -392,9 +392,11 @@ METHOD(task_t, process_r, status_t,
list = sa_payload->get_proposals(sa_payload);
private = this->ike_sa->supports_extension(this->ike_sa,
- EXT_STRONGSWAN);
+ EXT_STRONGSWAN);
+ prefer_configured = lib->settings->get_bool(lib->settings,
+ "%s.prefer_configured_proposals", TRUE, lib->ns);
this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
- list, private);
+ list, private, prefer_configured);
list->destroy_offset(list, offsetof(proposal_t, destroy));
if (!this->proposal)
{
@@ -411,7 +413,7 @@ METHOD(task_t, process_r, status_t,
}
case MM_SA:
{
- u_int16_t group;
+ uint16_t group;
if (!this->ph1->create_hasher(this->ph1))
{
@@ -627,7 +629,7 @@ METHOD(task_t, process_i, status_t,
linked_list_t *list;
sa_payload_t *sa_payload;
auth_method_t method;
- u_int32_t lifetime;
+ uint32_t lifetime;
bool private;
sa_payload = (sa_payload_t*)message->get_payload(message,
@@ -641,7 +643,7 @@ METHOD(task_t, process_i, status_t,
private = this->ike_sa->supports_extension(this->ike_sa,
EXT_STRONGSWAN);
this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
- list, private);
+ list, private, TRUE);
list->destroy_offset(list, offsetof(proposal_t, destroy));
if (!this->proposal)
{
diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c
index b9f9240..7098d24 100644
--- a/src/libcharon/sa/ikev1/tasks/mode_config.c
+++ b/src/libcharon/sa/ikev1/tasks/mode_config.c
@@ -58,7 +58,7 @@ struct private_mode_config_t {
/**
* Identifier to include in response
*/
- u_int16_t identifier;
+ uint16_t identifier;
};
/**
diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c
index ade59a2..66ef508 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_delete.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c
@@ -69,7 +69,7 @@ struct private_quick_delete_t {
/**
* Inbound SPI of CHILD_SA to delete
*/
- u_int32_t spi;
+ uint32_t spi;
/**
* Send delete even if SA does not exist
@@ -86,9 +86,9 @@ struct private_quick_delete_t {
* Delete the specified CHILD_SA, if found
*/
static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol,
- u_int32_t spi, bool remote_close)
+ uint32_t spi, bool remote_close)
{
- u_int64_t bytes_in, bytes_out;
+ uint64_t bytes_in, bytes_out;
child_sa_t *child_sa;
linked_list_t *my_ts, *other_ts;
child_cfg_t *child_cfg;
@@ -200,7 +200,7 @@ METHOD(task_t, process_r, status_t,
payload_t *payload;
delete_payload_t *delete_payload;
protocol_id_t protocol;
- u_int32_t spi;
+ uint32_t spi;
payloads = message->create_payload_enumerator(message);
while (payloads->enumerate(payloads, &payload))
@@ -260,7 +260,7 @@ METHOD(task_t, destroy, void,
* Described in header.
*/
quick_delete_t *quick_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol,
- u_int32_t spi, bool force, bool expired)
+ uint32_t spi, bool force, bool expired)
{
private_quick_delete_t *this;
diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.h b/src/libcharon/sa/ikev1/tasks/quick_delete.h
index 4df30c8..6227b36 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_delete.h
+++ b/src/libcharon/sa/ikev1/tasks/quick_delete.h
@@ -50,6 +50,6 @@ struct quick_delete_t {
* @return quick_delete task to handle by the task_manager
*/
quick_delete_t *quick_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol,
- u_int32_t spi, bool force, bool expired);
+ uint32_t spi, bool force, bool expired);
#endif /** QUICK_DELETE_H_ @}*/
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index b4fe046..bbd1cb0 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -98,22 +98,22 @@ struct private_quick_mode_t {
/**
* Initiators ESP SPI
*/
- u_int32_t spi_i;
+ uint32_t spi_i;
/**
* Responder ESP SPI
*/
- u_int32_t spi_r;
+ uint32_t spi_r;
/**
* Initiators IPComp CPI
*/
- u_int16_t cpi_i;
+ uint16_t cpi_i;
/**
* Responders IPComp CPI
*/
- u_int16_t cpi_r;
+ uint16_t cpi_r;
/**
* selected CHILD_SA proposal
@@ -143,17 +143,17 @@ struct private_quick_mode_t {
/**
* Negotiated lifetime of new SA
*/
- u_int32_t lifetime;
+ uint32_t lifetime;
/**
- * Negotaited lifebytes of new SA
+ * Negotiated lifebytes of new SA
*/
- u_int64_t lifebytes;
+ uint64_t lifebytes;
/**
* Reqid to use, 0 for auto-allocate
*/
- u_int32_t reqid;
+ uint32_t reqid;
/**
* Explicit inbound mark value to use, if any
@@ -168,7 +168,7 @@ struct private_quick_mode_t {
/**
* SPI of SA we rekey
*/
- u_int32_t rekey;
+ uint32_t rekey;
/**
* Delete old child after successful rekey
@@ -193,7 +193,7 @@ struct private_quick_mode_t {
/**
* Message ID of handled quick mode exchange
*/
- u_int32_t mid;
+ uint32_t mid;
/** states of quick mode */
enum {
@@ -207,7 +207,7 @@ struct private_quick_mode_t {
*/
static void schedule_inactivity_timeout(private_quick_mode_t *this)
{
- u_int32_t timeout;
+ uint32_t timeout;
bool close_ike;
timeout = this->config->get_inactivity(this->config);
@@ -722,12 +722,12 @@ static void get_lifetimes(private_quick_mode_t *this)
{
lifetime_cfg_t *lft;
- lft = this->config->get_lifetime(this->config);
+ lft = this->config->get_lifetime(this->config, TRUE);
if (lft->time.life)
{
this->lifetime = lft->time.life;
}
- else if (lft->bytes.life)
+ if (lft->bytes.life)
{
this->lifebytes = lft->bytes.life;
}
@@ -739,8 +739,8 @@ static void get_lifetimes(private_quick_mode_t *this)
*/
static void apply_lifetimes(private_quick_mode_t *this, sa_payload_t *sa_payload)
{
- u_int32_t lifetime;
- u_int64_t lifebytes;
+ uint32_t lifetime;
+ uint64_t lifebytes;
lifetime = sa_payload->get_lifetime(sa_payload);
lifebytes = sa_payload->get_lifebytes(sa_payload);
@@ -863,7 +863,7 @@ METHOD(task_t, build_i, status_t,
if (group != MODP_NONE)
{
proposal_t *proposal;
- u_int16_t preferred_group;
+ uint16_t preferred_group;
proposal = this->ike_sa->get_proposal(this->ike_sa);
proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP,
@@ -1007,7 +1007,6 @@ static void check_for_rekeyed_child(private_quick_mode_t *this)
{
case CHILD_INSTALLED:
case CHILD_REKEYING:
- case CHILD_REKEYED:
policies = child_sa->create_policy_enumerator(child_sa);
if (policies->enumerate(policies, &local, &remote) &&
local->equals(local, this->tsr) &&
@@ -1026,9 +1025,10 @@ static void check_for_rekeyed_child(private_quick_mode_t *this)
child_sa->get_unique_id(child_sa));
}
policies->destroy(policies);
- break;
- default:
- break;
+ break;
+ case CHILD_REKEYED:
+ default:
+ break;
}
}
}
@@ -1050,8 +1050,8 @@ METHOD(task_t, process_r, status_t,
sa_payload_t *sa_payload;
linked_list_t *tsi, *tsr, *hostsi, *hostsr, *list = NULL;
peer_cfg_t *peer_cfg;
- u_int16_t group;
- bool private;
+ uint16_t group;
+ bool private, prefer_configured;
sa_payload = (sa_payload_t*)message->get_payload(message,
PLV1_SECURITY_ASSOCIATION);
@@ -1109,8 +1109,10 @@ METHOD(task_t, process_r, status_t,
}
private = this->ike_sa->supports_extension(this->ike_sa,
EXT_STRONGSWAN);
- this->proposal = this->config->select_proposal(this->config,
- list, FALSE, private);
+ prefer_configured = lib->settings->get_bool(lib->settings,
+ "%s.prefer_configured_proposals", TRUE, lib->ns);
+ this->proposal = this->config->select_proposal(this->config, list,
+ FALSE, private, prefer_configured);
list->destroy_offset(list, offsetof(proposal_t, destroy));
get_lifetimes(this);
@@ -1323,8 +1325,8 @@ METHOD(task_t, process_i, status_t,
}
private = this->ike_sa->supports_extension(this->ike_sa,
EXT_STRONGSWAN);
- this->proposal = this->config->select_proposal(this->config,
- list, FALSE, private);
+ this->proposal = this->config->select_proposal(this->config, list,
+ FALSE, private, TRUE);
list->destroy_offset(list, offsetof(proposal_t, destroy));
if (!this->proposal)
{
@@ -1365,14 +1367,14 @@ METHOD(task_t, get_type, task_type_t,
return TASK_QUICK_MODE;
}
-METHOD(quick_mode_t, get_mid, u_int32_t,
+METHOD(quick_mode_t, get_mid, uint32_t,
private_quick_mode_t *this)
{
return this->mid;
}
METHOD(quick_mode_t, use_reqid, void,
- private_quick_mode_t *this, u_int32_t reqid)
+ private_quick_mode_t *this, uint32_t reqid)
{
this->reqid = reqid;
}
@@ -1385,7 +1387,7 @@ METHOD(quick_mode_t, use_marks, void,
}
METHOD(quick_mode_t, rekey, void,
- private_quick_mode_t *this, u_int32_t spi)
+ private_quick_mode_t *this, uint32_t spi)
{
this->rekey = spi;
}
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.h b/src/libcharon/sa/ikev1/tasks/quick_mode.h
index 062d634..fe68456 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.h
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.h
@@ -46,14 +46,14 @@ struct quick_mode_t {
*
* @return message ID, or 0 (not defined yet or as initiator)
*/
- u_int32_t (*get_mid)(quick_mode_t *this);
+ uint32_t (*get_mid)(quick_mode_t *this);
/**
* Use a specific reqid to install this CHILD_SA.
*
* @param reqid reqid to use
*/
- void (*use_reqid)(quick_mode_t *this, u_int32_t reqid);
+ void (*use_reqid)(quick_mode_t *this, uint32_t reqid);
/**
* Use specific mark values, overriding configuration.
@@ -68,7 +68,7 @@ struct quick_mode_t {
*
* @param spi spi of SA to rekey
*/
- void (*rekey)(quick_mode_t *this, u_int32_t spi);
+ void (*rekey)(quick_mode_t *this, uint32_t spi);
};
/**
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index ecdfc78..968b438 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -68,7 +68,7 @@ struct private_xauth_t {
/**
* received identifier
*/
- u_int16_t identifier;
+ uint16_t identifier;
/**
* status of Xauth exchange
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index 91f6187..3ab59fa 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -104,7 +104,7 @@ struct private_eap_authenticator_t {
* load an EAP method
*/
static eap_method_t *load_method(private_eap_authenticator_t *this,
- eap_type_t type, u_int32_t vendor, eap_role_t role)
+ eap_type_t type, uint32_t vendor, eap_role_t role)
{
identification_t *server, *peer, *aaa;
auth_cfg_t *auth;
@@ -143,7 +143,7 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this,
auth_cfg_t *auth;
eap_type_t type;
identification_t *id;
- u_int32_t vendor;
+ uint32_t vendor;
eap_payload_t *out;
char *action;
@@ -237,7 +237,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
eap_payload_t *in)
{
eap_type_t type, received_type, conf_type;
- u_int32_t vendor, received_vendor, conf_vendor;
+ uint32_t vendor, received_vendor, conf_vendor;
eap_payload_t *out;
auth_cfg_t *auth;
@@ -341,7 +341,7 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this,
eap_payload_t *in)
{
eap_type_t type, conf_type;
- u_int32_t vendor, conf_vendor;
+ uint32_t vendor, conf_vendor;
auth_cfg_t *auth;
eap_payload_t *out;
identification_t *id;
@@ -449,7 +449,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
auth_cfg_t *auth;
keymat_v2_t *keymat;
eap_type_t type;
- u_int32_t vendor;
+ uint32_t vendor;
auth_payload = (auth_payload_t*)message->get_payload(message,
PLV2_AUTH);
@@ -595,7 +595,7 @@ METHOD(authenticator_t, process_client, status_t,
}
if (this->require_mutual && !this->method->is_mutual(this->method))
{ /* we require mutual authentication due to EAP-only */
- u_int32_t vendor;
+ uint32_t vendor;
DBG1(DBG_IKE, "EAP-only authentication requires a mutual and "
"MSK deriving EAP method, but %N is not",
@@ -623,7 +623,7 @@ METHOD(authenticator_t, process_client, status_t,
case EAP_SUCCESS:
{
eap_type_t type;
- u_int32_t vendor;
+ uint32_t vendor;
auth_cfg_t *cfg;
if (this->method->get_msk(this->method, &this->msk) == SUCCESS)
@@ -685,7 +685,7 @@ METHOD(authenticator_t, is_mutual, bool,
{
if (this->method)
{
- u_int32_t vendor;
+ uint32_t vendor;
if (this->method->get_type(this->method, &vendor) != EAP_IDENTITY ||
vendor != 0)
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 04ccd4f..6fd34e0 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -63,7 +63,7 @@ struct private_pubkey_authenticator_t {
static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type,
signature_scheme_t *scheme)
{
- u_int8_t len;
+ uint8_t len;
int oid;
if (!auth_data->len)
@@ -91,7 +91,7 @@ static bool build_signature_auth_data(chunk_t *auth_data,
signature_scheme_t scheme)
{
chunk_t data;
- u_int8_t len;
+ uint8_t len;
int oid;
oid = signature_scheme_to_oid(scheme);
diff --git a/src/libcharon/sa/ikev2/connect_manager.c b/src/libcharon/sa/ikev2/connect_manager.c
index 161c4fd..280796d 100644
--- a/src/libcharon/sa/ikev2/connect_manager.c
+++ b/src/libcharon/sa/ikev2/connect_manager.c
@@ -92,10 +92,10 @@ typedef struct endpoint_pair_t endpoint_pair_t;
*/
struct endpoint_pair_t {
/** pair id */
- u_int32_t id;
+ uint32_t id;
/** priority */
- u_int64_t priority;
+ uint64_t priority;
/** local endpoint */
host_t *local;
@@ -107,7 +107,7 @@ struct endpoint_pair_t {
check_state_t state;
/** number of retransmissions */
- u_int32_t retransmitted;
+ uint32_t retransmitted;
/** the generated packet */
packet_t *packet;
@@ -132,8 +132,8 @@ static endpoint_pair_t *endpoint_pair_create(endpoint_notify_t *initiator,
{
endpoint_pair_t *this;
- u_int32_t pi = initiator->get_priority(initiator);
- u_int32_t pr = responder->get_priority(responder);
+ uint32_t pi = initiator->get_priority(initiator);
+ uint32_t pr = responder->get_priority(responder);
INIT(this,
.priority = pow(2, 32) * min(pi, pr) + 2 * max(pi, pr)
@@ -313,7 +313,7 @@ typedef struct check_t check_t;
*/
struct check_t {
/** message id */
- u_int32_t mid;
+ uint32_t mid;
/** source of the connectivity check */
host_t *src;
@@ -375,7 +375,7 @@ struct callback_data_t {
chunk_t connect_id;
/** message (pair) id */
- u_int32_t mid;
+ uint32_t mid;
};
/**
@@ -406,7 +406,7 @@ static callback_data_t *callback_data_create(private_connect_manager_t *connect_
* Creates a new retransmission data object
*/
static callback_data_t *retransmit_data_create(private_connect_manager_t *connect_manager,
- chunk_t connect_id, u_int32_t mid)
+ chunk_t connect_id, uint32_t mid)
{
callback_data_t *this = callback_data_create(connect_manager, connect_id);
this->mid = mid;
@@ -576,7 +576,7 @@ static status_t get_pair_by_hosts(linked_list_t *pairs, host_t *local,
(void**)pair, local, remote);
}
-static bool match_pair_by_id(endpoint_pair_t *current, u_int32_t *id)
+static bool match_pair_by_id(endpoint_pair_t *current, uint32_t *id)
{
return current->id == *id;
}
@@ -584,7 +584,7 @@ static bool match_pair_by_id(endpoint_pair_t *current, u_int32_t *id)
/**
* Searches for a pair with a specific id
*/
-static status_t get_pair_by_id(check_list_t *checklist, u_int32_t id,
+static status_t get_pair_by_id(check_list_t *checklist, uint32_t id,
endpoint_pair_t **pair)
{
return checklist->pairs->find_first(checklist->pairs,
@@ -669,7 +669,7 @@ static void prune_pairs(linked_list_t *pairs)
{
enumerator_t *enumerator, *search;
endpoint_pair_t *current, *other;
- u_int32_t id = 0;
+ uint32_t id = 0;
enumerator = pairs->create_enumerator(pairs);
search = pairs->create_enumerator(pairs);
@@ -826,7 +826,7 @@ static status_t process_payloads(message_t *message, check_t *check)
static chunk_t build_signature(private_connect_manager_t *this,
check_list_t *checklist, check_t *check, bool outbound)
{
- u_int32_t mid;
+ uint32_t mid;
chunk_t mid_chunk, key_chunk, sig_chunk;
chunk_t sig_hash;
@@ -851,7 +851,7 @@ static chunk_t build_signature(private_connect_manager_t *this,
}
static void queue_retransmission(private_connect_manager_t *this, check_list_t *checklist, endpoint_pair_t *pair);
-static void schedule_checks(private_connect_manager_t *this, check_list_t *checklist, u_int32_t time);
+static void schedule_checks(private_connect_manager_t *this, check_list_t *checklist, uint32_t time);
static void finish_checks(private_connect_manager_t *this, check_list_t *checklist);
/**
@@ -1019,11 +1019,11 @@ static void queue_retransmission(private_connect_manager_t *this, check_list_t *
job = (job_t*)callback_job_create((callback_job_cb_t)retransmit, data,
(callback_job_cleanup_t)callback_data_destroy, NULL);
- u_int32_t retransmission = pair->retransmitted + 1;
- u_int32_t rto = ME_INTERVAL;
+ uint32_t retransmission = pair->retransmitted + 1;
+ uint32_t rto = ME_INTERVAL;
if (retransmission > ME_BOOST)
{
- rto = (u_int32_t)(ME_INTERVAL * pow(ME_RETRANS_BASE, retransmission - ME_BOOST));
+ rto = (uint32_t)(ME_INTERVAL * pow(ME_RETRANS_BASE, retransmission - ME_BOOST));
}
DBG2(DBG_IKE, "scheduling retransmission %d of pair '%d' in %dms",
retransmission, pair->id, rto);
@@ -1165,7 +1165,7 @@ static job_requeue_t sender(callback_data_t *data)
* Schedules checks for a checklist (time in ms)
*/
static void schedule_checks(private_connect_manager_t *this,
- check_list_t *checklist, u_int32_t time)
+ check_list_t *checklist, uint32_t time)
{
callback_data_t *data = callback_data_create(this, checklist->connect_id);
checklist->sender = (job_t*)callback_job_create((callback_job_cb_t)sender,
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 55cb5dd..e373998 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -99,8 +99,8 @@ METHOD(keymat_t, create_nonce_gen, nonce_gen_t*,
/**
* Derive IKE keys for a combined AEAD algorithm
*/
-static bool derive_ike_aead(private_keymat_v2_t *this, u_int16_t alg,
- u_int16_t key_size, prf_plus_t *prf_plus)
+static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg,
+ uint16_t key_size, prf_plus_t *prf_plus)
{
aead_t *aead_i, *aead_r;
chunk_t key = chunk_empty;
@@ -189,8 +189,8 @@ failure:
/**
* Derive IKE keys for traditional encryption and MAC algorithms
*/
-static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
- u_int16_t enc_size, u_int16_t int_alg, prf_plus_t *prf_plus)
+static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
+ uint16_t enc_size, uint16_t int_alg, prf_plus_t *prf_plus)
{
crypter_t *crypter_i = NULL, *crypter_r = NULL;
signer_t *signer_i, *signer_r;
@@ -302,11 +302,11 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
chunk_t spi_i, spi_r;
prf_plus_t *prf_plus = NULL;
- u_int16_t alg, key_size, int_alg;
+ uint16_t alg, key_size, int_alg;
prf_t *rekey_prf = NULL;
- spi_i = chunk_alloca(sizeof(u_int64_t));
- spi_r = chunk_alloca(sizeof(u_int64_t));
+ spi_i = chunk_alloca(sizeof(uint64_t));
+ spi_r = chunk_alloca(sizeof(uint64_t));
if (!dh->get_shared_secret(dh, &secret))
{
@@ -354,8 +354,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
break;
}
fixed_nonce = chunk_cat("cc", nonce_i, nonce_r);
- *((u_int64_t*)spi_i.ptr) = id->get_initiator_spi(id);
- *((u_int64_t*)spi_r.ptr) = id->get_responder_spi(id);
+ *((uint64_t*)spi_i.ptr) = id->get_initiator_spi(id);
+ *((uint64_t*)spi_r.ptr) = id->get_responder_spi(id);
prf_plus_seed = chunk_cat("ccc", full_nonce, spi_i, spi_r);
/* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr)
@@ -489,7 +489,7 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
chunk_t *encr_r, chunk_t *integ_r)
{
- u_int16_t enc_alg, int_alg, enc_size = 0, int_size = 0;
+ uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0;
chunk_t seed, secret = chunk_empty;
prf_plus_t *prf_plus;
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index c2f972a..41a4e1b 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2007-2015 Tobias Brunner
+ * Copyright (C) 2007-2016 Tobias Brunner
* Copyright (C) 2007-2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -43,30 +43,14 @@
#include <encoding/payloads/unknown_payload.h>
#include <processing/jobs/retransmit_job.h>
#include <processing/jobs/delete_ike_sa_job.h>
+#include <processing/jobs/initiate_tasks_job.h>
#ifdef ME
#include <sa/ikev2/tasks/ike_me.h>
#endif
-typedef struct exchange_t exchange_t;
-
-/**
- * An exchange in the air, used do detect and handle retransmission
- */
-struct exchange_t {
-
- /**
- * Message ID used for this transaction
- */
- u_int32_t mid;
-
- /**
- * generated packet for retransmission
- */
- packet_t *packet;
-};
-
typedef struct private_task_manager_t private_task_manager_t;
+typedef struct queued_task_t queued_task_t;
/**
* private data of the task manager
@@ -90,7 +74,7 @@ struct private_task_manager_t {
/**
* Message ID of the exchange
*/
- u_int32_t mid;
+ uint32_t mid;
/**
* packet(s) for retransmission
@@ -111,7 +95,7 @@ struct private_task_manager_t {
/**
* Message ID of the exchange
*/
- u_int32_t mid;
+ uint32_t mid;
/**
* how many times we have retransmitted so far
@@ -182,6 +166,22 @@ struct private_task_manager_t {
};
/**
+ * Queued tasks
+ */
+struct queued_task_t {
+
+ /**
+ * Queued task
+ */
+ task_t *task;
+
+ /**
+ * Time before which the task is not to be initiated
+ */
+ timeval_t time;
+};
+
+/**
* Reset retransmission packet list
*/
static void clear_packets(array_t *array)
@@ -216,6 +216,12 @@ METHOD(task_manager_t, flush_queue, void,
}
while (array_remove(array, ARRAY_TAIL, &task))
{
+ if (queue == TASK_QUEUE_QUEUED)
+ {
+ queued_task_t *queued = (queued_task_t*)task;
+ task = queued->task;
+ free(queued);
+ }
task->destroy(task);
}
}
@@ -229,22 +235,28 @@ METHOD(task_manager_t, flush, void,
}
/**
- * move a task of a specific type from the queue to the active list
+ * Move a task of a specific type from the queue to the active list, if it is
+ * not delayed.
*/
static bool activate_task(private_task_manager_t *this, task_type_t type)
{
enumerator_t *enumerator;
- task_t *task;
+ queued_task_t *queued;
+ timeval_t now;
bool found = FALSE;
+ time_monotonic(&now);
+
enumerator = array_create_enumerator(this->queued_tasks);
- while (enumerator->enumerate(enumerator, (void**)&task))
+ while (enumerator->enumerate(enumerator, (void**)&queued))
{
- if (task->get_type(task) == type)
+ if (queued->task->get_type(queued->task) == type &&
+ !timercmp(&now, &queued->time, <))
{
DBG2(DBG_IKE, " activating %N task", task_type_names, type);
array_remove_at(this->queued_tasks, enumerator);
- array_insert(this->active_tasks, ARRAY_TAIL, task);
+ array_insert(this->active_tasks, ARRAY_TAIL, queued->task);
+ free(queued);
found = TRUE;
break;
}
@@ -303,12 +315,12 @@ static bool generate_message(private_task_manager_t *this, message_t *message,
}
METHOD(task_manager_t, retransmit, status_t,
- private_task_manager_t *this, u_int32_t message_id)
+ private_task_manager_t *this, uint32_t message_id)
{
if (message_id == this->initiating.mid &&
array_count(this->initiating.packets))
{
- u_int32_t timeout;
+ uint32_t timeout;
job_t *job;
enumerator_t *enumerator;
packet_t *packet;
@@ -336,7 +348,7 @@ METHOD(task_manager_t, retransmit, status_t,
{
if (this->initiating.retransmitted <= this->retransmit_tries)
{
- timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 *
+ timeout = (uint32_t)(this->retransmit_timeout * 1000.0 *
pow(this->retransmit_base, this->initiating.retransmitted));
}
else
@@ -352,7 +364,8 @@ METHOD(task_manager_t, retransmit, status_t,
{
DBG1(DBG_IKE, "retransmit %d of request with message ID %d",
this->initiating.retransmitted, message_id);
- charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet);
+ charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet,
+ this->initiating.retransmitted);
}
if (!mobike)
{
@@ -534,6 +547,7 @@ METHOD(task_manager_t, initiate, status_t,
break;
}
case IKE_REKEYING:
+ case IKE_REKEYED:
if (activate_task(this, TASK_IKE_DELETE))
{
exchange = INFORMATIONAL;
@@ -610,7 +624,8 @@ METHOD(task_manager_t, initiate, status_t,
case FAILED:
default:
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
- if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
+ if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING &&
+ this->ike_sa->get_state(this->ike_sa) != IKE_REKEYED)
{
charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
}
@@ -694,6 +709,13 @@ static status_t process_response(private_task_manager_t *this,
}
enumerator->destroy(enumerator);
+ if (this->initiating.retransmitted)
+ {
+ packet_t *packet = NULL;
+ array_get(this->initiating.packets, 0, &packet);
+ charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet);
+ }
+
/* catch if we get resetted while processing */
this->reset = FALSE;
enumerator = array_create_enumerator(this->active_tasks);
@@ -751,8 +773,7 @@ static bool handle_collisions(private_task_manager_t *this, task_t *task)
/* do we have to check */
if (type == TASK_IKE_REKEY || type == TASK_CHILD_REKEY ||
- type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE ||
- type == TASK_IKE_REAUTH)
+ type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE)
{
/* find an exchange collision, and notify these tasks */
enumerator = array_create_enumerator(this->active_tasks);
@@ -761,8 +782,7 @@ static bool handle_collisions(private_task_manager_t *this, task_t *task)
switch (active->get_type(active))
{
case TASK_IKE_REKEY:
- if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE ||
- type == TASK_IKE_REAUTH)
+ if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE)
{
ike_rekey_t *rekey = (ike_rekey_t*)active;
rekey->collide(rekey, task);
@@ -799,7 +819,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
host_t *me, *other;
bool delete = FALSE, hook = FALSE;
ike_sa_id_t *id = NULL;
- u_int64_t responder_spi = 0;
+ uint64_t responder_spi = 0;
bool result;
me = request->get_destination(request);
@@ -839,6 +859,10 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
/* FALL */
case DESTROY_ME:
/* destroy IKE_SA, but SEND response first */
+ if (handle_collisions(this, task))
+ {
+ array_remove_at(this->passive_tasks, enumerator);
+ }
delete = TRUE;
break;
}
@@ -901,9 +925,11 @@ static status_t process_request(private_task_manager_t *this,
payload_t *payload;
notify_payload_t *notify;
delete_payload_t *delete;
+ ike_sa_state_t state;
if (array_count(this->passive_tasks) == 0)
{ /* create tasks depending on request type, if not already some queued */
+ state = this->ike_sa->get_state(this->ike_sa);
switch (message->get_exchange_type(message))
{
case IKE_SA_INIT:
@@ -939,8 +965,8 @@ static status_t process_request(private_task_manager_t *this,
{ /* FIXME: we should prevent this on mediation connections */
bool notify_found = FALSE, ts_found = FALSE;
- if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
- this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING)
+ if (state == IKE_CREATED ||
+ state == IKE_CONNECTING)
{
DBG1(DBG_IKE, "received CREATE_CHILD_SA request for "
"unestablished IKE_SA, rejected");
@@ -1005,6 +1031,14 @@ static status_t process_request(private_task_manager_t *this,
case PLV2_NOTIFY:
{
notify = (notify_payload_t*)payload;
+ if (state == IKE_REKEYED)
+ {
+ DBG1(DBG_IKE, "received unexpected notify %N "
+ "for rekeyed IKE_SA, ignored",
+ notify_type_names,
+ notify->get_notify_type(notify));
+ break;
+ }
switch (notify->get_notify_type(notify))
{
case ADDITIONAL_IP4_ADDRESS:
@@ -1252,7 +1286,7 @@ static void send_notify_response(private_task_manager_t *this,
static status_t parse_message(private_task_manager_t *this, message_t *msg)
{
status_t status;
- u_int8_t type = 0;
+ uint8_t type = 0;
status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
@@ -1345,8 +1379,10 @@ METHOD(task_manager_t, process_message, status_t,
{
host_t *me, *other;
status_t status;
- u_int32_t mid;
+ uint32_t mid;
bool schedule_delete_job = FALSE;
+ ike_sa_state_t state;
+ exchange_type_t type;
charon->bus->message(charon->bus, msg, TRUE, FALSE);
status = parse_message(this, msg);
@@ -1387,15 +1423,16 @@ METHOD(task_manager_t, process_message, status_t,
{
if (mid == this->responding.mid)
{
- /* reject initial messages if not received in specific states */
- if ((msg->get_exchange_type(msg) == IKE_SA_INIT &&
- this->ike_sa->get_state(this->ike_sa) != IKE_CREATED) ||
- (msg->get_exchange_type(msg) == IKE_AUTH &&
- this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING))
+ /* reject initial messages if not received in specific states,
+ * after rekeying we only expect a DELETE in an INFORMATIONAL */
+ type = msg->get_exchange_type(msg);
+ state = this->ike_sa->get_state(this->ike_sa);
+ if ((type == IKE_SA_INIT && state != IKE_CREATED) ||
+ (type == IKE_AUTH && state != IKE_CONNECTING) ||
+ (state == IKE_REKEYED && type != INFORMATIONAL))
{
DBG1(DBG_IKE, "ignoring %N in IKE_SA state %N",
- exchange_type_names, msg->get_exchange_type(msg),
- ike_sa_state_names, this->ike_sa->get_state(this->ike_sa));
+ exchange_type_names, type, ike_sa_state_names, state);
return FAILED;
}
if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
@@ -1499,18 +1536,19 @@ METHOD(task_manager_t, process_message, status_t,
return SUCCESS;
}
-METHOD(task_manager_t, queue_task, void,
- private_task_manager_t *this, task_t *task)
+METHOD(task_manager_t, queue_task_delayed, void,
+ private_task_manager_t *this, task_t *task, uint32_t delay)
{
+ enumerator_t *enumerator;
+ queued_task_t *queued;
+ timeval_t time;
+
if (task->get_type(task) == TASK_IKE_MOBIKE)
{ /* there is no need to queue more than one mobike task */
- enumerator_t *enumerator;
- task_t *current;
-
enumerator = array_create_enumerator(this->queued_tasks);
- while (enumerator->enumerate(enumerator, ¤t))
+ while (enumerator->enumerate(enumerator, &queued))
{
- if (current->get_type(current) == TASK_IKE_MOBIKE)
+ if (queued->task->get_type(queued->task) == TASK_IKE_MOBIKE)
{
enumerator->destroy(enumerator);
task->destroy(task);
@@ -1519,8 +1557,35 @@ METHOD(task_manager_t, queue_task, void,
}
enumerator->destroy(enumerator);
}
- DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
- array_insert(this->queued_tasks, ARRAY_TAIL, task);
+ time_monotonic(&time);
+ if (delay)
+ {
+ job_t *job;
+
+ DBG2(DBG_IKE, "queueing %N task (delayed by %us)", task_type_names,
+ task->get_type(task), delay);
+ time.tv_sec += delay;
+
+ job = (job_t*)initiate_tasks_job_create(
+ this->ike_sa->get_id(this->ike_sa));
+ lib->scheduler->schedule_job_tv(lib->scheduler, job, time);
+ }
+ else
+ {
+ DBG2(DBG_IKE, "queueing %N task", task_type_names,
+ task->get_type(task));
+ }
+ INIT(queued,
+ .task = task,
+ .time = time,
+ );
+ array_insert(this->queued_tasks, ARRAY_TAIL, queued);
+}
+
+METHOD(task_manager_t, queue_task, void,
+ private_task_manager_t *this, task_t *task)
+{
+ queue_task_delayed(this, task, 0);
}
/**
@@ -1530,12 +1595,12 @@ static bool has_queued(private_task_manager_t *this, task_type_t type)
{
enumerator_t *enumerator;
bool found = FALSE;
- task_t *task;
+ queued_task_t *queued;
enumerator = array_create_enumerator(this->queued_tasks);
- while (enumerator->enumerate(enumerator, &task))
+ while (enumerator->enumerate(enumerator, &queued))
{
- if (task->get_type(task) == type)
+ if (queued->task->get_type(queued->task) == type)
{
found = TRUE;
break;
@@ -1614,7 +1679,7 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
child_cfg_t *cfg;
ike_sa_t *new;
host_t *host;
- task_t *task;
+ queued_task_t *queued;
new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
this->ike_sa->get_version(this->ike_sa), TRUE);
@@ -1645,13 +1710,14 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
enumerator->destroy(enumerator);
enumerator = array_create_enumerator(this->queued_tasks);
- while (enumerator->enumerate(enumerator, &task))
+ while (enumerator->enumerate(enumerator, &queued))
{
- if (task->get_type(task) == TASK_CHILD_CREATE)
+ if (queued->task->get_type(queued->task) == TASK_CHILD_CREATE)
{
- task->migrate(task, new);
- new->queue_task(new, task);
+ queued->task->migrate(queued->task, new);
+ new->queue_task(new, queued->task);
array_remove_at(this->queued_tasks, enumerator);
+ free(queued);
}
}
enumerator->destroy(enumerator);
@@ -1726,7 +1792,7 @@ METHOD(task_manager_t, queue_mobike, void,
}
METHOD(task_manager_t, queue_child, void,
- private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
+ private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid,
traffic_selector_t *tsi, traffic_selector_t *tsr)
{
child_create_t *task;
@@ -1740,13 +1806,13 @@ METHOD(task_manager_t, queue_child, void,
}
METHOD(task_manager_t, queue_child_rekey, void,
- private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
+ private_task_manager_t *this, protocol_id_t protocol, uint32_t spi)
{
queue_task(this, (task_t*)child_rekey_create(this->ike_sa, protocol, spi));
}
METHOD(task_manager_t, queue_child_delete, void,
- private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi,
+ private_task_manager_t *this, protocol_id_t protocol, uint32_t spi,
bool expired)
{
queue_task(this, (task_t*)child_delete_create(this->ike_sa,
@@ -1776,34 +1842,62 @@ METHOD(task_manager_t, adopt_tasks, void,
private_task_manager_t *this, task_manager_t *other_public)
{
private_task_manager_t *other = (private_task_manager_t*)other_public;
- task_t *task;
+ queued_task_t *queued;
+ timeval_t now;
+
+ time_monotonic(&now);
/* move queued tasks from other to this */
- while (array_remove(other->queued_tasks, ARRAY_TAIL, &task))
+ while (array_remove(other->queued_tasks, ARRAY_TAIL, &queued))
{
- DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
- task->migrate(task, this->ike_sa);
- array_insert(this->queued_tasks, ARRAY_HEAD, task);
+ DBG2(DBG_IKE, "migrating %N task", task_type_names,
+ queued->task->get_type(queued->task));
+ queued->task->migrate(queued->task, this->ike_sa);
+ /* don't delay tasks on the new IKE_SA */
+ queued->time = now;
+ array_insert(this->queued_tasks, ARRAY_HEAD, queued);
}
}
/**
- * Migrates child-creating tasks from src to dst
+ * Migrates child-creating tasks from other to this
*/
static void migrate_child_tasks(private_task_manager_t *this,
- array_t *src, array_t *dst)
+ private_task_manager_t *other,
+ task_queue_t queue)
{
enumerator_t *enumerator;
+ array_t *array;
task_t *task;
- enumerator = array_create_enumerator(src);
+ switch (queue)
+ {
+ case TASK_QUEUE_ACTIVE:
+ array = other->active_tasks;
+ break;
+ case TASK_QUEUE_QUEUED:
+ array = other->queued_tasks;
+ break;
+ default:
+ return;
+ }
+
+ enumerator = array_create_enumerator(array);
while (enumerator->enumerate(enumerator, &task))
{
+ queued_task_t *queued = NULL;
+
+ if (queue == TASK_QUEUE_QUEUED)
+ {
+ queued = (queued_task_t*)task;
+ task = queued->task;
+ }
if (task->get_type(task) == TASK_CHILD_CREATE)
{
- array_remove_at(src, enumerator);
+ array_remove_at(array, enumerator);
task->migrate(task, this->ike_sa);
- array_insert(dst, ARRAY_TAIL, task);
+ queue_task(this, task);
+ free(queued);
}
}
enumerator->destroy(enumerator);
@@ -1815,9 +1909,9 @@ METHOD(task_manager_t, adopt_child_tasks, void,
private_task_manager_t *other = (private_task_manager_t*)other_public;
/* move active child tasks from other to this */
- migrate_child_tasks(this, other->active_tasks, this->queued_tasks);
+ migrate_child_tasks(this, other, TASK_QUEUE_ACTIVE);
/* do the same for queued tasks */
- migrate_child_tasks(this, other->queued_tasks, this->queued_tasks);
+ migrate_child_tasks(this, other, TASK_QUEUE_QUEUED);
}
METHOD(task_manager_t, busy, bool,
@@ -1827,10 +1921,12 @@ METHOD(task_manager_t, busy, bool,
}
METHOD(task_manager_t, reset, void,
- private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
+ private_task_manager_t *this, uint32_t initiate, uint32_t respond)
{
enumerator_t *enumerator;
+ queued_task_t *queued;
task_t *task;
+ timeval_t now;
/* reset message counters and retransmit packets */
clear_packets(this->responding.packets);
@@ -1849,11 +1945,13 @@ METHOD(task_manager_t, reset, void,
}
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
+ time_monotonic(&now);
/* reset queued tasks */
enumerator = array_create_enumerator(this->queued_tasks);
- while (enumerator->enumerate(enumerator, &task))
+ while (enumerator->enumerate(enumerator, &queued))
{
- task->migrate(task, this->ike_sa);
+ queued->time = now;
+ queued->task->migrate(queued->task, this->ike_sa);
}
enumerator->destroy(enumerator);
@@ -1861,12 +1959,25 @@ METHOD(task_manager_t, reset, void,
while (array_remove(this->active_tasks, ARRAY_TAIL, &task))
{
task->migrate(task, this->ike_sa);
- array_insert(this->queued_tasks, ARRAY_HEAD, task);
+ INIT(queued,
+ .task = task,
+ .time = now,
+ );
+ array_insert(this->queued_tasks, ARRAY_HEAD, queued);
}
this->reset = TRUE;
}
+/**
+ * Filter queued tasks
+ */
+static bool filter_queued(void *unused, queued_task_t **queued, task_t **task)
+{
+ *task = (*queued)->task;
+ return TRUE;
+}
+
METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
private_task_manager_t *this, task_queue_t queue)
{
@@ -1877,7 +1988,9 @@ METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
case TASK_QUEUE_PASSIVE:
return array_create_enumerator(this->passive_tasks);
case TASK_QUEUE_QUEUED:
- return array_create_enumerator(this->queued_tasks);
+ return enumerator_create_filter(
+ array_create_enumerator(this->queued_tasks),
+ (void*)filter_queued, NULL, NULL);
default:
return enumerator_create_empty();
}
@@ -1913,6 +2026,7 @@ task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
.task_manager = {
.process_message = _process_message,
.queue_task = _queue_task,
+ .queue_task_delayed = _queue_task_delayed,
.queue_ike = _queue_ike,
.queue_ike_rekey = _queue_ike_rekey,
.queue_ike_reauth = _queue_ike_reauth,
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 3d4ded9..64a8285 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -29,7 +29,7 @@
#include <encoding/payloads/delete_payload.h>
#include <processing/jobs/delete_ike_sa_job.h>
#include <processing/jobs/inactivity_job.h>
-
+#include <processing/jobs/initiate_tasks_job.h>
typedef struct private_child_create_t private_child_create_t;
@@ -151,27 +151,27 @@ struct private_child_create_t {
/**
* Own allocated SPI
*/
- u_int32_t my_spi;
+ uint32_t my_spi;
/**
* SPI received in proposal
*/
- u_int32_t other_spi;
+ uint32_t other_spi;
/**
* Own allocated Compression Parameter Index (CPI)
*/
- u_int16_t my_cpi;
+ uint16_t my_cpi;
/**
* Other Compression Parameter Index (CPI), received via IPCOMP_SUPPORTED
*/
- u_int16_t other_cpi;
+ uint16_t other_cpi;
/**
* reqid to use if we are rekeying
*/
- u_int32_t reqid;
+ uint32_t reqid;
/**
* Explicit inbound mark value
@@ -205,6 +205,25 @@ struct private_child_create_t {
};
/**
+ * Schedule a retry if creating the CHILD_SA temporary failed
+ */
+static void schedule_delayed_retry(private_child_create_t *this)
+{
+ child_create_t *task;
+ uint32_t retry;
+
+ retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
+
+ task = child_create_create(this->ike_sa,
+ this->config->get_ref(this->config), FALSE,
+ this->packet_tsi, this->packet_tsr);
+ task->use_reqid(task, this->reqid);
+ DBG1(DBG_IKE, "creating CHILD_SA failed, trying again in %d seconds",
+ retry);
+ this->ike_sa->queue_task_delayed(this->ike_sa, (task_t*)task, retry);
+}
+
+/**
* get the nonce from a message
*/
static status_t get_nonce(message_t *message, chunk_t *nonce)
@@ -306,7 +325,7 @@ static bool allocate_spi(private_child_create_t *this)
*/
static void schedule_inactivity_timeout(private_child_create_t *this)
{
- u_int32_t timeout, id;
+ uint32_t timeout, id;
bool close_ike;
timeout = this->config->get_inactivity(this->config);
@@ -386,7 +405,7 @@ static linked_list_t* get_transport_nat_ts(private_child_create_t *this,
linked_list_t *out;
traffic_selector_t *ts;
host_t *ike, *first = NULL;
- u_int8_t mask;
+ uint8_t mask;
if (local)
{
@@ -464,7 +483,7 @@ static status_t select_and_install(private_child_create_t *this,
chunk_t integ_i = chunk_empty, integ_r = chunk_empty;
linked_list_t *my_ts, *other_ts;
host_t *me, *other;
- bool private;
+ bool private, prefer_configured;
if (this->proposals == NULL)
{
@@ -481,8 +500,10 @@ static status_t select_and_install(private_child_create_t *this,
other = this->ike_sa->get_other_host(this->ike_sa);
private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN);
+ prefer_configured = lib->settings->get_bool(lib->settings,
+ "%s.prefer_configured_proposals", TRUE, lib->ns);
this->proposal = this->config->select_proposal(this->config,
- this->proposals, no_dh, private);
+ this->proposals, no_dh, private, prefer_configured);
if (this->proposal == NULL)
{
DBG1(DBG_IKE, "no acceptable proposal found");
@@ -501,7 +522,7 @@ static status_t select_and_install(private_child_create_t *this,
if (!this->proposal->has_dh_group(this->proposal, this->dh_group))
{
- u_int16_t group;
+ uint16_t group;
if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
&group, NULL))
@@ -798,7 +819,7 @@ static bool build_payloads(private_child_create_t *this, message_t *message)
* Adds an IPCOMP_SUPPORTED notify to the message, allocating a CPI
*/
static void add_ipcomp_notify(private_child_create_t *this,
- message_t *message, u_int8_t ipcomp)
+ message_t *message, uint8_t ipcomp)
{
this->my_cpi = this->child_sa->alloc_cpi(this->child_sa);
if (this->my_cpi)
@@ -838,11 +859,11 @@ static void handle_notify(private_child_create_t *this, notify_payload_t *notify
case IPCOMP_SUPPORTED:
{
ipcomp_transform_t ipcomp;
- u_int16_t cpi;
+ uint16_t cpi;
chunk_t data;
data = notify->get_notification_data(notify);
- cpi = *(u_int16_t*)data.ptr;
+ cpi = *(uint16_t*)data.ptr;
ipcomp = (ipcomp_transform_t)(*(data.ptr + 2));
switch (ipcomp)
{
@@ -1232,13 +1253,13 @@ METHOD(task_t, build_r, status_t,
if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING)
{
DBG1(DBG_IKE, "unable to create CHILD_SA while rekeying IKE_SA");
- message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty);
+ message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty);
return SUCCESS;
}
if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
{
DBG1(DBG_IKE, "unable to create CHILD_SA while deleting IKE_SA");
- message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty);
+ message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty);
return SUCCESS;
}
@@ -1310,7 +1331,7 @@ METHOD(task_t, build_r, status_t,
return SUCCESS;
case INVALID_ARG:
{
- u_int16_t group = htons(this->dh_group);
+ uint16_t group = htons(this->dh_group);
message->add_notify(message, FALSE, INVALID_KE_PAYLOAD,
chunk_from_thing(group));
handle_child_sa_failure(this, message);
@@ -1441,10 +1462,21 @@ METHOD(task_t, process_i, status_t,
/* an error in CHILD_SA creation is not critical */
return SUCCESS;
}
+ case TEMPORARY_FAILURE:
+ {
+ DBG1(DBG_IKE, "received %N notify, will retry later",
+ notify_type_names, type);
+ enumerator->destroy(enumerator);
+ if (!this->rekey)
+ { /* the rekey task will retry itself if necessary */
+ schedule_delayed_retry(this);
+ }
+ return SUCCESS;
+ }
case INVALID_KE_PAYLOAD:
{
chunk_t data;
- u_int16_t group = MODP_NONE;
+ uint16_t group = MODP_NONE;
data = notify->get_notification_data(notify);
if (data.len == sizeof(group))
@@ -1529,7 +1561,7 @@ METHOD(task_t, process_i, status_t,
}
METHOD(child_create_t, use_reqid, void,
- private_child_create_t *this, u_int32_t reqid)
+ private_child_create_t *this, uint32_t reqid)
{
this->reqid = reqid;
}
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.h b/src/libcharon/sa/ikev2/tasks/child_create.h
index 46d9403..f48d7b0 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.h
+++ b/src/libcharon/sa/ikev2/tasks/child_create.h
@@ -49,7 +49,7 @@ struct child_create_t {
*
* @param reqid reqid to use
*/
- void (*use_reqid) (child_create_t *this, u_int32_t reqid);
+ void (*use_reqid) (child_create_t *this, uint32_t reqid);
/**
* Use specific mark values to override configuration.
diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c
index 877ae05..6fa8836 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.c
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2009-2016 Tobias Brunner
* Copyright (C) 2006-2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -18,7 +19,7 @@
#include <daemon.h>
#include <encoding/payloads/delete_payload.h>
#include <sa/ikev2/tasks/child_create.h>
-
+#include <sa/ikev2/tasks/child_rekey.h>
typedef struct private_child_delete_t private_child_delete_t;
@@ -50,7 +51,7 @@ struct private_child_delete_t {
/**
* Inbound SPI of CHILD_SA to delete
*/
- u_int32_t spi;
+ uint32_t spi;
/**
* whether to enforce delete action policy
@@ -86,7 +87,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message)
while (enumerator->enumerate(enumerator, (void**)&child_sa))
{
protocol_id_t protocol = child_sa->get_protocol(child_sa);
- u_int32_t spi = child_sa->get_spi(child_sa, TRUE);
+ uint32_t spi = child_sa->get_spi(child_sa, TRUE);
switch (protocol)
{
@@ -119,6 +120,33 @@ static void build_payloads(private_child_delete_t *this, message_t *message)
}
/**
+ * Check if the given CHILD_SA is the redundant SA created in a rekey collision.
+ */
+static bool is_redundant(private_child_delete_t *this, child_sa_t *child)
+{
+ enumerator_t *tasks;
+ task_t *task;
+
+ tasks = this->ike_sa->create_task_enumerator(this->ike_sa,
+ TASK_QUEUE_ACTIVE);
+ while (tasks->enumerate(tasks, &task))
+ {
+ if (task->get_type(task) == TASK_CHILD_REKEY)
+ {
+ child_rekey_t *rekey = (child_rekey_t*)task;
+
+ if (rekey->is_redundant(rekey, child))
+ {
+ tasks->destroy(tasks);
+ return TRUE;
+ }
+ }
+ }
+ tasks->destroy(tasks);
+ return FALSE;
+}
+
+/**
* read in payloads and find the children to delete
*/
static void process_payloads(private_child_delete_t *this, message_t *message)
@@ -126,7 +154,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message)
enumerator_t *payloads, *spis;
payload_t *payload;
delete_payload_t *delete_payload;
- u_int32_t spi;
+ uint32_t spi;
protocol_id_t protocol;
child_sa_t *child_sa;
@@ -157,24 +185,31 @@ static void process_payloads(private_child_delete_t *this, message_t *message)
switch (child_sa->get_state(child_sa))
{
- case CHILD_REKEYING:
+ case CHILD_REKEYED:
this->rekeyed = TRUE;
- /* we reply as usual, rekeying will fail */
break;
case CHILD_DELETING:
/* we don't send back a delete if we initiated ourself */
if (!this->initiator)
{
- this->ike_sa->destroy_child_sa(this->ike_sa,
- protocol, spi);
continue;
}
/* fall through */
+ case CHILD_REKEYING:
+ /* we reply as usual, rekeying will fail */
case CHILD_INSTALLED:
if (!this->initiator)
- { /* reestablish installed children if required */
- this->check_delete_action = TRUE;
+ {
+ if (is_redundant(this, child_sa))
+ {
+ this->rekeyed = TRUE;
+ }
+ else
+ {
+ this->check_delete_action = TRUE;
+ }
}
+ break;
default:
break;
}
@@ -199,14 +234,14 @@ static status_t destroy_and_reestablish(private_child_delete_t *this)
child_sa_t *child_sa;
child_cfg_t *child_cfg;
protocol_id_t protocol;
- u_int32_t spi, reqid;
+ uint32_t spi, reqid;
action_t action;
status_t status = SUCCESS;
enumerator = this->child_sas->create_enumerator(this->child_sas);
while (enumerator->enumerate(enumerator, (void**)&child_sa))
{
- /* signal child down event if we are not rekeying */
+ /* signal child down event if we weren't rekeying */
if (!this->rekeyed)
{
charon->bus->child_updown(charon->bus, child_sa, FALSE);
@@ -254,7 +289,7 @@ static void log_children(private_child_delete_t *this)
linked_list_t *my_ts, *other_ts;
enumerator_t *enumerator;
child_sa_t *child_sa;
- u_int64_t bytes_in, bytes_out;
+ uint64_t bytes_in, bytes_out;
enumerator = this->child_sas->create_enumerator(this->child_sas);
while (enumerator->enumerate(enumerator, (void**)&child_sa))
@@ -308,7 +343,7 @@ METHOD(task_t, build_i, status_t,
this->spi = child_sa->get_spi(child_sa, TRUE);
}
this->child_sas->insert_last(this->child_sas, child_sa);
- if (child_sa->get_state(child_sa) == CHILD_REKEYING)
+ if (child_sa->get_state(child_sa) == CHILD_REKEYED)
{
this->rekeyed = TRUE;
}
@@ -347,11 +382,7 @@ METHOD(task_t, process_r, status_t,
METHOD(task_t, build_r, status_t,
private_child_delete_t *this, message_t *message)
{
- /* if we are rekeying, we send an empty informational */
- if (this->ike_sa->get_state(this->ike_sa) != IKE_REKEYING)
- {
- build_payloads(this, message);
- }
+ build_payloads(this, message);
DBG1(DBG_IKE, "CHILD_SA closed");
return destroy_and_reestablish(this);
}
@@ -391,7 +422,7 @@ METHOD(task_t, destroy, void,
* Described in header.
*/
child_delete_t *child_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol,
- u_int32_t spi, bool expired)
+ uint32_t spi, bool expired)
{
private_child_delete_t *this;
diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.h b/src/libcharon/sa/ikev2/tasks/child_delete.h
index 1ada069..1e9b2d2 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.h
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.h
@@ -56,6 +56,6 @@ struct child_delete_t {
* @return child_delete task to handle by the task_manager
*/
child_delete_t *child_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol,
- u_int32_t spi, bool expired);
+ uint32_t spi, bool expired);
#endif /** CHILD_DELETE_H_ @}*/
diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index 6f0c2b2..c04ec14 100644
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -1,7 +1,8 @@
/*
+ * Copyright (C) 2009-2016 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -54,7 +55,7 @@ struct private_child_rekey_t {
/**
* Inbound SPI of CHILD_SA to rekey
*/
- u_int32_t spi;
+ uint32_t spi;
/**
* the CHILD_CREATE task which is reused to simplify rekeying
@@ -91,7 +92,7 @@ struct private_child_rekey_t {
*/
static void schedule_delayed_rekey(private_child_rekey_t *this)
{
- u_int32_t retry;
+ uint32_t retry;
job_t *job;
retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
@@ -130,7 +131,7 @@ static void find_child(private_child_rekey_t *this, message_t *message)
{
notify_payload_t *notify;
protocol_id_t protocol;
- u_int32_t spi;
+ uint32_t spi;
notify = message->get_notify(message, REKEY_SA);
if (notify)
@@ -150,7 +151,7 @@ METHOD(task_t, build_i, status_t,
private_child_rekey_t *this, message_t *message)
{
notify_payload_t *notify;
- u_int32_t reqid;
+ uint32_t reqid;
child_cfg_t *config;
this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
@@ -159,14 +160,21 @@ METHOD(task_t, build_i, status_t,
{ /* check if it is an outbound CHILD_SA */
this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
this->spi, FALSE);
- if (!this->child_sa)
- { /* CHILD_SA is gone, unable to rekey. As an empty CREATE_CHILD_SA
- * exchange is invalid, we fall back to an INFORMATIONAL exchange.*/
- message->set_exchange_type(message, INFORMATIONAL);
- return SUCCESS;
+ if (this->child_sa)
+ {
+ /* we work only with the inbound SPI */
+ this->spi = this->child_sa->get_spi(this->child_sa, TRUE);
}
- /* we work only with the inbound SPI */
- this->spi = this->child_sa->get_spi(this->child_sa, TRUE);
+ }
+ if (!this->child_sa ||
+ (!this->child_create &&
+ this->child_sa->get_state(this->child_sa) != CHILD_INSTALLED) ||
+ (this->child_create &&
+ this->child_sa->get_state(this->child_sa) != CHILD_REKEYING))
+ {
+ /* CHILD_SA is gone or in the wrong state, unable to rekey */
+ message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED);
+ return SUCCESS;
}
config = this->child_sa->get_config(this->child_sa);
@@ -217,13 +225,19 @@ METHOD(task_t, build_r, status_t,
private_child_rekey_t *this, message_t *message)
{
child_cfg_t *config;
- u_int32_t reqid;
+ uint32_t reqid;
+ child_sa_state_t state;
- if (this->child_sa == NULL ||
- this->child_sa->get_state(this->child_sa) == CHILD_DELETING)
+ if (!this->child_sa)
{
DBG1(DBG_IKE, "unable to rekey, CHILD_SA not found");
- message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
+ message->add_notify(message, TRUE, CHILD_SA_NOT_FOUND, chunk_empty);
+ return SUCCESS;
+ }
+ if (this->child_sa->get_state(this->child_sa) == CHILD_DELETING)
+ {
+ DBG1(DBG_IKE, "unable to rekey, we are deleting the CHILD_SA");
+ message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty);
return SUCCESS;
}
@@ -237,14 +251,16 @@ METHOD(task_t, build_r, status_t,
this->child_create->set_config(this->child_create, config->get_ref(config));
this->child_create->task.build(&this->child_create->task, message);
+ state = this->child_sa->get_state(this->child_sa);
+ this->child_sa->set_state(this->child_sa, CHILD_REKEYING);
+
if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL)
- {
- /* rekeying failed, reuse old child */
- this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
+ { /* rekeying failed, reuse old child */
+ this->child_sa->set_state(this->child_sa, state);
return SUCCESS;
}
- this->child_sa->set_state(this->child_sa, CHILD_REKEYING);
+ this->child_sa->set_state(this->child_sa, CHILD_REKEYED);
/* invoke rekey hook */
charon->bus->child_rekey(charon->bus, this->child_sa,
@@ -284,9 +300,9 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
if (child_sa)
{
child_sa->set_close_action(child_sa, ACTION_NONE);
- if (child_sa->get_state(child_sa) != CHILD_REKEYING)
+ if (child_sa->get_state(child_sa) != CHILD_REKEYED)
{
- child_sa->set_state(child_sa, CHILD_REKEYING);
+ child_sa->set_state(child_sa, CHILD_REKEYED);
}
}
}
@@ -324,7 +340,7 @@ METHOD(task_t, process_i, status_t,
private_child_rekey_t *this, message_t *message)
{
protocol_id_t protocol;
- u_int32_t spi;
+ uint32_t spi;
child_sa_t *to_delete;
if (message->get_notify(message, NO_ADDITIONAL_SAS))
@@ -337,6 +353,34 @@ METHOD(task_t, process_i, status_t,
this->ike_sa->get_id(this->ike_sa), TRUE));
return SUCCESS;
}
+ if (message->get_notify(message, CHILD_SA_NOT_FOUND))
+ {
+ child_cfg_t *child_cfg;
+ uint32_t reqid;
+
+ if (this->collision &&
+ this->collision->get_type(this->collision) == TASK_CHILD_DELETE)
+ { /* ignore this error if we already deleted the CHILD_SA on the
+ * peer's behalf (could happen if the other peer does not detect
+ * the collision and did not respond with TEMPORARY_FAILURE) */
+ return SUCCESS;
+ }
+ DBG1(DBG_IKE, "peer didn't find the CHILD_SA we tried to rekey");
+ /* FIXME: according to RFC 7296 we should only create a new CHILD_SA if
+ * it does not exist yet, we currently have no good way of checking for
+ * that (we could go by name, but that might be tricky e.g. due to
+ * narrowing) */
+ spi = this->child_sa->get_spi(this->child_sa, TRUE);
+ reqid = this->child_sa->get_reqid(this->child_sa);
+ protocol = this->child_sa->get_protocol(this->child_sa);
+ child_cfg = this->child_sa->get_config(this->child_sa);
+ child_cfg->get_ref(child_cfg);
+ charon->bus->child_updown(charon->bus, this->child_sa, FALSE);
+ this->ike_sa->destroy_child_sa(this->ike_sa, protocol, spi);
+ return this->ike_sa->initiate(this->ike_sa,
+ child_cfg->get_ref(child_cfg), reqid,
+ NULL, NULL);
+ }
if (this->child_create->task.process(&this->child_create->task,
message) == NEED_MORE)
@@ -346,10 +390,10 @@ METHOD(task_t, process_i, status_t,
}
if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL)
{
- /* establishing new child failed, reuse old. but not when we
- * received a delete in the meantime */
- if (!(this->collision &&
- this->collision->get_type(this->collision) == TASK_CHILD_DELETE))
+ /* establishing new child failed, reuse old and try again. but not when
+ * we received a delete in the meantime */
+ if (!this->collision ||
+ this->collision->get_type(this->collision) != TASK_CHILD_DELETE)
{
schedule_delayed_rekey(this);
}
@@ -377,9 +421,9 @@ METHOD(task_t, process_i, status_t,
return SUCCESS;
}
/* disable updown event for redundant CHILD_SA */
- if (to_delete->get_state(to_delete) != CHILD_REKEYING)
+ if (to_delete->get_state(to_delete) != CHILD_REKEYED)
{
- to_delete->set_state(to_delete, CHILD_REKEYING);
+ to_delete->set_state(to_delete, CHILD_REKEYED);
}
spi = to_delete->get_spi(to_delete, TRUE);
protocol = to_delete->get_protocol(to_delete);
@@ -398,6 +442,18 @@ METHOD(task_t, get_type, task_type_t,
return TASK_CHILD_REKEY;
}
+METHOD(child_rekey_t, is_redundant, bool,
+ private_child_rekey_t *this, child_sa_t *child)
+{
+ if (this->collision &&
+ this->collision->get_type(this->collision) == TASK_CHILD_REKEY)
+ {
+ private_child_rekey_t *rekey = (private_child_rekey_t*)this->collision;
+ return child == rekey->child_create->get_child(rekey->child_create);
+ }
+ return FALSE;
+}
+
METHOD(child_rekey_t, collide, void,
private_child_rekey_t *this, task_t *other)
{
@@ -406,9 +462,18 @@ METHOD(child_rekey_t, collide, void,
if (other->get_type(other) == TASK_CHILD_REKEY)
{
private_child_rekey_t *rekey = (private_child_rekey_t*)other;
+ child_sa_t *other_child;
+
if (rekey->child_sa != this->child_sa)
+ { /* not the same child => no collision */
+ other->destroy(other);
+ return;
+ }
+ /* ignore passive tasks that did not successfully create a CHILD_SA */
+ other_child = rekey->child_create->get_child(rekey->child_create);
+ if (!other_child ||
+ other_child->get_state(other_child) != CHILD_INSTALLED)
{
- /* not the same child => no collision */
other->destroy(other);
return;
}
@@ -416,19 +481,11 @@ METHOD(child_rekey_t, collide, void,
else if (other->get_type(other) == TASK_CHILD_DELETE)
{
child_delete_t *del = (child_delete_t*)other;
- if (this->collision &&
- this->collision->get_type(this->collision) == TASK_CHILD_REKEY)
+ if (is_redundant(this, del->get_child(del)))
{
- private_child_rekey_t *rekey;
-
- rekey = (private_child_rekey_t*)this->collision;
- if (del->get_child(del) == rekey->child_create->get_child(rekey->child_create))
- {
- /* peer deletes redundant child created in collision */
- this->other_child_destroyed = TRUE;
- other->destroy(other);
- return;
- }
+ this->other_child_destroyed = TRUE;
+ other->destroy(other);
+ return;
}
if (del->get_child(del) != this->child_sa)
{
@@ -439,7 +496,7 @@ METHOD(child_rekey_t, collide, void,
}
else
{
- /* any other task is not critical for collisisions, ignore */
+ /* any other task is not critical for collisions, ignore */
other->destroy(other);
return;
}
@@ -485,7 +542,7 @@ METHOD(task_t, destroy, void,
* Described in header.
*/
child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol,
- u_int32_t spi)
+ uint32_t spi)
{
private_child_rekey_t *this;
@@ -496,6 +553,7 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol,
.migrate = _migrate,
.destroy = _destroy,
},
+ .is_redundant = _is_redundant,
.collide = _collide,
},
.ike_sa = ike_sa,
diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.h b/src/libcharon/sa/ikev2/tasks/child_rekey.h
index 2338465..0ad1a06 100644
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.h
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.h
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2016 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -39,13 +40,25 @@ struct child_rekey_t {
task_t task;
/**
- * Register a rekeying task which collides with this one
+ * Check if the given SA is the redundant CHILD_SA created during a rekey
+ * collision.
+ *
+ * This is called if the other peer deletes the redundant SA before we were
+ * able to handle the CREATE_CHILD_SA response.
+ *
+ * @param child CHILD_SA to check
+ * @return TRUE if the SA is the redundant CHILD_SA
+ */
+ bool (*is_redundant)(child_rekey_t *this, child_sa_t *child);
+
+ /**
+ * Register a rekeying/delete task which collides with this one
*
* If two peers initiate rekeying at the same time, the collision must
* be handled gracefully. The task manager is aware of what exchanges
- * are going on and notifies the outgoing task by passing the incoming.
+ * are going on and notifies the active task by passing the passive.
*
- * @param other incoming task
+ * @param other passive task (adopted)
*/
void (*collide)(child_rekey_t* this, task_t *other);
};
@@ -59,6 +72,6 @@ struct child_rekey_t {
* @return child_rekey task to handle by the task_manager
*/
child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol,
- u_int32_t spi);
+ uint32_t spi);
#endif /** CHILD_REKEY_H_ @}*/
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 79a436f..036910d 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -186,7 +186,7 @@ static status_t collect_other_init_data(private_ike_auth_t *this,
*/
static void get_reserved_id_bytes(private_ike_auth_t *this, id_payload_t *id)
{
- u_int8_t *byte;
+ uint8_t *byte;
int i;
for (i = 0; i < countof(this->reserved); i++)
@@ -564,6 +564,10 @@ METHOD(task_t, process_r, status_t,
this->ike_sa->enable_extension(this->ike_sa,
EXT_EAP_ONLY_AUTHENTICATION);
}
+ if (message->get_notify(message, INITIAL_CONTACT))
+ {
+ this->initial_contact = TRUE;
+ }
}
if (this->other_auth == NULL)
@@ -652,14 +656,6 @@ METHOD(task_t, process_r, status_t,
return NEED_MORE;
}
- /* If authenticated (with non-EAP) and received INITIAL_CONTACT,
- * delete any existing IKE_SAs with that peer. */
- if (message->get_message_id(message) == 1 &&
- message->get_notify(message, INITIAL_CONTACT))
- {
- this->initial_contact = TRUE;
- }
-
/* another auth round done, invoke authorize hook */
if (!charon->bus->authorize(charon->bus, FALSE))
{
@@ -749,13 +745,6 @@ METHOD(task_t, build_r, status_t,
get_reserved_id_bytes(this, id_payload);
message->add_payload(message, (payload_t*)id_payload);
- if (this->initial_contact)
- {
- charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
- this->ike_sa, TRUE);
- this->initial_contact = FALSE;
- }
-
if ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS) == AUTH_CLASS_EAP)
{ /* EAP-only authentication */
if (!this->ike_sa->supports_extension(this->ike_sa,
@@ -830,7 +819,7 @@ METHOD(task_t, build_r, status_t,
}
if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
- this->ike_sa, FALSE))
+ this->ike_sa, this->initial_contact))
{
DBG1(DBG_IKE, "cancelling IKE_SA setup due to uniqueness policy");
charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c
index a7d162e..47b0a3e 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c
@@ -45,14 +45,14 @@ struct private_ike_auth_lifetime_t {
static void add_auth_lifetime(private_ike_auth_lifetime_t *this, message_t *message)
{
chunk_t chunk;
- u_int32_t lifetime;
+ uint32_t lifetime;
lifetime = this->ike_sa->get_statistic(this->ike_sa, STAT_REAUTH);
if (lifetime)
{
lifetime -= time_monotonic(NULL);
chunk = chunk_from_thing(lifetime);
- *(u_int32_t*)chunk.ptr = htonl(lifetime);
+ *(uint32_t*)chunk.ptr = htonl(lifetime);
message->add_notify(message, FALSE, AUTH_LIFETIME, chunk);
}
}
@@ -64,13 +64,13 @@ static void process_payloads(private_ike_auth_lifetime_t *this, message_t *messa
{
notify_payload_t *notify;
chunk_t data;
- u_int32_t lifetime;
+ uint32_t lifetime;
notify = message->get_notify(message, AUTH_LIFETIME);
if (notify)
{
data = notify->get_notification_data(notify);
- lifetime = ntohl(*(u_int32_t*)data.ptr);
+ lifetime = ntohl(*(uint32_t*)data.ptr);
this->ike_sa->set_auth_lifetime(this->ike_sa, lifetime);
}
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_delete.c b/src/libcharon/sa/ikev2/tasks/ike_delete.c
index e972dba..fd36b14 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_delete.c
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2016 Tobias Brunner
* Copyright (C) 2006-2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -17,7 +18,7 @@
#include <daemon.h>
#include <encoding/payloads/delete_payload.h>
-
+#include <sa/ikev2/tasks/ike_rekey.h>
typedef struct private_ike_delete_t private_ike_delete_t;
@@ -45,11 +46,6 @@ struct private_ike_delete_t {
* are we deleting a rekeyed SA?
*/
bool rekeyed;
-
- /**
- * are we responding to a delete, but have initated our own?
- */
- bool simultaneous;
};
METHOD(task_t, build_i, status_t,
@@ -68,7 +64,8 @@ METHOD(task_t, build_i, status_t,
delete_payload = delete_payload_create(PLV2_DELETE, PROTO_IKE);
message->add_payload(message, (payload_t*)delete_payload);
- if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING)
+ if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING ||
+ this->ike_sa->get_state(this->ike_sa) == IKE_REKEYED)
{
this->rekeyed = TRUE;
}
@@ -93,6 +90,33 @@ METHOD(task_t, process_i, status_t,
return DESTROY_ME;
}
+/**
+ * Check if this delete happened after a rekey collsion
+ */
+static bool after_rekey_collision(private_ike_delete_t *this)
+{
+ enumerator_t *tasks;
+ task_t *task;
+
+ tasks = this->ike_sa->create_task_enumerator(this->ike_sa,
+ TASK_QUEUE_ACTIVE);
+ while (tasks->enumerate(tasks, &task))
+ {
+ if (task->get_type(task) == TASK_IKE_REKEY)
+ {
+ ike_rekey_t *rekey = (ike_rekey_t*)task;
+
+ if (rekey->did_collide(rekey))
+ {
+ tasks->destroy(tasks);
+ return TRUE;
+ }
+ }
+ }
+ tasks->destroy(tasks);
+ return FALSE;
+}
+
METHOD(task_t, process_r, status_t,
private_ike_delete_t *this, message_t *message)
{
@@ -119,16 +143,24 @@ METHOD(task_t, process_r, status_t,
switch (this->ike_sa->get_state(this->ike_sa))
{
+ case IKE_REKEYING:
+ /* if the peer concurrently deleted the IKE_SA we treat this as
+ * regular delete. however, in case the peer did not detect a rekey
+ * collision it will delete the replaced IKE_SA if we are still in
+ * state IKE_REKEYING */
+ if (after_rekey_collision(this))
+ {
+ this->rekeyed = TRUE;
+ break;
+ }
+ /* fall-through */
case IKE_ESTABLISHED:
this->ike_sa->set_state(this->ike_sa, IKE_DELETING);
this->ike_sa->reestablish(this->ike_sa);
return NEED_MORE;
- case IKE_REKEYING:
+ case IKE_REKEYED:
this->rekeyed = TRUE;
break;
- case IKE_DELETING:
- this->simultaneous = TRUE;
- break;
default:
break;
}
@@ -141,11 +173,6 @@ METHOD(task_t, build_r, status_t,
{
DBG0(DBG_IKE, "IKE_SA deleted");
- if (this->simultaneous)
- {
- /* wait for peer's response for our delete request */
- return SUCCESS;
- }
if (!this->rekeyed)
{ /* invoke ike_down() hook if SA has not been rekeyed */
charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
@@ -164,7 +191,6 @@ METHOD(task_t, migrate, void,
private_ike_delete_t *this, ike_sa_t *ike_sa)
{
this->ike_sa = ike_sa;
- this->simultaneous = FALSE;
}
METHOD(task_t, destroy, void,
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index 78579be..801b6d8 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -221,7 +221,7 @@ static void handle_supported_hash_algorithms(private_ike_init_t *this,
notify_payload_t *notify)
{
bio_reader_t *reader;
- u_int16_t algo;
+ uint16_t algo;
bool added = FALSE;
reader = bio_reader_create(notify->get_notification_data(notify));
@@ -373,13 +373,15 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
{
sa_payload_t *sa_payload = (sa_payload_t*)payload;
linked_list_t *proposal_list;
- bool private;
+ bool private, prefer_configured;
proposal_list = sa_payload->get_proposals(sa_payload);
private = this->ike_sa->supports_extension(this->ike_sa,
EXT_STRONGSWAN);
+ prefer_configured = lib->settings->get_bool(lib->settings,
+ "%s.prefer_configured_proposals", TRUE, lib->ns);
this->proposal = this->config->select_proposal(this->config,
- proposal_list, private);
+ proposal_list, private, prefer_configured);
if (!this->proposal)
{
charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE,
@@ -633,7 +635,7 @@ METHOD(task_t, build_r, status_t,
if (this->dh == NULL ||
!this->proposal->has_dh_group(this->proposal, this->dh_group))
{
- u_int16_t group;
+ uint16_t group;
if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
&group, NULL))
@@ -765,7 +767,7 @@ METHOD(task_t, process_i, status_t,
bad_group = this->dh_group;
data = notify->get_notification_data(notify);
- this->dh_group = ntohs(*((u_int16_t*)data.ptr));
+ this->dh_group = ntohs(*((uint16_t*)data.ptr));
DBG1(DBG_IKE, "peer didn't accept DH group %N, "
"it requested %N", diffie_hellman_group_names,
bad_group, diffie_hellman_group_names, this->dh_group);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.c b/src/libcharon/sa/ikev2/tasks/ike_me.c
index 10d412f..f077ccf 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_me.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_me.c
@@ -128,7 +128,7 @@ static void gather_and_add_endpoints(private_ike_me_t *this, message_t *message)
{
enumerator_t *enumerator;
host_t *addr, *host;
- u_int16_t port;
+ uint16_t port;
/* get the port that is used to communicate with the ms */
host = this->ike_sa->get_my_host(this->ike_sa);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
index 3f7bb17..dc0f24f 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
@@ -299,7 +299,7 @@ static void update_children(private_ike_mobike_t *this)
/**
* Apply the port of the old host, if its ip equals the new, use port otherwise.
*/
-static void apply_port(host_t *host, host_t *old, u_int16_t port, bool local)
+static void apply_port(host_t *host, host_t *old, uint16_t port, bool local)
{
if (host->ip_equals(host, old))
{
diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c
index 4bf5264..f3f32d7 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_natd.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c
@@ -99,8 +99,8 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this,
{
chunk_t natd_chunk, spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk;
chunk_t natd_hash;
- u_int64_t spi_i, spi_r;
- u_int16_t port;
+ uint64_t spi_i, spi_r;
+ uint16_t port;
/* prepare all required chunks */
spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
@@ -142,7 +142,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this,
config = this->ike_sa->get_ike_cfg(this->ike_sa);
if (force_encap(config) && type == NAT_DETECTION_SOURCE_IP)
{
- u_int32_t addr;
+ uint32_t addr;
/* chunk_hash() is randomly keyed so this produces a random IPv4 address
* that changes with every restart but otherwise stays the same */
diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
index eaba04e..2f0552a 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
@@ -1,7 +1,8 @@
/*
+ * Copyright (C) 2015-2016 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -66,9 +67,30 @@ struct private_ike_rekey_t {
* colliding task detected by the task manager
*/
task_t *collision;
+
+ /**
+ * TRUE if rekeying can't be handled temporarily
+ */
+ bool failed_temporarily;
};
/**
+ * Schedule a retry if rekeying temporary failed
+ */
+static void schedule_delayed_rekey(private_ike_rekey_t *this)
+{
+ uint32_t retry;
+ job_t *job;
+
+ retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
+ job = (job_t*)rekey_ike_sa_job_create(
+ this->ike_sa->get_id(this->ike_sa), FALSE);
+ DBG1(DBG_IKE, "IKE_SA rekeying failed, trying again in %d seconds", retry);
+ this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
+ lib->scheduler->schedule_job(lib->scheduler, job, retry);
+}
+
+/**
* Check if an IKE_SA has any queued tasks, return initiation job
*/
static job_t* check_queued_tasks(ike_sa_t *ike_sa)
@@ -83,7 +105,6 @@ static job_t* check_queued_tasks(ike_sa_t *ike_sa)
job = (job_t*)initiate_tasks_job_create(ike_sa->get_id(ike_sa));
}
enumerator->destroy(enumerator);
-
return job;
}
@@ -117,20 +138,9 @@ static void establish_new(private_ike_rekey_t *this)
}
this->new_sa = NULL;
charon->bus->set_sa(charon->bus, this->ike_sa);
- }
-}
-METHOD(task_t, process_r_delete, status_t,
- private_ike_rekey_t *this, message_t *message)
-{
- establish_new(this);
- return this->ike_delete->task.process(&this->ike_delete->task, message);
-}
-
-METHOD(task_t, build_r_delete, status_t,
- private_ike_rekey_t *this, message_t *message)
-{
- return this->ike_delete->task.build(&this->ike_delete->task, message);
+ this->ike_sa->set_state(this->ike_sa, IKE_REKEYED);
+ }
}
METHOD(task_t, build_i_delete, status_t,
@@ -172,36 +182,59 @@ METHOD(task_t, build_i, status_t,
return NEED_MORE;
}
-METHOD(task_t, process_r, status_t,
- private_ike_rekey_t *this, message_t *message)
+/**
+ * Check if there are any half-open children
+ */
+static bool have_half_open_children(private_ike_rekey_t *this)
{
enumerator_t *enumerator;
child_sa_t *child_sa;
-
- if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
- {
- DBG1(DBG_IKE, "peer initiated rekeying, but we are deleting");
- return NEED_MORE;
- }
+ task_t *task;
enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
while (enumerator->enumerate(enumerator, (void**)&child_sa))
{
switch (child_sa->get_state(child_sa))
{
- case CHILD_CREATED:
case CHILD_REKEYING:
case CHILD_RETRYING:
case CHILD_DELETING:
- /* we do not allow rekeying while we have children in-progress */
- DBG1(DBG_IKE, "peer initiated rekeying, but a child is half-open");
enumerator->destroy(enumerator);
- return NEED_MORE;
+ return TRUE;
default:
break;
}
}
enumerator->destroy(enumerator);
+ enumerator = this->ike_sa->create_task_enumerator(this->ike_sa,
+ TASK_QUEUE_ACTIVE);
+ while (enumerator->enumerate(enumerator, (void**)&task))
+ {
+ if (task->get_type(task) == TASK_CHILD_CREATE)
+ {
+ enumerator->destroy(enumerator);
+ return TRUE;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return FALSE;
+}
+
+METHOD(task_t, process_r, status_t,
+ private_ike_rekey_t *this, message_t *message)
+{
+ if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
+ {
+ DBG1(DBG_IKE, "peer initiated rekeying, but we are deleting");
+ this->failed_temporarily = TRUE;
+ return NEED_MORE;
+ }
+ if (have_half_open_children(this))
+ {
+ DBG1(DBG_IKE, "peer initiated rekeying, but a child is half-open");
+ this->failed_temporarily = TRUE;
+ return NEED_MORE;
+ }
this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
this->ike_sa->get_version(this->ike_sa), FALSE);
@@ -219,33 +252,57 @@ METHOD(task_t, process_r, status_t,
METHOD(task_t, build_r, status_t,
private_ike_rekey_t *this, message_t *message)
{
+ if (this->failed_temporarily)
+ {
+ message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty);
+ return SUCCESS;
+ }
if (this->new_sa == NULL)
{
/* IKE_SA/a CHILD_SA is in an inacceptable state, deny rekeying */
message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
return SUCCESS;
}
-
if (this->ike_init->task.build(&this->ike_init->task, message) == FAILED)
{
+ this->ike_init->task.destroy(&this->ike_init->task);
+ this->ike_init = NULL;
charon->bus->set_sa(charon->bus, this->ike_sa);
return SUCCESS;
}
charon->bus->set_sa(charon->bus, this->ike_sa);
- this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
- /* rekeying successful, delete the IKE_SA using a subtask */
- this->ike_delete = ike_delete_create(this->ike_sa, FALSE);
- this->public.task.build = _build_r_delete;
- this->public.task.process = _process_r_delete;
-
- /* the peer does have to delete the IKE_SA. If it does not, we get a
- * unusable IKE_SA in REKEYING state without a replacement. We consider
- * this a timeout condition by the peer, and trigger a delete actively. */
- lib->scheduler->schedule_job(lib->scheduler, (job_t*)
- delete_ike_sa_job_create(this->ike_sa->get_id(this->ike_sa), TRUE), 90);
+ if (this->ike_sa->get_state(this->ike_sa) != IKE_REKEYING)
+ { /* in case of a collision we let the initiating task handle this */
+ establish_new(this);
+ /* make sure the IKE_SA is gone in case the peer fails to delete it */
+ lib->scheduler->schedule_job(lib->scheduler, (job_t*)
+ delete_ike_sa_job_create(this->ike_sa->get_id(this->ike_sa), TRUE),
+ 90);
+ }
+ return SUCCESS;
+}
- return NEED_MORE;
+/**
+ * Conclude any undetected rekey collision.
+ *
+ * If the peer does not detect the collision it will delete this IKE_SA.
+ * Depending on when our request reaches the peer and we receive the delete
+ * this may get called at different times.
+ *
+ * Returns TRUE if there was a collision, FALSE otherwise.
+ */
+static bool conclude_undetected_collision(private_ike_rekey_t *this)
+{
+ if (this->collision &&
+ this->collision->get_type(this->collision) == TASK_IKE_REKEY)
+ {
+ DBG1(DBG_IKE, "peer did not notice IKE_SA rekey collision, abort "
+ "active rekeying");
+ establish_new((private_ike_rekey_t*)this->collision);
+ return TRUE;
+ }
+ return FALSE;
}
METHOD(task_t, process_i, status_t,
@@ -266,18 +323,9 @@ METHOD(task_t, process_i, status_t,
{
case FAILED:
/* rekeying failed, fallback to old SA */
- if (!(this->collision && (
- this->collision->get_type(this->collision) == TASK_IKE_DELETE ||
- this->collision->get_type(this->collision) == TASK_IKE_REAUTH)))
+ if (!conclude_undetected_collision(this))
{
- job_t *job;
- u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
- job = (job_t*)rekey_ike_sa_job_create(
- this->ike_sa->get_id(this->ike_sa), FALSE);
- DBG1(DBG_IKE, "IKE_SA rekeying failed, "
- "trying again in %d seconds", retry);
- this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
- lib->scheduler->schedule_job(lib->scheduler, job, retry);
+ schedule_delayed_rekey(this);
}
return SUCCESS;
case NEED_MORE:
@@ -293,55 +341,53 @@ METHOD(task_t, process_i, status_t,
this->collision->get_type(this->collision) == TASK_IKE_REKEY)
{
private_ike_rekey_t *other = (private_ike_rekey_t*)this->collision;
+ host_t *host;
+ chunk_t this_nonce, other_nonce;
- /* ike_init can be NULL, if child_sa is half-open */
- if (other->ike_init)
- {
- host_t *host;
- chunk_t this_nonce, other_nonce;
-
- this_nonce = this->ike_init->get_lower_nonce(this->ike_init);
- other_nonce = other->ike_init->get_lower_nonce(other->ike_init);
+ this_nonce = this->ike_init->get_lower_nonce(this->ike_init);
+ other_nonce = other->ike_init->get_lower_nonce(other->ike_init);
- /* if we have the lower nonce, delete rekeyed SA. If not, delete
- * the redundant. */
- if (memcmp(this_nonce.ptr, other_nonce.ptr,
- min(this_nonce.len, other_nonce.len)) > 0)
+ /* if we have the lower nonce, delete rekeyed SA. If not, delete
+ * the redundant. */
+ if (memcmp(this_nonce.ptr, other_nonce.ptr,
+ min(this_nonce.len, other_nonce.len)) < 0)
+ {
+ DBG1(DBG_IKE, "IKE_SA rekey collision lost, deleting redundant "
+ "IKE_SA %s[%d]", this->new_sa->get_name(this->new_sa),
+ this->new_sa->get_unique_id(this->new_sa));
+ /* apply host for a proper delete */
+ host = this->ike_sa->get_my_host(this->ike_sa);
+ this->new_sa->set_my_host(this->new_sa, host->clone(host));
+ host = this->ike_sa->get_other_host(this->ike_sa);
+ this->new_sa->set_other_host(this->new_sa, host->clone(host));
+ /* IKE_SAs in state IKE_REKEYED are silently deleted, so we use
+ * IKE_REKEYING */
+ this->new_sa->set_state(this->new_sa, IKE_REKEYING);
+ if (this->new_sa->delete(this->new_sa) == DESTROY_ME)
{
- /* peer should delete this SA. Add a timeout just in case. */
- job_t *job = (job_t*)delete_ike_sa_job_create(
- other->new_sa->get_id(other->new_sa), TRUE);
- lib->scheduler->schedule_job(lib->scheduler, job, 10);
- DBG1(DBG_IKE, "IKE_SA rekey collision won, waiting for delete");
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, other->new_sa);
- other->new_sa = NULL;
+ this->new_sa->destroy(this->new_sa);
}
else
{
- DBG1(DBG_IKE, "IKE_SA rekey collision lost, "
- "deleting redundant IKE_SA");
- /* apply host for a proper delete */
- host = this->ike_sa->get_my_host(this->ike_sa);
- this->new_sa->set_my_host(this->new_sa, host->clone(host));
- host = this->ike_sa->get_other_host(this->ike_sa);
- this->new_sa->set_other_host(this->new_sa, host->clone(host));
- this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
- this->new_sa->set_state(this->new_sa, IKE_REKEYING);
- if (this->new_sa->delete(this->new_sa) == DESTROY_ME)
- {
- this->new_sa->destroy(this->new_sa);
- }
- else
- {
- charon->ike_sa_manager->checkin(
- charon->ike_sa_manager, this->new_sa);
- }
- charon->bus->set_sa(charon->bus, this->ike_sa);
- this->new_sa = NULL;
- establish_new(other);
- return SUCCESS;
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager,
+ this->new_sa);
}
+ charon->bus->set_sa(charon->bus, this->ike_sa);
+ this->new_sa = NULL;
+ establish_new(other);
+ return SUCCESS;
}
+ /* peer should delete this SA. Add a timeout just in case. */
+ job_t *job = (job_t*)delete_ike_sa_job_create(
+ other->new_sa->get_id(other->new_sa), TRUE);
+ lib->scheduler->schedule_job(lib->scheduler, job,
+ HALF_OPEN_IKE_SA_TIMEOUT);
+ DBG1(DBG_IKE, "IKE_SA rekey collision won, waiting for delete for "
+ "redundant IKE_SA %s[%d]", other->new_sa->get_name(other->new_sa),
+ other->new_sa->get_unique_id(other->new_sa));
+ other->new_sa->set_state(other->new_sa, IKE_REKEYED);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, other->new_sa);
+ other->new_sa = NULL;
charon->bus->set_sa(charon->bus, this->ike_sa);
}
@@ -361,11 +407,41 @@ METHOD(task_t, get_type, task_type_t,
return TASK_IKE_REKEY;
}
+METHOD(ike_rekey_t, did_collide, bool,
+ private_ike_rekey_t *this)
+{
+ return this->collision &&
+ this->collision->get_type(this->collision) == TASK_IKE_REKEY;
+}
+
METHOD(ike_rekey_t, collide, void,
private_ike_rekey_t* this, task_t *other)
{
DBG1(DBG_IKE, "detected %N collision with %N", task_type_names,
TASK_IKE_REKEY, task_type_names, other->get_type(other));
+
+ switch (other->get_type(other))
+ {
+ case TASK_IKE_DELETE:
+ conclude_undetected_collision(this);
+ other->destroy(other);
+ return;
+ case TASK_IKE_REKEY:
+ {
+ private_ike_rekey_t *rekey = (private_ike_rekey_t*)other;
+
+ if (!rekey->ike_init)
+ {
+ DBG1(DBG_IKE, "colliding exchange did not result in an IKE_SA, "
+ "ignore");
+ other->destroy(other);
+ return;
+ }
+ break;
+ }
+ default:
+ break;
+ }
DESTROY_IF(this->collision);
this->collision = other;
}
@@ -425,6 +501,7 @@ ike_rekey_t *ike_rekey_create(ike_sa_t *ike_sa, bool initiator)
.migrate = _migrate,
.destroy = _destroy,
},
+ .did_collide = _did_collide,
.collide = _collide,
},
.ike_sa = ike_sa,
diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.h b/src/libcharon/sa/ikev2/tasks/ike_rekey.h
index 6a12e90..86b512c 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_rekey.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.h
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2016 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -38,6 +39,13 @@ struct ike_rekey_t {
task_t task;
/**
+ * Check if there was a rekey collision.
+ *
+ * @return TRUE if there was a rekey collision before
+ */
+ bool (*did_collide)(ike_rekey_t *this);
+
+ /**
* Register a rekeying task which collides with this one.
*
* If two peers initiate rekeying at the same time, the collision must
diff --git a/src/libcharon/sa/redirect_manager.c b/src/libcharon/sa/redirect_manager.c
index ff92ac2..45b7e79 100644
--- a/src/libcharon/sa/redirect_manager.c
+++ b/src/libcharon/sa/redirect_manager.c
@@ -248,7 +248,7 @@ identification_t *redirect_data_parse(chunk_t data, chunk_t *nonce)
bio_reader_t *reader;
id_type_t id_type;
chunk_t gateway;
- u_int8_t type;
+ uint8_t type;
reader = bio_reader_create(data);
if (!reader->read_uint8(reader, &type) ||
diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c
index 0e9cf6e..40e291b 100644
--- a/src/libcharon/sa/shunt_manager.c
+++ b/src/libcharon/sa/shunt_manager.c
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2015 Tobias Brunner
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2015-2016 Tobias Brunner
+ * Copyright (C) 2011-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -68,6 +68,8 @@ static bool install_shunt_policy(child_cfg_t *child)
policy_type_t policy_type;
policy_priority_t policy_prio;
status_t status = SUCCESS;
+ uint32_t manual_prio;
+ char *interface;
ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT };
switch (child->get_mode(child))
@@ -92,6 +94,9 @@ static bool install_shunt_policy(child_cfg_t *child)
other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts);
hosts->destroy(hosts);
+ manual_prio = child->get_manual_prio(child);
+ interface = child->get_interface(child);
+
/* enumerate pairs of traffic selectors */
e_my_ts = my_ts_list->create_enumerator(my_ts_list);
while (e_my_ts->enumerate(e_my_ts, &my_ts))
@@ -110,25 +115,37 @@ static bool install_shunt_policy(child_cfg_t *child)
continue;
}
/* install out policy */
- status |= charon->kernel->add_policy(charon->kernel,
- host_any, host_any,
- my_ts, other_ts, POLICY_OUT, policy_type,
- &sa, child->get_mark(child, FALSE),
- policy_prio);
-
+ kernel_ipsec_policy_id_t id = {
+ .dir = POLICY_OUT,
+ .src_ts = my_ts,
+ .dst_ts = other_ts,
+ .mark = child->get_mark(child, FALSE),
+ .interface = interface,
+ };
+ kernel_ipsec_manage_policy_t policy = {
+ .type = policy_type,
+ .prio = policy_prio,
+ .manual_prio = manual_prio,
+ .src = host_any,
+ .dst = host_any,
+ .sa = &sa,
+ };
+ status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
+ /* install "outbound" forward policy */
+ id.dir = POLICY_FWD;
+ status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
/* install in policy */
- status |= charon->kernel->add_policy(charon->kernel,
- host_any, host_any,
- other_ts, my_ts, POLICY_IN, policy_type,
- &sa, child->get_mark(child, TRUE),
- policy_prio);
-
- /* install forward policy */
- status |= charon->kernel->add_policy(charon->kernel,
- host_any, host_any,
- other_ts, my_ts, POLICY_FWD, policy_type,
- &sa, child->get_mark(child, TRUE),
- policy_prio);
+ id = (kernel_ipsec_policy_id_t){
+ .dir = POLICY_IN,
+ .src_ts = other_ts,
+ .dst_ts = my_ts,
+ .mark = child->get_mark(child, TRUE),
+ .interface = interface,
+ };
+ status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
+ /* install "inbound" forward policy */
+ id.dir = POLICY_FWD;
+ status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
}
e_other_ts->destroy(e_other_ts);
}
@@ -205,6 +222,8 @@ static void uninstall_shunt_policy(child_cfg_t *child)
policy_type_t policy_type;
policy_priority_t policy_prio;
status_t status = SUCCESS;
+ uint32_t manual_prio;
+ char *interface;
ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT };
switch (child->get_mode(child))
@@ -229,6 +248,9 @@ static void uninstall_shunt_policy(child_cfg_t *child)
other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts);
hosts->destroy(hosts);
+ manual_prio = child->get_manual_prio(child);
+ interface = child->get_interface(child);
+
/* enumerate pairs of traffic selectors */
e_my_ts = my_ts_list->create_enumerator(my_ts_list);
while (e_my_ts->enumerate(e_my_ts, &my_ts))
@@ -247,25 +269,37 @@ static void uninstall_shunt_policy(child_cfg_t *child)
continue;
}
/* uninstall out policy */
- status |= charon->kernel->del_policy(charon->kernel,
- host_any, host_any,
- my_ts, other_ts, POLICY_OUT, policy_type,
- &sa, child->get_mark(child, FALSE),
- policy_prio);
-
+ kernel_ipsec_policy_id_t id = {
+ .dir = POLICY_OUT,
+ .src_ts = my_ts,
+ .dst_ts = other_ts,
+ .mark = child->get_mark(child, FALSE),
+ .interface = interface,
+ };
+ kernel_ipsec_manage_policy_t policy = {
+ .type = policy_type,
+ .prio = policy_prio,
+ .manual_prio = manual_prio,
+ .src = host_any,
+ .dst = host_any,
+ .sa = &sa,
+ };
+ status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
+ /* uninstall "outbound" forward policy */
+ id.dir = POLICY_FWD;
+ status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
/* uninstall in policy */
- status |= charon->kernel->del_policy(charon->kernel,
- host_any, host_any,
- other_ts, my_ts, POLICY_IN, policy_type,
- &sa, child->get_mark(child, TRUE),
- policy_prio);
-
- /* uninstall forward policy */
- status |= charon->kernel->del_policy(charon->kernel,
- host_any, host_any,
- other_ts, my_ts, POLICY_FWD, policy_type,
- &sa, child->get_mark(child, TRUE),
- policy_prio);
+ id = (kernel_ipsec_policy_id_t){
+ .dir = POLICY_IN,
+ .src_ts = other_ts,
+ .dst_ts = my_ts,
+ .mark = child->get_mark(child, TRUE),
+ .interface = interface,
+ };
+ status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
+ /* uninstall "inbound" forward policy */
+ id.dir = POLICY_FWD;
+ status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
}
e_other_ts->destroy(e_other_ts);
}
diff --git a/src/libcharon/sa/task_manager.h b/src/libcharon/sa/task_manager.h
index e7a6bf4..86077d3 100644
--- a/src/libcharon/sa/task_manager.h
+++ b/src/libcharon/sa/task_manager.h
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2013-2016 Tobias Brunner
* Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -122,7 +123,17 @@ struct task_manager_t {
*
* @param task task to queue
*/
- void (*queue_task) (task_manager_t *this, task_t *task);
+ void (*queue_task)(task_manager_t *this, task_t *task);
+
+ /**
+ * Queue a task in the manager, but delay its initiation for at least the
+ * given number of seconds.
+ *
+ * @param task task to queue
+ * @param delay minimum delay in s before initiating the task
+ */
+ void (*queue_task_delayed)(task_manager_t *this, task_t *task,
+ uint32_t delay);
/**
* Queue IKE_SA establishing tasks.
@@ -160,7 +171,7 @@ struct task_manager_t {
* @param tsi initiator traffic selector, if packet-triggered
* @param tsr responder traffic selector, if packet-triggered
*/
- void (*queue_child)(task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
+ void (*queue_child)(task_manager_t *this, child_cfg_t *cfg, uint32_t reqid,
traffic_selector_t *tsi, traffic_selector_t *tsr);
/**
@@ -170,7 +181,7 @@ struct task_manager_t {
* @param spi CHILD_SA SPI to rekey
*/
void (*queue_child_rekey)(task_manager_t *this, protocol_id_t protocol,
- u_int32_t spi);
+ uint32_t spi);
/**
* Queue CHILD_SA delete tasks.
@@ -180,7 +191,7 @@ struct task_manager_t {
* @param expired TRUE if SA already expired
*/
void (*queue_child_delete)(task_manager_t *this, protocol_id_t protocol,
- u_int32_t spi, bool expired);
+ uint32_t spi, bool expired);
/**
* Queue liveness checking tasks.
@@ -199,7 +210,7 @@ struct task_manager_t {
* - INVALID_STATE if retransmission not required
* - SUCCESS if retransmission sent
*/
- status_t (*retransmit) (task_manager_t *this, u_int32_t message_id);
+ status_t (*retransmit) (task_manager_t *this, uint32_t message_id);
/**
* Migrate all queued tasks from other to this.
@@ -242,7 +253,7 @@ struct task_manager_t {
* @param initiate message ID / DPD seq to initiate exchanges (send)
* @param respond message ID / DPD seq to respond to exchanges (expect)
*/
- void (*reset) (task_manager_t *this, u_int32_t initiate, u_int32_t respond);
+ void (*reset) (task_manager_t *this, uint32_t initiate, uint32_t respond);
/**
* Check if we are currently waiting for a reply.
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index 85e2207..40a0682 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -115,7 +115,7 @@ typedef struct {
/** pending IKE_SA connecting upon acquire */
ike_sa_t *ike_sa;
/** reqid of pending trap policy */
- u_int32_t reqid;
+ uint32_t reqid;
/** destination address (wildcard case) */
host_t *dst;
} acquire_t;
@@ -143,7 +143,7 @@ static void destroy_acquire(acquire_t *this)
/**
* match an acquire entry by reqid
*/
-static bool acquire_by_reqid(acquire_t *this, u_int32_t *reqid)
+static bool acquire_by_reqid(acquire_t *this, uint32_t *reqid)
{
return this->reqid == *reqid;
}
@@ -156,9 +156,9 @@ static bool acquire_by_dst(acquire_t *this, host_t *dst)
return this->dst && this->dst->ip_equals(this->dst, dst);
}
-METHOD(trap_manager_t, install, u_int32_t,
+METHOD(trap_manager_t, install, uint32_t,
private_trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child,
- u_int32_t reqid)
+ uint32_t reqid)
{
entry_t *entry, *found = NULL;
ike_cfg_t *ike_cfg;
@@ -197,9 +197,7 @@ METHOD(trap_manager_t, install, u_int32_t,
me = charon->kernel->get_source_addr(charon->kernel, other, NULL);
if (!me)
{
- DBG1(DBG_CFG, "installing trap failed, local address unknown");
- other->destroy(other);
- return 0;
+ me = host_create_any(other->get_family(other));
}
me->set_port(me, ike_cfg->get_my_port(ike_cfg));
}
@@ -307,7 +305,7 @@ METHOD(trap_manager_t, install, u_int32_t,
}
METHOD(trap_manager_t, uninstall, bool,
- private_trap_manager_t *this, u_int32_t reqid)
+ private_trap_manager_t *this, uint32_t reqid)
{
enumerator_t *enumerator;
entry_t *entry, *found = NULL;
@@ -366,12 +364,12 @@ METHOD(trap_manager_t, create_enumerator, enumerator_t*,
(void*)this->lock->unlock);
}
-METHOD(trap_manager_t, find_reqid, u_int32_t,
+METHOD(trap_manager_t, find_reqid, uint32_t,
private_trap_manager_t *this, child_cfg_t *child)
{
enumerator_t *enumerator;
entry_t *entry;
- u_int32_t reqid = 0;
+ uint32_t reqid = 0;
this->lock->read_lock(this->lock);
enumerator = this->traps->create_enumerator(this->traps);
@@ -392,7 +390,7 @@ METHOD(trap_manager_t, find_reqid, u_int32_t,
}
METHOD(trap_manager_t, acquire, void,
- private_trap_manager_t *this, u_int32_t reqid,
+ private_trap_manager_t *this, uint32_t reqid,
traffic_selector_t *src, traffic_selector_t *dst)
{
enumerator_t *enumerator;
@@ -430,7 +428,7 @@ METHOD(trap_manager_t, acquire, void,
if (wildcard)
{ /* for wildcard acquires we check that we don't have a pending acquire
* with the same peer */
- u_int8_t mask;
+ uint8_t mask;
dst->to_subnet(dst, &host, &mask);
if (this->acquires->find_first(this->acquires, (void*)acquire_by_dst,
@@ -483,8 +481,8 @@ METHOD(trap_manager_t, acquire, void,
if (ike_sa)
{
ike_cfg_t *ike_cfg;
- u_int16_t port;
- u_int8_t mask;
+ uint16_t port;
+ uint8_t mask;
ike_sa->set_peer_cfg(ike_sa, peer);
ike_cfg = ike_sa->get_ike_cfg(ike_sa);
diff --git a/src/libcharon/sa/trap_manager.h b/src/libcharon/sa/trap_manager.h
index 0491107..083ea3d 100644
--- a/src/libcharon/sa/trap_manager.h
+++ b/src/libcharon/sa/trap_manager.h
@@ -40,8 +40,8 @@ struct trap_manager_t {
* @param reqid optional reqid to use
* @return reqid of installed CHILD_SA, 0 if failed
*/
- u_int32_t (*install)(trap_manager_t *this, peer_cfg_t *peer,
- child_cfg_t *child, u_int32_t reqid);
+ uint32_t (*install)(trap_manager_t *this, peer_cfg_t *peer,
+ child_cfg_t *child, uint32_t reqid);
/**
* Uninstall a trap policy.
@@ -49,7 +49,7 @@ struct trap_manager_t {
* @param id reqid of CHILD_SA to uninstall, returned by install()
* @return TRUE if uninstalled successfully
*/
- bool (*uninstall)(trap_manager_t *this, u_int32_t reqid);
+ bool (*uninstall)(trap_manager_t *this, uint32_t reqid);
/**
* Create an enumerator over all installed traps.
@@ -64,7 +64,7 @@ struct trap_manager_t {
* @param child CHILD_SA config to get the reqid for
* @return reqid of trap, 0 if not found
*/
- u_int32_t (*find_reqid)(trap_manager_t *this, child_cfg_t *child);
+ uint32_t (*find_reqid)(trap_manager_t *this, child_cfg_t *child);
/**
* Acquire an SA triggered by an installed trap.
@@ -73,7 +73,7 @@ struct trap_manager_t {
* @param src source of the triggering packet
* @param dst destination of the triggering packet
*/
- void (*acquire)(trap_manager_t *this, u_int32_t reqid,
+ void (*acquire)(trap_manager_t *this, uint32_t reqid,
traffic_selector_t *src, traffic_selector_t *dst);
/**
diff --git a/src/libcharon/tests/Makefile.am b/src/libcharon/tests/Makefile.am
index 0589269..b867024 100644
--- a/src/libcharon/tests/Makefile.am
+++ b/src/libcharon/tests/Makefile.am
@@ -1,8 +1,9 @@
-TESTS = libcharon_tests
+TESTS = libcharon_tests exchange_tests
check_PROGRAMS = $(TESTS)
libcharon_tests_SOURCES = \
+ suites/test_proposal.c \
suites/test_ike_cfg.c \
suites/test_mem_pool.c \
suites/test_message_chapoly.c \
@@ -21,3 +22,34 @@ libcharon_tests_LDADD = \
$(top_builddir)/src/libcharon/libcharon.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
+
+
+exchange_tests_SOURCES = \
+ suites/test_child_create.c \
+ suites/test_child_delete.c \
+ suites/test_child_rekey.c \
+ suites/test_ike_delete.c \
+ suites/test_ike_rekey.c \
+ utils/exchange_test_asserts.h utils/exchange_test_asserts.c \
+ utils/exchange_test_helper.h utils/exchange_test_helper.c \
+ utils/job_asserts.h \
+ utils/mock_dh.h utils/mock_dh.c \
+ utils/mock_ipsec.h utils/mock_ipsec.c \
+ utils/mock_nonce_gen.h utils/mock_nonce_gen.c \
+ utils/mock_sender.h utils/mock_sender.c \
+ utils/sa_asserts.h \
+ exchange_tests.h exchange_tests.c
+
+exchange_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libcharon \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+ -DPLUGINS=\""${s_plugins}\"" \
+ @COVERAGE_CFLAGS@
+
+exchange_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+exchange_tests_LDADD = \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in
index 87dea16..7a0d342 100644
--- a/src/libcharon/tests/Makefile.in
+++ b/src/libcharon/tests/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -77,11 +87,9 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-TESTS = libcharon_tests$(EXEEXT)
+TESTS = libcharon_tests$(EXEEXT) exchange_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libcharon/tests
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,13 +103,41 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
-am__EXEEXT_1 = libcharon_tests$(EXEEXT)
+am__EXEEXT_1 = libcharon_tests$(EXEEXT) exchange_tests$(EXEEXT)
am__dirstamp = $(am__leading_dot)dirstamp
+am_exchange_tests_OBJECTS = \
+ suites/exchange_tests-test_child_create.$(OBJEXT) \
+ suites/exchange_tests-test_child_delete.$(OBJEXT) \
+ suites/exchange_tests-test_child_rekey.$(OBJEXT) \
+ suites/exchange_tests-test_ike_delete.$(OBJEXT) \
+ suites/exchange_tests-test_ike_rekey.$(OBJEXT) \
+ utils/exchange_tests-exchange_test_asserts.$(OBJEXT) \
+ utils/exchange_tests-exchange_test_helper.$(OBJEXT) \
+ utils/exchange_tests-mock_dh.$(OBJEXT) \
+ utils/exchange_tests-mock_ipsec.$(OBJEXT) \
+ utils/exchange_tests-mock_nonce_gen.$(OBJEXT) \
+ utils/exchange_tests-mock_sender.$(OBJEXT) \
+ exchange_tests-exchange_tests.$(OBJEXT)
+exchange_tests_OBJECTS = $(am_exchange_tests_OBJECTS)
+exchange_tests_DEPENDENCIES = \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
+AM_V_lt = $(am__v_lt_ at AM_V@)
+am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+exchange_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(exchange_tests_CFLAGS) $(CFLAGS) $(exchange_tests_LDFLAGS) \
+ $(LDFLAGS) -o $@
am_libcharon_tests_OBJECTS = \
+ suites/libcharon_tests-test_proposal.$(OBJEXT) \
suites/libcharon_tests-test_ike_cfg.$(OBJEXT) \
suites/libcharon_tests-test_mem_pool.$(OBJEXT) \
suites/libcharon_tests-test_message_chapoly.$(OBJEXT) \
@@ -111,10 +147,6 @@ libcharon_tests_DEPENDENCIES = \
$(top_builddir)/src/libcharon/libcharon.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
-AM_V_lt = $(am__v_lt_ at AM_V@)
-am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
libcharon_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(libcharon_tests_CFLAGS) $(CFLAGS) $(libcharon_tests_LDFLAGS) \
@@ -153,8 +185,8 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(libcharon_tests_SOURCES)
-DIST_SOURCES = $(libcharon_tests_SOURCES)
+SOURCES = $(exchange_tests_SOURCES) $(libcharon_tests_SOURCES)
+DIST_SOURCES = $(exchange_tests_SOURCES) $(libcharon_tests_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -201,12 +233,14 @@ am__tty_colors = { \
std='�[m'; \
fi; \
}
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +290,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +325,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +437,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -430,6 +467,7 @@ urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
libcharon_tests_SOURCES = \
+ suites/test_proposal.c \
suites/test_ike_cfg.c \
suites/test_mem_pool.c \
suites/test_message_chapoly.c \
@@ -449,6 +487,36 @@ libcharon_tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
+exchange_tests_SOURCES = \
+ suites/test_child_create.c \
+ suites/test_child_delete.c \
+ suites/test_child_rekey.c \
+ suites/test_ike_delete.c \
+ suites/test_ike_rekey.c \
+ utils/exchange_test_asserts.h utils/exchange_test_asserts.c \
+ utils/exchange_test_helper.h utils/exchange_test_helper.c \
+ utils/job_asserts.h \
+ utils/mock_dh.h utils/mock_dh.c \
+ utils/mock_ipsec.h utils/mock_ipsec.c \
+ utils/mock_nonce_gen.h utils/mock_nonce_gen.c \
+ utils/mock_sender.h utils/mock_sender.c \
+ utils/sa_asserts.h \
+ exchange_tests.h exchange_tests.c
+
+exchange_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libcharon \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+ -DPLUGINS=\""${s_plugins}\"" \
+ @COVERAGE_CFLAGS@
+
+exchange_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+exchange_tests_LDADD = \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
+
all: all-am
.SUFFIXES:
@@ -465,7 +533,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/tests/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/tests/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -498,6 +565,40 @@ suites/$(am__dirstamp):
suites/$(DEPDIR)/$(am__dirstamp):
@$(MKDIR_P) suites/$(DEPDIR)
@: > suites/$(DEPDIR)/$(am__dirstamp)
+suites/exchange_tests-test_child_create.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/exchange_tests-test_child_delete.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/exchange_tests-test_child_rekey.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/exchange_tests-test_ike_delete.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/exchange_tests-test_ike_rekey.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+utils/$(am__dirstamp):
+ @$(MKDIR_P) utils
+ @: > utils/$(am__dirstamp)
+utils/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) utils/$(DEPDIR)
+ @: > utils/$(DEPDIR)/$(am__dirstamp)
+utils/exchange_tests-exchange_test_asserts.$(OBJEXT): \
+ utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp)
+utils/exchange_tests-exchange_test_helper.$(OBJEXT): \
+ utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp)
+utils/exchange_tests-mock_dh.$(OBJEXT): utils/$(am__dirstamp) \
+ utils/$(DEPDIR)/$(am__dirstamp)
+utils/exchange_tests-mock_ipsec.$(OBJEXT): utils/$(am__dirstamp) \
+ utils/$(DEPDIR)/$(am__dirstamp)
+utils/exchange_tests-mock_nonce_gen.$(OBJEXT): utils/$(am__dirstamp) \
+ utils/$(DEPDIR)/$(am__dirstamp)
+utils/exchange_tests-mock_sender.$(OBJEXT): utils/$(am__dirstamp) \
+ utils/$(DEPDIR)/$(am__dirstamp)
+
+exchange_tests$(EXEEXT): $(exchange_tests_OBJECTS) $(exchange_tests_DEPENDENCIES) $(EXTRA_exchange_tests_DEPENDENCIES)
+ @rm -f exchange_tests$(EXEEXT)
+ $(AM_V_CCLD)$(exchange_tests_LINK) $(exchange_tests_OBJECTS) $(exchange_tests_LDADD) $(LIBS)
+suites/libcharon_tests-test_proposal.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
suites/libcharon_tests-test_ike_cfg.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
suites/libcharon_tests-test_mem_pool.$(OBJEXT): \
@@ -512,14 +613,28 @@ libcharon_tests$(EXEEXT): $(libcharon_tests_OBJECTS) $(libcharon_tests_DEPENDENC
mostlyclean-compile:
-rm -f *.$(OBJEXT)
-rm -f suites/*.$(OBJEXT)
+ -rm -f utils/*.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/exchange_tests-exchange_tests.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libcharon_tests-libcharon_tests.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/exchange_tests-test_child_create.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/exchange_tests-test_child_delete.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/exchange_tests-test_child_rekey.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/exchange_tests-test_ike_delete.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/libcharon_tests-test_message_chapoly.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/libcharon_tests-test_proposal.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/exchange_tests-mock_dh.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/exchange_tests-mock_sender.Po at am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -545,6 +660,188 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
+suites/exchange_tests-test_child_create.o: suites/test_child_create.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_create.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo -c -o suites/exchange_tests-test_child_create.o `test -f 'suites/test_child_create.c' || echo '$(srcdir)/'`suites/test_child_create.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo suites/$(DEPDIR)/exchange_tests-test_child_create.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_create.c' object='suites/exchange_tests-test_child_create.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_create.o `test -f 'suites/test_child_create.c' || echo '$(srcdir)/'`suites/test_child_create.c
+
+suites/exchange_tests-test_child_create.obj: suites/test_child_create.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_create.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo -c -o suites/exchange_tests-test_child_create.obj `if test -f 'suites/test_child_create.c'; then $(CYGPATH_W) 'suites/test_child_create.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_create.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo suites/$(DEPDIR)/exchange_tests-test_child_create.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_create.c' object='suites/exchange_tests-test_child_create.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_create.obj `if test -f 'suites/test_child_create.c'; then $(CYGPATH_W) 'suites/test_child_create.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_create.c'; fi`
+
+suites/exchange_tests-test_child_delete.o: suites/test_child_delete.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_delete.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo -c -o suites/exchange_tests-test_child_delete.o `test -f 'suites/test_child_delete.c' || echo '$(srcdir)/'`suites/test_child_delete.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_child_delete.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_delete.c' object='suites/exchange_tests-test_child_delete.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_delete.o `test -f 'suites/test_child_delete.c' || echo '$(srcdir)/'`suites/test_child_delete.c
+
+suites/exchange_tests-test_child_delete.obj: suites/test_child_delete.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_delete.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo -c -o suites/exchange_tests-test_child_delete.obj `if test -f 'suites/test_child_delete.c'; then $(CYGPATH_W) 'suites/test_child_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_delete.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_child_delete.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_delete.c' object='suites/exchange_tests-test_child_delete.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_delete.obj `if test -f 'suites/test_child_delete.c'; then $(CYGPATH_W) 'suites/test_child_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_delete.c'; fi`
+
+suites/exchange_tests-test_child_rekey.o: suites/test_child_rekey.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_rekey.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo -c -o suites/exchange_tests-test_child_rekey.o `test -f 'suites/test_child_rekey.c' || echo '$(srcdir)/'`suites/test_child_rekey.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_child_rekey.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_rekey.c' object='suites/exchange_tests-test_child_rekey.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_rekey.o `test -f 'suites/test_child_rekey.c' || echo '$(srcdir)/'`suites/test_child_rekey.c
+
+suites/exchange_tests-test_child_rekey.obj: suites/test_child_rekey.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_rekey.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo -c -o suites/exchange_tests-test_child_rekey.obj `if test -f 'suites/test_child_rekey.c'; then $(CYGPATH_W) 'suites/test_child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_rekey.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_child_rekey.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_rekey.c' object='suites/exchange_tests-test_child_rekey.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_rekey.obj `if test -f 'suites/test_child_rekey.c'; then $(CYGPATH_W) 'suites/test_child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_rekey.c'; fi`
+
+suites/exchange_tests-test_ike_delete.o: suites/test_ike_delete.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_delete.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo -c -o suites/exchange_tests-test_ike_delete.o `test -f 'suites/test_ike_delete.c' || echo '$(srcdir)/'`suites/test_ike_delete.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_delete.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_delete.c' object='suites/exchange_tests-test_ike_delete.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_delete.o `test -f 'suites/test_ike_delete.c' || echo '$(srcdir)/'`suites/test_ike_delete.c
+
+suites/exchange_tests-test_ike_delete.obj: suites/test_ike_delete.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_delete.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo -c -o suites/exchange_tests-test_ike_delete.obj `if test -f 'suites/test_ike_delete.c'; then $(CYGPATH_W) 'suites/test_ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_delete.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_delete.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_delete.c' object='suites/exchange_tests-test_ike_delete.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_delete.obj `if test -f 'suites/test_ike_delete.c'; then $(CYGPATH_W) 'suites/test_ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_delete.c'; fi`
+
+suites/exchange_tests-test_ike_rekey.o: suites/test_ike_rekey.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_rekey.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo -c -o suites/exchange_tests-test_ike_rekey.o `test -f 'suites/test_ike_rekey.c' || echo '$(srcdir)/'`suites/test_ike_rekey.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_rekey.c' object='suites/exchange_tests-test_ike_rekey.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_rekey.o `test -f 'suites/test_ike_rekey.c' || echo '$(srcdir)/'`suites/test_ike_rekey.c
+
+suites/exchange_tests-test_ike_rekey.obj: suites/test_ike_rekey.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_rekey.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo -c -o suites/exchange_tests-test_ike_rekey.obj `if test -f 'suites/test_ike_rekey.c'; then $(CYGPATH_W) 'suites/test_ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_rekey.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_rekey.c' object='suites/exchange_tests-test_ike_rekey.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_rekey.obj `if test -f 'suites/test_ike_rekey.c'; then $(CYGPATH_W) 'suites/test_ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_rekey.c'; fi`
+
+utils/exchange_tests-exchange_test_asserts.o: utils/exchange_test_asserts.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_asserts.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo -c -o utils/exchange_tests-exchange_test_asserts.o `test -f 'utils/exchange_test_asserts.c' || echo '$(srcdir)/'`utils/exchange_test_asserts.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_asserts.c' object='utils/exchange_tests-exchange_test_asserts.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_asserts.o `test -f 'utils/exchange_test_asserts.c' || echo '$(srcdir)/'`utils/exchange_test_asserts.c
+
+utils/exchange_tests-exchange_test_asserts.obj: utils/exchange_test_asserts.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_asserts.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo -c -o utils/exchange_tests-exchange_test_asserts.obj `if test -f 'utils/exchange_test_asserts.c'; then $(CYGPATH_W) 'utils/exchange_test_asserts.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_asserts.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_asserts.c' object='utils/exchange_tests-exchange_test_asserts.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_asserts.obj `if test -f 'utils/exchange_test_asserts.c'; then $(CYGPATH_W) 'utils/exchange_test_asserts.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_asserts.c'; fi`
+
+utils/exchange_tests-exchange_test_helper.o: utils/exchange_test_helper.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_helper.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo -c -o utils/exchange_tests-exchange_test_helper.o `test -f 'utils/exchange_test_helper.c' || echo '$(srcdir)/'`utils/exchange_test_helper.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_helper.c' object='utils/exchange_tests-exchange_test_helper.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_helper.o `test -f 'utils/exchange_test_helper.c' || echo '$(srcdir)/'`utils/exchange_test_helper.c
+
+utils/exchange_tests-exchange_test_helper.obj: utils/exchange_test_helper.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_helper.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo -c -o utils/exchange_tests-exchange_test_helper.obj `if test -f 'utils/exchange_test_helper.c'; then $(CYGPATH_W) 'utils/exchange_test_helper.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_helper.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_helper.c' object='utils/exchange_tests-exchange_test_helper.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_helper.obj `if test -f 'utils/exchange_test_helper.c'; then $(CYGPATH_W) 'utils/exchange_test_helper.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_helper.c'; fi`
+
+utils/exchange_tests-mock_dh.o: utils/mock_dh.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_dh.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo -c -o utils/exchange_tests-mock_dh.o `test -f 'utils/mock_dh.c' || echo '$(srcdir)/'`utils/mock_dh.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo utils/$(DEPDIR)/exchange_tests-mock_dh.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_dh.c' object='utils/exchange_tests-mock_dh.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_dh.o `test -f 'utils/mock_dh.c' || echo '$(srcdir)/'`utils/mock_dh.c
+
+utils/exchange_tests-mock_dh.obj: utils/mock_dh.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_dh.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo -c -o utils/exchange_tests-mock_dh.obj `if test -f 'utils/mock_dh.c'; then $(CYGPATH_W) 'utils/mock_dh.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_dh.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo utils/$(DEPDIR)/exchange_tests-mock_dh.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_dh.c' object='utils/exchange_tests-mock_dh.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_dh.obj `if test -f 'utils/mock_dh.c'; then $(CYGPATH_W) 'utils/mock_dh.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_dh.c'; fi`
+
+utils/exchange_tests-mock_ipsec.o: utils/mock_ipsec.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_ipsec.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo -c -o utils/exchange_tests-mock_ipsec.o `test -f 'utils/mock_ipsec.c' || echo '$(srcdir)/'`utils/mock_ipsec.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_ipsec.c' object='utils/exchange_tests-mock_ipsec.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_ipsec.o `test -f 'utils/mock_ipsec.c' || echo '$(srcdir)/'`utils/mock_ipsec.c
+
+utils/exchange_tests-mock_ipsec.obj: utils/mock_ipsec.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_ipsec.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo -c -o utils/exchange_tests-mock_ipsec.obj `if test -f 'utils/mock_ipsec.c'; then $(CYGPATH_W) 'utils/mock_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_ipsec.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_ipsec.c' object='utils/exchange_tests-mock_ipsec.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_ipsec.obj `if test -f 'utils/mock_ipsec.c'; then $(CYGPATH_W) 'utils/mock_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_ipsec.c'; fi`
+
+utils/exchange_tests-mock_nonce_gen.o: utils/mock_nonce_gen.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_nonce_gen.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo -c -o utils/exchange_tests-mock_nonce_gen.o `test -f 'utils/mock_nonce_gen.c' || echo '$(srcdir)/'`utils/mock_nonce_gen.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_nonce_gen.c' object='utils/exchange_tests-mock_nonce_gen.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_nonce_gen.o `test -f 'utils/mock_nonce_gen.c' || echo '$(srcdir)/'`utils/mock_nonce_gen.c
+
+utils/exchange_tests-mock_nonce_gen.obj: utils/mock_nonce_gen.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_nonce_gen.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo -c -o utils/exchange_tests-mock_nonce_gen.obj `if test -f 'utils/mock_nonce_gen.c'; then $(CYGPATH_W) 'utils/mock_nonce_gen.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_nonce_gen.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_nonce_gen.c' object='utils/exchange_tests-mock_nonce_gen.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_nonce_gen.obj `if test -f 'utils/mock_nonce_gen.c'; then $(CYGPATH_W) 'utils/mock_nonce_gen.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_nonce_gen.c'; fi`
+
+utils/exchange_tests-mock_sender.o: utils/mock_sender.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_sender.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo -c -o utils/exchange_tests-mock_sender.o `test -f 'utils/mock_sender.c' || echo '$(srcdir)/'`utils/mock_sender.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo utils/$(DEPDIR)/exchange_tests-mock_sender.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_sender.c' object='utils/exchange_tests-mock_sender.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_sender.o `test -f 'utils/mock_sender.c' || echo '$(srcdir)/'`utils/mock_sender.c
+
+utils/exchange_tests-mock_sender.obj: utils/mock_sender.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_sender.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo -c -o utils/exchange_tests-mock_sender.obj `if test -f 'utils/mock_sender.c'; then $(CYGPATH_W) 'utils/mock_sender.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_sender.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo utils/$(DEPDIR)/exchange_tests-mock_sender.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_sender.c' object='utils/exchange_tests-mock_sender.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_sender.obj `if test -f 'utils/mock_sender.c'; then $(CYGPATH_W) 'utils/mock_sender.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_sender.c'; fi`
+
+exchange_tests-exchange_tests.o: exchange_tests.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT exchange_tests-exchange_tests.o -MD -MP -MF $(DEPDIR)/exchange_tests-exchange_tests.Tpo -c -o exchange_tests-exchange_tests.o `test -f 'exchange_tests.c' || echo '$(srcdir)/'`exchange_tests.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/exchange_tests-exchange_tests.Tpo $(DEPDIR)/exchange_tests-exchange_tests.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='exchange_tests.c' object='exchange_tests-exchange_tests.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o exchange_tests-exchange_tests.o `test -f 'exchange_tests.c' || echo '$(srcdir)/'`exchange_tests.c
+
+exchange_tests-exchange_tests.obj: exchange_tests.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT exchange_tests-exchange_tests.obj -MD -MP -MF $(DEPDIR)/exchange_tests-exchange_tests.Tpo -c -o exchange_tests-exchange_tests.obj `if test -f 'exchange_tests.c'; then $(CYGPATH_W) 'exchange_tests.c'; else $(CYGPATH_W) '$(srcdir)/exchange_tests.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/exchange_tests-exchange_tests.Tpo $(DEPDIR)/exchange_tests-exchange_tests.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='exchange_tests.c' object='exchange_tests-exchange_tests.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o exchange_tests-exchange_tests.obj `if test -f 'exchange_tests.c'; then $(CYGPATH_W) 'exchange_tests.c'; else $(CYGPATH_W) '$(srcdir)/exchange_tests.c'; fi`
+
+suites/libcharon_tests-test_proposal.o: suites/test_proposal.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_proposal.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo -c -o suites/libcharon_tests-test_proposal.o `test -f 'suites/test_proposal.c' || echo '$(srcdir)/'`suites/test_proposal.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo suites/$(DEPDIR)/libcharon_tests-test_proposal.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_proposal.c' object='suites/libcharon_tests-test_proposal.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_proposal.o `test -f 'suites/test_proposal.c' || echo '$(srcdir)/'`suites/test_proposal.c
+
+suites/libcharon_tests-test_proposal.obj: suites/test_proposal.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_proposal.obj -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo -c -o suites/libcharon_tests-test_proposal.obj `if test -f 'suites/test_proposal.c'; then $(CYGPATH_W) 'suites/test_proposal.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_proposal.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo suites/$(DEPDIR)/libcharon_tests-test_proposal.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_proposal.c' object='suites/libcharon_tests-test_proposal.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_proposal.obj `if test -f 'suites/test_proposal.c'; then $(CYGPATH_W) 'suites/test_proposal.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_proposal.c'; fi`
+
suites/libcharon_tests-test_ike_cfg.o: suites/test_ike_cfg.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_ike_cfg.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Tpo -c -o suites/libcharon_tests-test_ike_cfg.o `test -f 'suites/test_ike_cfg.c' || echo '$(srcdir)/'`suites/test_ike_cfg.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Tpo suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Po
@@ -816,6 +1113,8 @@ distclean-generic:
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-rm -f suites/$(DEPDIR)/$(am__dirstamp)
-rm -f suites/$(am__dirstamp)
+ -rm -f utils/$(DEPDIR)/$(am__dirstamp)
+ -rm -f utils/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@@ -826,7 +1125,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR) suites/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -872,7 +1171,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR) suites/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -907,6 +1206,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/tests/libcharon_tests.c b/src/libcharon/tests/exchange_tests.c
similarity index 78%
copy from src/libcharon/tests/libcharon_tests.c
copy to src/libcharon/tests/exchange_tests.c
index 4692c30..eab50a8 100644
--- a/src/libcharon/tests/libcharon_tests.c
+++ b/src/libcharon/tests/exchange_tests.c
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2014 Martin Willi
- * Copyright (C) 2014 revosec AG
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -16,10 +16,12 @@
#include <test_runner.h>
#include <daemon.h>
+#include "utils/exchange_test_helper.h"
+
/* declare test suite constructors */
#define TEST_SUITE(x) test_suite_t* x();
#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x)
-#include "libcharon_tests.h"
+#include "exchange_tests.h"
#undef TEST_SUITE
#undef TEST_SUITE_DEPEND
@@ -28,7 +30,7 @@ static test_configuration_t tests[] = {
{ .suite = x, },
#define TEST_SUITE_DEPEND(x, type, ...) \
{ .suite = x, .feature = PLUGIN_DEPENDS(type, __VA_ARGS__) },
-#include "libcharon_tests.h"
+#include "exchange_tests.h"
{ .suite = NULL, }
};
@@ -46,16 +48,11 @@ static bool test_runner_init(bool init)
plugindir = lib->settings->get_str(lib->settings,
"tests.plugindir", PLUGINDIR);
plugin_loader_add_plugindirs(plugindir, plugins);
- if (!lib->plugins->load(lib->plugins, plugins))
- {
- return FALSE;
- }
+ exchange_test_helper_init(plugins);
}
else
{
- lib->processor->set_threads(lib->processor, 0);
- lib->processor->cancel(lib->processor);
- lib->plugins->unload(lib->plugins);
+ exchange_test_helper_deinit();
libcharon_deinit();
}
return TRUE;
@@ -63,5 +60,5 @@ static bool test_runner_init(bool init)
int main(int argc, char *argv[])
{
- return test_runner_run("libcharon", tests, test_runner_init);
+ return test_runner_run("exchanges", tests, test_runner_init);
}
diff --git a/src/libcharon/tests/libcharon_tests.h b/src/libcharon/tests/exchange_tests.h
similarity index 67%
copy from src/libcharon/tests/libcharon_tests.h
copy to src/libcharon/tests/exchange_tests.h
index fb82bac..3008672 100644
--- a/src/libcharon/tests/libcharon_tests.h
+++ b/src/libcharon/tests/exchange_tests.h
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2014 Martin Willi
- * Copyright (C) 2014 revosec AG
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,6 +13,8 @@
* for more details.
*/
-TEST_SUITE(ike_cfg_suite_create)
-TEST_SUITE(mem_pool_suite_create)
-TEST_SUITE_DEPEND(message_chapoly_suite_create, AEAD, ENCR_CHACHA20_POLY1305, 32)
+TEST_SUITE(ike_delete_suite_create)
+TEST_SUITE(ike_rekey_suite_create)
+TEST_SUITE(child_create_suite_create)
+TEST_SUITE(child_delete_suite_create)
+TEST_SUITE(child_rekey_suite_create)
diff --git a/src/libcharon/tests/libcharon_tests.c b/src/libcharon/tests/libcharon_tests.c
index 4692c30..e25e543 100644
--- a/src/libcharon/tests/libcharon_tests.c
+++ b/src/libcharon/tests/libcharon_tests.c
@@ -53,9 +53,6 @@ static bool test_runner_init(bool init)
}
else
{
- lib->processor->set_threads(lib->processor, 0);
- lib->processor->cancel(lib->processor);
- lib->plugins->unload(lib->plugins);
libcharon_deinit();
}
return TRUE;
diff --git a/src/libcharon/tests/libcharon_tests.h b/src/libcharon/tests/libcharon_tests.h
index fb82bac..f770f46 100644
--- a/src/libcharon/tests/libcharon_tests.h
+++ b/src/libcharon/tests/libcharon_tests.h
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2014-2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
@@ -13,6 +16,15 @@
* for more details.
*/
+/**
+ * @defgroup libcharon-tests tests
+ * @ingroup libcharon
+ *
+ * @defgroup test_utils_c test_utils
+ * @ingroup libcharon-tests
+ */
+
+TEST_SUITE(proposal_suite_create)
TEST_SUITE(ike_cfg_suite_create)
TEST_SUITE(mem_pool_suite_create)
TEST_SUITE_DEPEND(message_chapoly_suite_create, AEAD, ENCR_CHACHA20_POLY1305, 32)
diff --git a/src/libcharon/tests/suites/test_child_create.c b/src/libcharon/tests/suites/test_child_create.c
new file mode 100644
index 0000000..20a47f6
--- /dev/null
+++ b/src/libcharon/tests/suites/test_child_create.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <daemon.h>
+#include <tests/utils/exchange_test_helper.h>
+#include <tests/utils/exchange_test_asserts.h>
+#include <tests/utils/job_asserts.h>
+#include <tests/utils/sa_asserts.h>
+
+/**
+ * One of the peers tries to create a new CHILD_SA while the other concurrently
+ * started to rekey the IKE_SA. TEMPORARY_FAILURE should be returned on both
+ * sides and the peers should prepare to retry.
+ */
+START_TEST(test_collision_ike_rekey)
+{
+ child_cfg_t *child_cfg;
+ child_cfg_create_t child = {
+ .mode = MODE_TUNNEL,
+ };
+ ike_sa_t *a, *b;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+
+ assert_hook_not_called(child_updown);
+ child_cfg = child_cfg_create("child", &child);
+ child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+ child_cfg->add_traffic_selector(child_cfg, TRUE,
+ traffic_selector_create_dynamic(0, 0, 65535));
+ child_cfg->add_traffic_selector(child_cfg, FALSE,
+ traffic_selector_create_dynamic(0, 0, 65535));
+ call_ikesa(a, initiate, child_cfg, 0, NULL, NULL);
+ assert_child_sa_count(a, 1);
+ assert_hook();
+
+ call_ikesa(b, rekey);
+
+ /* CREATE_CHILD_SA { SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_hook_not_called(child_updown);
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_count(b, 1);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ assert_hook_not_called(child_updown);
+ assert_jobs_scheduled(1);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_count(a, 1);
+ assert_scheduler();
+ assert_hook();
+
+ /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */
+ assert_jobs_scheduled(1);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_ESTABLISHED);
+ assert_scheduler();
+
+ /* make sure no message was sent after handling the TEMPORARY_FAILURE and
+ * that the task to retry creating the CHILD_SA is queued and not active
+ * and it can't be initiated immediately */
+ ck_assert(!exchange_test_helper->sender->dequeue(exchange_test_helper->sender));
+ assert_num_tasks(a, 0, TASK_QUEUE_ACTIVE);
+ assert_num_tasks(a, 1, TASK_QUEUE_QUEUED);
+ call_ikesa(a, initiate, NULL, 0, NULL, NULL);
+ assert_num_tasks(a, 0, TASK_QUEUE_ACTIVE);
+
+ assert_sa_idle(b);
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+Suite *child_create_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("child create");
+
+ tc = tcase_create("collisions ike rekey");
+ tcase_add_test(tc, test_collision_ike_rekey);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libcharon/tests/suites/test_child_delete.c b/src/libcharon/tests/suites/test_child_delete.c
new file mode 100644
index 0000000..437e919
--- /dev/null
+++ b/src/libcharon/tests/suites/test_child_delete.c
@@ -0,0 +1,366 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <daemon.h>
+#include <tests/utils/exchange_test_helper.h>
+#include <tests/utils/exchange_test_asserts.h>
+#include <tests/utils/job_asserts.h>
+#include <tests/utils/sa_asserts.h>
+
+/**
+ * Regular CHILD_SA deletion either initiated by the original initiator or
+ * responder of the IKE_SA.
+ */
+START_TEST(test_regular)
+{
+ ike_sa_t *a, *b;
+
+ if (_i)
+ { /* responder deletes the CHILD_SA (SPI 2) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator deletes the CHILD_SA (SPI 1) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ assert_hook_not_called(child_updown);
+ call_ikesa(a, delete_child_sa, PROTO_ESP, _i+1, FALSE);
+ assert_child_sa_state(a, _i+1, CHILD_DELETING);
+ assert_hook();
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_count(b, 0);
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_count(a, 0);
+ assert_hook();
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * Both peers initiate the CHILD_SA deletion concurrently and should handle
+ * the collision properly.
+ */
+START_TEST(test_collision)
+{
+ ike_sa_t *a, *b;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ /* both peers delete the CHILD_SA concurrently */
+ assert_hook_not_called(child_updown);
+ call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE);
+ assert_child_sa_state(a, 1, CHILD_DELETING);
+ call_ikesa(b, delete_child_sa, PROTO_ESP, 2, FALSE);
+ assert_child_sa_state(b, 2, CHILD_DELETING);
+ assert_hook();
+
+ /* RFC 7296 says:
+ *
+ * Normally, the response in the INFORMATIONAL exchange will contain
+ * Delete payloads for the paired SAs going in the other direction.
+ * There is one exception. If, by chance, both ends of a set of SAs
+ * independently decide to close them, each may send a Delete payload
+ * and the two requests may cross in the network. If a node receives a
+ * delete request for SAs for which it has already issued a delete
+ * request, it MUST delete the outgoing SAs while processing the request
+ * and the incoming SAs while processing the response. In that case,
+ * the responses MUST NOT include Delete payloads for the deleted SAs,
+ * since that would result in duplicate deletion and could in theory
+ * delete the wrong SA.
+ *
+ * We don't handle SAs separately so we expect both are still installed,
+ * but the INFORMATIONAL response should not contain a DELETE payload.
+ */
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_not_called(child_updown);
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_DELETING);
+ /* <-- INFORMATIONAL { D } */
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_DELETING);
+ assert_hook();
+
+ /* <-- INFORMATIONAL { } */
+ assert_hook_updown(child_updown, FALSE);
+ assert_message_empty(IN);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_count(a, 0);
+ assert_hook();
+ /* INFORMATIONAL { } --> */
+ assert_hook_updown(child_updown, FALSE);
+ assert_message_empty(IN);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_count(b, 0);
+ assert_hook();
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * This is like the collision above but one of the DELETEs is dropped or delayed
+ * so the other peer is not aware that there is a collision.
+ */
+START_TEST(test_collision_drop)
+{
+ ike_sa_t *a, *b;
+ message_t *msg;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ /* both peers delete the CHILD_SA concurrently */
+ assert_hook_not_called(child_updown);
+ call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE);
+ assert_child_sa_state(a, 1, CHILD_DELETING);
+ call_ikesa(b, delete_child_sa, PROTO_ESP, 2, FALSE);
+ assert_child_sa_state(b, 2, CHILD_DELETING);
+ assert_hook();
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_not_called(child_updown);
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_DELETING);
+ assert_hook();
+
+ /* drop/delay the responder's message */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* <-- INFORMATIONAL { } */
+ assert_hook_updown(child_updown, FALSE);
+ assert_message_empty(IN);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_count(a, 0);
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } (delayed/retransmitted) */
+ assert_hook_not_called(child_updown);
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, a, msg);
+ assert_hook();
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_updown(child_updown, FALSE);
+ assert_message_empty(IN);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_count(b, 0);
+ assert_hook();
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other
+ * peer is concurrently trying to delete.
+ *
+ * delete ----\ /---- rekey IKE
+ * \-----/----> detect collision
+ * detect collision <---------/ /---- delete
+ * TEMP_FAIL ----\ /
+ * \----/----->
+ * <--------/
+ */
+START_TEST(test_collision_ike_rekey)
+{
+ ike_sa_t *a, *b;
+ uint32_t spi_a = _i+1;
+
+ if (_i)
+ { /* responder deletes the CHILD_SA (SPI 2) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator deletes the CHILD_SA (SPI 1) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ call_ikesa(a, delete_child_sa, PROTO_ESP, spi_a, FALSE);
+ assert_child_sa_state(a, spi_a, CHILD_DELETING);
+ call_ikesa(b, rekey);
+ assert_ike_sa_state(b, IKE_REKEYING);
+
+ /* this should never get called as there is no successful rekeying */
+ assert_hook_not_called(ike_rekey);
+
+ /* RFC 7296, 2.25.2: If a peer receives a request to delete a Child SA when
+ * it is currently rekeying the IKE SA, it SHOULD reply as usual, with a
+ * Delete payload.
+ */
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(OUT, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 0);
+ assert_hook();
+
+ /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and
+ * it is currently, rekeying, or closing a Child SA of that IKE SA, it
+ * SHOULD reply with TEMPORARY_FAILURE.
+ */
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, spi_a, CHILD_DELETING);
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_updown(child_updown, FALSE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_count(a, 0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */
+ /* we expect a job to retry the rekeying is scheduled */
+ assert_jobs_scheduled(1);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_ESTABLISHED);
+ assert_scheduler();
+
+ /* ike_rekey */
+ assert_hook();
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other
+ * peer is concurrently trying to delete.
+ *
+ * delete ----\ /---- delete IKE
+ * \-----/----> detect collision
+ * <---------/ /---- delete
+ * delete ----\ /
+ * \----/----->
+ * sa already gone <--------/
+ */
+START_TEST(test_collision_ike_delete)
+{
+ ike_sa_t *a, *b;
+ uint32_t spi_a = _i+1;
+ message_t *msg;
+ status_t s;
+
+ if (_i)
+ { /* responder rekeys the CHILD_SA (SPI 2) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator rekeys the CHILD_SA (SPI 1) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ call_ikesa(a, delete_child_sa, PROTO_ESP, spi_a, FALSE);
+ assert_child_sa_state(a, spi_a, CHILD_DELETING);
+ call_ikesa(b, delete);
+ assert_ike_sa_state(b, IKE_DELETING);
+
+ /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if
+ * a peer receives a request to delete a CHILD_SA when it is currently
+ * closing the IKE SA. We expect a regular response.
+ */
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(OUT, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_child_sa_count(b, 0);
+ assert_hook();
+
+ /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if
+ * a peer receives a request to close the IKE SA if it is currently deleting
+ * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the
+ * delete.
+ */
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ assert_message_empty(OUT);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ assert_hook();
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } */
+ /* the SA is already gone */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+ msg->destroy(msg);
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_not_called(child_updown);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+ assert_hook();
+}
+END_TEST
+
+Suite *child_delete_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("child delete");
+
+ tc = tcase_create("regular");
+ tcase_add_loop_test(tc, test_regular, 0, 2);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("collisions");
+ tcase_add_test(tc, test_collision);
+ tcase_add_test(tc, test_collision_drop);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("collisions ike rekey");
+ tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("collisions ike delete");
+ tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libcharon/tests/suites/test_child_rekey.c b/src/libcharon/tests/suites/test_child_rekey.c
new file mode 100644
index 0000000..fcac493
--- /dev/null
+++ b/src/libcharon/tests/suites/test_child_rekey.c
@@ -0,0 +1,1569 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <daemon.h>
+#include <tests/utils/exchange_test_helper.h>
+#include <tests/utils/exchange_test_asserts.h>
+#include <tests/utils/job_asserts.h>
+#include <tests/utils/sa_asserts.h>
+
+/**
+ * Initiate rekeying the CHILD_SA with the given SPI on the given IKE_SA.
+ */
+#define initiate_rekey(sa, spi) ({ \
+ assert_hook_not_called(child_updown); \
+ assert_hook_not_called(child_rekey); \
+ call_ikesa(sa, rekey_child_sa, PROTO_ESP, spi); \
+ assert_child_sa_state(sa, spi, CHILD_REKEYING); \
+ assert_hook(); \
+ assert_hook(); \
+})
+
+/**
+ * Regular CHILD_SA rekey either initiated by the original initiator or
+ * responder of the IKE_SA.
+ */
+START_TEST(test_regular)
+{
+ ike_sa_t *a, *b;
+ uint32_t spi_a = _i+1, spi_b = 2-_i;
+
+ if (_i)
+ { /* responder rekeys the CHILD_SA (SPI 2) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator rekeys the CHILD_SA (SPI 1) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ initiate_rekey(a, spi_a);
+
+ /* this should never get called as this results in a successful rekeying */
+ assert_hook_not_called(child_updown);
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_hook_called(child_rekey);
+ assert_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, spi_b, CHILD_REKEYED);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
+ assert_hook_called(child_rekey);
+ assert_no_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, spi_a, CHILD_DELETING);
+ assert_child_sa_state(a, 3, CHILD_INSTALLED);
+ assert_hook();
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_not_called(child_rekey);
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+ assert_hook();
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_not_called(child_rekey);
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 3, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+ assert_hook();
+
+ /* child_updown */
+ assert_hook();
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * CHILD_SA rekey where the responder does not agree with the DH group selected
+ * by the initiator, either initiated by the original initiator or responder of
+ * the IKE_SA.
+ */
+START_TEST(test_regular_ke_invalid)
+{
+ exchange_test_sa_conf_t conf = {
+ .initiator = {
+ .esp = "aes128-sha256-modp2048-modp3072",
+ },
+ .responder = {
+ .esp = "aes128-sha256-modp3072-modp2048",
+ },
+ };
+ ike_sa_t *a, *b;
+ uint32_t spi_a = _i+1, spi_b = 2-_i;
+
+ if (_i)
+ { /* responder rekeys the CHILD_SA (SPI 2) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, &conf);
+ }
+ else
+ { /* initiator rekeys the CHILD_SA (SPI 1) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &conf);
+ }
+ initiate_rekey(a, spi_a);
+
+ /* this should never get called as this results in a successful rekeying */
+ assert_hook_not_called(child_updown);
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_hook_not_called(child_rekey);
+ assert_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, spi_b, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
+ assert_hook_not_called(child_rekey);
+ assert_single_notify(IN, INVALID_KE_PAYLOAD);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, spi_a, CHILD_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_hook_called(child_rekey);
+ assert_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, spi_b, CHILD_REKEYED);
+ assert_child_sa_state(b, 6, CHILD_INSTALLED);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
+ assert_hook_called(child_rekey);
+ assert_no_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, spi_a, CHILD_DELETING);
+ assert_child_sa_state(a, 5, CHILD_INSTALLED);
+ assert_hook();
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_not_called(child_rekey);
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 6, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+ assert_hook();
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_not_called(child_rekey);
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 5, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+ assert_hook();
+
+ /* child_updown */
+ assert_hook();
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * Check that the responder ignores soft expires while waiting for the delete
+ * after a rekeying.
+ */
+START_TEST(test_regular_responder_ignore_soft_expire)
+{
+ ike_sa_t *a, *b;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ initiate_rekey(a, 1);
+
+ /* this should never get called as this results in a successful rekeying */
+ assert_hook_not_called(child_updown);
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_hook_called(child_rekey);
+ assert_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_REKEYED);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
+ assert_hook_called(child_rekey);
+ assert_no_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_DELETING);
+ assert_child_sa_state(a, 3, CHILD_INSTALLED);
+ assert_hook();
+
+ /* we don't expect this to get called anymore */
+ assert_hook_not_called(child_rekey);
+ /* this should not produce a message, if it does there won't be a delete
+ * payload below */
+ call_ikesa(b, rekey_child_sa, PROTO_ESP, 2);
+ assert_child_sa_state(b, 2, CHILD_REKEYED);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+ /* <-- INFORMATIONAL { D } */
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 3, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+
+ /* child_rekey/child_updown */
+ assert_hook();
+ assert_hook();
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * Check that the responder handles hard expires properly while waiting for the
+ * delete after a rekeying (e.g. if the initiator of the rekeying fails to
+ * delete the CHILD_SA for some reason).
+ */
+START_TEST(test_regular_responder_handle_hard_expire)
+{
+ ike_sa_t *a, *b;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ initiate_rekey(a, 1);
+
+ /* this should never get called as this results in a successful rekeying */
+ assert_hook_not_called(child_updown);
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_hook_called(child_rekey);
+ assert_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_REKEYED);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
+ assert_hook_called(child_rekey);
+ assert_no_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_DELETING);
+ assert_child_sa_state(a, 3, CHILD_INSTALLED);
+ assert_hook();
+
+ /* we don't expect this to get called anymore */
+ assert_hook_not_called(child_rekey);
+ /* this is similar to a regular delete collision */
+ assert_single_payload(OUT, PLV2_DELETE);
+ call_ikesa(b, delete_child_sa, PROTO_ESP, 2, TRUE);
+ assert_child_sa_state(b, 2, CHILD_DELETING);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_child_sa_state(a, 2, CHILD_DELETING);
+ /* <-- INFORMATIONAL { D } */
+ assert_single_payload(IN, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 3, CHILD_INSTALLED);
+ assert_child_sa_state(a, 1, CHILD_DELETING);
+ /* <-- INFORMATIONAL { } */
+ assert_message_empty(IN);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 3, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+ /* INFORMATIONAL { } --> */
+ assert_message_empty(IN);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+
+ /* child_rekey/child_updown */
+ assert_hook();
+ assert_hook();
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * Both peers initiate the CHILD_SA reekying concurrently and should handle
+ * the collision properly depending on the nonces.
+ */
+START_TEST(test_collision)
+{
+ ike_sa_t *a, *b;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+
+ /* When rekeyings collide we get two CHILD_SAs with a total of four nonces.
+ * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that
+ * created that CHILD_SA. The replaced CHILD_SA is deleted by the peer that
+ * initiated the surviving SA.
+ * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * CHILD_SA):
+ * N1/3 -----\ /----- N2/4
+ * \--/-----> N3/5
+ * N4/6 <-------/ /----- ...
+ * ... -----\
+ * We test this four times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[4];
+ /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
+ uint32_t spi_del_a, spi_del_b;
+ /* SPIs of the kept CHILD_SA */
+ uint32_t spi_a, spi_b;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
+ { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
+ { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
+ { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
+ };
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a, 1);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b, 2);
+
+ /* this should never get called as this results in a successful rekeying */
+ assert_hook_not_called(child_updown);
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_rekey(child_rekey, 2, 5);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_REKEYED);
+ assert_child_sa_state(b, 5, CHILD_INSTALLED);
+ assert_hook();
+ /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
+ assert_hook_rekey(child_rekey, 1, 6);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_REKEYED);
+ assert_child_sa_state(a, 6, CHILD_INSTALLED);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
+ if (data[_i].spi_del_a == 1)
+ { /* currently we call this again if we keep our own replacement as we
+ * already called it above */
+ assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_hook();
+ }
+ else
+ {
+ assert_hook_not_called(child_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_hook();
+ }
+ assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
+ assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED);
+ assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
+ /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
+ if (data[_i].spi_del_b == 2)
+ {
+ assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_hook();
+ }
+ else
+ {
+ assert_hook_not_called(child_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_hook();
+ }
+ assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
+ assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
+ assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(child_rekey);
+ /* INFORMATIONAL { D } --> */
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
+ assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
+ assert_child_sa_count(b, 2);
+ /* <-- INFORMATIONAL { D } */
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
+ assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
+ assert_child_sa_count(a, 2);
+ /* <-- INFORMATIONAL { D } */
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+ /* INFORMATIONAL { D } --> */
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+
+ /* child_rekey/child_updown */
+ assert_hook();
+ assert_hook();
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * This is like the rekey collision above, but one peer deletes the
+ * redundant/old SA before the other peer receives the CREATE_CHILD_SA
+ * response:
+ *
+ * rekey ----\ /---- rekey
+ * \-----/----> detect collision
+ * detect collision <---------/ /----
+ * ----\ /
+ * \----/----->
+ * handle delete <--------/------- delete SA
+ * --------/------->
+ * handle rekey <------/
+ * delete SA ---------------->
+ * <----------------
+ */
+START_TEST(test_collision_delayed_response)
+{
+ ike_sa_t *a, *b;
+ message_t *msg;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+
+ /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * CHILD_SA):
+ * N1/3 -----\ /----- N2/4
+ * \--/-----> N3/5
+ * N4/6 <-------/ /----- ...
+ * ... -----\
+ * We test this four times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[4];
+ /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
+ uint32_t spi_del_a, spi_del_b;
+ /* SPIs of the kept CHILD_SA */
+ uint32_t spi_a, spi_b;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
+ { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
+ { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
+ { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
+ };
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a, 1);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b, 2);
+
+ /* this should never get called as this results in a successful rekeying */
+ assert_hook_not_called(child_updown);
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_rekey(child_rekey, 2, 5);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_REKEYED);
+ assert_child_sa_state(b, 5, CHILD_INSTALLED);
+ assert_hook();
+ /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
+ assert_hook_rekey(child_rekey, 1, 6);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_REKEYED);
+ assert_child_sa_state(a, 6, CHILD_INSTALLED);
+ assert_hook();
+
+ /* delay the CREATE_CHILD_SA response from b to a */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
+ if (data[_i].spi_del_b == 2)
+ {
+ assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_hook();
+ }
+ else
+ {
+ assert_hook_not_called(child_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_hook();
+ }
+ assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
+ assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
+ assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_not_called(child_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ if (data[_i].spi_del_b == 2)
+ {
+ assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+ }
+ else
+ {
+ assert_child_sa_state(a, 1, CHILD_REKEYED);
+ assert_child_sa_count(a, 1);
+ }
+ /* INFORMATIONAL { D } --> */
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
+ assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
+ assert_child_sa_count(b, 2);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } (delayed) */
+ if (data[_i].spi_del_a == 1)
+ {
+ assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
+ exchange_test_helper->process_message(exchange_test_helper, a, msg);
+ assert_hook();
+ }
+ else
+ {
+ assert_hook_not_called(child_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, msg);
+ assert_hook();
+ }
+ assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
+ assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
+ assert_child_sa_count(a, 2);
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(child_rekey);
+ /* INFORMATIONAL { D } --> */
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+ /* <-- INFORMATIONAL { D } */
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+
+ /* child_rekey/child_updown */
+ assert_hook();
+ assert_hook();
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * In this scenario one of the peers does not notice that there is a
+ * rekey collision:
+ *
+ * rekey ----\ /---- rekey
+ * \ /
+ * detect collision <-----\---/
+ * -------\-------->
+ * \ /---- delete old SA
+ * \-/----> detect collision
+ * detect collision <---------/ /---- TEMP_FAIL
+ * delete -----------/---->
+ * aborts rekeying <---------/
+ */
+START_TEST(test_collision_delayed_request)
+{
+ ike_sa_t *a, *b;
+ message_t *msg;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+
+ /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * CHILD_SA):
+ * N1/3 -----\ /----- N2/4
+ * N3/5 <-----\--/
+ * ... -----\ \-------> ...
+ * We test this three times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[3];
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF } },
+ { { 0xFF, 0x00, 0xFF } },
+ { { 0xFF, 0xFF, 0x00 } },
+ };
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a, 1);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b, 2);
+
+ /* delay the CREATE_CHILD_SA request from a to b */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* this should never get called as this results in a successful rekeying */
+ assert_hook_not_called(child_updown);
+
+ /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_rekey(child_rekey, 1, 5);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_REKEYED);
+ assert_child_sa_state(a, 5, CHILD_INSTALLED);
+ assert_hook();
+ /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
+ assert_hook_rekey(child_rekey, 2, 4);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_DELETING);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(child_rekey);
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, msg);
+ assert_child_sa_state(b, 2, CHILD_DELETING);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+
+ /* <-- INFORMATIONAL { D } */
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 5, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ assert_no_jobs_scheduled();
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 5, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+ assert_scheduler();
+
+ /* INFORMATIONAL { D } --> */
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+
+ /* child_rekey/child_updown */
+ assert_hook();
+ assert_hook();
+
+ assert_sa_idle(a);
+ assert_sa_idle(b);
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * Similar to above one peer fails to notice the collision but the
+ * CREATE_CHILD_SA request is even more delayed:
+ *
+ * rekey ----\ /---- rekey
+ * \ /
+ * detect collision <-----\---/
+ * -------\-------->
+ * detect collision <-------\-------- delete old SA
+ * delete ---------\------>
+ * \----->
+ * /---- CHILD_SA_NOT_FOUND
+ * aborts rekeying <----------/
+ */
+START_TEST(test_collision_delayed_request_more)
+{
+ ike_sa_t *a, *b;
+ message_t *msg;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+
+ /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * CHILD_SA):
+ * N1/3 -----\ /----- N2/4
+ * N3/5 <-----\--/
+ * ... -----\ \-------> ...
+ * We test this three times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[3];
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF } },
+ { { 0xFF, 0x00, 0xFF } },
+ { { 0xFF, 0xFF, 0x00 } },
+ };
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a, 1);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b, 2);
+
+ /* delay the CREATE_CHILD_SA request from a to b */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* this should never get called as this results in a successful rekeying */
+ assert_hook_not_called(child_updown);
+
+ /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_rekey(child_rekey, 1, 5);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_REKEYED);
+ assert_child_sa_state(a, 5, CHILD_INSTALLED);
+ assert_hook();
+ /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
+ assert_hook_rekey(child_rekey, 2, 4);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_DELETING);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(child_rekey);
+
+ /* <-- INFORMATIONAL { D } */
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 5, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+ /* INFORMATIONAL { D } --> */
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
+ exchange_test_helper->process_message(exchange_test_helper, b, msg);
+ assert_child_sa_state(b, 4, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+ /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
+ assert_no_jobs_scheduled();
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 5, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+ assert_scheduler();
+
+ /* child_rekey/child_updown */
+ assert_hook();
+ assert_hook();
+
+ assert_sa_idle(a);
+ assert_sa_idle(b);
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * Both peers initiate the CHILD_SA reekying concurrently but the proposed DH
+ * groups are not the same after handling the INVALID_KE_PAYLOAD they should
+ * still handle the collision properly depending on the nonces.
+ */
+START_TEST(test_collision_ke_invalid)
+{
+ exchange_test_sa_conf_t conf = {
+ .initiator = {
+ .esp = "aes128-sha256-modp2048-modp3072",
+ },
+ .responder = {
+ .esp = "aes128-sha256-modp3072-modp2048",
+ },
+ };
+ ike_sa_t *a, *b;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &conf);
+
+ /* Eight nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * CHILD_SA):
+ * N1/3 -----\ /----- N2/4
+ * \--/-----> N3/5
+ * N4/6 <-------/ /---- INVAL_KE
+ * INVAL_KE -----\ /
+ * <-----\--/
+ * N5/7 -----\ \------->
+ * \ /---- N6/8
+ * \--/----> N7/9
+ * N8/10 <--------/ /---- ...
+ * ... ------\
+ *
+ * We test this four times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[4];
+ /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
+ uint32_t spi_del_a, spi_del_b;
+ /* SPIs of the kept CHILD_SA */
+ uint32_t spi_a, spi_b;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF, 0xFF }, 7, 2,10, 8 },
+ { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 8, 7, 9 },
+ { { 0xFF, 0xFF, 0x00, 0xFF }, 7, 2,10, 8 },
+ { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 8, 7, 9 },
+ };
+
+ /* make sure the nonces of the first try don't affect the retries */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(a, 1);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(b, 2);
+
+ /* this should never get called as this results in a successful rekeying */
+ assert_hook_not_called(child_updown);
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_hook_not_called(child_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_hook();
+ /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
+ assert_hook_not_called(child_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ assert_hook_not_called(child_rekey);
+ assert_single_notify(IN, INVALID_KE_PAYLOAD);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_hook();
+ /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ assert_hook_not_called(child_rekey);
+ assert_single_notify(IN, INVALID_KE_PAYLOAD);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_rekey(child_rekey, 2, 9);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_REKEYED);
+ assert_child_sa_state(b, 9, CHILD_INSTALLED);
+ assert_hook();
+ /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
+ assert_hook_rekey(child_rekey, 1, 10);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_REKEYED);
+ assert_child_sa_state(a,10, CHILD_INSTALLED);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
+ if (data[_i].spi_del_a == 1)
+ { /* currently we call this again if we keep our own replacement as we
+ * already called it above */
+ assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_hook();
+ }
+ else
+ {
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ }
+ assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
+ assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED);
+ assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
+ /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
+ if (data[_i].spi_del_b == 2)
+ {
+ assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_hook();
+ }
+ else
+ {
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ }
+ assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
+ assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
+ assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(child_rekey);
+ /* INFORMATIONAL { D } --> */
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
+ assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
+ assert_child_sa_count(b, 2);
+ /* <-- INFORMATIONAL { D } */
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
+ assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
+ assert_child_sa_count(a, 2);
+ /* <-- INFORMATIONAL { D } */
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+ /* INFORMATIONAL { D } --> */
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+
+ /* child_rekey/child_updown */
+ assert_hook();
+ assert_hook();
+
+ assert_sa_idle(a);
+ assert_sa_idle(b);
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * This is a variation of the above but with the retry by one peer delayed so
+ * that to the other peer it looks like there is no collision.
+ */
+START_TEST(test_collision_ke_invalid_delayed_retry)
+{
+ exchange_test_sa_conf_t conf = {
+ .initiator = {
+ .esp = "aes128-sha256-modp2048-modp3072",
+ },
+ .responder = {
+ .esp = "aes128-sha256-modp3072-modp2048",
+ },
+ };
+ ike_sa_t *a, *b;
+ message_t *msg;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &conf);
+
+ /* Seven nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * CHILD_SA):
+ * N1/3 -----\ /----- N2/4
+ * \--/-----> N3/5
+ * N4/6 <-------/ /---- INVAL_KE
+ * INVAL_KE -----\ /
+ * <-----\--/
+ * N5/7 -----\ \------->
+ * <-----\--------- N6/8
+ * N7/9 -------\------->
+ * <-------\------- DELETE
+ * ... ------\ \----->
+ * /---- TEMP_FAIL
+ *
+ * We test this three times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[3];
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF } },
+ { { 0xFF, 0x00, 0xFF } },
+ { { 0xFF, 0xFF, 0x00 } },
+ };
+
+ /* make sure the nonces of the first try don't affect the retries */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(a, 1);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(b, 2);
+
+ /* this should never get called as this results in a successful rekeying */
+ assert_hook_not_called(child_updown);
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_hook_not_called(child_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_hook();
+ /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
+ assert_hook_not_called(child_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ assert_hook_not_called(child_rekey);
+ assert_single_notify(IN, INVALID_KE_PAYLOAD);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_hook();
+ /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ assert_hook_not_called(child_rekey);
+ assert_single_notify(IN, INVALID_KE_PAYLOAD);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_hook();
+
+ /* delay the CREATE_CHILD_SA request from a to b */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_rekey(child_rekey, 1, 9);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 1, CHILD_REKEYED);
+ assert_child_sa_state(a, 9, CHILD_INSTALLED);
+ assert_hook();
+ /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
+ assert_hook_rekey(child_rekey, 2, 8);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 2, CHILD_DELETING);
+ assert_child_sa_state(b, 8, CHILD_INSTALLED);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(child_rekey);
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, msg);
+ assert_child_sa_state(b, 2, CHILD_DELETING);
+ assert_child_sa_state(b, 8, CHILD_INSTALLED);
+
+ /* <-- INFORMATIONAL { D } */
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 9, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ assert_no_jobs_scheduled();
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, 9, CHILD_INSTALLED);
+ assert_child_sa_count(a, 1);
+ assert_scheduler();
+
+ /* INFORMATIONAL { D } --> */
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, 8, CHILD_INSTALLED);
+ assert_child_sa_count(b, 1);
+
+ /* child_rekey/child_updown */
+ assert_hook();
+ assert_hook();
+
+ assert_sa_idle(a);
+ assert_sa_idle(b);
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
+ * concurrently trying to rekey.
+ *
+ * rekey ----\ /---- delete
+ * \-----/----> detect collision
+ * detect collision <---------/ /---- TEMP_FAIL
+ * delete ----\ /
+ * \----/----->
+ * aborts rekeying <--------/
+ */
+START_TEST(test_collision_delete)
+{
+ ike_sa_t *a, *b;
+ uint32_t spi_a = _i+1, spi_b = 2-_i;
+
+ if (_i)
+ { /* responder rekeys the CHILD_SA (SPI 2) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator rekeys the CHILD_SA (SPI 1) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ initiate_rekey(a, spi_a);
+ call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
+ assert_child_sa_state(b, spi_b, CHILD_DELETING);
+
+ /* this should never get called as there is no successful rekeying on
+ * either side */
+ assert_hook_not_called(child_rekey);
+
+ /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
+ * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
+ */
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_hook_not_called(child_updown);
+ assert_notify(IN, REKEY_SA);
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, spi_b, CHILD_DELETING);
+ assert_hook();
+
+ /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
+ * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
+ * payload.
+ */
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(IN, PLV2_DELETE);
+ assert_single_payload(OUT, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_count(a, 0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ assert_hook_not_called(child_updown);
+ /* we don't expect a job to retry the rekeying */
+ assert_no_jobs_scheduled();
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_scheduler();
+ assert_hook();
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_updown(child_updown, FALSE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_count(b, 0);
+ assert_hook();
+
+ /* child_rekey */
+ assert_hook();
+
+ assert_sa_idle(a);
+ assert_sa_idle(b);
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
+ * concurrently trying to rekey. However, the delete request is delayed or
+ * dropped, so the peer doing the rekeying is unaware of the collision.
+ *
+ * rekey ----\ /---- delete
+ * \-----/----> detect collision
+ * reschedule <---------/------ TEMP_FAIL
+ * <--------/
+ * delete ---------------->
+ *
+ * The job will not find the SA to retry rekeying.
+ */
+START_TEST(test_collision_delete_drop_delete)
+{
+ ike_sa_t *a, *b;
+ message_t *msg;
+ uint32_t spi_a = _i+1, spi_b = 2-_i;
+
+ if (_i)
+ { /* responder rekeys the CHILD_SA (SPI 2) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator rekeys the CHILD_SA (SPI 1) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ initiate_rekey(a, spi_a);
+ call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
+ assert_child_sa_state(b, spi_b, CHILD_DELETING);
+
+ /* this should never get called as there is no successful rekeying on
+ * either side */
+ assert_hook_not_called(child_rekey);
+
+ /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
+ * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
+ */
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_hook_not_called(child_updown);
+ assert_notify(IN, REKEY_SA);
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_state(b, spi_b, CHILD_DELETING);
+ assert_hook();
+
+ /* delay the DELETE request */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ assert_hook_not_called(child_updown);
+ /* we expect a job to retry the rekeying is scheduled */
+ assert_jobs_scheduled(1);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, spi_a, CHILD_INSTALLED);
+ assert_scheduler();
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } (delayed) */
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(IN, PLV2_DELETE);
+ assert_single_payload(OUT, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, a, msg);
+ assert_child_sa_count(a, 0);
+ assert_hook();
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_updown(child_updown, FALSE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_count(b, 0);
+ assert_hook();
+
+ /* child_rekey */
+ assert_hook();
+
+ assert_sa_idle(a);
+ assert_sa_idle(b);
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
+ * concurrently trying to rekey. However, the rekey request is delayed or
+ * dropped, so the peer doing the deleting is unaware of the collision.
+ *
+ * rekey ----\ /---- delete
+ * detect collision <----\-----/
+ * delete ------\--------->
+ * \-------->
+ * /---- CHILD_SA_NOT_FOUND
+ * aborts rekeying <----------/
+ */
+ START_TEST(test_collision_delete_drop_rekey)
+{
+ ike_sa_t *a, *b;
+ message_t *msg;
+ uint32_t spi_a = _i+1, spi_b = 2-_i;
+
+ if (_i)
+ { /* responder rekeys the CHILD_SA (SPI 2) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator rekeys the CHILD_SA (SPI 1) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ initiate_rekey(a, spi_a);
+ call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
+ assert_child_sa_state(b, spi_b, CHILD_DELETING);
+
+ /* this should never get called as there is no successful rekeying on
+ * either side */
+ assert_hook_not_called(child_rekey);
+
+ /* delay the CREATE_CHILD_SA request */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
+ * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
+ * payload.
+ */
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(IN, PLV2_DELETE);
+ assert_single_payload(OUT, PLV2_DELETE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_count(a, 0);
+ assert_hook();
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_updown(child_updown, FALSE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_child_sa_count(b, 0);
+ assert_hook();
+
+ /* RFC 7296, 2.25.1: If a peer receives a to rekey a Child SA that does not
+ * exist, it SHOULD reply with CHILD_SA_NOT_FOUND.
+ */
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
+ assert_hook_not_called(child_updown);
+ assert_notify(IN, REKEY_SA);
+ assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
+ exchange_test_helper->process_message(exchange_test_helper, b, msg);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
+ assert_hook_not_called(child_updown);
+ /* no jobs or tasks should get scheduled/queued */
+ assert_no_jobs_scheduled();
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_scheduler();
+ assert_hook();
+
+ /* child_rekey */
+ assert_hook();
+
+ assert_sa_idle(a);
+ assert_sa_idle(b);
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * FIXME: Not sure what we can do about the following:
+ *
+ * One of the hosts initiates a rekeying of a CHILD_SA and after responding to
+ * it the other peer deletes the new SA. However, the rekey response is
+ * delayed or dropped, so the peer doing the rekeying receives a delete for an
+ * unknown CHILD_SA and then has a rekeyed CHILD_SA that should not exist.
+ *
+ * rekey ---------------->
+ * /---- rekey
+ * unknown SA <----------/----- delete new SA
+ * ----------/----->
+ * <--------/
+ *
+ * The peers' states are now out of sync.
+ *
+ * Perhaps the rekey initiator could keep track of deletes for non-existing SAs
+ * while rekeying and then check against the SPIs when handling the
+ * CREATE_CHILD_SA response.
+ */
+
+
+/**
+ * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other
+ * peer is concurrently trying to rekey.
+ *
+ * rekey ----\ /---- rekey IKE
+ * \-----/----> detect collision
+ * detect collision <---------/ /---- TEMP_FAIL
+ * TEMP_FAIL ----\ /
+ * \----/----->
+ * <--------/
+ */
+START_TEST(test_collision_ike_rekey)
+{
+ ike_sa_t *a, *b;
+ uint32_t spi_a = _i+1;
+
+ if (_i)
+ { /* responder rekeys the CHILD_SA (SPI 2) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator rekeys the CHILD_SA (SPI 1) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ initiate_rekey(a, spi_a);
+ call_ikesa(b, rekey);
+ assert_ike_sa_state(b, IKE_REKEYING);
+
+ /* these should never get called as there is no successful rekeying on
+ * either side */
+ assert_hook_not_called(ike_rekey);
+ assert_hook_not_called(child_rekey);
+
+ /* RFC 7296, 2.25.2: If a peer receives a request to rekey a CHILD_SA when
+ * it is currently rekeying the IKE SA, it SHOULD reply with
+ * TEMPORARY_FAILURE.
+ */
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+
+ /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and
+ * it is currently, rekeying, or closing a Child SA of that IKE SA, it
+ * SHOULD reply with TEMPORARY_FAILURE.
+ */
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, spi_a, CHILD_REKEYING);
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ /* we expect a job to retry the rekeying is scheduled */
+ assert_jobs_scheduled(1);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_child_sa_state(a, spi_a, CHILD_INSTALLED);
+ assert_scheduler();
+
+ /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */
+ /* we expect a job to retry the rekeying is scheduled */
+ assert_jobs_scheduled(1);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_ESTABLISHED);
+ assert_scheduler();
+
+ /* ike_rekey/child_rekey */
+ assert_hook();
+ assert_hook();
+
+ assert_sa_idle(a);
+ assert_sa_idle(b);
+
+ call_ikesa(a, destroy);
+ call_ikesa(b, destroy);
+}
+END_TEST
+
+/**
+ * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other
+ * peer is concurrently trying to rekey.
+ *
+ * rekey ----\ /---- delete IKE
+ * \-----/----> detect collision
+ * <---------/ /---- TEMP_FAIL
+ * delete ----\ /
+ * \----/----->
+ * sa already gone <--------/
+ */
+START_TEST(test_collision_ike_delete)
+{
+ ike_sa_t *a, *b;
+ uint32_t spi_a = _i+1;
+ message_t *msg;
+ status_t s;
+
+ if (_i)
+ { /* responder rekeys the CHILD_SA (SPI 2) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator rekeys the CHILD_SA (SPI 1) */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ initiate_rekey(a, spi_a);
+ call_ikesa(b, delete);
+ assert_ike_sa_state(b, IKE_DELETING);
+
+ /* this should never get called as there is no successful rekeying on
+ * either side */
+ assert_hook_not_called(child_rekey);
+
+ /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if
+ * a peer receives a request to rekey a CHILD_SA when it is currently
+ * closing the IKE SA. We expect a TEMPORARY_FAILURE notify.
+ */
+
+ /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_DELETING);
+
+ /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if
+ * a peer receives a request to close the IKE SA if it is currently rekeying
+ * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the
+ * rekeying.
+ */
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ assert_message_empty(OUT);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ assert_hook();
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ /* the SA is already gone */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+ msg->destroy(msg);
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+ assert_hook();
+
+ /* child_rekey */
+ assert_hook();
+}
+END_TEST
+
+Suite *child_rekey_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("child rekey");
+
+ tc = tcase_create("regular");
+ tcase_add_loop_test(tc, test_regular, 0, 2);
+ tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2);
+ tcase_add_test(tc, test_regular_responder_ignore_soft_expire);
+ tcase_add_test(tc, test_regular_responder_handle_hard_expire);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("collisions rekey");
+ tcase_add_loop_test(tc, test_collision, 0, 4);
+ tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4);
+ tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3);
+ tcase_add_loop_test(tc, test_collision_delayed_request_more, 0, 3);
+ tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4);
+ tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("collisions delete");
+ tcase_add_loop_test(tc, test_collision_delete, 0, 2);
+ tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2);
+ tcase_add_loop_test(tc, test_collision_delete_drop_rekey, 0, 2);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("collisions ike rekey");
+ tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("collisions ike delete");
+ tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libcharon/tests/suites/test_ike_delete.c b/src/libcharon/tests/suites/test_ike_delete.c
new file mode 100644
index 0000000..d79f9bc
--- /dev/null
+++ b/src/libcharon/tests/suites/test_ike_delete.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <tests/utils/exchange_test_helper.h>
+#include <tests/utils/exchange_test_asserts.h>
+#include <tests/utils/sa_asserts.h>
+
+/**
+ * Regular IKE_SA delete either initiated by the original initiator or
+ * responder of the IKE_SA.
+ */
+START_TEST(test_regular)
+{
+ ike_sa_t *a, *b;
+ status_t s;
+
+ if (_i)
+ { /* responder deletes the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator deletes the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+ call_ikesa(a, delete);
+ assert_ike_sa_state(a, IKE_DELETING);
+ assert_hook();
+ assert_hook();
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+ assert_hook();
+
+ /* <-- INFORMATIONAL { } */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ assert_message_empty(IN);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ assert_hook();
+ assert_hook();
+}
+END_TEST
+
+/**
+ * Both peers initiate the IKE_SA deletion concurrently and should handle the
+ * collision properly.
+ */
+START_TEST(test_collision)
+{
+ ike_sa_t *a, *b;
+ status_t s;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+ call_ikesa(a, delete);
+ assert_ike_sa_state(a, IKE_DELETING);
+ call_ikesa(b, delete);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_hook();
+ assert_hook();
+
+ /* RFC 7296 says: If a peer receives a request to close an IKE SA that it
+ * is currently trying to close, it SHOULD reply as usual, and forget about
+ * its own close request.
+ * So we expect the SA to just get closed with an empty response still sent.
+ */
+
+ /* INFORMATIONAL { D } --> */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(IN, PLV2_DELETE);
+ assert_message_empty(OUT);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(IN, PLV2_DELETE);
+ assert_message_empty(OUT);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ assert_hook();
+ assert_hook();
+}
+END_TEST
+
+Suite *ike_delete_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("ike delete");
+
+ tc = tcase_create("regular");
+ tcase_add_loop_test(tc, test_regular, 0, 2);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("collisions");
+ tcase_add_test(tc, test_collision);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libcharon/tests/suites/test_ike_rekey.c b/src/libcharon/tests/suites/test_ike_rekey.c
new file mode 100644
index 0000000..ba39657
--- /dev/null
+++ b/src/libcharon/tests/suites/test_ike_rekey.c
@@ -0,0 +1,1480 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <tests/utils/exchange_test_helper.h>
+#include <tests/utils/exchange_test_asserts.h>
+#include <tests/utils/job_asserts.h>
+#include <tests/utils/sa_asserts.h>
+
+/**
+ * Initiate rekeying the given IKE_SA.
+ */
+#define initiate_rekey(sa) ({ \
+ assert_hook_not_called(ike_rekey); \
+ call_ikesa(sa, rekey); \
+ assert_ike_sa_state(a, IKE_REKEYING); \
+ assert_hook(); \
+})
+
+/**
+ * Regular IKE_SA rekeying either initiated by the original initiator or
+ * responder of the IKE_SA.
+ */
+START_TEST(test_regular)
+{
+ ike_sa_t *a, *b, *new_sa;
+ status_t s;
+
+ if (_i)
+ { /* responder rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ initiate_rekey(a);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ assert_hook_rekey(ike_rekey, 1, 3);
+ assert_no_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYED);
+ assert_child_sa_count(b, 0);
+ new_sa = assert_ike_sa_checkout(3, 4, FALSE);
+ assert_ike_sa_state(new_sa, IKE_ESTABLISHED);
+ assert_child_sa_count(new_sa, 1);
+ assert_ike_sa_count(1);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */
+ assert_hook_rekey(ike_rekey, 1, 3);
+ assert_no_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_DELETING);
+ assert_child_sa_count(a, 0);
+ new_sa = assert_ike_sa_checkout(3, 4, TRUE);
+ assert_ike_sa_state(new_sa, IKE_ESTABLISHED);
+ assert_child_sa_count(new_sa, 1);
+ assert_ike_sa_count(2);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(ike_rekey);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ /* <-- INFORMATIONAL { } */
+ assert_message_empty(IN);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+
+ /* ike_rekey/ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * IKE_SA rekeying where the responder does not agree with the DH group selected
+ * by the initiator, either initiated by the original initiator or responder of
+ * the IKE_SA.
+ */
+START_TEST(test_regular_ke_invalid)
+{
+ exchange_test_sa_conf_t conf = {
+ .initiator = {
+ .ike = "aes128-sha256-modp2048-modp3072",
+ },
+ .responder = {
+ .ike = "aes128-sha256-modp3072-modp2048",
+ },
+ };
+ ike_sa_t *a, *b, *sa;
+ status_t s;
+
+ lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
+ FALSE, lib->ns);
+ if (_i)
+ { /* responder rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, &conf);
+ }
+ else
+ { /* initiator rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &conf);
+ }
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
+ TRUE, lib->ns);
+
+ initiate_rekey(a);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_ESTABLISHED);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+
+ /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
+ assert_single_notify(IN, INVALID_KE_PAYLOAD);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ assert_hook_rekey(ike_rekey, 1, 3);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYED);
+ assert_child_sa_count(b, 0);
+ sa = assert_ike_sa_checkout(3, 5, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(1);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */
+ assert_hook_rekey(ike_rekey, 1, 3);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_DELETING);
+ assert_child_sa_count(a, 0);
+ sa = assert_ike_sa_checkout(3, 5, TRUE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(2);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(ike_rekey);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ /* <-- INFORMATIONAL { } */
+ assert_message_empty(IN);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+
+ /* ike_rekey/ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * Both peers initiate the IKE_SA rekeying concurrently and should handle the
+ * collision properly depending on the nonces.
+ */
+START_TEST(test_collision)
+{
+ ike_sa_t *a, *b, *sa;
+ status_t status;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+
+ /* When rekeyings collide we get two IKE_SAs with a total of four nonces.
+ * The IKE_SA with the lowest nonce SHOULD be deleted by the peer that
+ * created that IKE_SA. The replaced IKE_SA is deleted by the peer that
+ * initiated the surviving SA.
+ * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * IKE_SA):
+ * N1/3 -----\ /----- N2/4
+ * \--/-----> N3/5
+ * N4/6 <-------/ /----- ...
+ * ... -----\
+ * We test this four times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[4];
+ /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
+ uint32_t del_a_i, del_a_r;
+ uint32_t del_b_i, del_b_r;
+ /* SPIs of the kept IKE_SA */
+ uint32_t spi_i, spi_r;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 },
+ };
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* simplify next steps by checking in original IKE_SAs */
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
+ assert_ike_sa_count(2);
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ /* as original initiator a is initiator of both SAs it could delete */
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+ assert_ike_sa_state(sa, IKE_DELETING);
+ assert_child_sa_count(sa, 0);
+ /* if b won it will delete the original SA a initiated */
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i == 1);
+ assert_ike_sa_state(sa, IKE_REKEYED);
+ assert_child_sa_count(sa, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
+ data[_i].del_a_i == 1);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(4);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ /* if b wins it deletes the SA originally initiated by a */
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i != 1);
+ assert_ike_sa_state(sa, IKE_DELETING);
+ assert_child_sa_count(sa, 0);
+ /* a only deletes SAs for which b is responder */
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+ assert_ike_sa_state(sa, IKE_REKEYED);
+ assert_child_sa_count(sa, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
+ data[_i].del_b_i == 1);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(6);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(ike_rekey);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(5);
+ /* <-- INFORMATIONAL { D } */
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i == 1);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(4);
+ /* <-- INFORMATIONAL { } */
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(3);
+ /* INFORMATIONAL { } --> */
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i != 1);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(2);
+
+ /* ike_rekey/ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * Both peers initiate the IKE_SA rekeying concurrently but the proposed DH
+ * gropus are not the same. After handling the INVALID_KE_PAYLOAD they should
+ * still handle the collision properly depending on the nonces.
+ */
+START_TEST(test_collision_ke_invalid)
+{
+ exchange_test_sa_conf_t conf = {
+ .initiator = {
+ .ike = "aes128-sha256-modp2048-modp3072",
+ },
+ .responder = {
+ .ike = "aes128-sha256-modp3072-modp2048",
+ },
+ };
+ ike_sa_t *a, *b, *sa;
+ status_t status;
+
+ lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
+ FALSE, lib->ns);
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &conf);
+
+ lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
+ TRUE, lib->ns);
+
+ /* Six nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * IKE_SA):
+ * N1/3 -----\ /----- N2/4
+ * \--/-----> N3/5
+ * N4/6 <-------/ /---- INVAL_KE
+ * INVAL_KE -----\ /
+ * <-----\--/
+ * N1/3 -----\ \------->
+ * \ /---- N2/4
+ * \--/----> N5/7
+ * N6/8 <--------/ /---- ...
+ * ... ------\
+ * We test this four times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[4];
+ /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
+ uint32_t del_a_i, del_a_r;
+ uint32_t del_b_i, del_b_r;
+ /* SPIs of the kept IKE_SA */
+ uint32_t spi_i, spi_r;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 7, 1, 2, 4, 8 },
+ { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 8, 3, 7 },
+ { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 7, 1, 2, 4, 8 },
+ { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 8, 3, 7 },
+ };
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ assert_hook_not_called(ike_rekey);
+ assert_single_notify(IN, INVALID_KE_PAYLOAD);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ assert_hook_not_called(child_rekey);
+ assert_single_notify(IN, INVALID_KE_PAYLOAD);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* simplify next steps by checking in original IKE_SAs */
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
+ assert_ike_sa_count(2);
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ /* as original initiator a is initiator of both SAs it could delete */
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+ assert_ike_sa_state(sa, IKE_DELETING);
+ assert_child_sa_count(sa, 0);
+ /* if b won it will delete the original SA a initiated */
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i == 1);
+ assert_ike_sa_state(sa, IKE_REKEYED);
+ assert_child_sa_count(sa, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
+ data[_i].del_a_i == 1);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(4);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ /* if b wins it deletes the SA originally initiated by a */
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i != 1);
+ assert_ike_sa_state(sa, IKE_DELETING);
+ assert_child_sa_count(sa, 0);
+ /* a only deletes SAs for which b is responder */
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+ assert_ike_sa_state(sa, IKE_REKEYED);
+ assert_child_sa_count(sa, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
+ data[_i].del_b_i == 1);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(6);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(ike_rekey);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(5);
+ /* <-- INFORMATIONAL { D } */
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i == 1);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(4);
+ /* <-- INFORMATIONAL { } */
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(3);
+ /* INFORMATIONAL { } --> */
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i != 1);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(2);
+
+ /* ike_rekey/ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * This is like the collision above but one of the retries is delayed.
+ */
+START_TEST(test_collision_ke_invalid_delayed_retry)
+{
+ exchange_test_sa_conf_t conf = {
+ .initiator = {
+ .ike = "aes128-sha256-modp2048-modp3072",
+ },
+ .responder = {
+ .ike = "aes128-sha256-modp3072-modp2048",
+ },
+ };
+ ike_sa_t *a, *b, *sa;
+ message_t *msg;
+ status_t s;
+
+ lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
+ FALSE, lib->ns);
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &conf);
+
+ lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
+ TRUE, lib->ns);
+
+ /* Five nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * IKE_SA):
+ * N1/3 -----\ /----- N2/4
+ * \--/-----> N3/5
+ * N4/6 <-------/ /---- INVAL_KE
+ * INVAL_KE -----\ /
+ * <-----\--/
+ * N1/3 -----\ \------->
+ * <-----\--------- N2/4
+ * N5/7 -------\------->
+ * <-------\------- DELETE
+ * ... ------\ \----->
+ * /---- TEMP_FAIL
+ *
+ * We test this three times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[3];
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF } },
+ { { 0xFF, 0x00, 0xFF } },
+ { { 0xFF, 0xFF, 0x00 } },
+ };
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ assert_hook_not_called(ike_rekey);
+ assert_single_notify(IN, INVALID_KE_PAYLOAD);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ assert_hook_not_called(child_rekey);
+ assert_single_notify(IN, INVALID_KE_PAYLOAD);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* delay the CREATE_CHILD_SA request from a to b */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
+ assert_hook_rekey(ike_rekey, 1, 4);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_child_sa_count(b, 0);
+ sa = assert_ike_sa_checkout(4, 7, TRUE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(1);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, msg);
+ assert_ike_sa_state(b, IKE_DELETING);
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_rekey(ike_rekey, 1, 4);
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ sa = assert_ike_sa_checkout(4, 7, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(2);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ /* the SA is already gone */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+ msg->destroy(msg);
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_not_called(ike_rekey);
+ assert_message_empty(IN);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+
+ /* ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * This is like the rekey collision above, but one peer deletes the
+ * redundant/old SA before the other peer receives the CREATE_CHILD_SA
+ * response:
+ * Peer A Peer B
+ * rekey ----\ /---- rekey
+ * \-----/----> detect collision
+ * detect collision <---------/ /----
+ * -----------/---->
+ * handle delete <---------/------ delete redundant/old SA
+ * ---------/------>
+ * handle rekey <-------/
+ * delete SA ---------------->
+ * <----------------
+ *
+ * If peer B won the collision it deletes the old IKE_SA, in which case
+ * this situation is handled as if peer B was not aware of the collision (see
+ * below). That is, peer A finalizes the rekeying initiated by the peer and
+ * deletes the IKE_SA (it has no way of knowing whether the peer was aware of
+ * the collision or not). Peer B will expect the redundant IKE_SA to get
+ * deleted, but that will never happen if the response arrives after the SA is
+ * already gone. So a job should be queued that deletes it after a while.
+ *
+ * If peer B lost it will switch to the new IKE_SA and delete the redundant
+ * IKE_SA and expect a delete for the old IKE_SA. In this case peer A will
+ * simply retransmit until it receives a response to the rekey request, all the
+ * while ignoring the delete requests for the unknown IKE_SA. Afterwards,
+ * everything works as in a regular collision (however, until peer A receives
+ * the response it will not be able to receive any messages on the new IKE_SA).
+ */
+START_TEST(test_collision_delayed_response)
+{
+ ike_sa_t *a, *b, *sa;
+ message_t *msg, *d;
+ status_t s;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+
+ /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * IKE_SA):
+ * N1/3 -----\ /----- N2/4
+ * \--/-----> N3/5
+ * N4/6 <-------/ /----- ...
+ * ... -----\
+ * We test this four times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[4];
+ /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
+ uint32_t del_a_i, del_a_r;
+ uint32_t del_b_i, del_b_r;
+ /* SPIs of the kept IKE_SA */
+ uint32_t spi_i, spi_r;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 },
+ };
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* delay the CREATE_CHILD_SA response from b to a */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* simplify next steps by checking in original IKE_SAs */
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
+ assert_ike_sa_count(2);
+
+ /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ /* besides the job that retransmits the delete, we expect a job that
+ * deletes the redundant IKE_SA if we expect the other to delete it */
+ assert_jobs_scheduled(data[_i].del_b_i == 1 ? 2 : 1);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ /* if b wins it deletes the SA originally initiated by a */
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i != 1);
+ assert_ike_sa_state(sa, IKE_DELETING);
+ assert_child_sa_count(sa, 0);
+ /* a only deletes SAs for which b is responder */
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+ assert_ike_sa_state(sa, IKE_REKEYED);
+ assert_child_sa_count(sa, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
+ data[_i].del_b_i == 1);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(4);
+ assert_scheduler();
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } */
+ if (data[_i].del_b_i == 1)
+ { /* b won, it deletes the replaced IKE_SA */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, a,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, a);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(4);
+ assert_hook();
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_not_called(ike_rekey);
+ assert_message_empty(IN);
+ s = exchange_test_helper->process_message(exchange_test_helper, b,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, b);
+ assert_ike_sa_count(3);
+ assert_hook();
+ /* the job will later remove this redundant IKE_SA on b */
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+ assert_ike_sa_state(sa, IKE_REKEYED);
+ assert_sa_idle(sa);
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */
+ /* the IKE_SA (a) does not exist anymore */
+ msg->destroy(msg);
+ }
+ else
+ { /* b lost, the delete is for the non-existing redundant IKE_SA */
+ d = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ exchange_test_helper->process_message(exchange_test_helper, a, msg);
+ /* as original initiator a is initiator of both SAs it could delete */
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+ assert_ike_sa_state(sa, IKE_DELETING);
+ assert_child_sa_count(sa, 0);
+ /* this is the redundant SA b is trying to delete */
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE);
+ assert_ike_sa_state(sa, IKE_REKEYED);
+ assert_child_sa_count(sa, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
+ data[_i].del_a_i == 1);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(6);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(ike_rekey);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+ s = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(5);
+ /* <-- INFORMATIONAL { } */
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+ s = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(4);
+
+ /* <-- INFORMATIONAL { D } (retransmit/delayed) */
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE);
+ s = exchange_test_helper->process_message(exchange_test_helper, sa, d);
+ ck_assert_int_eq(DESTROY_ME, s);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(3);
+ /* INFORMATIONAL { } --> */
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, TRUE);
+ s = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(2);
+ /* ike_rekey */
+ assert_hook();
+ }
+
+ /* ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * In this scenario one of the peers does not notice that there is a rekey
+ * collision because the other request is dropped:
+ *
+ * rekey ----\ /---- rekey
+ * \ /
+ * detect collision <-----\---/
+ * -------\-------->
+ * detect collision <-------\-------- delete old SA
+ * delete ---------\------>
+ * rekey done \-----> SA not found (or it never arrives)
+ */
+START_TEST(test_collision_dropped_request)
+{
+ ike_sa_t *a, *b, *sa;
+ message_t *msg;
+ status_t s;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+
+ /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * CHILD_SA):
+ * N1/3 -----\ /----- N2/4
+ * N3/5 <-----\--/
+ * ... -----\ \-------> ...
+ * We test this three times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[3];
+ /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
+ uint32_t del_a_i, del_a_r;
+ uint32_t del_b_i, del_b_r;
+ /* SPIs of the kept IKE_SA */
+ uint32_t spi_i, spi_r;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ };
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a);
+ /* drop the CREATE_CHILD_SA request from a to b */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+ msg->destroy(msg);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b);
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ assert_hook_rekey(ike_rekey, 1, 4);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_child_sa_count(b, 0);
+ sa = assert_ike_sa_checkout(4, 5, TRUE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(1);
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_rekey(ike_rekey, 1, 4);
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ sa = assert_ike_sa_checkout(4, 5, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(2);
+ assert_hook();
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_not_called(ike_rekey);
+ assert_message_empty(IN);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+
+ /* ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * In this scenario one of the peers does not notice that there is a rekey
+ * collision because the other request is delayed:
+ *
+ * rekey ----\ /---- rekey
+ * \ /
+ * detect collision <-----\---/
+ * -------\-------->
+ * \ /---- delete old SA
+ * \-/----> detect collision
+ * detect collision <---------/ /---- TEMP_FAIL
+ * delete -----------/---->
+ * rekey done /
+ * sa already gone <--------/
+ */
+START_TEST(test_collision_delayed_request)
+{
+ ike_sa_t *a, *b, *sa;
+ message_t *msg;
+ status_t s;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+
+ /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * CHILD_SA):
+ * N1/3 -----\ /----- N2/4
+ * N3/5 <-----\--/
+ * ... -----\ \-------> ...
+ * We test this three times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[3];
+ /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
+ uint32_t del_a_i, del_a_r;
+ uint32_t del_b_i, del_b_r;
+ /* SPIs of the kept IKE_SA */
+ uint32_t spi_i, spi_r;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ };
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b);
+
+ /* delay the CREATE_CHILD_SA request from a to b */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ assert_hook_rekey(ike_rekey, 1, 4);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_child_sa_count(b, 0);
+ sa = assert_ike_sa_checkout(4, 5, TRUE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(1);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, msg);
+ assert_ike_sa_state(b, IKE_DELETING);
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_rekey(ike_rekey, 1, 4);
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ sa = assert_ike_sa_checkout(4, 5, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(2);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ /* the SA is already gone */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+ msg->destroy(msg);
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_not_called(ike_rekey);
+ assert_message_empty(IN);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+
+ /* ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * In this scenario one of the peers does not notice that there is a rekey
+ * collision and the delete arrives after the TEMPORARY_FAILURE notify:
+ *
+ * rekey ----\ /---- rekey
+ * \ /
+ * detect collision <-----\---/
+ * -------\-------->
+ * \ /---- delete old SA
+ * \-/----> detect collision
+ * no reschedule <---------/------ TEMP_FAIL
+ * detect collision <--------/
+ * delete ---------------->
+ * rekey done
+ */
+START_TEST(test_collision_delayed_request_and_delete)
+{
+ ike_sa_t *a, *b, *sa;
+ message_t *msg;
+ status_t s;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+
+ /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * CHILD_SA):
+ * N1/3 -----\ /----- N2/4
+ * N3/5 <-----\--/
+ * ... -----\ \-------> ...
+ * We test this three times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[3];
+ /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
+ uint32_t del_a_i, del_a_r;
+ uint32_t del_b_i, del_b_r;
+ /* SPIs of the kept IKE_SA */
+ uint32_t spi_i, spi_r;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ };
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b);
+
+ /* delay the CREATE_CHILD_SA request from a to b */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ assert_hook_rekey(ike_rekey, 1, 4);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_child_sa_count(b, 0);
+ sa = assert_ike_sa_checkout(4, 5, TRUE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(1);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, msg);
+ assert_ike_sa_state(b, IKE_DELETING);
+
+ /* delay the INFORMATIONAL request from b to a */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ assert_hook_rekey(ike_rekey, 1, 4);
+ assert_no_jobs_scheduled();
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYED);
+ assert_child_sa_count(a, 0);
+ sa = assert_ike_sa_checkout(4, 5, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(2);
+ assert_scheduler();
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } (delayed) */
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, msg);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_not_called(ike_rekey);
+ assert_message_empty(IN);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+
+ /* ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * One of the hosts initiates a DELETE of the IKE_SA the other peer is
+ * concurrently trying to rekey.
+ *
+ * rekey ----\ /---- delete
+ * \-----/----> detect collision
+ * detect collision <---------/ /---- TEMP_FAIL
+ * delete ----\ /
+ * \----/----->
+ * sa already gone <--------/
+ */
+START_TEST(test_collision_delete)
+{
+ ike_sa_t *a, *b;
+ message_t *msg;
+ status_t s;
+
+ if (_i)
+ { /* responder rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ /* this should never get called as this does not result in a successful
+ * rekeying on either side */
+ assert_hook_not_called(ike_rekey);
+
+ initiate_rekey(a);
+ call_ikesa(b, delete);
+ assert_ike_sa_state(b, IKE_DELETING);
+
+ /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that
+ * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
+ */
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ assert_hook_not_called(ike_updown);
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* RFC 7296, 2.25.2: If a peer receives a request to close an IKE SA that
+ * it is currently rekeying, it SHOULD reply as usual, and forget its own
+ * rekeying request.
+ */
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(IN, PLV2_DELETE);
+ assert_message_empty(OUT);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ assert_hook();
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ /* the SA is already gone */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+ msg->destroy(msg);
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+ assert_hook();
+
+ /* ike_rekey */
+ assert_hook();
+}
+END_TEST
+
+/**
+ * One of the hosts initiates a DELETE of the IKE_SA the other peer is
+ * concurrently trying to rekey. However, the delete request is delayed or
+ * dropped, so the peer doing the rekeying is unaware of the collision.
+ *
+ * rekey ----\ /---- delete
+ * \-----/----> detect collision
+ * reschedule <---------/------ TEMP_FAIL
+ * <--------/
+ * delete ---------------->
+ */
+START_TEST(test_collision_delete_drop_delete)
+{
+ ike_sa_t *a, *b;
+ message_t *msg;
+ status_t s;
+
+ if (_i)
+ { /* responder rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, NULL);
+ }
+ else
+ { /* initiator rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, NULL);
+ }
+ /* this should never get called as this does not result in a successful
+ * rekeying on either side */
+ assert_hook_not_called(ike_rekey);
+
+ initiate_rekey(a);
+ call_ikesa(b, delete);
+ assert_ike_sa_state(b, IKE_DELETING);
+
+ /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that
+ * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
+ */
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ assert_hook_not_called(ike_updown);
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* delay the DELETE request */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+ /* we expect a job to retry the rekeying is scheduled */
+ assert_jobs_scheduled(1);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_ESTABLISHED);
+ assert_scheduler();
+ assert_hook();
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } (delayed) */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(IN, PLV2_DELETE);
+ assert_message_empty(OUT);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, msg);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ assert_hook();
+ assert_hook();
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+ assert_hook();
+
+ /* ike_rekey */
+ assert_hook();
+}
+END_TEST
+
+Suite *ike_rekey_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("ike rekey");
+
+ tc = tcase_create("regular");
+ tcase_add_loop_test(tc, test_regular, 0, 2);
+ tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("collisions rekey");
+ tcase_add_loop_test(tc, test_collision, 0, 4);
+ tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4);
+ tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3);
+ tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4);
+ tcase_add_loop_test(tc, test_collision_dropped_request, 0, 3);
+ tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3);
+ tcase_add_loop_test(tc, test_collision_delayed_request_and_delete, 0, 3);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("collisions delete");
+ tcase_add_loop_test(tc, test_collision_delete, 0, 2);
+ tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libcharon/tests/suites/test_message_chapoly.c b/src/libcharon/tests/suites/test_message_chapoly.c
index e871cf6..f4a74ab 100644
--- a/src/libcharon/tests/suites/test_message_chapoly.c
+++ b/src/libcharon/tests/suites/test_message_chapoly.c
@@ -40,7 +40,7 @@ METHOD(aead_t, get_iv_gen, iv_gen_t*,
}
METHOD(iv_gen_t, get_iv, bool,
- iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer)
+ iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer)
{
if (size != 8)
{
@@ -51,7 +51,7 @@ METHOD(iv_gen_t, get_iv, bool,
}
METHOD(iv_gen_t, allocate_iv, bool,
- iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk)
+ iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk)
{
if (size != 8)
{
@@ -66,10 +66,10 @@ METHOD(iv_gen_t, allocate_iv, bool,
*/
START_TEST(test_chacha20poly1305)
{
- u_int64_t spii, spir;
+ uint64_t spii, spir;
ike_sa_id_t *id;
message_t *m;
- u_int32_t window = htonl(10);
+ uint32_t window = htonl(10);
chunk_t chunk, exp;
keymat_t keymat = {
.get_version = _get_version,
diff --git a/src/libcharon/tests/suites/test_proposal.c b/src/libcharon/tests/suites/test_proposal.c
new file mode 100644
index 0000000..a6226f6
--- /dev/null
+++ b/src/libcharon/tests/suites/test_proposal.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <config/proposal.h>
+
+static struct {
+ char *self;
+ char *other;
+ char *expected;
+} select_data[] = {
+ { "aes128", "aes128", "aes128" },
+ { "aes128", "aes256", NULL },
+ { "aes128-aes256", "aes256-aes128", "aes128" },
+ { "aes256-aes128", "aes128-aes256", "aes256" },
+ { "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" },
+ { "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" },
+ { "aes128-sha256-modp3072", "aes128-sha256", NULL },
+ { "aes128-sha256", "aes128-sha256-modp3072", NULL },
+ { "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL },
+ { "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL },
+ { "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
+ { "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
+ { "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" },
+ { "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" },
+};
+
+START_TEST(test_select)
+{
+ proposal_t *self, *other, *selected, *expected;
+
+ self = proposal_create_from_string(PROTO_ESP,
+ select_data[_i].self);
+ other = proposal_create_from_string(PROTO_ESP,
+ select_data[_i].other);
+ selected = self->select(self, other, FALSE);
+ if (select_data[_i].expected)
+ {
+ expected = proposal_create_from_string(PROTO_ESP,
+ select_data[_i].expected);
+ ck_assert(selected);
+ ck_assert_msg(expected->equals(expected, selected), "proposal %P does "
+ "not match expected %P", selected, expected);
+ expected->destroy(expected);
+ }
+ else
+ {
+ ck_assert(!selected);
+ }
+ DESTROY_IF(selected);
+ other->destroy(other);
+ self->destroy(self);
+}
+END_TEST
+
+Suite *proposal_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("proposal");
+
+ tc = tcase_create("select");
+ tcase_add_loop_test(tc, test_select, 0, countof(select_data));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libcharon/tests/utils/exchange_test_asserts.c b/src/libcharon/tests/utils/exchange_test_asserts.c
new file mode 100644
index 0000000..2602b97
--- /dev/null
+++ b/src/libcharon/tests/utils/exchange_test_asserts.c
@@ -0,0 +1,182 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <inttypes.h>
+
+#include <test_suite.h>
+
+#include "exchange_test_asserts.h"
+
+/*
+ * Described in header
+ */
+bool exchange_test_asserts_hook(listener_t *listener)
+{
+ listener_hook_assert_t *this = (listener_hook_assert_t*)listener;
+
+ this->count++;
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool exchange_test_asserts_ike_updown(listener_t *listener, ike_sa_t *ike_sa,
+ bool up)
+{
+ listener_hook_assert_t *this = (listener_hook_assert_t*)listener;
+
+ this->count++;
+ assert_listener_msg(this->up == up, this, "IKE_SA not '%s'",
+ this->up ? "up" : "down");
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool exchange_test_asserts_child_updown(listener_t *listener, ike_sa_t *ike_sa,
+ child_sa_t *child_sa, bool up)
+{
+ listener_hook_assert_t *this = (listener_hook_assert_t*)listener;
+
+ this->count++;
+ assert_listener_msg(this->up == up, this, "CHILD_SA not '%s'",
+ this->up ? "up" : "down");
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool exchange_test_asserts_ike_rekey(listener_t *listener, ike_sa_t *old,
+ ike_sa_t *new)
+{
+ listener_hook_assert_t *this = (listener_hook_assert_t*)listener;
+ ike_sa_id_t *id;
+ uint64_t spi;
+
+ this->count++;
+ id = old->get_id(old);
+ spi = id->get_initiator_spi(id);
+ assert_listener_msg(this->spi_old == spi, this, "unexpected old IKE_SA "
+ "%.16"PRIx64"_i instead of %.16"PRIx64"_i",
+ be64toh(spi), be64toh(this->spi_old));
+ id = new->get_id(new);
+ spi = id->get_initiator_spi(id);
+ assert_listener_msg(this->spi_new == spi, this, "unexpected new IKE_SA "
+ "%.16"PRIx64"_i instead of %.16"PRIx64"_i",
+ be64toh(spi), be64toh(this->spi_new));
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool exchange_test_asserts_child_rekey(listener_t *listener, ike_sa_t *ike_sa,
+ child_sa_t *old, child_sa_t *new)
+{
+ listener_hook_assert_t *this = (listener_hook_assert_t*)listener;
+ uint32_t spi, expected;
+
+ this->count++;
+ spi = old->get_spi(old, TRUE);
+ expected = this->spi_old;
+ assert_listener_msg(expected == spi, this, "unexpected old CHILD_SA %.8x "
+ "instead of %.8x", spi, expected);
+ spi = new->get_spi(new, TRUE);
+ expected = this->spi_new;
+ assert_listener_msg(expected == spi, this, "unexpected new CHILD_SA %.8x "
+ "instead of %.8x", spi, expected);
+ return TRUE;
+}
+
+/**
+ * Assert a given message rule
+ */
+static void assert_message_rule(listener_message_assert_t *this, message_t *msg,
+ listener_message_rule_t *rule)
+{
+ if (rule->expected)
+ {
+ if (rule->payload)
+ {
+ assert_listener_msg(msg->get_payload(msg, rule->payload),
+ this, "expected payload (%N) not found",
+ payload_type_names, rule->payload);
+
+ }
+ if (rule->notify)
+ {
+ assert_listener_msg(msg->get_notify(msg, rule->notify),
+ this, "expected notify payload (%N) not found",
+ notify_type_names, rule->notify);
+ }
+ }
+ else
+ {
+ if (rule->payload)
+ {
+ assert_listener_msg(!msg->get_payload(msg, rule->payload),
+ this, "unexpected payload (%N) found",
+ payload_type_names, rule->payload);
+
+ }
+ if (rule->notify)
+ {
+ assert_listener_msg(!msg->get_notify(msg, rule->notify),
+ this, "unexpected notify payload (%N) found",
+ notify_type_names, rule->notify);
+ }
+ }
+}
+
+/*
+ * Described in header
+ */
+bool exchange_test_asserts_message(listener_t *listener, ike_sa_t *ike_sa,
+ message_t *message, bool incoming, bool plain)
+{
+ listener_message_assert_t *this = (listener_message_assert_t*)listener;
+
+ if (plain && this->incoming == incoming)
+ {
+ if (this->count >= 0)
+ {
+ enumerator_t *enumerator;
+ int count = 0;
+ enumerator = message->create_payload_enumerator(message);
+ while (enumerator->enumerate(enumerator, NULL))
+ {
+ count++;
+ }
+ enumerator->destroy(enumerator);
+ assert_listener_msg(this->count == count, this, "unexpected payload "
+ "count in message (%d != %d)", this->count,
+ count);
+ }
+ if (this->num_rules)
+ {
+ int i;
+
+ for (i = 0; i < this->num_rules; i++)
+ {
+ assert_message_rule(this, message, &this->rules[i]);
+ }
+ }
+ return FALSE;
+ }
+ return TRUE;
+}
diff --git a/src/libcharon/tests/utils/exchange_test_asserts.h b/src/libcharon/tests/utils/exchange_test_asserts.h
new file mode 100644
index 0000000..32afcc2
--- /dev/null
+++ b/src/libcharon/tests/utils/exchange_test_asserts.h
@@ -0,0 +1,343 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * Special assertions using listener_t.
+ *
+ * @defgroup exchange_test_asserts exchange_test_asserts
+ * @{ @ingroup test_utils_c
+ */
+
+#ifndef EXCHANGE_TEST_ASSERTS_H_
+#define EXCHANGE_TEST_ASSERTS_H_
+
+#include <bus/listeners/listener.h>
+
+typedef struct listener_hook_assert_t listener_hook_assert_t;
+typedef struct listener_message_assert_t listener_message_assert_t;
+typedef struct listener_message_rule_t listener_message_rule_t;
+
+struct listener_hook_assert_t {
+
+ /**
+ * Implemented interface
+ */
+ listener_t listener;
+
+ /**
+ * Original source file
+ */
+ const char *file;
+
+ /**
+ * Source line
+ */
+ int line;
+
+ /**
+ * Name of the hook
+ */
+ const char *name;
+
+ /**
+ * Expected number of calls (-1 to ignore)
+ */
+ int expected;
+
+ /**
+ * Number of times the hook was called
+ */
+ int count;
+
+ /**
+ * Expected updown result
+ */
+ bool up;
+
+ /**
+ * Initiator/Inbound SPIs to expect in rekey event
+ */
+ uint64_t spi_old, spi_new;
+};
+
+/**
+ * Basic callback for methods on listener_t, counting the number of calls.
+ */
+bool exchange_test_asserts_hook(listener_t *this);
+
+/**
+ * Implementation of listener_t::ike_updown.
+ */
+bool exchange_test_asserts_ike_updown(listener_t *this, ike_sa_t *ike_sa,
+ bool up);
+
+/**
+ * Implementation of listener_t::child_updown.
+ */
+bool exchange_test_asserts_child_updown(listener_t *this, ike_sa_t *ike_sa,
+ child_sa_t *child_sa, bool up);
+
+/**
+ * Implementation of listener_t::ike_rekey.
+ */
+bool exchange_test_asserts_ike_rekey(listener_t *this, ike_sa_t *old,
+ ike_sa_t *new);
+
+/**
+ * Implementation of listener_t::child_rekey.
+ */
+bool exchange_test_asserts_child_rekey(listener_t *this, ike_sa_t *ike_sa,
+ child_sa_t *old, child_sa_t *new);
+
+/**
+ * Check if a statement evaluates to TRUE, use original source file and line
+ * in the error message if not.
+ *
+ * @param x statement to evaluate
+ * @param l listener providing original source file and line
+ * @param fmt printf format string
+ * @param ... arguments for fmt
+ */
+#define assert_listener_msg(x, l, fmt, ...) ({ \
+ test_fail_if_worker_failed(); \
+ if (!(x)) \
+ { \
+ test_fail_msg((l)->file, (l)->line, "%s: " fmt, #x, ##__VA_ARGS__); \
+ } \
+})
+
+/**
+ * Initialize an assertion that enforces that the given hook was called.
+ * Must be matched by a call to assert_hook().
+ *
+ * @param name name of the hook
+ */
+#define assert_hook_called(name) \
+ _assert_hook_init(name, exchange_test_asserts_hook, .expected = 1)
+
+/**
+ * Initialize an assertion that enforces that the given hook was not called.
+ * Must be matched by a call to assert_hook().
+ *
+ * @param name name of the hook
+ */
+#define assert_hook_not_called(name) \
+ _assert_hook_init(name, exchange_test_asserts_hook, .expected = 0)
+
+/**
+ * Initialize an assertion that enforces that the given updown hook was called
+ * with the expected result.
+ * Must be matched by a call to assert_hook().
+ *
+ * @param name name of the hook
+ * @param e whether to expect up in the hook to be TRUE or not
+ */
+#define assert_hook_updown(name, e) \
+ _assert_hook_init(name, \
+ streq(#name, "ike_updown") ? (void*)exchange_test_asserts_ike_updown \
+ : (void*)exchange_test_asserts_child_updown, \
+ .expected = 1, \
+ .up = e, \
+ )
+
+/**
+ * Initialize an assertion that enforces that the given rekey hook was called
+ * with the SAs with the matching initiator/inbound SPIs.
+ * Must be matched by a call to assert_hook().
+ *
+ * @param name name of the hook
+ * @param old SPI of the old SA
+ * @param new SPI of the new SA
+ */
+#define assert_hook_rekey(name, old, new) \
+ _assert_hook_init(name, \
+ streq(#name, "ike_rekey") ? (void*)exchange_test_asserts_ike_rekey \
+ : (void*)exchange_test_asserts_child_rekey, \
+ .expected = 1, \
+ .spi_old = old, \
+ .spi_new = new, \
+ )
+
+/**
+ * Initialize assertions against invocations of listener_t hooks. Each call
+ * must be matched by a call to assert_hook().
+ */
+#define _assert_hook_init(n, callback, ...) \
+do { \
+ listener_hook_assert_t _hook_listener = { \
+ .listener = { .n = (void*)callback, }, \
+ .file = __FILE__, \
+ .line = __LINE__, \
+ .name = #n, \
+ ##__VA_ARGS__ \
+ }; \
+ exchange_test_helper->add_listener(exchange_test_helper, &_hook_listener.listener)
+
+/**
+ * Enforce the most recently initialized hook assertion.
+ */
+#define assert_hook() \
+ charon->bus->remove_listener(charon->bus, &_hook_listener.listener); \
+ if (_hook_listener.expected > 0) { \
+ if (_hook_listener.count > 0) { \
+ assert_listener_msg(_hook_listener.expected == _hook_listener.count, \
+ &_hook_listener, "hook '%s' was called %d times " \
+ "instead of %d", _hook_listener.name, \
+ _hook_listener.count, _hook_listener.expected); \
+ } else { \
+ assert_listener_msg(_hook_listener.count, &_hook_listener, \
+ "hook '%s' was not called (expected %d)", _hook_listener.name, \
+ _hook_listener.expected); \
+ } \
+ } else if (_hook_listener.expected == 0) { \
+ assert_listener_msg(_hook_listener.count == 0, &_hook_listener, \
+ "hook '%s' was called unexpectedly", _hook_listener.name); \
+ } \
+} while(FALSE)
+
+/**
+ * Rules regarding payloads/notifies to expect/not expect in a message
+ */
+struct listener_message_rule_t {
+
+ /**
+ * Whether the payload/notify is expected in the message, FALSE to fail if
+ * it is found
+ */
+ bool expected;
+
+ /**
+ * Payload type to expect/not expect
+ */
+ payload_type_t payload;
+
+ /**
+ * Notify type to expect/not expect (paylod type does not have to be
+ * specified)
+ */
+ notify_type_t notify;
+};
+
+/**
+ * Data used to check plaintext messages via listener_t
+ */
+struct listener_message_assert_t {
+
+ /**
+ * Implemented interface
+ */
+ listener_t listener;
+
+ /**
+ * Original source file
+ */
+ const char *file;
+
+ /**
+ * Source line
+ */
+ int line;
+
+ /**
+ * Whether to check the next inbound or outbound message
+ */
+ bool incoming;
+
+ /**
+ * Payload count to expect (-1 to ignore the count)
+ */
+ int count;
+
+ /**
+ * Payloads to expect or not expect in a message
+ */
+ listener_message_rule_t *rules;
+
+ /**
+ * Number of rules
+ */
+ int num_rules;
+};
+
+/**
+ * Implementation of listener_t::message collecting data and asserting
+ * certain things.
+ */
+bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa,
+ message_t *message, bool incoming, bool plain);
+
+/**
+ * Assert that the next in- or outbound plaintext message is empty.
+ *
+ * @param dir IN or OUT to check the next in- or outbound message
+ */
+#define assert_message_empty(dir) \
+ _assert_payload(dir, 0)
+
+/**
+ * Assert that the next in- or outbound plaintext message contains exactly
+ * one payload of the given type.
+ *
+ * @param dir IN or OUT to check the next in- or outbound message
+ * @param expected expected payload type
+ */
+#define assert_single_payload(dir, expected) \
+ _assert_payload(dir, 1, { TRUE, expected, 0 })
+
+/**
+ * Assert that the next in- or outbound plaintext message contains exactly
+ * one notify of the given type.
+ *
+ * @param dir IN or OUT to check the next in- or outbound message
+ * @param expected expected notify type
+ */
+#define assert_single_notify(dir, expected) \
+ _assert_payload(dir, 1, { TRUE, 0, expected })
+
+/**
+ * Assert that the next in- or outbound plaintext message contains a notify
+ * of the given type.
+ *
+ * @param dir IN or OUT to check the next in- or outbound message
+ * @param expected expected notify type
+ */
+#define assert_notify(dir, expected) \
+ _assert_payload(dir, -1, { TRUE, 0, expected })
+
+/**
+ * Assert that the next in- or outbound plaintext message does not contain a
+ * notify of the given type.
+ *
+ * @param dir IN or OUT to check the next in- or outbound message
+ * @param unexpected not expected notify type
+ */
+#define assert_no_notify(dir, unexpected) \
+ _assert_payload(dir, -1, { FALSE, 0, unexpected })
+
+#define _assert_payload(dir, c, ...) ({ \
+ listener_message_rule_t _rules[] = { __VA_ARGS__ }; \
+ listener_message_assert_t _listener = { \
+ .listener = { .message = exchange_test_asserts_message, }, \
+ .file = __FILE__, \
+ .line = __LINE__, \
+ .incoming = streq(#dir, "IN") ? TRUE : FALSE, \
+ .count = c, \
+ .rules = _rules, \
+ .num_rules = countof(_rules), \
+ }; \
+ exchange_test_helper->add_listener(exchange_test_helper, &_listener.listener); \
+})
+
+#endif /** EXCHANGE_TEST_ASSERTS_H_ @}*/
diff --git a/src/libcharon/tests/utils/exchange_test_helper.c b/src/libcharon/tests/utils/exchange_test_helper.c
new file mode 100644
index 0000000..f32906d
--- /dev/null
+++ b/src/libcharon/tests/utils/exchange_test_helper.c
@@ -0,0 +1,372 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "exchange_test_helper.h"
+#include "mock_dh.h"
+#include "mock_ipsec.h"
+#include "mock_nonce_gen.h"
+
+#include <collections/array.h>
+#include <credentials/sets/mem_cred.h>
+
+typedef struct private_exchange_test_helper_t private_exchange_test_helper_t;
+typedef struct private_backend_t private_backend_t;
+
+/**
+ * Private data
+ */
+struct private_exchange_test_helper_t {
+
+ /**
+ * Public interface
+ */
+ exchange_test_helper_t public;
+
+ /**
+ * Credentials
+ */
+ mem_cred_t *creds;
+
+ /**
+ * IKE_SA SPI counter
+ */
+ refcount_t ike_spi;
+
+ /**
+ * List of registered listeners
+ */
+ array_t *listeners;
+};
+
+/**
+ * Custom backend_t implementation
+ */
+struct private_backend_t {
+
+ /**
+ * Public interface
+ */
+ backend_t public;
+
+ /**
+ * Responder ike_cfg
+ */
+ ike_cfg_t *ike_cfg;
+
+ /**
+ * Responder peer_cfg/child_cfg
+ */
+ peer_cfg_t *peer_cfg;
+};
+
+CALLBACK(get_ike_spi, uint64_t,
+ private_exchange_test_helper_t *this)
+{
+ return (uint64_t)ref_get(&this->ike_spi);
+}
+
+/*
+ * Described in header
+ */
+exchange_test_helper_t *exchange_test_helper;
+
+static ike_cfg_t *create_ike_cfg(bool initiator, exchange_test_sa_conf_t *conf)
+{
+ ike_cfg_t *ike_cfg;
+ char *proposal = NULL;
+
+ ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT,
+ "127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
+ if (conf)
+ {
+ proposal = initiator ? conf->initiator.ike : conf->responder.ike;
+ }
+ if (proposal)
+ {
+ ike_cfg->add_proposal(ike_cfg,
+ proposal_create_from_string(PROTO_IKE, proposal));
+ }
+ else
+ {
+ ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+ }
+ return ike_cfg;
+}
+
+static child_cfg_t *create_child_cfg(bool initiator,
+ exchange_test_sa_conf_t *conf)
+{
+ child_cfg_t *child_cfg;
+ child_cfg_create_t child = {
+ .mode = MODE_TUNNEL,
+ };
+ char *proposal = NULL;
+
+ child_cfg = child_cfg_create(initiator ? "init" : "resp", &child);
+ if (conf)
+ {
+ proposal = initiator ? conf->initiator.esp : conf->responder.esp;
+ }
+ if (proposal)
+ {
+ child_cfg->add_proposal(child_cfg,
+ proposal_create_from_string(PROTO_ESP, proposal));
+ }
+ else
+ {
+ child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+ }
+ child_cfg->add_traffic_selector(child_cfg, TRUE,
+ traffic_selector_create_dynamic(0, 0, 65535));
+ child_cfg->add_traffic_selector(child_cfg, FALSE,
+ traffic_selector_create_dynamic(0, 0, 65535));
+ return child_cfg;
+}
+
+static void add_auth_cfg(peer_cfg_t *peer_cfg, bool initiator, bool local)
+{
+ auth_cfg_t *auth;
+ char *id = "init";
+
+ auth = auth_cfg_create();
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
+ if (initiator ^ local)
+ {
+ id = "resp";
+ }
+ auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id));
+ peer_cfg->add_auth_cfg(peer_cfg, auth, local);
+}
+
+static peer_cfg_t *create_peer_cfg(bool initiator,
+ exchange_test_sa_conf_t *conf)
+{
+ peer_cfg_t *peer_cfg;
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_SEND_IF_ASKED,
+ .unique = UNIQUE_REPLACE,
+ .keyingtries = 1,
+ };
+
+ peer_cfg = peer_cfg_create(initiator ? "init" : "resp",
+ create_ike_cfg(initiator, conf), &peer);
+ add_auth_cfg(peer_cfg, initiator, TRUE);
+ add_auth_cfg(peer_cfg, initiator, FALSE);
+ return peer_cfg;
+}
+
+METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
+ private_backend_t *this, host_t *me, host_t *other)
+{
+ return enumerator_create_single(this->ike_cfg, NULL);
+}
+
+METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
+ private_backend_t *this, identification_t *me, identification_t *other)
+{
+ return enumerator_create_single(this->peer_cfg, NULL);
+}
+
+METHOD(exchange_test_helper_t, process_message, status_t,
+ private_exchange_test_helper_t *this, ike_sa_t *ike_sa, message_t *message)
+{
+ status_t status = FAILED;
+ ike_sa_id_t *id;
+
+ if (!message)
+ {
+ message = this->public.sender->dequeue(this->public.sender);
+ }
+ id = message->get_ike_sa_id(message);
+ id = id->clone(id);
+ id->switch_initiator(id);
+ if (!id->get_responder_spi(id) || id->equals(id, ike_sa->get_id(ike_sa)))
+ {
+ charon->bus->set_sa(charon->bus, ike_sa);
+ status = ike_sa->process_message(ike_sa, message);
+ charon->bus->set_sa(charon->bus, NULL);
+ }
+ message->destroy(message);
+ id->destroy(id);
+ return status;
+}
+
+METHOD(exchange_test_helper_t, establish_sa, void,
+ private_exchange_test_helper_t *this, ike_sa_t **init, ike_sa_t **resp,
+ exchange_test_sa_conf_t *conf)
+{
+ private_backend_t backend = {
+ .public = {
+ .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
+ .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
+ .get_peer_cfg_by_name = (void*)return_null,
+ },
+ };
+ ike_sa_id_t *id_i, *id_r;
+ ike_sa_t *sa_i, *sa_r;
+ peer_cfg_t *peer_cfg;
+ child_cfg_t *child_cfg;
+
+ sa_i = *init = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
+ IKEV2, TRUE);
+ id_i = sa_i->get_id(sa_i);
+
+ sa_r = *resp = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
+ IKEV2, FALSE);
+ id_r = sa_r->get_id(sa_r);
+
+ peer_cfg = create_peer_cfg(TRUE, conf);
+ child_cfg = create_child_cfg(TRUE, conf);
+ peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
+ sa_i->set_peer_cfg(sa_i, peer_cfg);
+ peer_cfg->destroy(peer_cfg);
+ call_ikesa(sa_i, initiate, child_cfg, 0, NULL, NULL);
+
+ backend.ike_cfg = create_ike_cfg(FALSE, conf);
+ peer_cfg = backend.peer_cfg = create_peer_cfg(FALSE, conf);
+ child_cfg = create_child_cfg(FALSE, conf);
+ peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
+ child_cfg->destroy(child_cfg);
+ charon->backends->add_backend(charon->backends, &backend.public);
+
+ /* IKE_SA_INIT --> */
+ id_r->set_initiator_spi(id_r, id_i->get_initiator_spi(id_i));
+ process_message(this, sa_r, NULL);
+ /* <-- IKE_SA_INIT */
+ id_i->set_responder_spi(id_i, id_r->get_responder_spi(id_r));
+ process_message(this, sa_i, NULL);
+ /* IKE_AUTH --> */
+ process_message(this, sa_r, NULL);
+ /* <-- IKE_AUTH */
+ process_message(this, sa_i, NULL);
+
+ charon->backends->remove_backend(charon->backends, &backend.public);
+ DESTROY_IF(backend.peer_cfg);
+ DESTROY_IF(backend.ike_cfg);
+}
+
+METHOD(exchange_test_helper_t, add_listener, void,
+ private_exchange_test_helper_t *this, listener_t *listener)
+{
+ array_insert_create(&this->listeners, ARRAY_TAIL, listener);
+ charon->bus->add_listener(charon->bus, listener);
+}
+
+/**
+ * Enable logging in charon as requested
+ */
+static void initialize_logging()
+{
+ int level = LEVEL_SILENT;
+ char *verbosity;
+
+ verbosity = getenv("TESTS_VERBOSITY");
+ if (verbosity)
+ {
+ level = atoi(verbosity);
+ }
+ lib->settings->set_int(lib->settings, "%s.filelog.stderr.default",
+ lib->settings->get_int(lib->settings, "%s.filelog.stderr.default",
+ level, lib->ns), lib->ns);
+ lib->settings->set_bool(lib->settings, "%s.filelog.stderr.ike_name", TRUE,
+ lib->ns);
+ charon->load_loggers(charon, NULL, TRUE);
+}
+
+/**
+ * Create a nonce generator with the first byte
+ */
+static nonce_gen_t *create_nonce_gen()
+{
+ return mock_nonce_gen_create(exchange_test_helper->nonce_first_byte);
+}
+
+/*
+ * Described in header
+ */
+void exchange_test_helper_init(char *plugins)
+{
+ private_exchange_test_helper_t *this;
+ plugin_feature_t features[] = {
+ PLUGIN_REGISTER(DH, mock_dh_create),
+ /* we only need to support a limited number of DH groups */
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_PROVIDE(DH, MODP_3072_BIT),
+ PLUGIN_PROVIDE(DH, ECP_256_BIT),
+ PLUGIN_REGISTER(NONCE_GEN, create_nonce_gen),
+ PLUGIN_PROVIDE(NONCE_GEN),
+ PLUGIN_DEPENDS(RNG, RNG_WEAK),
+ };
+
+ INIT(this,
+ .public = {
+ .sender = mock_sender_create(),
+ .establish_sa = _establish_sa,
+ .process_message = _process_message,
+ .add_listener = _add_listener,
+ },
+ .creds = mem_cred_create(),
+ );
+
+ initialize_logging();
+ lib->plugins->add_static_features(lib->plugins, "exchange-test-helper",
+ features, countof(features), TRUE, NULL, NULL);
+ /* the libcharon unit tests only load the libstrongswan plugins, unless
+ * TESTS_PLUGINS is defined */
+ charon->initialize(charon, plugins);
+ lib->plugins->status(lib->plugins, LEVEL_CTRL);
+
+ /* the original sender is not initialized because there is no socket */
+ charon->sender = (sender_t*)this->public.sender;
+ /* and there is no kernel plugin loaded
+ * TODO: we'd have more control if we'd implement kernel_interface_t */
+ charon->kernel->add_ipsec_interface(charon->kernel, mock_ipsec_create);
+ /* like SPIs for IPsec SAs, make IKE SPIs predictable */
+ charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi,
+ this);
+
+ lib->credmgr->add_set(lib->credmgr, &this->creds->set);
+
+ this->creds->add_shared(this->creds,
+ shared_key_create(SHARED_IKE, chunk_clone(chunk_from_str("test"))),
+ identification_create_from_string("%any"), NULL);
+
+ exchange_test_helper = &this->public;
+}
+
+/*
+ * Described in header
+ */
+void exchange_test_helper_deinit()
+{
+ private_exchange_test_helper_t *this;
+ listener_t *listener;
+
+ this = (private_exchange_test_helper_t*)exchange_test_helper;
+
+ while (array_remove(this->listeners, ARRAY_HEAD, &listener))
+ {
+ charon->bus->remove_listener(charon->bus, listener);
+ }
+ lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
+ this->creds->destroy(this->creds);
+ /* flush SAs before destroying the sender (in case of test failures) */
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+ /* charon won't destroy this as it didn't initialize the original sender */
+ charon->sender->destroy(charon->sender);
+ charon->sender = NULL;
+ array_destroy(this->listeners);
+ free(this);
+}
diff --git a/src/libcharon/tests/utils/exchange_test_helper.h b/src/libcharon/tests/utils/exchange_test_helper.h
new file mode 100644
index 0000000..e1fdb01
--- /dev/null
+++ b/src/libcharon/tests/utils/exchange_test_helper.h
@@ -0,0 +1,128 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * This class and singleton object initializes charon and provides helper
+ * methods to create unit tests for IKEv2 exchanges.
+ *
+ * It also registers special implementations for the kernel_ipsec_t interface,
+ * the sender and provides dummy configs and credentials.
+ *
+ * @defgroup exchange_test_helper exchange_test_helper
+ * @{ @ingroup test_utils_c
+ */
+
+#ifndef EXCHANGE_TEST_HELPER_H_
+#define EXCHANGE_TEST_HELPER_H_
+
+#include <daemon.h>
+
+#include "mock_sender.h"
+
+typedef struct exchange_test_helper_t exchange_test_helper_t;
+typedef struct exchange_test_sa_conf_t exchange_test_sa_conf_t;
+
+struct exchange_test_helper_t {
+
+ /**
+ * Sender instance used during tests
+ */
+ mock_sender_t *sender;
+
+ /**
+ * Set the initial byte of all nonces generated by future nonce
+ * generators (already instatiated nonce generators are not affected).
+ */
+ u_char nonce_first_byte;
+
+ /**
+ * Creates an established IKE_SA/CHILD_SA
+ *
+ * @param[out] init IKE_SA of the initiator
+ * @param[out] resp IKE_SA of the responder
+ * @param conf configuration for SAs
+ */
+ void (*establish_sa)(exchange_test_helper_t *this, ike_sa_t **init,
+ ike_sa_t **resp, exchange_test_sa_conf_t *conf);
+
+ /**
+ * Pass a message to the given IKE_SA for processing, setting the IKE_SA on
+ * the bus while processing the message.
+ *
+ * @param ike_sa the IKE_SA receiving the message
+ * @param message the message, or NULL to pass the next message in the
+ * send queue (adopted)
+ * @return return value from ike_sa_t::process_message()
+ */
+ status_t (*process_message)(exchange_test_helper_t *this, ike_sa_t *sa,
+ message_t *message);
+
+ /**
+ * Register a listener with the bus.
+ *
+ * Don't use bus_t::add_listener() directly for listeners on the stack
+ * as that could lead to invalid listeners registered when hooks are
+ * triggered during cleanup if a test case fails. All of the listeners
+ * added this way are unregistered with the bus before cleaning up.
+ *
+ * @param listener listener to add to the bus
+ */
+ void (*add_listener)(exchange_test_helper_t *this, listener_t *listener);
+};
+
+struct exchange_test_sa_conf_t {
+
+ /**
+ * Configuration for initiator and responder
+ */
+ struct {
+ /** IKE proposal */
+ char *ike;
+ /** ESP proposal */
+ char *esp;
+ } initiator, responder;
+};
+
+/**
+ * Since we don't use the IKE_SA manager to checkout SAs use this to call a
+ * method on the given IKE_SA in its context.
+ */
+#define call_ikesa(sa, method, ...) ({ \
+ charon->bus->set_sa(charon->bus, sa); \
+ sa->method(sa, ##__VA_ARGS__); \
+ charon->bus->set_sa(charon->bus, NULL); \
+})
+
+/**
+ * The one and only instance of the helper object.
+ *
+ * Set between exchange_test_helper_setup() and exchange_test_helper_teardown()
+ * calls.
+ */
+extern exchange_test_helper_t *exchange_test_helper;
+
+/**
+ * Initialize charon and the helper object.
+ *
+ * @param plugins plugins to load
+ */
+void exchange_test_helper_init(char *plugins);
+
+/**
+ * Deinitialize the helper object.
+ */
+void exchange_test_helper_deinit();
+
+#endif /** EXCHANGE_TEST_HELPER_H_ @} */
diff --git a/src/libcharon/tests/utils/job_asserts.h b/src/libcharon/tests/utils/job_asserts.h
new file mode 100644
index 0000000..3491f08
--- /dev/null
+++ b/src/libcharon/tests/utils/job_asserts.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * Special assertions against job handling.
+ *
+ * @defgroup job_asserts job_asserts
+ * @{ @ingroup test_utils_c
+ */
+
+#ifndef JOB_ASSERTS_H_
+#define JOB_ASSERTS_H_
+
+/**
+ * Initialize an assertion that enforces that no jobs were scheduled.
+ * Must be matched by a call to assert_scheduler().
+ */
+#define assert_no_jobs_scheduled() _assert_jobs_scheduled(0)
+
+/**
+ * Initialize an assertion that enforces that a specific number of jobs was
+ * scheduled.
+ * Must be matched by a call to assert_scheduler().
+ *
+ * @param count expected number of jobs getting scheduled
+ */
+#define assert_jobs_scheduled(count) _assert_jobs_scheduled(count)
+
+/**
+ * Initialize assertions against job scheduling.
+ * Must be matched by a call to assert_scheduler().
+ */
+#define _assert_jobs_scheduled(count) \
+do { \
+ u_int _initial = lib->scheduler->get_job_load(lib->scheduler); \
+ u_int _expected = count
+
+/**
+ * Enforce scheduler asserts.
+ */
+#define assert_scheduler() \
+ u_int _actual = lib->scheduler->get_job_load(lib->scheduler) - _initial; \
+ test_assert_msg(_expected == _actual, "unexpected number of jobs " \
+ "scheduled (%u != %u)", _expected, _actual); \
+} while(FALSE)
+
+#endif /** JOB_ASSERTS_H_ @}*/
diff --git a/src/libcharon/tests/utils/mock_dh.c b/src/libcharon/tests/utils/mock_dh.c
new file mode 100644
index 0000000..153bf11
--- /dev/null
+++ b/src/libcharon/tests/utils/mock_dh.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "mock_dh.h"
+
+typedef struct private_diffie_hellman_t private_diffie_hellman_t;
+
+/**
+ * Private data
+ */
+struct private_diffie_hellman_t {
+
+ /**
+ * Public interface
+ */
+ diffie_hellman_t public;
+
+ /**
+ * Instantiated DH group
+ */
+ diffie_hellman_group_t group;
+};
+
+METHOD(diffie_hellman_t, get_my_public_value, bool,
+ private_diffie_hellman_t *this, chunk_t *value)
+{
+ *value = chunk_empty;
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, set_other_public_value, bool,
+ private_diffie_hellman_t *this, chunk_t value)
+{
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, bool,
+ private_diffie_hellman_t *this, chunk_t *secret)
+{
+ *secret = chunk_empty;
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_diffie_hellman_t *this)
+{
+ return this->group;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+ private_diffie_hellman_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header
+ */
+diffie_hellman_t *mock_dh_create(diffie_hellman_group_t group)
+{
+ private_diffie_hellman_t *this;
+
+ INIT(this,
+ .public = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ .group = group,
+ );
+ return &this->public;
+}
diff --git a/src/libimcv/pts/components/ita/ita_comp_ima.h b/src/libcharon/tests/utils/mock_dh.h
similarity index 56%
copy from src/libimcv/pts/components/ita/ita_comp_ima.h
copy to src/libcharon/tests/utils/mock_dh.h
index 546d0a4..332c655 100644
--- a/src/libimcv/pts/components/ita/ita_comp_ima.h
+++ b/src/libcharon/tests/utils/mock_dh.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2016 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -14,22 +14,24 @@
*/
/**
- * @defgroup pts_ita_comp_func_name pts_ita_comp_func_name
- * @{ @ingroup pts
+ * Provides a DH implementation that does no real work to make the tests run
+ * faster.
+ *
+ * @defgroup mock_dh mock_dh
+ * @{ @ingroup test_utils_c
*/
-#ifndef PTS_ITA_COMP_IMA_H_
-#define PTS_ITA_COMP_IMA_H_
+#ifndef MOCK_DH_H_
+#define MOCK_DH_H_
-#include "pts/components/pts_component.h"
+#include <crypto/diffie_hellman.h>
/**
- * Create a PTS ITS Functional Component object
+ * Creates a diffie_hellman_t object.
*
- * @param depth Sub-component depth
- * @param pts_db PTS measurement database
+ * @param group Diffie Hellman group, supports MODP_NULL only
+ * @return created object
*/
-pts_component_t* pts_ita_comp_ima_create(u_int32_t depth,
- pts_database_t *pts_db);
+diffie_hellman_t *mock_dh_create(diffie_hellman_group_t group);
-#endif /** PTS_ITA_COMP_IMA_H_ @}*/
+#endif /** MOCK_DH_H_ @}*/
diff --git a/src/libcharon/tests/utils/mock_ipsec.c b/src/libcharon/tests/utils/mock_ipsec.c
new file mode 100644
index 0000000..d57a26a
--- /dev/null
+++ b/src/libcharon/tests/utils/mock_ipsec.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "mock_ipsec.h"
+
+typedef struct private_kernel_ipsec_t private_kernel_ipsec_t;
+
+/**
+ * Private data
+ */
+struct private_kernel_ipsec_t {
+
+ /**
+ * Public interface
+ */
+ kernel_ipsec_t public;
+
+ /**
+ * Allocated SPI
+ */
+ refcount_t spi;
+};
+
+METHOD(kernel_ipsec_t, get_spi, status_t,
+ private_kernel_ipsec_t *this, host_t *src, host_t *dst, uint8_t protocol,
+ uint32_t *spi)
+{
+ *spi = (uint32_t)ref_get(&this->spi);
+ return SUCCESS;
+}
+
+METHOD(kernel_ipsec_t, get_cpi, status_t,
+ private_kernel_ipsec_t *this, host_t *src, host_t *dst, uint16_t *cpi)
+{
+ return FAILED;
+}
+
+METHOD(kernel_ipsec_t, add_sa, status_t,
+ private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data)
+{
+ return SUCCESS;
+}
+
+METHOD(kernel_ipsec_t, update_sa, status_t,
+ private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data)
+{
+ return SUCCESS;
+}
+
+METHOD(kernel_ipsec_t, query_sa, status_t,
+ private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
+ time_t *time)
+{
+ return NOT_SUPPORTED;
+}
+
+METHOD(kernel_ipsec_t, del_sa, status_t,
+ private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data)
+{
+ return SUCCESS;
+}
+
+METHOD(kernel_ipsec_t, add_policy, status_t,
+ private_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
+{
+ return SUCCESS;
+}
+
+METHOD(kernel_ipsec_t, query_policy, status_t,
+ private_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data, time_t *use_time)
+{
+ *use_time = 1;
+ return SUCCESS;
+}
+
+METHOD(kernel_ipsec_t, del_policy, status_t,
+ private_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
+{
+ return SUCCESS;
+}
+
+/*
+ * Described in header
+ */
+kernel_ipsec_t *mock_ipsec_create()
+{
+ private_kernel_ipsec_t *this;
+
+ INIT(this,
+ .public = {
+ .get_spi = _get_spi,
+ .get_cpi = _get_cpi,
+ .add_sa = _add_sa,
+ .update_sa = _update_sa,
+ .query_sa = _query_sa,
+ .del_sa = _del_sa,
+ .flush_sas = (void*)return_failed,
+ .add_policy = _add_policy,
+ .query_policy = _query_policy,
+ .del_policy = _del_policy,
+ .flush_policies = (void*)return_failed,
+ .bypass_socket = (void*)return_true,
+ .enable_udp_decap = (void*)return_true,
+ .destroy = (void*)free,
+ },
+ );
+ return &this->public;
+}
diff --git a/src/libradius/radius_mppe.h b/src/libcharon/tests/utils/mock_ipsec.h
similarity index 57%
copy from src/libradius/radius_mppe.h
copy to src/libcharon/tests/utils/mock_ipsec.h
index 1b7a732..cbf2152 100644
--- a/src/libradius/radius_mppe.h
+++ b/src/libcharon/tests/utils/mock_ipsec.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2016 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -14,27 +14,23 @@
*/
/**
- * @defgroup radius_mppe radius_mppe
- * @{ @ingroup libradius
+ * kernel_ipsec_t implementation used for exchange unit tests. Currently
+ * returns sequential SPIs, all other methods are noops.
+ *
+ * @defgroup mock_ipsec mock_ipsec
+ * @{ @ingroup test_utils_c
*/
-#ifndef RADIUS_MPPE_H_
-#define RADIUS_MPPE_H_
+#ifndef MOCK_IPSEC_H_
+#define MOCK_IPSEC_H_
+
+#include <kernel/kernel_ipsec.h>
/**
- * Microsoft specific vendor attributes
+ * Create an instance of kernel_ipsec_t
+ *
+ * @return created object
*/
-#define MS_MPPE_SEND_KEY 16
-#define MS_MPPE_RECV_KEY 17
-
-typedef struct mppe_key_t mppe_key_t;
-
-struct mppe_key_t {
- u_int32_t id;
- u_int8_t type;
- u_int8_t length;
- u_int16_t salt;
- u_int8_t key[];
-} __attribute__((packed));
+kernel_ipsec_t *mock_ipsec_create();
-#endif /** RADIUS_MPPE_H_ @}*/
+#endif /** MOCK_IPSEC_H_ @}*/
diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.c b/src/libcharon/tests/utils/mock_nonce_gen.c
similarity index 51%
copy from src/libstrongswan/plugins/nonce/nonce_nonceg.c
copy to src/libcharon/tests/utils/mock_nonce_gen.c
index 64ed2e0..30910f9 100644
--- a/src/libstrongswan/plugins/nonce/nonce_nonceg.c
+++ b/src/libcharon/tests/utils/mock_nonce_gen.c
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,72 +13,79 @@
* for more details.
*/
-#include "nonce_nonceg.h"
+#include "mock_nonce_gen.h"
-#include <utils/debug.h>
+typedef struct private_nonce_gen_t private_nonce_gen_t;
-typedef struct private_nonce_nonceg_t private_nonce_nonceg_t;
-
-/**
- * Private data of a nonce_nonceg_t object.
- */
-struct private_nonce_nonceg_t {
+struct private_nonce_gen_t {
/**
- * Public nonce_nonceg_t interface.
+ * Public interface
*/
- nonce_nonceg_t public;
+ nonce_gen_t public;
/**
* Random number generator
*/
rng_t* rng;
+
+ /**
+ * First byte to set to the nonces
+ */
+ u_char first;
};
METHOD(nonce_gen_t, get_nonce, bool,
- private_nonce_nonceg_t *this, size_t size, u_int8_t *buffer)
+ private_nonce_gen_t *this, size_t size, uint8_t *buffer)
{
+ if (size > 0)
+ {
+ buffer[0] = this->first;
+ buffer++;
+ size--;
+ }
return this->rng->get_bytes(this->rng, size, buffer);
}
METHOD(nonce_gen_t, allocate_nonce, bool,
- private_nonce_nonceg_t *this, size_t size, chunk_t *chunk)
+ private_nonce_gen_t *this, size_t size, chunk_t *chunk)
{
- return this->rng->allocate_bytes(this->rng, size, chunk);
+ *chunk = chunk_alloc(size);
+ if (!get_nonce(this, chunk->len, chunk->ptr))
+ {
+ chunk_free(chunk);
+ return FALSE;
+ }
+ return TRUE;
}
METHOD(nonce_gen_t, destroy, void,
- private_nonce_nonceg_t *this)
+ private_nonce_gen_t *this)
{
DESTROY_IF(this->rng);
free(this);
}
/*
- * Described in header.
+ * Described in header
*/
-nonce_nonceg_t *nonce_nonceg_create()
+nonce_gen_t *mock_nonce_gen_create(u_char first)
{
- private_nonce_nonceg_t *this;
+ private_nonce_gen_t *this;
INIT(this,
.public = {
- .nonce_gen = {
- .get_nonce = _get_nonce,
- .allocate_nonce = _allocate_nonce,
- .destroy = _destroy,
- },
+ .get_nonce = _get_nonce,
+ .allocate_nonce = _allocate_nonce,
+ .destroy = _destroy,
},
+ .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
+ .first = first,
);
-
- this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
if (!this->rng)
{
- DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names,
- RNG_WEAK);
destroy(this);
return NULL;
}
-
return &this->public;
}
diff --git a/src/libimcv/pts/components/ita/ita_comp_ima.h b/src/libcharon/tests/utils/mock_nonce_gen.h
similarity index 55%
copy from src/libimcv/pts/components/ita/ita_comp_ima.h
copy to src/libcharon/tests/utils/mock_nonce_gen.h
index 546d0a4..feeab8b 100644
--- a/src/libimcv/pts/components/ita/ita_comp_ima.h
+++ b/src/libcharon/tests/utils/mock_nonce_gen.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2016 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -14,22 +14,24 @@
*/
/**
- * @defgroup pts_ita_comp_func_name pts_ita_comp_func_name
- * @{ @ingroup pts
+ * Special nonce generator that sets the first byte of the generated nonces to
+ * a fixed specified value.
+ *
+ * @defgroup mock_nonce_gen mock_nonce_gen
+ * @{ @ingroup test_utils_c
*/
-#ifndef PTS_ITA_COMP_IMA_H_
-#define PTS_ITA_COMP_IMA_H_
+#ifndef MOCK_NONCE_GEN_H_
+#define MOCK_NONCE_GEN_H_
-#include "pts/components/pts_component.h"
+#include <crypto/nonce_gen.h>
/**
- * Create a PTS ITS Functional Component object
+ * Creates a nonce_gen_t instance.
*
- * @param depth Sub-component depth
- * @param pts_db PTS measurement database
+ * @param first first byte to set in generated nonces
+ * @return created object
*/
-pts_component_t* pts_ita_comp_ima_create(u_int32_t depth,
- pts_database_t *pts_db);
+nonce_gen_t *mock_nonce_gen_create(u_char first);
-#endif /** PTS_ITA_COMP_IMA_H_ @}*/
+#endif /** MOCK_NONCE_GEN_H_ @} */
diff --git a/src/libcharon/tests/utils/mock_sender.c b/src/libcharon/tests/utils/mock_sender.c
new file mode 100644
index 0000000..c090ff4
--- /dev/null
+++ b/src/libcharon/tests/utils/mock_sender.c
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "mock_sender.h"
+
+#include <collections/linked_list.h>
+
+typedef struct private_mock_sender_t private_mock_sender_t;
+
+/**
+ * Private data
+ */
+struct private_mock_sender_t {
+
+ /**
+ * Public interface
+ */
+ mock_sender_t public;
+
+ /**
+ * Packet queue, as message_t*
+ */
+ linked_list_t *queue;
+};
+
+
+METHOD(sender_t, send_, void,
+ private_mock_sender_t *this, packet_t *packet)
+{
+ message_t *message;
+
+ message = message_create_from_packet(packet);
+ message->parse_header(message);
+ this->queue->insert_last(this->queue, message);
+}
+
+METHOD(mock_sender_t, dequeue, message_t*,
+ private_mock_sender_t *this)
+{
+ message_t *message = NULL;
+
+ this->queue->remove_first(this->queue, (void**)&message);
+ return message;
+}
+
+METHOD(sender_t, destroy, void,
+ private_mock_sender_t *this)
+{
+ this->queue->destroy_offset(this->queue, offsetof(message_t, destroy));
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+mock_sender_t *mock_sender_create()
+{
+ private_mock_sender_t *this;
+
+ INIT(this,
+ .public = {
+ .interface = {
+ .send = _send_,
+ .send_no_marker = (void*)nop,
+ .flush = (void*)nop,
+ .destroy = _destroy,
+ },
+ .dequeue = _dequeue,
+ },
+ .queue = linked_list_create(),
+ );
+ return &this->public;
+}
diff --git a/src/libcharon/tests/utils/mock_sender.h b/src/libcharon/tests/utils/mock_sender.h
new file mode 100644
index 0000000..5eabdda
--- /dev/null
+++ b/src/libcharon/tests/utils/mock_sender.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * sender_t implementation that does not pass the sent packet to a socket but
+ * instead provides it for immediate delivery to an ike_sa_t object.
+ *
+ * @defgroup mock_sender mock_sender
+ * @{ @ingroup test_utils_c
+ */
+
+#ifndef MOCK_SENDER_H_
+#define MOCK_SENDER_H_
+
+#include <encoding/message.h>
+#include <network/sender.h>
+
+typedef struct mock_sender_t mock_sender_t;
+
+struct mock_sender_t {
+
+ /**
+ * Implemented interface
+ */
+ sender_t interface;
+
+ /**
+ * Remove the next packet in the send queue as message_t object. The IKE
+ * header is already parsed (which is assumed does not fail) so it can
+ * directly be passed to ike_sa_t::process_message().
+ *
+ * @return message or NULL if none is queued
+ */
+ message_t *(*dequeue)(mock_sender_t *this);
+};
+
+/**
+ * Creates a mock_sender_t instance.
+ *
+ * @return created object
+ */
+mock_sender_t *mock_sender_create();
+
+#endif /** MOCK_SENDER_H_ @} */
diff --git a/src/libcharon/tests/utils/sa_asserts.h b/src/libcharon/tests/utils/sa_asserts.h
new file mode 100644
index 0000000..7afa3b5
--- /dev/null
+++ b/src/libcharon/tests/utils/sa_asserts.h
@@ -0,0 +1,145 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * Special assertions against IKE_SAs and CHILD_SAs (e.g. regarding their
+ * state).
+ *
+ * @defgroup sa_asserts sa_asserts
+ * @{ @ingroup test_utils_c
+ */
+
+#ifndef SA_ASSERTS_H_
+#define SA_ASSERTS_H_
+
+#include <inttypes.h>
+
+/**
+ * Check that there exists a specific number of IKE_SAs in the manager.
+ */
+#define assert_ike_sa_count(count) \
+({ \
+ typeof(count) _count = count; \
+ u_int _actual = charon->ike_sa_manager->get_count(charon->ike_sa_manager); \
+ test_assert_msg(_count == _actual, "unexpected number of IKE_SAs in " \
+ "manager (%d != %d)", _count, _actual); \
+})
+
+/**
+ * Check that the IKE_SA with the given SPIs and initiator flag is in the
+ * manager and return it. Does not actually keep the SA checked out as
+ * that would block cleaning up if asserts against it fail (since we control
+ * access to SAs it's also not really necessary).
+ */
+#define assert_ike_sa_checkout(spi_i, spi_r, initiator) \
+({ \
+ typeof(spi_i) _spi_i = spi_i; \
+ typeof(spi_r) _spi_r = spi_r; \
+ typeof(initiator) _init = initiator; \
+ ike_sa_id_t *_id = ike_sa_id_create(IKEV2, _spi_i, _spi_r, _init); \
+ ike_sa_t *_ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, _id); \
+ test_assert_msg(_ike_sa, "IKE_SA with SPIs %.16"PRIx64"_i %.16"PRIx64"_r " \
+ "(%d) does not exist", be64toh(_spi_i), be64toh(_spi_r), _init); \
+ _id->destroy(_id); \
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, _ike_sa); \
+ _ike_sa; \
+})
+
+/**
+ * Check if the given IKE_SA is in the expected state.
+ */
+#define assert_ike_sa_state(ike_sa, state) \
+({ \
+ typeof(ike_sa) _sa = ike_sa; \
+ typeof(state) _state = state; \
+ test_assert_msg(_state == _sa->get_state(_sa), "%N != %N", \
+ ike_sa_state_names, _state, \
+ ike_sa_state_names, _sa->get_state(_sa)); \
+})
+
+/**
+ * Check that there exists a specific number of CHILD_SAs.
+ */
+#define assert_child_sa_count(ike_sa, count) \
+({ \
+ typeof(ike_sa) _sa = ike_sa; \
+ typeof(count) _count = count; \
+ test_assert_msg(_count == _sa->get_child_count(_sa), "unexpected number " \
+ "of CHILD_SAs in IKE_SA %s (%d != %d)", #ike_sa, _count, \
+ _sa->get_child_count(_sa)); \
+})
+
+/**
+ * Check if the CHILD_SA with the given SPI is in the expected state.
+ */
+#define assert_child_sa_state(ike_sa, spi, state) \
+({ \
+ typeof(ike_sa) _sa = ike_sa; \
+ typeof(spi) _spi = spi; \
+ typeof(state) _state = state; \
+ child_sa_t *_child = _sa->get_child_sa(_sa, PROTO_ESP, _spi, TRUE) ?: \
+ _sa->get_child_sa(_sa, PROTO_ESP, _spi, FALSE); \
+ test_assert_msg(_child, "CHILD_SA with SPI %.8x does not exist", \
+ ntohl(_spi)); \
+ test_assert_msg(_state == _child->get_state(_child), "%N != %N", \
+ child_sa_state_names, _state, \
+ child_sa_state_names, _child->get_state(_child)); \
+})
+
+/**
+ * Assert that the CHILD_SA with the given inbound SPI does not exist.
+ */
+#define assert_child_sa_not_exists(ike_sa, spi) \
+({ \
+ typeof(ike_sa) _sa = ike_sa; \
+ typeof(spi) _spi = spi; \
+ child_sa_t *_child = _sa->get_child_sa(_sa, PROTO_ESP, _spi, TRUE) ?: \
+ _sa->get_child_sa(_sa, PROTO_ESP, _spi, FALSE); \
+ test_assert_msg(!_child, "CHILD_SA with SPI %.8x exists", ntohl(_spi)); \
+})
+
+/**
+ * Assert that there is a specific number of tasks in a given queue
+ *
+ * @param ike_sa IKE_SA to check
+ * @param count number of expected tasks
+ * @param queue queue to check (task_queue_t)
+ */
+#define assert_num_tasks(ike_sa, count, queue) \
+({ \
+ typeof(ike_sa) _sa = ike_sa; \
+ typeof(count) _count = count; \
+ int _c = 0; task_t *_task; \
+ enumerator_t *_enumerator = _sa->create_task_enumerator(_sa, queue); \
+ while (_enumerator->enumerate(_enumerator, &_task)) { _c++; } \
+ _enumerator->destroy(_enumerator); \
+ test_assert_msg(_count == _c, "unexpected number of tasks in " #queue " " \
+ "of IKE_SA %s (%d != %d)", #ike_sa, _count, _c); \
+})
+
+/**
+ * Assert that all task queues of the given IKE_SA are empty
+ *
+ * @param ike_sa IKE_SA to check
+ */
+#define assert_sa_idle(ike_sa) \
+({ \
+ typeof(ike_sa) _ike_sa = ike_sa; \
+ assert_num_tasks(_ike_sa, 0, TASK_QUEUE_QUEUED); \
+ assert_num_tasks(_ike_sa, 0, TASK_QUEUE_ACTIVE); \
+ assert_num_tasks(_ike_sa, 0, TASK_QUEUE_PASSIVE); \
+})
+
+#endif /** SA_ASSERTS_H_ @}*/
diff --git a/src/libfast/Makefile.am b/src/libfast/Makefile.am
index 48079c6..1a2da97 100644
--- a/src/libfast/Makefile.am
+++ b/src/libfast/Makefile.am
@@ -22,4 +22,4 @@ endif
libfast_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- -lfcgi $(clearsilver_LIBS) $(PTHREADLIB)
+ -lfcgi $(clearsilver_LIBS) $(PTHREADLIB) $(ATOMICLIB)
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index 0c69254..4c489db 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libfast
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp $(am__nobase_fast_include_HEADERS_DIST)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am \
+ $(am__nobase_fast_include_HEADERS_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -132,7 +142,8 @@ LTLIBRARIES = $(ipseclib_LTLIBRARIES)
am__DEPENDENCIES_1 =
libfast_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
am_libfast_la_OBJECTS = fast_dispatcher.lo fast_request.lo \
fast_session.lo fast_smtp.lo
libfast_la_OBJECTS = $(am_libfast_la_OBJECTS)
@@ -204,12 +215,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +272,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +419,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -453,7 +469,7 @@ libfast_la_SOURCES = \
libfast_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- -lfcgi $(clearsilver_LIBS) $(PTHREADLIB)
+ -lfcgi $(clearsilver_LIBS) $(PTHREADLIB) $(ATOMICLIB)
all: all-am
@@ -471,7 +487,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libfast/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libfast/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -804,6 +819,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \
uninstall-ipseclibLTLIBRARIES \
uninstall-nobase_fast_includeHEADERS
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk
index 80e2aaa..89ce580 100644
--- a/src/libimcv/Android.mk
+++ b/src/libimcv/Android.mk
@@ -48,7 +48,6 @@ libimcv_la_SOURCES := \
pts/pts_pcr.h pts/pts_pcr.c \
pts/pts_proto_caps.h \
pts/pts_req_func_comp_evid.h \
- pts/pts_simple_evid_final.h \
pts/pts_creds.h pts/pts_creds.c \
pts/pts_database.h pts/pts_database.c \
pts/pts_dh_group.h pts/pts_dh_group.c \
@@ -107,6 +106,7 @@ LOCAL_SRC_FILES := $(filter %.c,$(libimcv_la_SOURCES))
LOCAL_C_INCLUDES += \
$(strongswan_PATH)/src/libtncif \
+ $(strongswan_PATH)/src/libtpmtss \
$(strongswan_PATH)/src/libstrongswan
LOCAL_CFLAGS := $(strongswan_CFLAGS)
@@ -119,6 +119,6 @@ LOCAL_ARM_MODE := arm
LOCAL_PRELINK_MODULE := false
-LOCAL_SHARED_LIBRARIES += libstrongswan libtncif
+LOCAL_SHARED_LIBRARIES += libstrongswan libtncif libtpmtss
include $(BUILD_SHARED_LIBRARY)
diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am
index 7683da3..8cde4b7 100644
--- a/src/libimcv/Makefile.am
+++ b/src/libimcv/Makefile.am
@@ -1,6 +1,7 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtpmtss \
-DIPSEC_SCRIPT=\"${ipsec_script}\"
ipseclib_LTLIBRARIES = libimcv.la
@@ -10,11 +11,8 @@ libimcv_la_LDFLAGS = \
libimcv_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la
-
-if USE_TROUSERS
- libimcv_la_LIBADD += -ltspi
-endif
+ $(top_builddir)/src/libtncif/libtncif.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la
if USE_WINDOWS
libimcv_la_LIBADD += -lws2_32
@@ -66,7 +64,6 @@ libimcv_la_SOURCES = \
pts/pts_pcr.h pts/pts_pcr.c \
pts/pts_proto_caps.h \
pts/pts_req_func_comp_evid.h \
- pts/pts_simple_evid_final.h \
pts/pts_creds.h pts/pts_creds.c \
pts/pts_database.h pts/pts_database.c \
pts/pts_dh_group.h pts/pts_dh_group.c \
@@ -207,5 +204,6 @@ imcv_tests_CFLAGS = \
imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@
imcv_tests_LDADD = \
$(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in
index 200f959..7983b77 100644
--- a/src/libimcv/Makefile.in
+++ b/src/libimcv/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -18,7 +18,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,26 +91,23 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
- at USE_TROUSERS_TRUE@am__append_1 = -ltspi
- at USE_WINDOWS_TRUE@am__append_2 = -lws2_32
+ at USE_WINDOWS_TRUE@am__append_1 = -lws2_32
ipsec_PROGRAMS = imv_policy_manager$(EXEEXT)
- at USE_IMC_TEST_TRUE@am__append_3 = plugins/imc_test
- at USE_IMV_TEST_TRUE@am__append_4 = plugins/imv_test
- at USE_IMC_SCANNER_TRUE@am__append_5 = plugins/imc_scanner
- at USE_IMV_SCANNER_TRUE@am__append_6 = plugins/imv_scanner
- at USE_IMC_OS_TRUE@am__append_7 = plugins/imc_os
- at USE_IMV_OS_TRUE@am__append_8 = plugins/imv_os
- at USE_IMC_ATTESTATION_TRUE@am__append_9 = plugins/imc_attestation
- at USE_IMV_ATTESTATION_TRUE@am__append_10 = plugins/imv_attestation
- at USE_IMC_SWID_TRUE@am__append_11 = plugins/imc_swid
- at USE_IMV_SWID_TRUE@am__append_12 = plugins/imv_swid
- at USE_IMC_HCD_TRUE@am__append_13 = plugins/imc_hcd
- at USE_IMV_HCD_TRUE@am__append_14 = plugins/imv_hcd
+ at USE_IMC_TEST_TRUE@am__append_2 = plugins/imc_test
+ at USE_IMV_TEST_TRUE@am__append_3 = plugins/imv_test
+ at USE_IMC_SCANNER_TRUE@am__append_4 = plugins/imc_scanner
+ at USE_IMV_SCANNER_TRUE@am__append_5 = plugins/imv_scanner
+ at USE_IMC_OS_TRUE@am__append_6 = plugins/imc_os
+ at USE_IMV_OS_TRUE@am__append_7 = plugins/imv_os
+ at USE_IMC_ATTESTATION_TRUE@am__append_8 = plugins/imc_attestation
+ at USE_IMV_ATTESTATION_TRUE@am__append_9 = plugins/imv_attestation
+ at USE_IMC_SWID_TRUE@am__append_10 = plugins/imc_swid
+ at USE_IMV_SWID_TRUE@am__append_11 = plugins/imv_swid
+ at USE_IMC_HCD_TRUE@am__append_12 = plugins/imc_hcd
+ at USE_IMV_HCD_TRUE@am__append_13 = plugins/imv_hcd
TESTS = imcv_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libimcv
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp $(dist_templates_DATA)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -114,6 +121,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_templates_DATA) \
+ $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -151,7 +160,8 @@ LTLIBRARIES = $(ipseclib_LTLIBRARIES)
am__DEPENDENCIES_1 =
libimcv_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/src/libtncif/libtncif.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la \
$(am__DEPENDENCIES_1)
am__dirstamp = $(am__leading_dot)dirstamp
am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \
@@ -230,6 +240,7 @@ am_imcv_tests_OBJECTS = ita/imcv_tests-ita_attr_command.$(OBJEXT) \
imcv_tests-imcv.$(OBJEXT) imcv_tests-imcv_tests.$(OBJEXT)
imcv_tests_OBJECTS = $(am_imcv_tests_OBJECTS)
imcv_tests_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
imcv_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
@@ -348,6 +359,7 @@ DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \
plugins/imc_attestation plugins/imv_attestation \
plugins/imc_swid plugins/imv_swid plugins/imc_hcd \
plugins/imv_hcd
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -379,6 +391,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -428,6 +441,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -462,6 +476,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -573,6 +588,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -604,6 +620,7 @@ xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtpmtss \
-DIPSEC_SCRIPT=\"${ipsec_script}\"
ipseclib_LTLIBRARIES = libimcv.la
@@ -612,8 +629,8 @@ libimcv_la_LDFLAGS = \
libimcv_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la $(am__append_1) \
- $(am__append_2)
+ $(top_builddir)/src/libtncif/libtncif.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la $(am__append_1)
libimcv_la_SOURCES = \
imcv.h imcv.c \
imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \
@@ -660,7 +677,6 @@ libimcv_la_SOURCES = \
pts/pts_pcr.h pts/pts_pcr.c \
pts/pts_proto_caps.h \
pts/pts_req_func_comp_evid.h \
- pts/pts_simple_evid_final.h \
pts/pts_creds.h pts/pts_creds.c \
pts/pts_database.h pts/pts_database.c \
pts/pts_dh_group.h pts/pts_dh_group.c \
@@ -726,10 +742,10 @@ imv_policy_manager_LDADD = \
$(top_builddir)/src/libtncif/libtncif.la
#imv/imv_policy_manager.o : $(top_builddir)/config.status
-SUBDIRS = . $(am__append_3) $(am__append_4) $(am__append_5) \
- $(am__append_6) $(am__append_7) $(am__append_8) \
- $(am__append_9) $(am__append_10) $(am__append_11) \
- $(am__append_12) $(am__append_13) $(am__append_14)
+SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \
+ $(am__append_5) $(am__append_6) $(am__append_7) \
+ $(am__append_8) $(am__append_9) $(am__append_10) \
+ $(am__append_11) $(am__append_12) $(am__append_13)
imcv_tests_SOURCES = \
ita/ita_attr_command.c \
pa_tnc/pa_tnc_attr_manager.c \
@@ -749,6 +765,7 @@ imcv_tests_CFLAGS = \
imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@
imcv_tests_LDADD = \
$(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
@@ -768,7 +785,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -1999,6 +2015,8 @@ uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \
uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \
uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/generic/generic_attr_bool.c b/src/libimcv/generic/generic_attr_bool.c
index 3f570d9..5668b94 100644
--- a/src/libimcv/generic/generic_attr_bool.c
+++ b/src/libimcv/generic/generic_attr_bool.c
@@ -118,11 +118,11 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_generic_attr_bool_t *this, u_int32_t *offset)
+ private_generic_attr_bool_t *this, uint32_t *offset)
{
enum_name_t *pa_attr_names;
bio_reader_t *reader;
- u_int32_t status;
+ uint32_t status;
*offset = 0;
diff --git a/src/libimcv/generic/generic_attr_chunk.c b/src/libimcv/generic/generic_attr_chunk.c
index 98a5399..2227e20 100644
--- a/src/libimcv/generic/generic_attr_chunk.c
+++ b/src/libimcv/generic/generic_attr_chunk.c
@@ -93,7 +93,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_generic_attr_chunk_t *this, u_int32_t *offset)
+ private_generic_attr_chunk_t *this, uint32_t *offset)
{
enum_name_t *pa_attr_names;
*offset = 0;
diff --git a/src/libimcv/generic/generic_attr_string.c b/src/libimcv/generic/generic_attr_string.c
index e63c012..4983ef9 100644
--- a/src/libimcv/generic/generic_attr_string.c
+++ b/src/libimcv/generic/generic_attr_string.c
@@ -88,7 +88,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_generic_attr_string_t *this, u_int32_t *offset)
+ private_generic_attr_string_t *this, uint32_t *offset)
{
enum_name_t *pa_attr_names;
u_char *pos;
diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c
index 38b777f..cfac6ed 100644
--- a/src/libimcv/ietf/ietf_attr.c
+++ b/src/libimcv/ietf/ietf_attr.c
@@ -47,7 +47,7 @@ ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED,
/**
* See header
*/
-pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length,
+pa_tnc_attr_t* ietf_attr_create_from_data(uint32_t type, size_t length,
chunk_t value)
{
switch (type)
diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h
index 169ed78..7154674 100644
--- a/src/libimcv/ietf/ietf_attr.h
+++ b/src/libimcv/ietf/ietf_attr.h
@@ -59,7 +59,7 @@ extern enum_name_t *ietf_attr_names;
* @param length attribute length
* @param value attribute value or segment
*/
-pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length,
+pa_tnc_attr_t* ietf_attr_create_from_data(uint32_t type, size_t length,
chunk_t value);
#endif /** IETF_ATTR_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_assess_result.c b/src/libimcv/ietf/ietf_attr_assess_result.c
index 1cffdca..8942125 100644
--- a/src/libimcv/ietf/ietf_attr_assess_result.c
+++ b/src/libimcv/ietf/ietf_attr_assess_result.c
@@ -67,7 +67,7 @@ struct private_ietf_attr_assess_result_t {
/**
* Assessment Result
*/
- u_int32_t result;
+ uint32_t result;
/**
* Reference count
@@ -117,7 +117,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_assess_result_t *this, u_int32_t *offset)
+ private_ietf_attr_assess_result_t *this, uint32_t *offset)
{
bio_reader_t *reader;
@@ -162,7 +162,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
}
}
-METHOD(ietf_attr_assess_result_t, get_result, u_int32_t,
+METHOD(ietf_attr_assess_result_t, get_result, uint32_t,
private_ietf_attr_assess_result_t *this)
{
return this->result;
@@ -171,7 +171,7 @@ METHOD(ietf_attr_assess_result_t, get_result, u_int32_t,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_assess_result_create(u_int32_t result)
+pa_tnc_attr_t *ietf_attr_assess_result_create(uint32_t result)
{
private_ietf_attr_assess_result_t *this;
diff --git a/src/libimcv/ietf/ietf_attr_assess_result.h b/src/libimcv/ietf/ietf_attr_assess_result.h
index b1a5166..fe7c1aa 100644
--- a/src/libimcv/ietf/ietf_attr_assess_result.h
+++ b/src/libimcv/ietf/ietf_attr_assess_result.h
@@ -43,7 +43,7 @@ struct ietf_attr_assess_result_t {
*
* @return Assessment Result
*/
- u_int32_t (*get_result)(ietf_attr_assess_result_t *this);
+ uint32_t (*get_result)(ietf_attr_assess_result_t *this);
};
@@ -51,7 +51,7 @@ struct ietf_attr_assess_result_t {
* Creates an ietf_attr_assess_result_t object
*
*/
-pa_tnc_attr_t* ietf_attr_assess_result_create(u_int32_t result);
+pa_tnc_attr_t* ietf_attr_assess_result_create(uint32_t result);
/**
* Creates an ietf_attr_assess_result_t object from received data
diff --git a/src/libimcv/ietf/ietf_attr_attr_request.c b/src/libimcv/ietf/ietf_attr_attr_request.c
index 08658e2..2a0b7f0 100644
--- a/src/libimcv/ietf/ietf_attr_attr_request.c
+++ b/src/libimcv/ietf/ietf_attr_attr_request.c
@@ -136,7 +136,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(ietf_attr_attr_request_t, add, void,
- private_ietf_attr_attr_request_t *this, pen_t vendor_id, u_int32_t type)
+ private_ietf_attr_attr_request_t *this, pen_t vendor_id, uint32_t type)
{
enum_name_t *pa_attr_names;
pen_type_t *entry;
@@ -160,12 +160,12 @@ METHOD(ietf_attr_attr_request_t, add, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_attr_request_t *this, u_int32_t *offset)
+ private_ietf_attr_attr_request_t *this, uint32_t *offset)
{
bio_reader_t *reader;
pen_t vendor_id;
- u_int32_t type;
- u_int8_t reserved;
+ uint32_t type;
+ uint8_t reserved;
int count;
*offset = 0;
@@ -228,7 +228,7 @@ METHOD(ietf_attr_attr_request_t, create_enumerator, enumerator_t*,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type)
+pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, uint32_t type)
{
private_ietf_attr_attr_request_t *this;
diff --git a/src/libimcv/ietf/ietf_attr_attr_request.h b/src/libimcv/ietf/ietf_attr_attr_request.h
index 47b0386..4c4ede0 100644
--- a/src/libimcv/ietf/ietf_attr_attr_request.h
+++ b/src/libimcv/ietf/ietf_attr_attr_request.h
@@ -44,7 +44,7 @@ struct ietf_attr_attr_request_t {
* @param vendor_id Attribute Vendor ID
* @param type Attribute Type
*/
- void (*add)(ietf_attr_attr_request_t *this, pen_t vendor_id, u_int32_t type);
+ void (*add)(ietf_attr_attr_request_t *this, pen_t vendor_id, uint32_t type);
/**
* Creates an enumerator over all attribute types contained
@@ -59,7 +59,7 @@ struct ietf_attr_attr_request_t {
* Creates an ietf_attr_attr_request_t object
*
*/
-pa_tnc_attr_t* ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type);
+pa_tnc_attr_t* ietf_attr_attr_request_create(pen_t vendor_id, uint32_t type);
/**
* @param length Total length of attribute value
diff --git a/src/libimcv/ietf/ietf_attr_fwd_enabled.c b/src/libimcv/ietf/ietf_attr_fwd_enabled.c
index 876a740..93eca3b 100644
--- a/src/libimcv/ietf/ietf_attr_fwd_enabled.c
+++ b/src/libimcv/ietf/ietf_attr_fwd_enabled.c
@@ -117,10 +117,10 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_fwd_enabled_t *this, u_int32_t *offset)
+ private_ietf_attr_fwd_enabled_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int32_t fwd_status;
+ uint32_t fwd_status;
*offset = 0;
diff --git a/src/libimcv/ietf/ietf_attr_installed_packages.c b/src/libimcv/ietf/ietf_attr_installed_packages.c
index 39eea55..7a870ac 100644
--- a/src/libimcv/ietf/ietf_attr_installed_packages.c
+++ b/src/libimcv/ietf/ietf_attr_installed_packages.c
@@ -169,13 +169,13 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_installed_packages_t *this, u_int32_t *offset)
+ private_ietf_attr_installed_packages_t *this, uint32_t *offset)
{
bio_reader_t *reader;
package_entry_t *entry;
status_t status = NEED_MORE;
chunk_t name, version;
- u_int16_t reserved;
+ uint16_t reserved;
u_char *pos;
if (this->offset == 0)
diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.c b/src/libimcv/ietf/ietf_attr_numeric_version.c
index c8fd6c1..7a3e78f 100644
--- a/src/libimcv/ietf/ietf_attr_numeric_version.c
+++ b/src/libimcv/ietf/ietf_attr_numeric_version.c
@@ -73,27 +73,27 @@ struct private_ietf_attr_numeric_version_t {
/**
* Major Version Number
*/
- u_int32_t major_version;
+ uint32_t major_version;
/**
* Minor Version Number
*/
- u_int32_t minor_version;
+ uint32_t minor_version;
/**
* IBuild Number
*/
- u_int32_t build;
+ uint32_t build;
/**
* Service Pack Major Number
*/
- u_int16_t service_pack_major;
+ uint16_t service_pack_major;
/**
* Service Pack Minor Number
*/
- u_int16_t service_pack_minor;
+ uint16_t service_pack_minor;
/**
* Reference count
@@ -148,7 +148,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_numeric_version_t *this, u_int32_t *offset)
+ private_ietf_attr_numeric_version_t *this, uint32_t *offset)
{
bio_reader_t *reader;
@@ -198,7 +198,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
}
METHOD(ietf_attr_numeric_version_t, get_version, void,
- private_ietf_attr_numeric_version_t *this, u_int32_t *major, u_int32_t *minor)
+ private_ietf_attr_numeric_version_t *this, uint32_t *major, uint32_t *minor)
{
if (major)
{
@@ -210,14 +210,14 @@ METHOD(ietf_attr_numeric_version_t, get_version, void,
}
}
-METHOD(ietf_attr_numeric_version_t, get_build, u_int32_t,
+METHOD(ietf_attr_numeric_version_t, get_build, uint32_t,
private_ietf_attr_numeric_version_t *this)
{
return this->build;
}
METHOD(ietf_attr_numeric_version_t, get_service_pack, void,
- private_ietf_attr_numeric_version_t *this, u_int16_t *major, u_int16_t *minor)
+ private_ietf_attr_numeric_version_t *this, uint16_t *major, uint16_t *minor)
{
if (major)
{
@@ -232,10 +232,10 @@ METHOD(ietf_attr_numeric_version_t, get_service_pack, void,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor,
- u_int32_t build,
- u_int16_t service_pack_major,
- u_int16_t service_pack_minor)
+pa_tnc_attr_t *ietf_attr_numeric_version_create(uint32_t major, uint32_t minor,
+ uint32_t build,
+ uint16_t service_pack_major,
+ uint16_t service_pack_minor)
{
private_ietf_attr_numeric_version_t *this;
diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.h b/src/libimcv/ietf/ietf_attr_numeric_version.h
index 8808d48..afb3823 100644
--- a/src/libimcv/ietf/ietf_attr_numeric_version.h
+++ b/src/libimcv/ietf/ietf_attr_numeric_version.h
@@ -45,7 +45,7 @@ struct ietf_attr_numeric_version_t {
* @param minor Minor Version Number
*/
void (*get_version)(ietf_attr_numeric_version_t *this,
- u_int32_t *major, u_int32_t *minor);
+ uint32_t *major, uint32_t *minor);
/**
* Gets the Build Number
@@ -53,7 +53,7 @@ struct ietf_attr_numeric_version_t {
* @param major Major Version Number
* @param minor Minor Version Number
*/
- u_int32_t (*get_build)(ietf_attr_numeric_version_t *this);
+ uint32_t (*get_build)(ietf_attr_numeric_version_t *this);
/**
* Gets the Major and Minor Numbers of the Service Pack
@@ -62,17 +62,17 @@ struct ietf_attr_numeric_version_t {
* @param minor Servcie Pack Minor Number
*/
void (*get_service_pack)(ietf_attr_numeric_version_t *this,
- u_int16_t *major, u_int16_t *minor);
+ uint16_t *major, uint16_t *minor);
};
/**
* Creates an ietf_attr_numeric_version_t object
*
*/
-pa_tnc_attr_t* ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor,
- u_int32_t build,
- u_int16_t service_pack_major,
- u_int16_t service_pack_minor);
+pa_tnc_attr_t* ietf_attr_numeric_version_create(uint32_t major, uint32_t minor,
+ uint32_t build,
+ uint16_t service_pack_major,
+ uint16_t service_pack_minor);
/**
* Creates an ietf_attr_numeric_version_t object from received data
diff --git a/src/libimcv/ietf/ietf_attr_op_status.c b/src/libimcv/ietf/ietf_attr_op_status.c
index d061a52..f04c89b 100644
--- a/src/libimcv/ietf/ietf_attr_op_status.c
+++ b/src/libimcv/ietf/ietf_attr_op_status.c
@@ -93,12 +93,12 @@ struct private_ietf_attr_op_status_t {
/**
* Status
*/
- u_int8_t status;
+ uint8_t status;
/**
* Result
*/
- u_int8_t result;
+ uint8_t result;
/**
* Last Use
@@ -164,11 +164,11 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_op_status_t *this, u_int32_t *offset)
+ private_ietf_attr_op_status_t *this, uint32_t *offset)
{
bio_reader_t *reader;
chunk_t last_use;
- u_int16_t reserved;
+ uint16_t reserved;
struct tm t;
*offset = 0;
@@ -245,13 +245,13 @@ METHOD(pa_tnc_attr_t, destroy, void,
}
}
-METHOD(ietf_attr_op_status_t, get_status, u_int8_t,
+METHOD(ietf_attr_op_status_t, get_status, uint8_t,
private_ietf_attr_op_status_t *this)
{
return this->status;
}
-METHOD(ietf_attr_op_status_t, get_result, u_int8_t,
+METHOD(ietf_attr_op_status_t, get_result, uint8_t,
private_ietf_attr_op_status_t *this)
{
return this->result;
@@ -266,7 +266,7 @@ METHOD(ietf_attr_op_status_t, get_last_use, time_t,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_op_status_create(u_int8_t status, u_int8_t result,
+pa_tnc_attr_t *ietf_attr_op_status_create(uint8_t status, uint8_t result,
time_t last_use)
{
private_ietf_attr_op_status_t *this;
diff --git a/src/libimcv/ietf/ietf_attr_op_status.h b/src/libimcv/ietf/ietf_attr_op_status.h
index ceb13fe..c91735a 100644
--- a/src/libimcv/ietf/ietf_attr_op_status.h
+++ b/src/libimcv/ietf/ietf_attr_op_status.h
@@ -70,14 +70,14 @@ struct ietf_attr_op_status_t {
*
* @return Operational Status
*/
- u_int8_t (*get_status)(ietf_attr_op_status_t *this);
+ uint8_t (*get_status)(ietf_attr_op_status_t *this);
/**
* Gets the Operational Result
*
* @return Operational Result
*/
- u_int8_t (*get_result)(ietf_attr_op_status_t *this);
+ uint8_t (*get_result)(ietf_attr_op_status_t *this);
/**
* Gets the time of last use
@@ -94,7 +94,7 @@ struct ietf_attr_op_status_t {
* @param result Operational Result
* @param last_use Time of last use
*/
-pa_tnc_attr_t* ietf_attr_op_status_create(u_int8_t status, u_int8_t result,
+pa_tnc_attr_t* ietf_attr_op_status_create(uint8_t status, uint8_t result,
time_t last_use);
/**
diff --git a/src/libimcv/ietf/ietf_attr_port_filter.c b/src/libimcv/ietf/ietf_attr_port_filter.c
index 6f7ff54..05920fd 100644
--- a/src/libimcv/ietf/ietf_attr_port_filter.c
+++ b/src/libimcv/ietf/ietf_attr_port_filter.c
@@ -30,8 +30,8 @@ typedef struct port_entry_t port_entry_t;
*/
struct port_entry_t {
bool blocked;
- u_int8_t protocol;
- u_int16_t port;
+ uint8_t protocol;
+ uint16_t port;
};
/**
@@ -142,11 +142,11 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_port_filter_t *this, u_int32_t *offset)
+ private_ietf_attr_port_filter_t *this, uint32_t *offset)
{
bio_reader_t *reader;
port_entry_t *entry;
- u_int8_t blocked;
+ uint8_t blocked;
*offset = 0;
@@ -201,8 +201,8 @@ METHOD(pa_tnc_attr_t, destroy, void,
}
METHOD(ietf_attr_port_filter_t, add_port, void,
- private_ietf_attr_port_filter_t *this, bool blocked, u_int8_t protocol,
- u_int16_t port)
+ private_ietf_attr_port_filter_t *this, bool blocked, uint8_t protocol,
+ uint16_t port)
{
port_entry_t *entry;
@@ -217,8 +217,8 @@ METHOD(ietf_attr_port_filter_t, add_port, void,
* Enumerate port filter entries
*/
static bool port_filter(void *null, port_entry_t **entry,
- bool *blocked, void *i2, u_int8_t *protocol, void *i3,
- u_int16_t *port)
+ bool *blocked, void *i2, uint8_t *protocol, void *i3,
+ uint16_t *port)
{
*blocked = (*entry)->blocked;
*protocol = (*entry)->protocol;
diff --git a/src/libimcv/ietf/ietf_attr_port_filter.h b/src/libimcv/ietf/ietf_attr_port_filter.h
index e6c5a3f..db35453 100644
--- a/src/libimcv/ietf/ietf_attr_port_filter.h
+++ b/src/libimcv/ietf/ietf_attr_port_filter.h
@@ -46,11 +46,11 @@ struct ietf_attr_port_filter_t {
* @param port TCP/UDP port number
*/
void (*add_port)(ietf_attr_port_filter_t *this, bool blocked,
- u_int8_t protocol, u_int16_t port);
+ uint8_t protocol, uint16_t port);
/**
* Enumerates over all ports
- * Format: bool *blocked, u_int8_t *protocol, u_int16_t *port
+ * Format: bool *blocked, uint8_t *protocol, uint16_t *port
*
* @return enumerator
*/
diff --git a/src/libimcv/ietf/ietf_attr_product_info.c b/src/libimcv/ietf/ietf_attr_product_info.c
index 37c89e9..ed1a74b 100644
--- a/src/libimcv/ietf/ietf_attr_product_info.c
+++ b/src/libimcv/ietf/ietf_attr_product_info.c
@@ -74,7 +74,7 @@ struct private_ietf_attr_product_info_t {
/**
* Product ID
*/
- u_int16_t product_id;
+ uint16_t product_id;
/**
* Product Name
@@ -131,7 +131,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_product_info_t *this, u_int32_t *offset)
+ private_ietf_attr_product_info_t *this, uint32_t *offset)
{
bio_reader_t *reader;
chunk_t product_name;
@@ -190,7 +190,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
}
METHOD(ietf_attr_product_info_t, get_info, chunk_t,
- private_ietf_attr_product_info_t *this, pen_t *vendor_id, u_int16_t *id)
+ private_ietf_attr_product_info_t *this, pen_t *vendor_id, uint16_t *id)
{
if (vendor_id)
{
@@ -206,7 +206,7 @@ METHOD(ietf_attr_product_info_t, get_info, chunk_t,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id,
+pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, uint16_t id,
chunk_t name)
{
private_ietf_attr_product_info_t *this;
diff --git a/src/libimcv/ietf/ietf_attr_product_info.h b/src/libimcv/ietf/ietf_attr_product_info.h
index 5151b58..53e2409 100644
--- a/src/libimcv/ietf/ietf_attr_product_info.h
+++ b/src/libimcv/ietf/ietf_attr_product_info.h
@@ -46,7 +46,7 @@ struct ietf_attr_product_info_t {
* @return Product Name
*/
chunk_t (*get_info)(ietf_attr_product_info_t *this,
- pen_t *vendor_id, u_int16_t *id);
+ pen_t *vendor_id, uint16_t *id);
};
@@ -54,7 +54,7 @@ struct ietf_attr_product_info_t {
* Creates an ietf_attr_product_info_t object
*
*/
-pa_tnc_attr_t* ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id,
+pa_tnc_attr_t* ietf_attr_product_info_create(pen_t vendor_id, uint16_t id,
chunk_t name);
/**
diff --git a/src/libimcv/ietf/ietf_attr_remediation_instr.c b/src/libimcv/ietf/ietf_attr_remediation_instr.c
index 6407037..c834b23 100644
--- a/src/libimcv/ietf/ietf_attr_remediation_instr.c
+++ b/src/libimcv/ietf/ietf_attr_remediation_instr.c
@@ -165,10 +165,10 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_remediation_instr_t *this, u_int32_t *offset)
+ private_ietf_attr_remediation_instr_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int8_t reserved;
+ uint8_t reserved;
status_t status = SUCCESS;
u_char *pos;
diff --git a/src/libimcv/ietf/ietf_attr_string_version.c b/src/libimcv/ietf/ietf_attr_string_version.c
index c46200b..f781387 100644
--- a/src/libimcv/ietf/ietf_attr_string_version.c
+++ b/src/libimcv/ietf/ietf_attr_string_version.c
@@ -134,7 +134,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_string_version_t *this, u_int32_t *offset)
+ private_ietf_attr_string_version_t *this, uint32_t *offset)
{
bio_reader_t *reader;
status_t status = FAILED;
diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c
index 0d622f1..3a7a16b 100644
--- a/src/libimcv/imc/imc_agent.c
+++ b/src/libimcv/imc/imc_agent.c
@@ -46,7 +46,7 @@ struct private_imc_agent_t {
/**
* number of message types registered by IMC
*/
- u_int32_t type_count;
+ uint32_t type_count;
/**
* ID of IMC as assigned by TNCC
@@ -320,7 +320,7 @@ static char* get_str_attribute(private_imc_agent_t *this, TNC_ConnectionID id,
/**
* Read an UInt32 attribute
*/
-static u_int32_t get_uint_attribute(private_imc_agent_t *this, TNC_ConnectionID id,
+static uint32_t get_uint_attribute(private_imc_agent_t *this, TNC_ConnectionID id,
TNC_AttributeID attribute_id)
{
TNC_UInt32 len;
@@ -341,7 +341,7 @@ METHOD(imc_agent_t, create_state, TNC_Result,
TNC_ConnectionID conn_id;
char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
- u_int32_t max_msg_len;
+ uint32_t max_msg_len;
conn_id = state->get_connection_id(state);
if (find_connection(this, conn_id))
@@ -550,7 +550,7 @@ METHOD(imc_agent_t, destroy, void,
* Described in header.
*/
imc_agent_t *imc_agent_create(const char *name,
- pen_type_t *supported_types, u_int32_t type_count,
+ pen_type_t *supported_types, uint32_t type_count,
TNC_IMCID id, TNC_Version *actual_version)
{
private_imc_agent_t *this;
diff --git a/src/libimcv/imc/imc_agent.h b/src/libimcv/imc/imc_agent.h
index 8bdfb6c..bac1b48 100644
--- a/src/libimcv/imc/imc_agent.h
+++ b/src/libimcv/imc/imc_agent.h
@@ -198,7 +198,7 @@ struct imc_agent_t {
*
*/
imc_agent_t *imc_agent_create(const char *name,
- pen_type_t *supported_types, u_int32_t type_count,
+ pen_type_t *supported_types, uint32_t type_count,
TNC_IMCID id, TNC_Version *actual_version);
#endif /** IMC_AGENT_H_ @}*/
diff --git a/src/libimcv/imc/imc_os_info.c b/src/libimcv/imc/imc_os_info.c
index 55e152a..3315c20 100644
--- a/src/libimcv/imc/imc_os_info.c
+++ b/src/libimcv/imc/imc_os_info.c
@@ -69,7 +69,7 @@ METHOD(imc_os_info_t, get_name, chunk_t,
}
METHOD(imc_os_info_t, get_numeric_version, void,
- private_imc_os_info_t *this, u_int32_t *major, u_int32_t *minor)
+ private_imc_os_info_t *this, uint32_t *major, uint32_t *minor)
{
u_char *pos;
diff --git a/src/libimcv/imc/imc_os_info.h b/src/libimcv/imc/imc_os_info.h
index ef7fb6d..680e2b7 100644
--- a/src/libimcv/imc/imc_os_info.h
+++ b/src/libimcv/imc/imc_os_info.h
@@ -54,8 +54,8 @@ struct imc_os_info_t {
* @param major OS major version number
* @param minor OS minor version number
*/
- void (*get_numeric_version)(imc_os_info_t *this, u_int32_t *major,
- u_int32_t *minor);
+ void (*get_numeric_version)(imc_os_info_t *this, uint32_t *major,
+ uint32_t *minor);
/**
* Get the OS version or release
diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h
index efcf567..d8aeab9 100644
--- a/src/libimcv/imc/imc_state.h
+++ b/src/libimcv/imc/imc_state.h
@@ -72,14 +72,14 @@ struct imc_state_t {
*
* @param max_msg_len maximum size of a PA-TNC message
*/
- void (*set_max_msg_len)(imc_state_t *this, u_int32_t max_msg_len);
+ void (*set_max_msg_len)(imc_state_t *this, uint32_t max_msg_len);
/**
* Get the maximum size of a PA-TNC message for this TNCCS connection
*
* @return maximum size of a PA-TNC message
*/
- u_int32_t (*get_max_msg_len)(imc_state_t *this);
+ uint32_t (*get_max_msg_len)(imc_state_t *this);
/**
* Get attribute segmentation contracts associated with TNCCS Connection
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index 9162e3f..6f88e17 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -412,6 +412,90 @@ INSERT INTO products ( /* 69 */
'Debian 7.9 armv7l'
);
+INSERT INTO products ( /* 70 */
+ name
+) VALUES (
+ 'Ubuntu 15.04 i686'
+);
+
+INSERT INTO products ( /* 71 */
+ name
+) VALUES (
+ 'Ubuntu 15.04 x86_64'
+);
+
+INSERT INTO products ( /* 72 */
+ name
+) VALUES (
+ 'Ubuntu 15.10 i686'
+);
+
+INSERT INTO products ( /* 73 */
+ name
+) VALUES (
+ 'Ubuntu 15.10 x86_64'
+);
+
+INSERT INTO products ( /* 74 */
+ name
+) VALUES (
+ 'Ubuntu 16.04 i686'
+);
+
+INSERT INTO products ( /* 75 */
+ name
+) VALUES (
+ 'Ubuntu 16.04 x86_64'
+);
+
+INSERT INTO products ( /* 76 */
+ name
+) VALUES (
+ 'Debian 7.10 i686'
+);
+
+INSERT INTO products ( /* 77 */
+ name
+) VALUES (
+ 'Debian 7.10 x86_64'
+);
+
+INSERT INTO products ( /* 78 */
+ name
+) VALUES (
+ 'Debian 7.10 armv6l'
+);
+
+INSERT INTO products ( /* 79 */
+ name
+) VALUES (
+ 'Debian 7.10 armv7l'
+);
+
+INSERT INTO products ( /* 80 */
+ name
+) VALUES (
+ 'Android 6.0'
+);
+
+INSERT INTO products ( /* 81 */
+ name
+) VALUES (
+ 'Android 6.0.1'
+);
+
+INSERT INTO products ( /* 82 */
+ name
+) VALUES (
+ 'Debian 8.5 i686'
+);
+
+INSERT INTO products ( /* 83 */
+ name
+) VALUES (
+ 'Debian 8.5 x86_64'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -541,19 +625,19 @@ INSERT INTO files ( /* 6 */
INSERT INTO algorithms (
id, name
) VALUES (
- 32768, 'SHA1'
+ 32768, 'SHA1'
);
INSERT INTO algorithms (
id, name
) VALUES (
- 16384, 'SHA256'
+ 16384, 'SHA256'
);
INSERT INTO algorithms (
id, name
) VALUES (
- 8192, 'SHA384'
+ 8192, 'SHA384'
);
/* File Hashes */
@@ -919,6 +1003,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 4, 76
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
5, 2
);
@@ -991,6 +1081,18 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 5, 77
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 5, 83
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
6, 9
);
@@ -1045,6 +1147,24 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 6, 70
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 6, 72
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 6, 74
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
7, 8
);
@@ -1105,6 +1225,24 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 7, 71
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 7, 73
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 7, 75
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
3, 21
);
@@ -1165,6 +1303,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 3, 51
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
3, 63
);
@@ -1177,7 +1321,13 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
- 3, 51
+ 3, 80
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 81
);
INSERT INTO groups_product_defaults (
@@ -1243,6 +1393,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 14, 78
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
15, 65
);
@@ -1252,6 +1408,12 @@ INSERT INTO groups_product_defaults (
15, 69
);
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 15, 79
+);
+
/* Policies */
INSERT INTO policies ( /* 1 */
diff --git a/src/libimcv/imv/imv_database.h b/src/libimcv/imv/imv_database.h
index 79551cc..d0b2db2 100644
--- a/src/libimcv/imv/imv_database.h
+++ b/src/libimcv/imv/imv_database.h
@@ -46,7 +46,7 @@ struct imv_database_t {
*/
imv_session_t* (*add_session)(imv_database_t *this,
TNC_ConnectionID conn_id,
- u_int32_t ar_id_type, chunk_t ar_id_value);
+ uint32_t ar_id_type, chunk_t ar_id_value);
/**
* Remove and delete a session
diff --git a/src/libimcv/ita/ita_attr.c b/src/libimcv/ita/ita_attr.c
index 35c882c..1d8db71 100644
--- a/src/libimcv/ita/ita_attr.c
+++ b/src/libimcv/ita/ita_attr.c
@@ -35,7 +35,7 @@ ENUM(ita_attr_names, ITA_ATTR_COMMAND, ITA_ATTR_DEVICE_ID,
/**
* See header
*/
-pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length,
+pa_tnc_attr_t* ita_attr_create_from_data(uint32_t type, size_t length,
chunk_t value)
{
switch (type)
diff --git a/src/libimcv/ita/ita_attr.h b/src/libimcv/ita/ita_attr.h
index 7378a1c..7265374 100644
--- a/src/libimcv/ita/ita_attr.h
+++ b/src/libimcv/ita/ita_attr.h
@@ -53,7 +53,7 @@ extern enum_name_t *ita_attr_names;
* @param length attribute length
* @param value attribute value or segment
*/
-pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length,
+pa_tnc_attr_t* ita_attr_create_from_data(uint32_t type, size_t length,
chunk_t value);
#endif /** ITA_ATTR_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_angel.c b/src/libimcv/ita/ita_attr_angel.c
index 1108636..1330897 100644
--- a/src/libimcv/ita/ita_attr_angel.c
+++ b/src/libimcv/ita/ita_attr_angel.c
@@ -81,7 +81,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ita_attr_angel_t *this, u_int32_t *offset)
+ private_ita_attr_angel_t *this, uint32_t *offset)
{
return SUCCESS;
}
diff --git a/src/libimcv/ita/ita_attr_command.c b/src/libimcv/ita/ita_attr_command.c
index a6b187f..03a5341 100644
--- a/src/libimcv/ita/ita_attr_command.c
+++ b/src/libimcv/ita/ita_attr_command.c
@@ -101,7 +101,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ita_attr_command_t *this, u_int32_t *offset)
+ private_ita_attr_command_t *this, uint32_t *offset)
{
*offset = 0;
diff --git a/src/libimcv/ita/ita_attr_dummy.c b/src/libimcv/ita/ita_attr_dummy.c
index 0d21ac6..8fa23cf 100644
--- a/src/libimcv/ita/ita_attr_dummy.c
+++ b/src/libimcv/ita/ita_attr_dummy.c
@@ -99,7 +99,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ita_attr_dummy_t *this, u_int32_t *offset)
+ private_ita_attr_dummy_t *this, uint32_t *offset)
{
*offset = 0;
diff --git a/src/libimcv/ita/ita_attr_get_settings.c b/src/libimcv/ita/ita_attr_get_settings.c
index 3c047fb..4c50cff 100644
--- a/src/libimcv/ita/ita_attr_get_settings.c
+++ b/src/libimcv/ita/ita_attr_get_settings.c
@@ -140,10 +140,10 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ita_attr_get_settings_t *this, u_int32_t *offset)
+ private_ita_attr_get_settings_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int32_t count;
+ uint32_t count;
chunk_t name;
status_t status = FAILED;
diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c
index ced3477..c7c968a 100644
--- a/src/libimcv/ita/ita_attr_settings.c
+++ b/src/libimcv/ita/ita_attr_settings.c
@@ -169,10 +169,10 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ita_attr_settings_t *this, u_int32_t *offset)
+ private_ita_attr_settings_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int32_t count;
+ uint32_t count;
chunk_t name, value;
entry_t *entry;
status_t status = FAILED;
diff --git a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h
index 8607fee..1fec8e3 100644
--- a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h
+++ b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h
@@ -28,7 +28,7 @@ typedef struct pa_tnc_attr_manager_t pa_tnc_attr_manager_t;
#include <library.h>
#include <bio/bio_reader.h>
-typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(u_int32_t type, size_t length,
+typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(uint32_t type, size_t length,
chunk_t value);
/**
diff --git a/src/libimcv/plugins/imc_attestation/Makefile.am b/src/libimcv/plugins/imc_attestation/Makefile.am
index e7b1f1c..14b1646 100644
--- a/src/libimcv/plugins/imc_attestation/Makefile.am
+++ b/src/libimcv/plugins/imc_attestation/Makefile.am
@@ -1,7 +1,8 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libtpmtss
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in
index 6d9533d..d2b8168 100644
--- a/src/libimcv/plugins/imc_attestation/Makefile.in
+++ b/src/libimcv/plugins/imc_attestation/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libimcv/plugins/imc_attestation
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -432,7 +446,8 @@ xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libtpmtss
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
@@ -462,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -766,6 +780,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-imcvLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
index f24aec8..56713bb 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -225,9 +226,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
{
tcg_pts_attr_req_file_meas_t *attr_cast;
char *pathname;
- u_int16_t request_id;
+ uint16_t request_id;
bool is_directory;
- u_int32_t delimiter;
+ uint32_t delimiter;
pts_file_meas_t *measurements;
pen_type_t error_code;
@@ -282,7 +283,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
tcg_pts_attr_req_file_meta_t *attr_cast;
char *pathname;
bool is_directory;
- u_int8_t delimiter;
+ uint8_t delimiter;
pts_file_meta_t *metadata;
pen_type_t error_code;
@@ -336,8 +337,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
pts_comp_evidence_t *evid;
pts_component_t *comp;
pen_type_t error_code;
- u_int32_t depth;
- u_int8_t flags;
+ uint32_t depth;
+ uint8_t flags;
status_t status;
enumerator_t *e;
@@ -420,11 +421,11 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
}
case TCG_PTS_GEN_ATTEST_EVID:
{
- pts_simple_evid_final_flag_t flags;
- pts_meas_algorithms_t comp_hash_algorithm;
pts_comp_evidence_t *evid;
- chunk_t pcr_composite, quote_sig;
- bool use_quote2;
+ tpm_quote_mode_t quote_mode;
+ tpm_tss_quote_info_t *quote_info;
+ chunk_t quote_sig;
+ bool use_quote2, use_version_info;
/* Send cached Component Evidence entries */
while (attestation_state->next_evidence(attestation_state, &evid))
@@ -434,21 +435,23 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
}
use_quote2 = lib->settings->get_bool(lib->settings,
- "%s.plugins.imc-attestation.use_quote2", TRUE,
- lib->ns);
- if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_sig))
+ "%s.plugins.imc-attestation.use_quote2",
+ TRUE, lib->ns);
+ use_version_info = lib->settings->get_bool(lib->settings,
+ "%s.plugins.imc-attestation.use_version_info",
+ FALSE, lib->ns);
+ quote_mode = use_quote2 ? (use_version_info ?
+ TPM_QUOTE2_VERSION_INFO :
+ TPM_QUOTE2) :
+ TPM_QUOTE;
+
+ if (!pts->quote(pts, "e_mode, "e_info, "e_sig))
{
DBG1(DBG_IMC, "error occurred during TPM quote operation");
return FALSE;
}
- /* Send Simple Evidence Final attribute */
- flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 :
- PTS_SIMPLE_EVID_FINAL_QUOTE_INFO;
- comp_hash_algorithm = PTS_MEAS_ALGO_SHA1;
-
- attr = tcg_pts_attr_simple_evid_final_create(flags,
- comp_hash_algorithm, pcr_composite, quote_sig);
+ attr = tcg_pts_attr_simple_evid_final_create(quote_info, quote_sig);
msg->add_attribute(msg, attr);
break;
}
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
index 0b594cb..b789a21 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
@@ -64,7 +64,7 @@ struct private_imc_attestation_state_t {
/**
* Maximum PA-TNC message size for this TNCCS connection
*/
- u_int32_t max_msg_len;
+ uint32_t max_msg_len;
/**
* PA-TNC attribute segmentation contracts associated with TNCCS connection
@@ -114,12 +114,12 @@ METHOD(imc_state_t, set_flags, void,
}
METHOD(imc_state_t, set_max_msg_len, void,
- private_imc_attestation_state_t *this, u_int32_t max_msg_len)
+ private_imc_attestation_state_t *this, uint32_t max_msg_len)
{
this->max_msg_len = max_msg_len;
}
-METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+METHOD(imc_state_t, get_max_msg_len, uint32_t,
private_imc_attestation_state_t *this)
{
return this->max_msg_len;
@@ -175,7 +175,7 @@ METHOD(imc_attestation_state_t, get_pts, pts_t*,
METHOD(imc_attestation_state_t, create_component, pts_component_t*,
private_imc_attestation_state_t *this, pts_comp_func_name_t *name,
- u_int32_t depth)
+ uint32_t depth)
{
enumerator_t *enumerator;
pts_component_t *component;
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.h b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h
index 854c882..aaf2754 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.h
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h
@@ -57,7 +57,7 @@ struct imc_attestation_state_t {
* @return created functional component instance or NULL
*/
pts_component_t* (*create_component)(imc_attestation_state_t *this,
- pts_comp_func_name_t *name, u_int32_t depth);
+ pts_comp_func_name_t *name, uint32_t depth);
/**
* Add an entry to the Component Evidence cache list
diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in
index 0d603c9..44aaf87 100644
--- a/src/libimcv/plugins/imc_hcd/Makefile.in
+++ b/src/libimcv/plugins/imc_hcd/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libimcv/plugins/imc_hcd
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -398,6 +411,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_hcd/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imc_hcd/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -759,6 +772,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-imcvLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c
index ce93d7e..60ccdce 100644
--- a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c
+++ b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c
@@ -59,7 +59,7 @@ struct private_imc_hcd_state_t {
/**
* Maximum PA-TNC message size for this TNCCS connection
*/
- u_int32_t max_msg_len;
+ uint32_t max_msg_len;
/**
* PA-TNC attribute segmentation contracts associated with TNCCS connection
@@ -93,12 +93,12 @@ METHOD(imc_state_t, set_flags, void,
}
METHOD(imc_state_t, set_max_msg_len, void,
- private_imc_hcd_state_t *this, u_int32_t max_msg_len)
+ private_imc_hcd_state_t *this, uint32_t max_msg_len)
{
this->max_msg_len = max_msg_len;
}
-METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+METHOD(imc_state_t, get_max_msg_len, uint32_t,
private_imc_hcd_state_t *this)
{
return this->max_msg_len;
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index d1787da..93d532d 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libimcv/plugins/imc_os
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -398,6 +411,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_os/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imc_os/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -759,6 +772,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-imcvLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index af1862a..cabcd0a 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -162,7 +162,7 @@ static void add_product_info(imc_msg_t *msg)
static void add_numeric_version(imc_msg_t *msg)
{
pa_tnc_attr_t *attr;
- u_int32_t major, minor;
+ uint32_t major, minor;
os->get_numeric_version(os, &major, &minor);
DBG1(DBG_IMC, "operating system numeric version is %d.%d",
diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c
index 139ab05..a38696a 100644
--- a/src/libimcv/plugins/imc_os/imc_os_state.c
+++ b/src/libimcv/plugins/imc_os/imc_os_state.c
@@ -59,7 +59,7 @@ struct private_imc_os_state_t {
/**
* Maximum PA-TNC message size for this TNCCS connection
*/
- u_int32_t max_msg_len;
+ uint32_t max_msg_len;
/**
* PA-TNC attribute segmentation contracts associated with TNCCS connection
@@ -93,12 +93,12 @@ METHOD(imc_state_t, set_flags, void,
}
METHOD(imc_state_t, set_max_msg_len, void,
- private_imc_os_state_t *this, u_int32_t max_msg_len)
+ private_imc_os_state_t *this, uint32_t max_msg_len)
{
this->max_msg_len = max_msg_len;
}
-METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+METHOD(imc_state_t, get_max_msg_len, uint32_t,
private_imc_os_state_t *this)
{
return this->max_msg_len;
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index 2f03a7c..44d8279 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libimcv/plugins/imc_scanner
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -199,12 +208,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -254,6 +265,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -288,6 +300,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -399,6 +412,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_scanner/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imc_scanner/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -760,6 +773,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-imcvLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c
index c67636f..bf2479c 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@@ -128,8 +128,8 @@ static bool do_netstat(ietf_attr_port_filter_t *attr)
while (fgets(buf, sizeof(buf), file))
{
u_char *pos;
- u_int8_t new_protocol, protocol;
- u_int16_t new_port, port;
+ uint8_t new_protocol, protocol;
+ uint16_t new_port, port;
int i;
enumerator_t *enumerator;
bool allowed, found = FALSE;
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
index d357859..c1b7a50 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
@@ -59,7 +59,7 @@ struct private_imc_scanner_state_t {
/**
* Maximum PA-TNC message size for this TNCCS connection
*/
- u_int32_t max_msg_len;
+ uint32_t max_msg_len;
/**
* PA-TNC attribute segmentation contracts associated with TNCCS connection
@@ -93,12 +93,12 @@ METHOD(imc_state_t, set_flags, void,
}
METHOD(imc_state_t, set_max_msg_len, void,
- private_imc_scanner_state_t *this, u_int32_t max_msg_len)
+ private_imc_scanner_state_t *this, uint32_t max_msg_len)
{
this->max_msg_len = max_msg_len;
}
-METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+METHOD(imc_state_t, get_max_msg_len, uint32_t,
private_imc_scanner_state_t *this)
{
return this->max_msg_len;
diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in
index 981f864..5eec531 100644
--- a/src/libimcv/plugins/imc_swid/Makefile.in
+++ b/src/libimcv/plugins/imc_swid/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libimcv/plugins/imc_swid
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -818,6 +831,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecDATA \
tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \
uninstall-ipsecDATA uninstall-swidDATA
+.PRECIOUS: Makefile
+
$(swid_tag) : regid.2004-03.org.strongswan_strongSwan.swidtag.in
$(AM_V_GEN) \
diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.c b/src/libimcv/plugins/imc_swid/imc_swid_state.c
index 65c279b..8d5e8e0 100644
--- a/src/libimcv/plugins/imc_swid/imc_swid_state.c
+++ b/src/libimcv/plugins/imc_swid/imc_swid_state.c
@@ -59,7 +59,7 @@ struct private_imc_swid_state_t {
/**
* Maximum PA-TNC message size for this TNCCS connection
*/
- u_int32_t max_msg_len;
+ uint32_t max_msg_len;
/**
* PA-TNC attribute segmentation contracts associated with TNCCS connection
@@ -69,7 +69,7 @@ struct private_imc_swid_state_t {
/**
* Event ID Epoch
*/
- u_int32_t eid_epoch;
+ uint32_t eid_epoch;
};
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
@@ -98,12 +98,12 @@ METHOD(imc_state_t, set_flags, void,
}
METHOD(imc_state_t, set_max_msg_len, void,
- private_imc_swid_state_t *this, u_int32_t max_msg_len)
+ private_imc_swid_state_t *this, uint32_t max_msg_len)
{
this->max_msg_len = max_msg_len;
}
-METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+METHOD(imc_state_t, get_max_msg_len, uint32_t,
private_imc_swid_state_t *this)
{
return this->max_msg_len;
@@ -146,7 +146,7 @@ METHOD(imc_state_t, destroy, void,
free(this);
}
-METHOD(imc_swid_state_t, get_eid_epoch, u_int32_t,
+METHOD(imc_swid_state_t, get_eid_epoch, uint32_t,
private_imc_swid_state_t *this)
{
return this->eid_epoch;
@@ -158,11 +158,11 @@ METHOD(imc_swid_state_t, get_eid_epoch, u_int32_t,
imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id)
{
private_imc_swid_state_t *this;
- u_int32_t eid_epoch;
+ uint32_t eid_epoch;
nonce_gen_t *ng;
ng = lib->crypto->create_nonce_gen(lib->crypto);
- if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&eid_epoch))
+ if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&eid_epoch))
{
DBG1(DBG_TNC, "failed to generate random EID epoch value");
DESTROY_IF(ng);
diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h
index cb3ac45..c2719d2 100644
--- a/src/libimcv/plugins/imc_swid/imc_swid_state.h
+++ b/src/libimcv/plugins/imc_swid/imc_swid_state.h
@@ -43,7 +43,7 @@ struct imc_swid_state_t {
*
* @return Event ID Epoch
*/
- u_int32_t (*get_eid_epoch)(imc_swid_state_t *this);
+ uint32_t (*get_eid_epoch)(imc_swid_state_t *this);
};
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index 7bf4590..508f7fe 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libimcv/plugins/imc_test
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -398,6 +411,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_test/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imc_test/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -759,6 +772,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-imcvLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c
index d3f6805..047c825 100644
--- a/src/libimcv/plugins/imc_test/imc_test_state.c
+++ b/src/libimcv/plugins/imc_test/imc_test_state.c
@@ -61,7 +61,7 @@ struct private_imc_test_state_t {
/**
* Maximum PA-TNC message size for this TNCCS connection
*/
- u_int32_t max_msg_len;
+ uint32_t max_msg_len;
/**
* PA-TNC attribute segmentation contracts associated with TNCCS connection
@@ -124,12 +124,12 @@ METHOD(imc_state_t, set_flags, void,
}
METHOD(imc_state_t, set_max_msg_len, void,
- private_imc_test_state_t *this, u_int32_t max_msg_len)
+ private_imc_test_state_t *this, uint32_t max_msg_len)
{
this->max_msg_len = max_msg_len;
}
-METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+METHOD(imc_state_t, get_max_msg_len, uint32_t,
private_imc_test_state_t *this)
{
return this->max_msg_len;
diff --git a/src/libimcv/plugins/imv_attestation/Makefile.am b/src/libimcv/plugins/imv_attestation/Makefile.am
index 6c5bf89..f353d30 100644
--- a/src/libimcv/plugins/imv_attestation/Makefile.am
+++ b/src/libimcv/plugins/imv_attestation/Makefile.am
@@ -2,6 +2,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libtpmtss \
-DPLUGINS=\""${attest_plugins}\""
AM_CFLAGS = \
@@ -11,6 +12,7 @@ imcv_LTLIBRARIES = imv-attestation.la
imv_attestation_la_LIBADD = \
$(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
imv_attestation_la_SOURCES = imv_attestation.c \
@@ -27,6 +29,7 @@ attest_SOURCES = attest.c \
attest_db.h attest_db.c
attest_LDADD = \
$(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
attest.o : $(top_builddir)/config.status
diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in
index d3f7900..61b92e0 100644
--- a/src/libimcv/plugins/imv_attestation/Makefile.in
+++ b/src/libimcv/plugins/imv_attestation/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = attest$(EXEEXT)
subdir = src/libimcv/plugins/imv_attestation
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -131,6 +140,7 @@ am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)"
LTLIBRARIES = $(imcv_LTLIBRARIES)
imv_attestation_la_DEPENDENCIES = \
$(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
am_imv_attestation_la_OBJECTS = imv_attestation.lo \
imv_attestation_state.lo imv_attestation_agent.lo \
@@ -149,6 +159,7 @@ am_attest_OBJECTS = attest.$(OBJEXT) attest_usage.$(OBJEXT) \
attest_db.$(OBJEXT)
attest_OBJECTS = $(am_attest_OBJECTS)
attest_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
AM_V_P = $(am__v_P_ at AM_V@)
am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
@@ -210,12 +221,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -265,6 +278,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -299,6 +313,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -410,6 +425,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -442,6 +458,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libtpmtss \
-DPLUGINS=\""${attest_plugins}\""
AM_CFLAGS = \
@@ -450,6 +467,7 @@ AM_CFLAGS = \
imcv_LTLIBRARIES = imv-attestation.la
imv_attestation_la_LIBADD = \
$(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
imv_attestation_la_SOURCES = imv_attestation.c \
@@ -465,6 +483,7 @@ attest_SOURCES = attest.c \
attest_LDADD = \
$(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libtpmtss/libtpmtss.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
EXTRA_DIST = build-database.sh
@@ -484,7 +503,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -847,6 +865,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecPROGRAMS
tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \
uninstall-ipsecPROGRAMS
+.PRECIOUS: Makefile
+
attest.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c
index f1a1f92..0344184 100644
--- a/src/libimcv/plugins/imv_attestation/attest_db.c
+++ b/src/libimcv/plugins/imv_attestation/attest_db.c
@@ -853,7 +853,7 @@ METHOD(attest_db_t, list_devices, void,
time_t timestamp;
int id, last_id = 0, ar_id = 0, last_ar_id = 0, device_count = 0, trusted;
int session_id, rec;
- u_int32_t ar_id_type;
+ uint32_t ar_id_type;
u_int tstamp;
e = this->db->query(this->db,
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c
index 91c12f3..89ba869 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c
@@ -217,7 +217,12 @@ static TNC_Result receive_msg(private_imv_attestation_agent_t *this,
DBG1(DBG_IMV, "received TCG-PTS error '%N'",
pts_error_code_names, error_code.type);
DBG1(DBG_IMV, "error information: %B", &msg_info);
- fatal_error = TRUE;
+
+ /* TPM 2.0 doesn't return TPM Version Information */
+ if (error_code.type != TCG_PTS_TPM_VERS_NOT_SUPPORTED)
+ {
+ fatal_error = TRUE;
+ }
}
break;
}
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
index c3e053d..b1ee16b 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
@@ -418,45 +418,31 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
case TCG_PTS_SIMPLE_EVID_FINAL:
{
tcg_pts_attr_simple_evid_final_t *attr_cast;
- uint8_t flags;
- pts_meas_algorithms_t comp_hash_algorithm;
- chunk_t pcr_comp, tpm_quote_sig, evid_sig;
- chunk_t pcr_composite, quote_info, result_buf;
+ tpm_tss_quote_info_t *quote_info;
+ chunk_t quoted = chunk_empty, quote_sig, evid_sig, result_buf;
imv_workitem_t *workitem;
imv_reason_string_t *reason_string;
+ hash_algorithm_t digest_alg;
enumerator_t *enumerator;
- bool use_quote2, use_ver_info;
bio_writer_t *result;
attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
- flags = attr_cast->get_quote_info(attr_cast, &comp_hash_algorithm,
- &pcr_comp, &tpm_quote_sig);
+ attr_cast->get_quote_info(attr_cast, "e_info, "e_sig);
- if (flags != PTS_SIMPLE_EVID_FINAL_NO)
+ if (quote_info->get_quote_mode(quote_info) != TPM_QUOTE_NONE)
{
- use_quote2 = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 ||
- flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER);
- use_ver_info = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER);
-
/* Construct PCR Composite and TPM Quote Info structures */
- if (!pts->get_quote_info(pts, use_quote2, use_ver_info,
- comp_hash_algorithm, &pcr_composite, "e_info))
- {
- DBG1(DBG_IMV, "unable to construct TPM Quote Info");
- return FALSE;
- }
-
- if (!chunk_equals_const(pcr_comp, pcr_composite))
+ if (!pts->get_quote(pts, quote_info, "ed))
{
- DBG1(DBG_IMV, "received PCR Composite does not match "
- "constructed one");
+ DBG1(DBG_IMV, "unable to construct TPM Quote Info digest");
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
goto quote_error;
}
- DBG2(DBG_IMV, "received PCR Composite matches constructed one");
+ digest_alg = quote_info->get_pcr_digest_alg(quote_info);
- if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
+ if (!pts->verify_quote_signature(pts, digest_alg, quoted,
+ quote_sig))
{
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
@@ -465,8 +451,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
DBG2(DBG_IMV, "TPM Quote Info signature verification successful");
quote_error:
- free(pcr_composite.ptr);
- free(quote_info.ptr);
+ chunk_free("ed);
/**
* Finalize any pending measurement registrations and check
diff --git a/src/libimcv/plugins/imv_hcd/Makefile.am b/src/libimcv/plugins/imv_hcd/Makefile.am
index 28926d4..0dce300 100644
--- a/src/libimcv/plugins/imv_hcd/Makefile.am
+++ b/src/libimcv/plugins/imv_hcd/Makefile.am
@@ -1,6 +1,7 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtpmtss \
-I$(top_srcdir)/src/libimcv
AM_CFLAGS = \
diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in
index c179a94..4fdbbf4 100644
--- a/src/libimcv/plugins/imv_hcd/Makefile.in
+++ b/src/libimcv/plugins/imv_hcd/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libimcv/plugins/imv_hcd
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -398,6 +411,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -429,6 +443,7 @@ xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtpmtss \
-I$(top_srcdir)/src/libimcv
AM_CFLAGS = \
@@ -459,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_hcd/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imv_hcd/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -763,6 +777,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-imcvLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/plugins/imv_os/Makefile.am b/src/libimcv/plugins/imv_os/Makefile.am
index 3b3f793..f5bc901 100644
--- a/src/libimcv/plugins/imv_os/Makefile.am
+++ b/src/libimcv/plugins/imv_os/Makefile.am
@@ -1,7 +1,8 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libtpmtss
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index c6f925a..d2997a9 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
@USE_WINDOWS_FALSE at ipsec_PROGRAMS = pacman$(EXEEXT)
subdir = src/libimcv/plugins/imv_os
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -406,6 +419,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -437,7 +451,8 @@ xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libtpmtss
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
@@ -471,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_os/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imv_os/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -831,6 +845,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecPROGRAMS
tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \
uninstall-ipsecPROGRAMS
+.PRECIOUS: Makefile
+
@USE_WINDOWS_FALSE at pacman.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.am b/src/libimcv/plugins/imv_scanner/Makefile.am
index 9881443..3b3ee81 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.am
+++ b/src/libimcv/plugins/imv_scanner/Makefile.am
@@ -1,7 +1,8 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libtpmtss
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index 0eee4d1..ffca30c 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libimcv/plugins/imv_scanner
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -431,7 +445,8 @@ xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libtpmtss
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
@@ -461,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_scanner/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imv_scanner/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -765,6 +779,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-imcvLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
index acef11c..8dce498 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
@@ -185,13 +185,13 @@ METHOD(imv_agent_if_t, receive_message_long, TNC_Result,
typedef struct port_range_t port_range_t;
struct port_range_t {
- u_int16_t start, stop;
+ uint16_t start, stop;
};
/**
* Parse a TCP or UDP port list from an argument string
*/
-static linked_list_t* get_port_list(u_int8_t protocol_family,
+static linked_list_t* get_port_list(uint8_t protocol_family,
bool closed_port_policy, char *arg_str)
{
chunk_t port_list, port_item, port_start;
@@ -336,8 +336,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
{
TNC_IMV_Evaluation_Result eval;
TNC_IMV_Action_Recommendation rec;
- u_int8_t protocol_family, protocol;
- u_int16_t port;
+ uint8_t protocol_family, protocol;
+ uint16_t port;
bool closed_port_policy, blocked, first;
char result_str[BUF_LEN], *pos, *protocol_str;
size_t len;
diff --git a/src/libimcv/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am
index 3a63b67..73da84b 100644
--- a/src/libimcv/plugins/imv_swid/Makefile.am
+++ b/src/libimcv/plugins/imv_swid/Makefile.am
@@ -1,6 +1,7 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtpmtss \
-I$(top_srcdir)/src/libimcv
AM_CFLAGS = \
diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in
index ce246da..aea48e7 100644
--- a/src/libimcv/plugins/imv_swid/Makefile.in
+++ b/src/libimcv/plugins/imv_swid/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libimcv/plugins/imv_swid
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -432,6 +446,7 @@ xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtpmtss \
-I$(top_srcdir)/src/libimcv
AM_CFLAGS = \
@@ -465,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -770,6 +784,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-imcvLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index 19cef20..30fa3c7 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libimcv/plugins/imv_test
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -199,12 +208,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -254,6 +265,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -288,6 +300,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -399,6 +412,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_test/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libimcv/plugins/imv_test/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -764,6 +777,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-imcvLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/pts/components/ita/ita_comp_ima.h b/src/libimcv/pts/components/ita/ita_comp_ima.h
index 546d0a4..0577ecc 100644
--- a/src/libimcv/pts/components/ita/ita_comp_ima.h
+++ b/src/libimcv/pts/components/ita/ita_comp_ima.h
@@ -29,7 +29,7 @@
* @param depth Sub-component depth
* @param pts_db PTS measurement database
*/
-pts_component_t* pts_ita_comp_ima_create(u_int32_t depth,
+pts_component_t* pts_ita_comp_ima_create(uint32_t depth,
pts_database_t *pts_db);
#endif /** PTS_ITA_COMP_IMA_H_ @}*/
diff --git a/src/libimcv/pts/components/ita/ita_comp_tboot.c b/src/libimcv/pts/components/ita/ita_comp_tboot.c
index 3d990f6..324c41f 100644
--- a/src/libimcv/pts/components/ita/ita_comp_tboot.c
+++ b/src/libimcv/pts/components/ita/ita_comp_tboot.c
@@ -43,7 +43,7 @@ struct pts_ita_comp_tboot_t {
/**
* Sub-component depth
*/
- u_int32_t depth;
+ uint32_t depth;
/**
* PTS measurement database
@@ -93,20 +93,20 @@ METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
return this->name;
}
-METHOD(pts_component_t, get_evidence_flags, u_int8_t,
+METHOD(pts_component_t, get_evidence_flags, uint8_t,
pts_ita_comp_tboot_t *this)
{
return PTS_REQ_FUNC_COMP_EVID_PCR;
}
-METHOD(pts_component_t, get_depth, u_int32_t,
+METHOD(pts_component_t, get_depth, uint32_t,
pts_ita_comp_tboot_t *this)
{
return this->depth;
}
METHOD(pts_component_t, measure, status_t,
- pts_ita_comp_tboot_t *this, u_int8_t qualifier, pts_t *pts,
+ pts_ita_comp_tboot_t *this, uint8_t qualifier, pts_t *pts,
pts_comp_evidence_t **evidence)
{
@@ -117,7 +117,7 @@ METHOD(pts_component_t, measure, status_t,
pts_comp_evidence_t *evid;
char *meas_hex, *pcr_before_hex, *pcr_after_hex;
chunk_t measurement, pcr_before, pcr_after;
- u_int32_t extended_pcr;
+ uint32_t extended_pcr;
switch (this->seq_no++)
{
@@ -183,11 +183,11 @@ METHOD(pts_component_t, measure, status_t,
}
METHOD(pts_component_t, verify, status_t,
- pts_ita_comp_tboot_t *this, u_int8_t qualifier,pts_t *pts,
+ pts_ita_comp_tboot_t *this, uint8_t qualifier,pts_t *pts,
pts_comp_evidence_t *evidence)
{
bool has_pcr_info;
- u_int32_t extended_pcr, vid, name;
+ uint32_t extended_pcr, vid, name;
enum_name_t *names;
pts_meas_algorithms_t algo;
pts_pcr_transform_t transform;
@@ -264,7 +264,7 @@ METHOD(pts_component_t, verify, status_t,
}
METHOD(pts_component_t, finalize, bool,
- pts_ita_comp_tboot_t *this, u_int8_t qualifier, bio_writer_t *result)
+ pts_ita_comp_tboot_t *this, uint8_t qualifier, bio_writer_t *result)
{
char result_buf[BUF_LEN];
@@ -304,7 +304,7 @@ METHOD(pts_component_t, destroy, void,
pts_ita_comp_tboot_t *this)
{
int count;
- u_int32_t vid, name;
+ uint32_t vid, name;
enum_name_t *names;
if (ref_put(&this->ref))
@@ -328,7 +328,7 @@ METHOD(pts_component_t, destroy, void,
/**
* See header
*/
-pts_component_t *pts_ita_comp_tboot_create(u_int32_t depth,
+pts_component_t *pts_ita_comp_tboot_create(uint32_t depth,
pts_database_t *pts_db)
{
pts_ita_comp_tboot_t *this;
diff --git a/src/libimcv/pts/components/ita/ita_comp_tboot.h b/src/libimcv/pts/components/ita/ita_comp_tboot.h
index 1e1a148..0459500 100644
--- a/src/libimcv/pts/components/ita/ita_comp_tboot.h
+++ b/src/libimcv/pts/components/ita/ita_comp_tboot.h
@@ -29,7 +29,7 @@
* @param depth Sub-component depth
* @param pts_db PTS measurement database
*/
-pts_component_t* pts_ita_comp_tboot_create(u_int32_t depth,
+pts_component_t* pts_ita_comp_tboot_create(uint32_t depth,
pts_database_t *pts_db);
#endif /** PTS_ITA_COMP_TBOOT_H_ @}*/
diff --git a/src/libimcv/pts/components/ita/ita_comp_tgrub.c b/src/libimcv/pts/components/ita/ita_comp_tgrub.c
index e955572..a5a1a9b 100644
--- a/src/libimcv/pts/components/ita/ita_comp_tgrub.c
+++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.c
@@ -42,7 +42,7 @@ struct pts_ita_comp_tgrub_t {
/**
* Sub-component depth
*/
- u_int32_t depth;
+ uint32_t depth;
/**
* PTS measurement database
@@ -62,27 +62,27 @@ METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
return this->name;
}
-METHOD(pts_component_t, get_evidence_flags, u_int8_t,
+METHOD(pts_component_t, get_evidence_flags, uint8_t,
pts_ita_comp_tgrub_t *this)
{
return PTS_REQ_FUNC_COMP_EVID_PCR;
}
-METHOD(pts_component_t, get_depth, u_int32_t,
+METHOD(pts_component_t, get_depth, uint32_t,
pts_ita_comp_tgrub_t *this)
{
return this->depth;
}
METHOD(pts_component_t, measure, status_t,
- pts_ita_comp_tgrub_t *this, u_int8_t qualifier, pts_t *pts,
+ pts_ita_comp_tgrub_t *this, uint8_t qualifier, pts_t *pts,
pts_comp_evidence_t **evidence)
{
size_t pcr_len;
pts_pcr_transform_t pcr_transform;
pts_meas_algorithms_t hash_algo;
pts_comp_evidence_t *evid;
- u_int32_t extended_pcr;
+ uint32_t extended_pcr;
time_t measurement_time;
chunk_t measurement, pcr_before, pcr_after;
@@ -90,7 +90,7 @@ METHOD(pts_component_t, measure, status_t,
extended_pcr = PCR_DEBUG;
time(&measurement_time);
- if (!pts->read_pcr(pts, extended_pcr, &pcr_after))
+ if (!pts->read_pcr(pts, extended_pcr, &pcr_after, HASH_SHA1))
{
DBG1(DBG_PTS, "error occurred while reading PCR: %d", extended_pcr);
return FAILED;
@@ -116,11 +116,11 @@ METHOD(pts_component_t, measure, status_t,
}
METHOD(pts_component_t, verify, status_t,
- pts_ita_comp_tgrub_t *this, u_int8_t qualifier, pts_t *pts,
+ pts_ita_comp_tgrub_t *this, uint8_t qualifier, pts_t *pts,
pts_comp_evidence_t *evidence)
{
bool has_pcr_info;
- u_int32_t extended_pcr;
+ uint32_t extended_pcr;
pts_meas_algorithms_t algo;
pts_pcr_transform_t transform;
pts_pcr_t *pcrs;
@@ -155,7 +155,7 @@ METHOD(pts_component_t, verify, status_t,
}
METHOD(pts_component_t, finalize, bool,
- pts_ita_comp_tgrub_t *this, u_int8_t qualifier, bio_writer_t *result)
+ pts_ita_comp_tgrub_t *this, uint8_t qualifier, bio_writer_t *result)
{
return FALSE;
}
@@ -180,7 +180,7 @@ METHOD(pts_component_t, destroy, void,
/**
* See header
*/
-pts_component_t *pts_ita_comp_tgrub_create(u_int32_t depth,
+pts_component_t *pts_ita_comp_tgrub_create(uint32_t depth,
pts_database_t *pts_db)
{
pts_ita_comp_tgrub_t *this;
diff --git a/src/libimcv/pts/components/ita/ita_comp_tgrub.h b/src/libimcv/pts/components/ita/ita_comp_tgrub.h
index 59913c8..7c856eb 100644
--- a/src/libimcv/pts/components/ita/ita_comp_tgrub.h
+++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.h
@@ -29,7 +29,7 @@
* @param depth Sub-component depth
* @param pts_db PTS measurement database
*/
-pts_component_t* pts_ita_comp_tgrub_create(u_int32_t depth,
+pts_component_t* pts_ita_comp_tgrub_create(uint32_t depth,
pts_database_t *pts_db);
#endif /** PTS_ITA_COMP_TGRUB_H_ @}*/
diff --git a/src/libimcv/pts/components/pts_comp_evidence.c b/src/libimcv/pts/components/pts_comp_evidence.c
index 08c3d5e..f039deb 100644
--- a/src/libimcv/pts/components/pts_comp_evidence.c
+++ b/src/libimcv/pts/components/pts_comp_evidence.c
@@ -37,7 +37,7 @@ struct private_pts_comp_evidence_t {
/**
* Sub-Component Depth
*/
- u_int32_t depth;
+ uint32_t depth;
/**
* Measurement Time
@@ -62,7 +62,7 @@ struct private_pts_comp_evidence_t {
/**
* PCR the measurement was extended into
*/
- u_int32_t extended_pcr;
+ uint32_t extended_pcr;
/**
* PCR value before extension
@@ -92,7 +92,7 @@ struct private_pts_comp_evidence_t {
};
METHOD(pts_comp_evidence_t, get_comp_func_name, pts_comp_func_name_t*,
- private_pts_comp_evidence_t *this, u_int32_t *depth)
+ private_pts_comp_evidence_t *this, uint32_t *depth)
{
if (depth)
{
@@ -101,14 +101,14 @@ METHOD(pts_comp_evidence_t, get_comp_func_name, pts_comp_func_name_t*,
return this->name;
}
-METHOD(pts_comp_evidence_t, get_extended_pcr, u_int32_t,
+METHOD(pts_comp_evidence_t, get_extended_pcr, uint32_t,
private_pts_comp_evidence_t *this)
{
return this->extended_pcr;
}
METHOD(pts_comp_evidence_t, get_measurement, chunk_t,
- private_pts_comp_evidence_t *this, u_int32_t *extended_pcr,
+ private_pts_comp_evidence_t *this, uint32_t *extended_pcr,
pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform,
time_t *measurement_time)
{
@@ -193,8 +193,8 @@ METHOD(pts_comp_evidence_t, destroy, void,
* See header
*/
pts_comp_evidence_t *pts_comp_evidence_create(pts_comp_func_name_t *name,
- u_int32_t depth,
- u_int32_t extended_pcr,
+ uint32_t depth,
+ uint32_t extended_pcr,
pts_meas_algorithms_t algo,
pts_pcr_transform_t transform,
time_t measurement_time,
diff --git a/src/libimcv/pts/components/pts_comp_evidence.h b/src/libimcv/pts/components/pts_comp_evidence.h
index 55776ce..6178c2a 100644
--- a/src/libimcv/pts/components/pts_comp_evidence.h
+++ b/src/libimcv/pts/components/pts_comp_evidence.h
@@ -70,14 +70,14 @@ struct pts_comp_evidence_t {
* @result Component Functional Name
*/
pts_comp_func_name_t* (*get_comp_func_name)(pts_comp_evidence_t *this,
- u_int32_t *depth);
+ uint32_t *depth);
/**
* Gets the PCR the measurement was extended into
*
* @result PCR the measurement was extended into
*/
- u_int32_t (*get_extended_pcr)(pts_comp_evidence_t *this);
+ uint32_t (*get_extended_pcr)(pts_comp_evidence_t *this);
/**
* Gets the measurement and the algorithms used
@@ -89,7 +89,7 @@ struct pts_comp_evidence_t {
* @result Measurement hash value
*/
chunk_t (*get_measurement)(pts_comp_evidence_t *this,
- u_int32_t *extended_pcr,
+ uint32_t *extended_pcr,
pts_meas_algorithms_t *algo,
pts_pcr_transform_t *transform,
time_t *measurement_time);
@@ -150,8 +150,8 @@ struct pts_comp_evidence_t {
* @param measurement Measurement hash value
*/
pts_comp_evidence_t* pts_comp_evidence_create(pts_comp_func_name_t *name,
- u_int32_t depth,
- u_int32_t extended_pcr,
+ uint32_t depth,
+ uint32_t extended_pcr,
pts_meas_algorithms_t algo,
pts_pcr_transform_t transform,
time_t measurement_time,
diff --git a/src/libimcv/pts/components/pts_comp_func_name.c b/src/libimcv/pts/components/pts_comp_func_name.c
index e12522e..00494e1 100644
--- a/src/libimcv/pts/components/pts_comp_func_name.c
+++ b/src/libimcv/pts/components/pts_comp_func_name.c
@@ -35,40 +35,40 @@ struct private_pts_comp_func_name_t {
/**
* PTS Component Functional Name Vendor ID
*/
- u_int32_t vid;
+ uint32_t vid;
/**
* PTS Component Functional Name
*/
- u_int32_t name;
+ uint32_t name;
/**
* PTS Component Functional Name Qualifier
*/
- u_int8_t qualifier;
+ uint8_t qualifier;
};
-METHOD(pts_comp_func_name_t, get_vendor_id, u_int32_t,
+METHOD(pts_comp_func_name_t, get_vendor_id, uint32_t,
private_pts_comp_func_name_t *this)
{
return this->vid;
}
-METHOD(pts_comp_func_name_t, get_name, u_int32_t,
+METHOD(pts_comp_func_name_t, get_name, uint32_t,
private_pts_comp_func_name_t *this)
{
return this->name;
}
-METHOD(pts_comp_func_name_t, get_qualifier, u_int8_t,
+METHOD(pts_comp_func_name_t, get_qualifier, uint8_t,
private_pts_comp_func_name_t *this)
{
return this->qualifier;
}
METHOD(pts_comp_func_name_t, set_qualifier, void,
- private_pts_comp_func_name_t *this, u_int8_t qualifier)
+ private_pts_comp_func_name_t *this, uint8_t qualifier)
{
this->qualifier = qualifier;
}
@@ -117,12 +117,12 @@ METHOD(pts_comp_func_name_t, log_, void,
if (names && types)
{
- DBG2(DBG_PTS, "%s%N functional component '%N' [%s] '%N'",
+ DBG3(DBG_PTS, "%s%N functional component '%N' [%s] '%N'",
label, pen_names, this->vid, names, this->name, flags, types, type);
}
else
{
- DBG2(DBG_PTS, "%s0x%06x functional component 0x%08x 0x%02x",
+ DBG3(DBG_PTS, "%s0x%06x functional component 0x%08x 0x%02x",
label, this->vid, this->name, this->qualifier);
}
}
@@ -136,8 +136,8 @@ METHOD(pts_comp_func_name_t, destroy, void,
/**
* See header
*/
-pts_comp_func_name_t* pts_comp_func_name_create(u_int32_t vid, u_int32_t name,
- u_int8_t qualifier)
+pts_comp_func_name_t* pts_comp_func_name_create(uint32_t vid, uint32_t name,
+ uint8_t qualifier)
{
private_pts_comp_func_name_t *this;
diff --git a/src/libimcv/pts/components/pts_comp_func_name.h b/src/libimcv/pts/components/pts_comp_func_name.h
index 90ad708..cb069c4 100644
--- a/src/libimcv/pts/components/pts_comp_func_name.h
+++ b/src/libimcv/pts/components/pts_comp_func_name.h
@@ -38,28 +38,28 @@ struct pts_comp_func_name_t {
*
* @return PTS Component Functional Name Vendor ID
*/
- u_int32_t (*get_vendor_id)(pts_comp_func_name_t *this);
+ uint32_t (*get_vendor_id)(pts_comp_func_name_t *this);
/**
* Get the PTS Component Functional Name
*
* @return PTS Component Functional Name
*/
- u_int32_t (*get_name)(pts_comp_func_name_t *this);
+ uint32_t (*get_name)(pts_comp_func_name_t *this);
/**
* Get the PTS Component Functional Name Qualifier
*
* @return PTS Component Functional Name Qualifier
*/
- u_int8_t (*get_qualifier)(pts_comp_func_name_t *this);
+ uint8_t (*get_qualifier)(pts_comp_func_name_t *this);
/**
* Set the PTS Component Functional Name Qualifier
*
* @param qualifier PTS Component Functional Name Qualifier to be set
*/
- void (*set_qualifier)(pts_comp_func_name_t *this, u_int8_t qualifier);
+ void (*set_qualifier)(pts_comp_func_name_t *this, uint8_t qualifier);
/**
* Check to PTS Component Functional Names for equality
@@ -97,7 +97,7 @@ struct pts_comp_func_name_t {
* @param name PTS Component Functional Name
* @param qualifier PTS Component Functional Name Qualifier
*/
-pts_comp_func_name_t* pts_comp_func_name_create(u_int32_t vid, u_int32_t name,
- u_int8_t qualifier);
+pts_comp_func_name_t* pts_comp_func_name_create(uint32_t vid, uint32_t name,
+ uint8_t qualifier);
#endif /** PTS_FUNC_COMP_NAME_H_ @}*/
diff --git a/src/libimcv/pts/components/pts_component.h b/src/libimcv/pts/components/pts_component.h
index 71b1ad5..1ca4458 100644
--- a/src/libimcv/pts/components/pts_component.h
+++ b/src/libimcv/pts/components/pts_component.h
@@ -49,14 +49,14 @@ struct pts_component_t {
*
* @return PTS Component Functional Name
*/
- u_int8_t (*get_evidence_flags)(pts_component_t *this);
+ uint8_t (*get_evidence_flags)(pts_component_t *this);
/**
* Get the PTS Sub-component Depth
*
* @return PTS Sub-component Depth
*/
- u_int32_t (*get_depth)(pts_component_t *this);
+ uint32_t (*get_depth)(pts_component_t *this);
/**
* Do evidence measurements on the PTS Functional Component
@@ -67,7 +67,7 @@ struct pts_component_t {
* @param measurements additional file measurements (NULL if not present)
* @return status return code
*/
- status_t (*measure)(pts_component_t *this, u_int8_t qualifier, pts_t *pts,
+ status_t (*measure)(pts_component_t *this, uint8_t qualifier, pts_t *pts,
pts_comp_evidence_t** evidence);
/**
@@ -78,7 +78,7 @@ struct pts_component_t {
* @param evidence component evidence measurement to be verified
* @return status return code
*/
- status_t (*verify)(pts_component_t *this, u_int8_t qualifier, pts_t *pts,
+ status_t (*verify)(pts_component_t *this, uint8_t qualifier, pts_t *pts,
pts_comp_evidence_t *evidence);
/**
@@ -89,7 +89,7 @@ struct pts_component_t {
* @param result writer appending concise measurement result
* @return TRUE if finalization successful
*/
- bool (*finalize)(pts_component_t *this, u_int8_t qualifier,
+ bool (*finalize)(pts_component_t *this, uint8_t qualifier,
bio_writer_t *result);
/**
diff --git a/src/libimcv/pts/components/pts_component_manager.c b/src/libimcv/pts/components/pts_component_manager.c
index 9c1375b..4f0004f 100644
--- a/src/libimcv/pts/components/pts_component_manager.c
+++ b/src/libimcv/pts/components/pts_component_manager.c
@@ -77,7 +77,7 @@ struct component_entry_t {
/**
* Vendor-Specific Component Functional Name
*/
- u_int32_t name;
+ uint32_t name;
/**
* Functional Component creation method
@@ -165,7 +165,7 @@ METHOD(pts_component_manager_t, get_qualifier_type_names, enum_name_t*,
}
METHOD(pts_component_manager_t, add_component, void,
- private_pts_component_manager_t *this, pen_t vendor_id, u_int32_t name,
+ private_pts_component_manager_t *this, pen_t vendor_id, uint32_t name,
pts_component_create_t create)
{
enumerator_t *enumerator;
@@ -210,13 +210,13 @@ METHOD(pts_component_manager_t, remove_vendor, void,
enumerator->destroy(enumerator);
}
-METHOD(pts_component_manager_t, get_qualifier, u_int8_t,
+METHOD(pts_component_manager_t, get_qualifier, uint8_t,
private_pts_component_manager_t *this, pts_comp_func_name_t *name,
char *flags)
{
enumerator_t *enumerator;
vendor_entry_t *entry;
- u_int8_t qualifier, size, flag, type = 0;
+ uint8_t qualifier, size, flag, type = 0;
int i;
enumerator = this->list->create_enumerator(this->list);
@@ -252,7 +252,7 @@ METHOD(pts_component_manager_t, get_qualifier, u_int8_t,
METHOD(pts_component_manager_t, create, pts_component_t*,
private_pts_component_manager_t *this,
- pts_comp_func_name_t *name, u_int32_t depth, pts_database_t *pts_db)
+ pts_comp_func_name_t *name, uint32_t depth, pts_database_t *pts_db)
{
enumerator_t *enumerator, *e2;
vendor_entry_t *entry;
diff --git a/src/libimcv/pts/components/pts_component_manager.h b/src/libimcv/pts/components/pts_component_manager.h
index 00f8765..bd1974b 100644
--- a/src/libimcv/pts/components/pts_component_manager.h
+++ b/src/libimcv/pts/components/pts_component_manager.h
@@ -30,7 +30,7 @@ typedef struct pts_component_manager_t pts_component_manager_t;
#include <library.h>
#include <pen/pen.h>
-typedef pts_component_t* (*pts_component_create_t)(u_int32_t depth,
+typedef pts_component_t* (*pts_component_create_t)(uint32_t depth,
pts_database_t *pts_db);
/**
@@ -61,7 +61,7 @@ struct pts_component_manager_t {
* @param create Functional Component creation method
*/
void (*add_component)(pts_component_manager_t *this, pen_t vendor_id,
- u_int32_t name, pts_component_create_t create);
+ uint32_t name, pts_component_create_t create);
/**
* Remove vendor-specific components and associated namespace
@@ -95,7 +95,7 @@ struct pts_component_manager_t {
* @param flags Qualifier Flags as a string in a char buffer
* @return Qualifier Type
*/
- u_int8_t (*get_qualifier)(pts_component_manager_t *this,
+ uint8_t (*get_qualifier)(pts_component_manager_t *this,
pts_comp_func_name_t *name, char *flags);
/**
@@ -107,7 +107,7 @@ struct pts_component_manager_t {
* @return Component object if supported, NULL else
*/
pts_component_t* (*create)(pts_component_manager_t *this,
- pts_comp_func_name_t *name, u_int32_t depth,
+ pts_comp_func_name_t *name, uint32_t depth,
pts_database_t *pts_db);
/**
diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c
index 1ca7209..2ba949e 100644
--- a/src/libimcv/pts/pts.c
+++ b/src/libimcv/pts/pts.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2012-2014 Andreas Steffen
+ * Copyright (C) 2012-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -21,21 +21,8 @@
#include <bio/bio_writer.h>
#include <bio/bio_reader.h>
-#ifdef TSS_TROUSERS
-#ifdef _BASETSD_H_
-/* MinGW defines _BASETSD_H_, but TSS checks for _BASETSD_H */
-# define _BASETSD_H
-#endif
-#include <trousers/tss.h>
-#include <trousers/trousers.h>
-#else
-#ifndef TPM_TAG_QUOTE_INFO2
-#define TPM_TAG_QUOTE_INFO2 0x0036
-#endif
-#ifndef TPM_LOC_ZERO
-#define TPM_LOC_ZERO 0x01
-#endif
-#endif
+#include <tpm_tss.h>
+#include <tpm_tss_trousers.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -43,6 +30,13 @@
#include <unistd.h>
#include <errno.h>
+#ifndef TPM_TAG_QUOTE_INFO2
+#define TPM_TAG_QUOTE_INFO2 0x0036
+#endif
+#ifndef TPM_LOC_ZERO
+#define TPM_LOC_ZERO 0x01
+#endif
+
typedef struct private_pts_t private_pts_t;
/**
@@ -102,9 +96,9 @@ struct private_pts_t {
bool is_imc;
/**
- * Do we have an activated TPM
+ * Active TPM
*/
- bool has_tpm;
+ tpm_tss_t *tpm;
/**
* Contains a TPM_CAP_VERSION_INFO struct
@@ -112,14 +106,14 @@ struct private_pts_t {
chunk_t tpm_version_info;
/**
- * Contains TSS Blob structure for AIK
+ * AIK object handle
*/
- chunk_t aik_blob;
+ uint32_t aik_handle;
/**
- * Contains a Attestation Identity Key or Certificate
+ * Contains an Attestation Identity Key Certificate
*/
- certificate_t *aik;
+ certificate_t *aik_cert;
/**
* Primary key referening AIK in database
@@ -191,7 +185,6 @@ METHOD(pts_t, set_dh_hash_algorithm, void,
}
}
-
METHOD(pts_t, create_dh_nonce, bool,
private_pts_t *this, pts_dh_group_t group, int nonce_len)
{
@@ -306,41 +299,6 @@ METHOD(pts_t, calculate_secret, bool,
return TRUE;
}
-#ifdef TSS_TROUSERS
-
-/**
- * Print TPM 1.2 Version Info
- */
-static void print_tpm_version_info(private_pts_t *this)
-{
- TPM_CAP_VERSION_INFO *info;
-
- info = (TPM_CAP_VERSION_INFO*)this->tpm_version_info.ptr;
-
- if (this->tpm_version_info.len >=
- sizeof(*info) - sizeof(info->vendorSpecific))
- {
- DBG2(DBG_PTS, "TPM Version Info: Chip Version: %u.%u.%u.%u, "
- "Spec Level: %u, Errata Rev: %u, Vendor ID: %.4s",
- info->version.major, info->version.minor,
- info->version.revMajor, info->version.revMinor,
- untoh16(&info->specLevel), info->errataRev, info->tpmVendorID);
- }
- else
- {
- DBG1(DBG_PTS, "could not parse tpm version info");
- }
-}
-
-#else
-
-static void print_tpm_version_info(private_pts_t *this)
-{
- DBG1(DBG_PTS, "unknown TPM version: no TSS implementation available");
-}
-
-#endif /* TSS_TROUSERS */
-
METHOD(pts_t, get_platform_id, int,
private_pts_t *this)
{
@@ -356,104 +314,135 @@ METHOD(pts_t, set_platform_id, void,
METHOD(pts_t, get_tpm_version_info, bool,
private_pts_t *this, chunk_t *info)
{
- if (!this->has_tpm)
- {
- return FALSE;
- }
- *info = this->tpm_version_info;
- print_tpm_version_info(this);
- return TRUE;
+ *info = this->tpm ? this->tpm->get_version_info(this->tpm) :
+ this->tpm_version_info;
+ return info->len > 0;
}
METHOD(pts_t, set_tpm_version_info, void,
private_pts_t *this, chunk_t info)
{
this->tpm_version_info = chunk_clone(info);
- print_tpm_version_info(this);
-}
-
-/**
- * Load an AIK Blob (TSS_TSPATTRIB_KEYBLOB_BLOB attribute)
- */
-static void load_aik_blob(private_pts_t *this)
-{
- char *path;
- chunk_t *map;
-
- path = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns);
- if (path)
- {
- map = chunk_map(path, FALSE);
- if (map)
- {
- DBG2(DBG_PTS, "loaded AIK Blob from '%s'", path);
- DBG3(DBG_PTS, "AIK Blob: %B", map);
- this->aik_blob = chunk_clone(*map);
- chunk_unmap(map);
- }
- else
- {
- DBG1(DBG_PTS, "unable to map AIK Blob file '%s': %s",
- path, strerror(errno));
- }
- }
- else
- {
- DBG1(DBG_PTS, "AIK Blob is not available");
- }
+ /* print_tpm_version_info(this); */
}
/**
- * Load an AIK certificate or public key
+ * Load an AIK handle and an optional AIK certificate and
+ * in the case of a TPM 1.2 an AIK private key blob plus matching public key,
* the certificate having precedence over the public key if both are present
*/
static void load_aik(private_pts_t *this)
{
- char *cert_path, *key_path;
+ char *handle_str, *cert_path, *key_path, *blob_path;
+ chunk_t aik_pubkey = chunk_empty;
+ handle_str = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-attestation.aik_handle", NULL, lib->ns);
cert_path = lib->settings->get_str(lib->settings,
"%s.plugins.imc-attestation.aik_cert", NULL, lib->ns);
key_path = lib->settings->get_str(lib->settings,
"%s.plugins.imc-attestation.aik_pubkey", NULL, lib->ns);
+ blob_path = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns);
+ if (handle_str)
+ {
+ this->aik_handle = strtoll(handle_str, NULL, 16);
+ }
if (cert_path)
{
- this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+ this->aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
CERT_X509, BUILD_FROM_FILE,
cert_path, BUILD_END);
- if (this->aik)
+ if (this->aik_cert)
{
DBG2(DBG_PTS, "loaded AIK certificate from '%s'", cert_path);
- return;
}
}
- if (key_path)
+
+ if (this->tpm->get_version(this->tpm) == TPM_VERSION_1_2)
{
- this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE,
- CERT_TRUSTED_PUBKEY, BUILD_FROM_FILE,
- key_path, BUILD_END);
- if (this->aik)
+ tpm_tss_trousers_t *tpm_12;
+ chunk_t aik_blob = chunk_empty;
+ chunk_t *map;
+
+ /* get AIK private key blob */
+ if (blob_path)
{
- DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path);
- return;
+ map = chunk_map(blob_path, FALSE);
+ if (map)
+ {
+ DBG2(DBG_PTS, "loaded AIK Blob from '%s'", blob_path);
+ DBG3(DBG_PTS, "AIK Blob: %B", map);
+ aik_blob = chunk_clone(*map);
+ chunk_unmap(map);
+ }
+ else
+ {
+ DBG1(DBG_PTS, "unable to map AIK Blob file '%s': %s",
+ blob_path, strerror(errno));
+ }
}
+ else
+ {
+ DBG1(DBG_PTS, "AIK Blob is not available");
+ }
+
+ /* get AIK public key */
+ if (key_path)
+ {
+ map = chunk_map(key_path, FALSE);
+ if (map)
+ {
+ DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path);
+ aik_pubkey = chunk_clone(*map);
+ chunk_unmap(map);
+ }
+ else
+ {
+ DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s",
+ key_path, strerror(errno));
+ }
+ }
+ else
+ {
+ DBG1(DBG_PTS, "AIK public key is not available");
+ }
+
+ /* Load AIK item into TPM 1.2 object */
+ tpm_12 = (tpm_tss_trousers_t *)this->tpm;
+ tpm_12->load_aik(tpm_12, aik_blob, aik_pubkey, this->aik_handle);
}
- DBG1(DBG_PTS, "neither AIK certificate nor public key is available");
+ /* if no signed X.509 AIK certificate is available use public key instead */
+ if (!this->aik_cert)
+ {
+ aik_pubkey = this->tpm->get_public(this->tpm, this->aik_handle);
+ if (aik_pubkey.len > 0)
+ {
+ this->aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+ CERT_TRUSTED_PUBKEY, BUILD_BLOB,
+ aik_pubkey, BUILD_END);
+ chunk_free(&aik_pubkey);
+ }
+ else
+ {
+ DBG1(DBG_PTS, "neither AIK certificate nor public key is available");
+ }
+ }
}
METHOD(pts_t, get_aik, certificate_t*,
private_pts_t *this)
{
- return this->aik;
+ return this->aik_cert;
}
METHOD(pts_t, set_aik, void,
private_pts_t *this, certificate_t *aik, int aik_id)
{
- DESTROY_IF(this->aik);
- this->aik = aik->get_ref(aik);
+ DESTROY_IF(this->aik_cert);
+ this->aik_cert = aik->get_ref(aik);
this->aik_id = aik_id;
}
@@ -611,312 +600,64 @@ METHOD(pts_t, get_metadata, pts_file_meta_t*,
return metadata;
}
-
-#ifdef TSS_TROUSERS
-
METHOD(pts_t, read_pcr, bool,
- private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value)
+ private_pts_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ hash_algorithm_t alg)
{
- TSS_HCONTEXT hContext;
- TSS_HTPM hTPM;
- TSS_RESULT result;
- BYTE *buf;
- UINT32 len;
-
- bool success = FALSE;
-
- result = Tspi_Context_Create(&hContext);
- if (result != TSS_SUCCESS)
- {
- DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", result);
- return FALSE;
- }
-
- result = Tspi_Context_Connect(hContext, NULL);
- if (result != TSS_SUCCESS)
- {
- goto err;
- }
- result = Tspi_Context_GetTpmObject (hContext, &hTPM);
- if (result != TSS_SUCCESS)
- {
- goto err;
- }
- result = Tspi_TPM_PcrRead(hTPM, pcr_num, &len, &buf);
- if (result != TSS_SUCCESS)
- {
- goto err;
- }
- *pcr_value = chunk_clone(chunk_create(buf, len));
- DBG3(DBG_PTS, "PCR %d value:%B", pcr_num, pcr_value);
- success = TRUE;
-
-err:
- if (!success)
- {
- DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result);
- }
- Tspi_Context_FreeMemory(hContext, NULL);
- Tspi_Context_Close(hContext);
-
- return success;
+ return this->tpm ? this->tpm->read_pcr(this->tpm, pcr_num, pcr_value, alg)
+ : FALSE;
}
METHOD(pts_t, extend_pcr, bool,
- private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output)
+ private_pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, chunk_t data,
+ hash_algorithm_t alg)
{
- TSS_HCONTEXT hContext;
- TSS_HTPM hTPM;
- TSS_RESULT result;
- u_int32_t pcr_length;
- chunk_t pcr_value = chunk_empty;
-
- result = Tspi_Context_Create(&hContext);
- if (result != TSS_SUCCESS)
+ if (!this->tpm->extend_pcr(this->tpm, pcr_num, pcr_value, data, alg))
{
- DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x",
- result);
return FALSE;
}
- result = Tspi_Context_Connect(hContext, NULL);
- if (result != TSS_SUCCESS)
- {
- goto err;
- }
- result = Tspi_Context_GetTpmObject (hContext, &hTPM);
- if (result != TSS_SUCCESS)
- {
- goto err;
- }
-
- pcr_value = chunk_alloc(PTS_PCR_LEN);
- result = Tspi_TPM_PcrExtend(hTPM, pcr_num, PTS_PCR_LEN, input.ptr,
- NULL, &pcr_length, &pcr_value.ptr);
- if (result != TSS_SUCCESS)
- {
- goto err;
- }
-
- *output = pcr_value;
- *output = chunk_clone(*output);
-
- DBG3(DBG_PTS, "PCR %d extended with: %B", pcr_num, &input);
- DBG3(DBG_PTS, "PCR %d value after extend: %B", pcr_num, output);
-
- chunk_clear(&pcr_value);
- Tspi_Context_FreeMemory(hContext, NULL);
- Tspi_Context_Close(hContext);
+ DBG3(DBG_PTS, "PCR %d extended with: %#B", pcr_num, &data);
+ DBG3(DBG_PTS, "PCR %d after extension: %#B", pcr_num, pcr_value);
return TRUE;
-
-err:
- DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result);
-
- chunk_clear(&pcr_value);
- Tspi_Context_FreeMemory(hContext, NULL);
- Tspi_Context_Close(hContext);
-
- return FALSE;
}
-METHOD(pts_t, quote_tpm, bool,
- private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig)
+METHOD(pts_t, quote, bool,
+ private_pts_t *this, tpm_quote_mode_t *quote_mode,
+ tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig)
{
- TSS_HCONTEXT hContext;
- TSS_HTPM hTPM;
- TSS_HKEY hAIK;
- TSS_HKEY hSRK;
- TSS_HPOLICY srkUsagePolicy;
- TSS_UUID SRK_UUID = TSS_UUID_SRK;
- BYTE secret[] = TSS_WELL_KNOWN_SECRET;
- TSS_HPCRS hPcrComposite;
- TSS_VALIDATION valData;
- TSS_RESULT result;
- chunk_t quote_info;
- BYTE* versionInfo;
- u_int32_t versionInfoSize, pcr;
+ chunk_t pcr_value, pcr_computed;
+ uint32_t pcr, pcr_sel = 0;
enumerator_t *enumerator;
- bool success = FALSE;
-
- result = Tspi_Context_Create(&hContext);
- if (result != TSS_SUCCESS)
- {
- DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x",
- result);
- return FALSE;
- }
- result = Tspi_Context_Connect(hContext, NULL);
- if (result != TSS_SUCCESS)
- {
- goto err1;
- }
- result = Tspi_Context_GetTpmObject (hContext, &hTPM);
- if (result != TSS_SUCCESS)
- {
- goto err1;
- }
-
- /* Retrieve SRK from TPM and set the authentication to well known secret*/
- result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
- SRK_UUID, &hSRK);
- if (result != TSS_SUCCESS)
- {
- goto err1;
- }
-
- result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy);
- if (result != TSS_SUCCESS)
- {
- goto err1;
- }
- result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1,
- 20, secret);
- if (result != TSS_SUCCESS)
- {
- goto err1;
- }
- result = Tspi_Context_LoadKeyByBlob (hContext, hSRK, this->aik_blob.len,
- this->aik_blob.ptr, &hAIK);
- if (result != TSS_SUCCESS)
- {
- goto err1;
- }
-
- /* Create PCR composite object */
- result = use_quote2 ?
- Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS,
- TSS_PCRS_STRUCT_INFO_SHORT, &hPcrComposite) :
- Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS,
- TSS_PCRS_STRUCT_DEFAULT, &hPcrComposite);
- if (result != TSS_SUCCESS)
- {
- goto err2;
- }
-
- /* Select PCRs */
+ /* select PCRs */
+ DBG2(DBG_PTS, "PCR values hashed into PCR Composite:");
enumerator = this->pcrs->create_enumerator(this->pcrs);
while (enumerator->enumerate(enumerator, &pcr))
{
- result = use_quote2 ?
- Tspi_PcrComposite_SelectPcrIndexEx(hPcrComposite, pcr,
- TSS_PCRS_DIRECTION_RELEASE) :
- Tspi_PcrComposite_SelectPcrIndex(hPcrComposite, pcr);
- if (result != TSS_SUCCESS)
+ if (this->tpm->read_pcr(this->tpm, pcr, &pcr_value, HASH_SHA1))
{
- break;
- }
- }
- enumerator->destroy(enumerator);
+ pcr_computed = this->pcrs->get(this->pcrs, pcr);
+ DBG2(DBG_PTS, "PCR %2d %#B %s", pcr, &pcr_value,
+ chunk_equals(pcr_value, pcr_computed) ? "ok" : "differs");
+ chunk_free(&pcr_value);
+ };
- if (result != TSS_SUCCESS)
- {
- goto err3;
+ /* add PCR to selection list */
+ pcr_sel |= (1 << pcr);
}
-
- /* Set the Validation Data */
- valData.ulExternalDataLength = this->secret.len;
- valData.rgbExternalData = (BYTE *)this->secret.ptr;
-
+ enumerator->destroy(enumerator);
/* TPM Quote */
- result = use_quote2 ?
- Tspi_TPM_Quote2(hTPM, hAIK, FALSE, hPcrComposite, &valData,
- &versionInfoSize, &versionInfo):
- Tspi_TPM_Quote(hTPM, hAIK, hPcrComposite, &valData);
- if (result != TSS_SUCCESS)
- {
- goto err4;
- }
-
- /* Set output chunks */
- *pcr_comp = chunk_alloc(HASH_SIZE_SHA1);
-
- if (use_quote2)
- {
- /* TPM_Composite_Hash is last 20 bytes of TPM_Quote_Info2 structure */
- memcpy(pcr_comp->ptr, valData.rgbData + valData.ulDataLength - HASH_SIZE_SHA1,
- HASH_SIZE_SHA1);
- }
- else
- {
- /* TPM_Composite_Hash is 8-28th bytes of TPM_Quote_Info structure */
- memcpy(pcr_comp->ptr, valData.rgbData + 8, HASH_SIZE_SHA1);
- }
- DBG3(DBG_PTS, "Hash of PCR Composite: %#B", pcr_comp);
-
- quote_info = chunk_create(valData.rgbData, valData.ulDataLength);
- DBG3(DBG_PTS, "TPM Quote Info: %B","e_info);
-
- *quote_sig = chunk_clone(chunk_create(valData.rgbValidationData,
- valData.ulValidationDataLength));
- DBG3(DBG_PTS, "TPM Quote Signature: %B",quote_sig);
-
- success = TRUE;
-
- /* Cleanup */
-err4:
- Tspi_Context_FreeMemory(hContext, NULL);
-
-err3:
- Tspi_Context_CloseObject(hContext, hPcrComposite);
-
-err2:
- Tspi_Context_CloseObject(hContext, hAIK);
-
-err1:
- Tspi_Context_Close(hContext);
- if (!success)
- {
- DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result);
- }
- return success;
-}
-
-#else /* TSS_TROUSERS */
-
-METHOD(pts_t, read_pcr, bool,
- private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value)
-{
- return FALSE;
-}
-
-METHOD(pts_t, extend_pcr, bool,
- private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output)
-{
- return FALSE;
-}
-
-METHOD(pts_t, quote_tpm, bool,
- private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig)
-{
- return FALSE;
+ return this->tpm->quote(this->tpm, this->aik_handle, pcr_sel, HASH_SHA1,
+ this->secret, quote_mode, quote_info, quote_sig);
}
-#endif /* TSS_TROUSERS */
-
-/**
- * TPM_QUOTE_INFO structure:
- * 4 bytes of version
- * 4 bytes 'Q' 'U' 'O' 'T'
- * 20 byte SHA1 of TCPA_PCR_COMPOSITE
- * 20 byte nonce
- *
- * TPM_QUOTE_INFO2 structure:
- * 2 bytes Tag 0x0036 TPM_Tag_Quote_info2
- * 4 bytes 'Q' 'U' 'T' '2'
- * 20 bytes nonce
- * 26 bytes PCR_INFO_SHORT
- */
-
-METHOD(pts_t, get_quote_info, bool,
- private_pts_t *this, bool use_quote2, bool use_ver_info,
- pts_meas_algorithms_t comp_hash_algo,
- chunk_t *out_pcr_comp, chunk_t *out_quote_info)
+METHOD(pts_t, get_quote, bool,
+ private_pts_t *this, tpm_tss_quote_info_t *quote_info, chunk_t *quoted)
{
- chunk_t selection, pcr_comp, hash_pcr_comp;
- bio_writer_t *writer;
- hasher_t *hasher;
+ tpm_tss_pcr_composite_t *pcr_composite;
+ bool success;
if (!this->pcrs->get_count(this->pcrs))
{
@@ -930,128 +671,93 @@ METHOD(pts_t, get_quote_info, bool,
"unable to construct TPM Quote Info");
return FALSE;
}
- if (use_quote2 && use_ver_info && !this->tpm_version_info.ptr)
- {
- DBG1(DBG_PTS, "TPM Version Information unavailable, ",
- "unable to construct TPM Quote Info2");
- return FALSE;
- }
-
- pcr_comp = this->pcrs->get_composite(this->pcrs);
-
-
- /* Output the TPM_PCR_COMPOSITE expected from IMC */
- if (comp_hash_algo)
+ if (quote_info->get_quote_mode(quote_info) == TPM_QUOTE2_VERSION_INFO)
{
- hash_algorithm_t algo;
-
- algo = pts_meas_algo_to_hash(comp_hash_algo);
- hasher = lib->crypto->create_hasher(lib->crypto, algo);
-
- /* Hash the PCR Composite Structure */
- if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp))
+ if (!this->tpm_version_info.ptr)
{
- DESTROY_IF(hasher);
- free(pcr_comp.ptr);
+ DBG1(DBG_PTS, "TPM Version Information unavailable, ",
+ "unable to construct TPM Quote Info2");
return FALSE;
}
- DBG3(DBG_PTS, "constructed PCR Composite hash: %#B", out_pcr_comp);
- hasher->destroy(hasher);
+ quote_info->set_version_info(quote_info, this->tpm_version_info);
}
- else
- {
- *out_pcr_comp = chunk_clone(pcr_comp);
- }
-
- /* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */
- hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp))
- {
- DESTROY_IF(hasher);
- chunk_free(out_pcr_comp);
- free(pcr_comp.ptr);
- return FALSE;
- }
- hasher->destroy(hasher);
-
- /* Construct TPM_QUOTE_INFO/TPM_QUOTE_INFO2 structure */
- writer = bio_writer_create(TPM_QUOTE_INFO_LEN);
-
- if (use_quote2)
- {
- /* TPM Structure Tag */
- writer->write_uint16(writer, TPM_TAG_QUOTE_INFO2);
-
- /* Magic QUT2 value */
- writer->write_data(writer, chunk_create("QUT2", 4));
-
- /* Secret assessment value 20 bytes (nonce) */
- writer->write_data(writer, this->secret);
-
- /* PCR selection */
- selection.ptr = pcr_comp.ptr;
- selection.len = 2 + this->pcrs->get_selection_size(this->pcrs);
- writer->write_data(writer, selection);
-
- /* TPM Locality Selection */
- writer->write_uint8(writer, TPM_LOC_ZERO);
-
- /* PCR Composite Hash */
- writer->write_data(writer, hash_pcr_comp);
-
- if (use_ver_info)
- {
- /* TPM version Info */
- writer->write_data(writer, this->tpm_version_info);
- }
- }
- else
- {
- /* Version number */
- writer->write_data(writer, chunk_from_chars(1, 1, 0, 0));
-
- /* Magic QUOT value */
- writer->write_data(writer, chunk_create("QUOT", 4));
-
- /* PCR Composite Hash */
- writer->write_data(writer, hash_pcr_comp);
-
- /* Secret assessment value 20 bytes (nonce) */
- writer->write_data(writer, this->secret);
- }
-
- /* TPM Quote Info */
- *out_quote_info = writer->extract_buf(writer);
- DBG3(DBG_PTS, "constructed TPM Quote Info: %B", out_quote_info);
+ pcr_composite = this->pcrs->get_composite(this->pcrs);
- writer->destroy(writer);
- free(pcr_comp.ptr);
- free(hash_pcr_comp.ptr);
+ success = quote_info->get_quote(quote_info, this->secret,
+ pcr_composite, quoted);
+ chunk_free(&pcr_composite->pcr_select);
+ chunk_free(&pcr_composite->pcr_composite);
+ free(pcr_composite);
- return TRUE;
+ return success;
}
METHOD(pts_t, verify_quote_signature, bool,
- private_pts_t *this, chunk_t data, chunk_t signature)
+ private_pts_t *this, hash_algorithm_t digest_alg, chunk_t digest,
+ chunk_t signature)
{
- public_key_t *aik_pub_key;
+ public_key_t *aik_pubkey;
+ signature_scheme_t scheme;
- aik_pub_key = this->aik->get_public_key(this->aik);
- if (!aik_pub_key)
+ aik_pubkey = this->aik_cert->get_public_key(this->aik_cert);
+ if (!aik_pubkey)
{
DBG1(DBG_PTS, "failed to get public key from AIK certificate");
return FALSE;
}
- if (!aik_pub_key->verify(aik_pub_key, SIGN_RSA_EMSA_PKCS1_SHA1,
- data, signature))
+ /* Determine signing scheme */
+ switch (aik_pubkey->get_type(aik_pubkey))
+ {
+ case KEY_RSA:
+ switch (digest_alg)
+ {
+ case HASH_SHA1:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
+ break;
+ case HASH_SHA256:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
+ break;
+ case HASH_SHA384:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
+ break;
+ case HASH_SHA512:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
+ break;
+ default:
+ scheme = SIGN_UNKNOWN;
+ }
+ break;
+ case KEY_ECDSA:
+ switch (digest_alg)
+ {
+ case HASH_SHA256:
+ scheme = SIGN_ECDSA_256;
+ break;
+ case HASH_SHA384:
+ scheme = SIGN_ECDSA_384;
+ break;
+ case HASH_SHA512:
+ scheme = SIGN_ECDSA_521;
+ break;
+ default:
+ scheme = SIGN_UNKNOWN;
+ }
+ break;
+ default:
+ DBG1(DBG_PTS, "%N AIK key type not supported", key_type_names,
+ aik_pubkey->get_type(aik_pubkey));
+ return FALSE;
+ }
+
+ if (!aik_pubkey->verify(aik_pubkey, scheme, digest, signature))
{
DBG1(DBG_PTS, "signature verification failed for TPM Quote Info");
- DESTROY_IF(aik_pub_key);
+ DESTROY_IF(aik_pubkey);
return FALSE;
}
- aik_pub_key->destroy(aik_pub_key);
+ aik_pubkey->destroy(aik_pubkey);
return TRUE;
}
@@ -1064,78 +770,17 @@ METHOD(pts_t, get_pcrs, pts_pcr_t*,
METHOD(pts_t, destroy, void,
private_pts_t *this)
{
+ DESTROY_IF(this->tpm);
DESTROY_IF(this->pcrs);
- DESTROY_IF(this->aik);
+ DESTROY_IF(this->aik_cert);
DESTROY_IF(this->dh);
free(this->initiator_nonce.ptr);
free(this->responder_nonce.ptr);
free(this->secret.ptr);
- free(this->aik_blob.ptr);
free(this->tpm_version_info.ptr);
free(this);
}
-
-#ifdef TSS_TROUSERS
-
-/**
- * Check for a TPM by querying for TPM Version Info
- */
-static bool has_tpm(private_pts_t *this)
-{
- TSS_HCONTEXT hContext;
- TSS_HTPM hTPM;
- TSS_RESULT result;
- u_int32_t version_info_len;
-
- result = Tspi_Context_Create(&hContext);
- if (result != TSS_SUCCESS)
- {
- DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x",
- result);
- return FALSE;
- }
- result = Tspi_Context_Connect(hContext, NULL);
- if (result != TSS_SUCCESS)
- {
- goto err;
- }
- result = Tspi_Context_GetTpmObject (hContext, &hTPM);
- if (result != TSS_SUCCESS)
- {
- goto err;
- }
- result = Tspi_TPM_GetCapability(hTPM, TSS_TPMCAP_VERSION_VAL, 0, NULL,
- &version_info_len,
- &this->tpm_version_info.ptr);
- this->tpm_version_info.len = version_info_len;
- if (result != TSS_SUCCESS)
- {
- goto err;
- }
- this->tpm_version_info = chunk_clone(this->tpm_version_info);
-
- Tspi_Context_FreeMemory(hContext, NULL);
- Tspi_Context_Close(hContext);
- return TRUE;
-
- err:
- DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result);
- Tspi_Context_FreeMemory(hContext, NULL);
- Tspi_Context_Close(hContext);
- return FALSE;
-}
-
-#else /* TSS_TROUSERS */
-
-static bool has_tpm(private_pts_t *this)
-{
- return FALSE;
-}
-
-#endif /* TSS_TROUSERS */
-
-
/**
* See header
*/
@@ -1174,9 +819,9 @@ pts_t *pts_create(bool is_imc)
.get_metadata = _get_metadata,
.read_pcr = _read_pcr,
.extend_pcr = _extend_pcr,
- .quote_tpm = _quote_tpm,
+ .quote = _quote,
.get_pcrs = _get_pcrs,
- .get_quote_info = _get_quote_info,
+ .get_quote = _get_quote,
.verify_quote_signature = _verify_quote_signature,
.destroy = _destroy,
},
@@ -1189,12 +834,11 @@ pts_t *pts_create(bool is_imc)
if (is_imc)
{
- if (has_tpm(this))
+ this->tpm = tpm_tss_probe(TPM_VERSION_ANY);
+ if (this->tpm)
{
- this->has_tpm = TRUE;
this->proto_caps |= PTS_PROTO_CAPS_T | PTS_PROTO_CAPS_D;
load_aik(this);
- load_aik_blob(this);
}
}
else
diff --git a/src/libimcv/pts/pts.h b/src/libimcv/pts/pts.h
index d525306..f3da659 100644
--- a/src/libimcv/pts/pts.h
+++ b/src/libimcv/pts/pts.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
- * Copyright (C) 2012-2014 Andreas Steffen
+ * Copyright (C) 2012-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -32,9 +32,10 @@ typedef struct pts_t pts_t;
#include "pts_dh_group.h"
#include "pts_pcr.h"
#include "pts_req_func_comp_evid.h"
-#include "pts_simple_evid_final.h"
#include "components/pts_comp_func_name.h"
+#include <tpm_tss_quote_info.h>
+
#include <library.h>
#include <collections/linked_list.h>
@@ -71,11 +72,6 @@ typedef struct pts_t pts_t;
#define ASSESSMENT_SECRET_LEN 20
/**
- * Length of the TPM_QUOTE_INFO structure, TPM Spec 1.2
- */
-#define TPM_QUOTE_INFO_LEN 48
-
-/**
* Hashing algorithm used by tboot and trustedGRUB
*/
#define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
@@ -236,39 +232,39 @@ struct pts_t {
pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_dir);
/**
- * Reads given PCR value and returns it
- * Expects owner secret to be WELL_KNOWN_SECRET
+ * Retrieve the current value of a PCR register in a given PCR bank
*
- * @param pcr_num Number of PCR to read
- * @param pcr_value Chunk to save pcr read output
- * @return NULL in case of TSS error, PCR value otherwise
+ * @param pcr_num PCR number
+ * @param pcr_value PCR value returned
+ * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
+ * @return TRUE if PCR value retrieval succeeded
*/
- bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
+ bool (*read_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ hash_algorithm_t alg);
/**
- * Extends given PCR with given value
- * Expects owner secret to be WELL_KNOWN_SECRET
+ * Extend a PCR register in a given PCR bank with a hash value
*
- * @param pcr_num Number of PCR to extend
- * @param input Value to extend
- * @param output Chunk to save PCR value after extension
- * @return FALSE in case of TSS error, TRUE otherwise
+ * @param pcr_num PCR number
+ * @param pcr_value extended PCR value returned
+ * @param hash data to be extended into the PCR
+ * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
+ * @return TRUE if PCR extension succeeded
*/
- bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
- chunk_t *output);
+ bool (*extend_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ chunk_t data, hash_algorithm_t alg);
/**
* Quote over PCR's
* Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
*
- * @param use_quote2 Version of the Quote function to be used
- * @param pcr_comp Chunk to save PCR composite structure
- * @param quote_sig Chunk to save quote operation output
- * without external data (anti-replay protection)
- * @return FALSE in case of TSS error, TRUE otherwise
+ * @param quote_mode type of Quote signature
+ * @param quote_info returns various info covered by Quote signature
+ * @param quote_sig returns Quote signature
+ * @return FALSE in case of Quote error, TRUE otherwise
*/
- bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp,
- chunk_t *quote_sig);
+ bool (*quote)(pts_t *this, tpm_quote_mode_t *quote_mode,
+ tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);
/**
* Get the shadow PCR set
@@ -277,28 +273,26 @@ struct pts_t {
*/
pts_pcr_t* (*get_pcrs)(pts_t *this);
- /**
- * Constructs and returns TPM Quote Info structure expected from IMC
+ /**
+ * Computes digest of the constructed TPM Quote Info structure
*
- * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed
- * @param use_ver_info Version info is concatenated to TPM_QUOTE_INFO2
- * @param comp_hash_algo Composite Hash Algorithm
- * @param pcr_comp Output variable to store PCR Composite
- * @param quote_info Output variable to store TPM Quote Info
+ * @param quote_info TPM Quote Info as received from IMC
+ * @param quoted Encoding of TPM Quote Info
* @return FALSE in case of any error, TRUE otherwise
*/
- bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included,
- pts_meas_algorithms_t comp_hash_algo,
- chunk_t *pcr_comp, chunk_t *quote_info);
+ bool (*get_quote)(pts_t *this, tpm_tss_quote_info_t *quote_info,
+ chunk_t *quoted);
/**
* Constructs and returns PCR Quote Digest structure expected from IMC
*
- * @param data Calculated TPM Quote Digest
+ * @param digest_alg Hash algorithm used for TPM Quote Digest
+ * @param digest Calculated TPM Quote Digest
* @param signature TPM Quote Signature received from IMC
* @return FALSE if signature is not verified
*/
- bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
+ bool (*verify_quote_signature)(pts_t *this, hash_algorithm_t digest_alg,
+ chunk_t digest, chunk_t signature);
/**
* Destroys a pts_t object.
diff --git a/src/libimcv/pts/pts_file_meas.c b/src/libimcv/pts/pts_file_meas.c
index 966d54b..6cfb86c 100644
--- a/src/libimcv/pts/pts_file_meas.c
+++ b/src/libimcv/pts/pts_file_meas.c
@@ -39,7 +39,7 @@ struct private_pts_file_meas_t {
/**
* ID of PTS File Measurement Request
*/
- u_int16_t request_id;
+ uint16_t request_id;
/**
* List of File Measurements
@@ -70,7 +70,7 @@ static void free_entry(entry_t *entry)
}
}
-METHOD(pts_file_meas_t, get_request_id, u_int16_t,
+METHOD(pts_file_meas_t, get_request_id, uint16_t,
private_pts_file_meas_t *this)
{
return this->request_id;
@@ -266,7 +266,7 @@ METHOD(pts_file_meas_t, destroy, void,
/**
* See header
*/
-pts_file_meas_t *pts_file_meas_create(u_int16_t request_id)
+pts_file_meas_t *pts_file_meas_create(uint16_t request_id)
{
private_pts_file_meas_t *this;
@@ -334,7 +334,7 @@ static bool hash_file(hasher_t *hasher, char *pathname, u_char *hash)
/**
* See header
*/
-pts_file_meas_t *pts_file_meas_create_from_path(u_int16_t request_id,
+pts_file_meas_t *pts_file_meas_create_from_path(uint16_t request_id,
char *pathname, bool is_dir, bool use_rel_name,
pts_meas_algorithms_t alg)
{
diff --git a/src/libimcv/pts/pts_file_meas.h b/src/libimcv/pts/pts_file_meas.h
index 4bf28e2..5140069 100644
--- a/src/libimcv/pts/pts_file_meas.h
+++ b/src/libimcv/pts/pts_file_meas.h
@@ -38,7 +38,7 @@ struct pts_file_meas_t {
*
* @return ID of PTS File Measurement Request
*/
- u_int16_t (*get_request_id)(pts_file_meas_t *this);
+ uint16_t (*get_request_id)(pts_file_meas_t *this);
/**
* Get the number of measured files
@@ -94,7 +94,7 @@ struct pts_file_meas_t {
*
* @param request_id ID of PTS File Measurement Request
*/
-pts_file_meas_t* pts_file_meas_create(u_int16_t request_id);
+pts_file_meas_t* pts_file_meas_create(uint16_t request_id);
/**
* Creates a pts_file_meas_t object measuring a file/directory
@@ -105,7 +105,7 @@ pts_file_meas_t* pts_file_meas_create(u_int16_t request_id);
* @param use_rel_name TRUE if relative filenames are to be used
* @param alg PTS hash measurement algorithm to be used
*/
-pts_file_meas_t* pts_file_meas_create_from_path(u_int16_t request_id,
+pts_file_meas_t* pts_file_meas_create_from_path(uint16_t request_id,
char* pathname, bool is_dir, bool use_rel_name,
pts_meas_algorithms_t alg);
diff --git a/src/libimcv/pts/pts_file_meta.h b/src/libimcv/pts/pts_file_meta.h
index 3f18133..b02b142 100644
--- a/src/libimcv/pts/pts_file_meta.h
+++ b/src/libimcv/pts/pts_file_meta.h
@@ -34,12 +34,12 @@ typedef struct pts_file_metadata_t pts_file_metadata_t;
*/
struct pts_file_metadata_t {
pts_file_type_t type;
- u_int64_t filesize;
- u_int64_t created;
- u_int64_t modified;
- u_int64_t accessed;
- u_int64_t owner;
- u_int64_t group;
+ uint64_t filesize;
+ uint64_t created;
+ uint64_t modified;
+ uint64_t accessed;
+ uint64_t owner;
+ uint64_t group;
char *filename;
};
diff --git a/src/libimcv/pts/pts_ima_bios_list.c b/src/libimcv/pts/pts_ima_bios_list.c
index 5051b6c..7caa514 100644
--- a/src/libimcv/pts/pts_ima_bios_list.c
+++ b/src/libimcv/pts/pts_ima_bios_list.c
@@ -61,6 +61,8 @@ enum event_type_t {
EV_EFI_PLATFORM_FIRMWARE_BLOB = 0x80000008,
EV_EFI_HANDOFF_TABLES = 0x80000009,
+ EV_EFI_HCRTM_EVENT = 0x80000010,
+
EV_EFI_VARIABLE_AUTHORITY = 0x800000E0
};
@@ -85,7 +87,6 @@ ENUM_BEGIN(event_type_names, EV_PREBOOT_CERT, EV_OMIT_BOOT_DEVICE_EVENTS,
"Nonhost Info",
"Omit Boot Device Events"
);
-
ENUM_NEXT(event_type_names, EV_EFI_EVENT_BASE, EV_EFI_HANDOFF_TABLES,
EV_OMIT_BOOT_DEVICE_EVENTS,
"EFI Event Base",
@@ -99,8 +100,12 @@ ENUM_NEXT(event_type_names, EV_EFI_EVENT_BASE, EV_EFI_HANDOFF_TABLES,
"EFI Platform Firmware Blob",
"EFI Handoff Tables"
);
-ENUM_NEXT(event_type_names, EV_EFI_VARIABLE_AUTHORITY, EV_EFI_VARIABLE_AUTHORITY,
+ENUM_NEXT(event_type_names, EV_EFI_HCRTM_EVENT, EV_EFI_HCRTM_EVENT,
EV_EFI_HANDOFF_TABLES,
+ "EFI HCRTM Event"
+);
+ENUM_NEXT(event_type_names, EV_EFI_VARIABLE_AUTHORITY, EV_EFI_VARIABLE_AUTHORITY,
+ EV_EFI_HCRTM_EVENT,
"EFI Variable Authority"
);
ENUM_END(event_type_names, EV_EFI_VARIABLE_AUTHORITY);
diff --git a/src/libimcv/pts/pts_meas_algo.c b/src/libimcv/pts/pts_meas_algo.c
index c063711..246c377 100644
--- a/src/libimcv/pts/pts_meas_algo.c
+++ b/src/libimcv/pts/pts_meas_algo.c
@@ -158,6 +158,24 @@ hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm)
/**
* Described in header.
*/
+pts_meas_algorithms_t pts_meas_algo_from_hash(hash_algorithm_t algorithm)
+{
+ switch (algorithm)
+ {
+ case HASH_SHA1:
+ return PTS_MEAS_ALGO_SHA1;
+ case HASH_SHA256:
+ return PTS_MEAS_ALGO_SHA256;
+ case HASH_SHA384:
+ return PTS_MEAS_ALGO_SHA384;
+ default:
+ return PTS_MEAS_ALGO_NONE;
+ }
+}
+
+/**
+ * Described in header.
+ */
size_t pts_meas_algo_hash_size(pts_meas_algorithms_t algorithm)
{
switch (algorithm)
diff --git a/src/libimcv/pts/pts_meas_algo.h b/src/libimcv/pts/pts_meas_algo.h
index eec7e79..d703106 100644
--- a/src/libimcv/pts/pts_meas_algo.h
+++ b/src/libimcv/pts/pts_meas_algo.h
@@ -96,6 +96,14 @@ pts_meas_algorithms_t pts_meas_algo_select(pts_meas_algorithms_t supported_algos
hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm);
/**
+ * Convert hash_algorithm_t to pts_meas_algorithms_t
+ *
+ * @param algorithm PTS measurement algorithm type
+ * @return libstrongswan hash algorithm type
+ */
+pts_meas_algorithms_t pts_meas_algo_from_hash(hash_algorithm_t algorithm);
+
+/**
* Return the hash size of a pts_meas_algorithm
*
* @param algorithm PTS measurement algorithm type
diff --git a/src/libimcv/pts/pts_pcr.c b/src/libimcv/pts/pts_pcr.c
index 0af93b6..d514532 100644
--- a/src/libimcv/pts/pts_pcr.c
+++ b/src/libimcv/pts/pts_pcr.c
@@ -40,17 +40,17 @@ struct private_pts_pcr_t {
/**
* Number of extended PCR registers
*/
- u_int32_t pcr_count;
+ uint32_t pcr_count;
/**
* Highest extended PCR register
*/
- u_int32_t pcr_max;
+ uint32_t pcr_max;
/**
* Bitmap of extended PCR registers
*/
- u_int8_t pcr_select[PTS_PCR_MAX_NUM / 8];
+ uint8_t pcr_select[PTS_PCR_MAX_NUM / 8];
/**
* Hasher used to extend shadow PCRs
@@ -59,16 +59,16 @@ struct private_pts_pcr_t {
};
-METHOD(pts_pcr_t, get_count, u_int32_t,
+METHOD(pts_pcr_t, get_count, uint32_t,
private_pts_pcr_t *this)
{
return this->pcr_count;
}
METHOD(pts_pcr_t, select_pcr, bool,
- private_pts_pcr_t *this, u_int32_t pcr)
+ private_pts_pcr_t *this, uint32_t pcr)
{
- u_int32_t i, f;
+ uint32_t i, f;
if (pcr >= PTS_PCR_MAX_NUM)
{
@@ -106,7 +106,7 @@ typedef struct {
/** implements enumerator_t */
enumerator_t public;
/** current PCR */
- u_int32_t pcr;
+ uint32_t pcr;
/** back reference to parent */
private_pts_pcr_t *pcrs;
} pcr_enumerator_t;
@@ -116,11 +116,11 @@ typedef struct {
*/
static bool pcr_enumerator_enumerate(pcr_enumerator_t *this, ...)
{
- u_int32_t *pcr, i, f;
+ uint32_t *pcr, i, f;
va_list args;
va_start(args, this);
- pcr = va_arg(args, u_int32_t*);
+ pcr = va_arg(args, uint32_t*);
va_end(args);
while (this->pcr <= this->pcrs->pcr_max)
@@ -158,13 +158,13 @@ METHOD(pts_pcr_t, create_enumerator, enumerator_t*,
}
METHOD(pts_pcr_t, get, chunk_t,
- private_pts_pcr_t *this, u_int32_t pcr)
+ private_pts_pcr_t *this, uint32_t pcr)
{
return (pcr < PTS_PCR_MAX_NUM) ? this->pcrs[pcr] : chunk_empty;
}
METHOD(pts_pcr_t, set, bool,
- private_pts_pcr_t *this, u_int32_t pcr, chunk_t value)
+ private_pts_pcr_t *this, uint32_t pcr, chunk_t value)
{
if (value.len != PTS_PCR_LEN)
{
@@ -180,7 +180,7 @@ METHOD(pts_pcr_t, set, bool,
}
METHOD(pts_pcr_t, extend, chunk_t,
- private_pts_pcr_t *this, u_int32_t pcr, chunk_t measurement)
+ private_pts_pcr_t *this, uint32_t pcr, chunk_t measurement)
{
if (measurement.len != PTS_PCR_LEN)
{
@@ -200,26 +200,25 @@ METHOD(pts_pcr_t, extend, chunk_t,
return this->pcrs[pcr];
}
-METHOD(pts_pcr_t, get_composite, chunk_t,
+METHOD(pts_pcr_t, get_composite, tpm_tss_pcr_composite_t*,
private_pts_pcr_t *this)
{
- chunk_t composite;
+ tpm_tss_pcr_composite_t *pcr_composite;
enumerator_t *enumerator;
- u_int16_t selection_size;
- u_int32_t pcr_field_size, pcr;
+ uint16_t selection_size;
+ uint32_t pcr_field_size, pcr;
u_char *pos;
selection_size = get_selection_size(this);
pcr_field_size = this->pcr_count * PTS_PCR_LEN;
- composite = chunk_alloc(2 + selection_size + 4 + pcr_field_size);
- pos = composite.ptr;
- htoun16(pos, selection_size);
- pos += 2;
- memcpy(pos, this->pcr_select, selection_size);
- pos += selection_size;
- htoun32(pos, pcr_field_size);
- pos += 4;
+ INIT(pcr_composite,
+ .pcr_select = chunk_alloc(selection_size),
+ .pcr_composite = chunk_alloc(pcr_field_size),
+ );
+
+ memcpy(pcr_composite->pcr_select.ptr, this->pcr_select, selection_size);
+ pos = pcr_composite->pcr_composite.ptr;
enumerator = create_enumerator(this);
while (enumerator->enumerate(enumerator, &pcr))
@@ -229,14 +228,13 @@ METHOD(pts_pcr_t, get_composite, chunk_t,
}
enumerator->destroy(enumerator);
- DBG3(DBG_PTS, "constructed PCR Composite: %B", &composite);
- return composite;
+ return pcr_composite;
}
METHOD(pts_pcr_t, destroy, void,
private_pts_pcr_t *this)
{
- u_int32_t i;
+ uint32_t i;
for (i = 0; i < PTS_PCR_MAX_NUM; i++)
{
@@ -253,7 +251,7 @@ pts_pcr_t *pts_pcr_create(void)
{
private_pts_pcr_t *this;
hasher_t *hasher;
- u_int32_t i;
+ uint32_t i;
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
diff --git a/src/libimcv/pts/pts_pcr.h b/src/libimcv/pts/pts_pcr.h
index f638b5e..df84c67 100644
--- a/src/libimcv/pts/pts_pcr.h
+++ b/src/libimcv/pts/pts_pcr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@ typedef struct pts_pcr_t pts_pcr_t;
#include <library.h>
+#include <tpm_tss_quote_info.h>
+
/**
* Maximum number of PCR's of TPM, TPM Spec 1.2
*/
@@ -45,7 +47,7 @@ struct pts_pcr_t {
*
* @return number of selected PCRs
*/
- u_int32_t (*get_count)(pts_pcr_t *this);
+ uint32_t (*get_count)(pts_pcr_t *this);
/**
* Mark a PCR as selected
@@ -53,7 +55,7 @@ struct pts_pcr_t {
* @param pcr index of PCR
* @return TRUE if PCR index exists
*/
- bool (*select_pcr)(pts_pcr_t *this, u_int32_t pcr);
+ bool (*select_pcr)(pts_pcr_t *this, uint32_t pcr);
/**
* Get the size of the selection field in bytes
@@ -75,7 +77,7 @@ struct pts_pcr_t {
* @param pcr index of PCR
* @return content of PCR
*/
- chunk_t (*get)(pts_pcr_t *this, u_int32_t pcr);
+ chunk_t (*get)(pts_pcr_t *this, uint32_t pcr);
/**
* Set the content of a PCR
@@ -84,7 +86,7 @@ struct pts_pcr_t {
* @param value new value of PCR
* @return TRUE if value could be set
*/
- bool (*set)(pts_pcr_t *this, u_int32_t pcr, chunk_t value);
+ bool (*set)(pts_pcr_t *this, uint32_t pcr, chunk_t value);
/**
* Extend the content of a PCR
@@ -93,14 +95,14 @@ struct pts_pcr_t {
* @param measurement measurment value to be extended into PCR
* @return new content of PCR
*/
- chunk_t (*extend)(pts_pcr_t *this, u_int32_t pcr, chunk_t measurement);
+ chunk_t (*extend)(pts_pcr_t *this, uint32_t pcr, chunk_t measurement);
/**
* Create a PCR Composite object over all selected PCRs
*
* @return PCR Composite object (must be freed)
*/
- chunk_t (*get_composite)(pts_pcr_t *this);
+ tpm_tss_pcr_composite_t* (*get_composite)(pts_pcr_t *this);
/**
diff --git a/src/libimcv/pts/pts_simple_evid_final.h b/src/libimcv/pts/pts_simple_evid_final.h
deleted file mode 100644
index 0c8dea0..0000000
--- a/src/libimcv/pts/pts_simple_evid_final.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup pts_simple_evid_final pts_rsimple_evid_final
- * @{ @ingroup pts
- */
-
-#ifndef PTS_SIMPLE_EVID_FINAL_H_
-#define PTS_SIMPLE_EVID_FINAL_H_
-
-typedef enum pts_simple_evid_final_flag_t pts_simple_evid_final_flag_t;
-
-#include <library.h>
-
-/**
- * PTS Simple Evidence Final Flags
- */
-enum pts_simple_evid_final_flag_t {
- /** TPM PCR Composite and TPM Quote Signature not included */
- PTS_SIMPLE_EVID_FINAL_NO = 0x00,
- /** TPM PCR Composite and TPM Quote Signature included
- * using TPM_QUOTE_INFO */
- PTS_SIMPLE_EVID_FINAL_QUOTE_INFO = 0x40,
- /** TPM PCR Composite and TPM Quote Signature included
- * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO not appended */
- PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 = 0x80,
- /** TPM PCR Composite and TPM Quote Signature included
- * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO appended */
- PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER = 0xC0,
- /** Evidence Signature included */
- PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20,
-};
-
-#endif /** PTS_SIMPLE_EVID_FINAL_H_ @}*/
diff --git a/src/libimcv/pwg/pwg_attr.c b/src/libimcv/pwg/pwg_attr.c
index 8a2eb28..123df05 100644
--- a/src/libimcv/pwg/pwg_attr.c
+++ b/src/libimcv/pwg/pwg_attr.c
@@ -75,7 +75,7 @@ ENUM_END(pwg_attr_names, PWG_HCD_CONFIGURATION_STATE);
/**
* See header
*/
-pa_tnc_attr_t* pwg_attr_create_from_data(u_int32_t type, size_t length, chunk_t value)
+pa_tnc_attr_t* pwg_attr_create_from_data(uint32_t type, size_t length, chunk_t value)
{
switch (type)
{
diff --git a/src/libimcv/pwg/pwg_attr.h b/src/libimcv/pwg/pwg_attr.h
index 01db42c..2782075 100644
--- a/src/libimcv/pwg/pwg_attr.h
+++ b/src/libimcv/pwg/pwg_attr.h
@@ -69,7 +69,7 @@ extern enum_name_t *pwg_attr_names;
* @param length attribute length
* @param value attribute value or segment
*/
-pa_tnc_attr_t* pwg_attr_create_from_data(u_int32_t type, size_t length,
+pa_tnc_attr_t* pwg_attr_create_from_data(uint32_t type, size_t length,
chunk_t value);
#endif /** PWG_ATTR_H_ @}*/
diff --git a/src/libimcv/pwg/pwg_attr_vendor_smi_code.c b/src/libimcv/pwg/pwg_attr_vendor_smi_code.c
index 7931259..0b03f12 100644
--- a/src/libimcv/pwg/pwg_attr_vendor_smi_code.c
+++ b/src/libimcv/pwg/pwg_attr_vendor_smi_code.c
@@ -117,7 +117,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_pwg_attr_vendor_smi_code_t *this, u_int32_t *offset)
+ private_pwg_attr_vendor_smi_code_t *this, uint32_t *offset)
{
bio_reader_t *reader;
uint32_t vendor_smi_code;
diff --git a/src/libimcv/swid/swid_error.c b/src/libimcv/swid/swid_error.c
index 7f3c344..7c7427f 100644
--- a/src/libimcv/swid/swid_error.c
+++ b/src/libimcv/swid/swid_error.c
@@ -27,8 +27,8 @@ ENUM(swid_error_code_names, TCG_SWID_ERROR, TCG_SWID_RESPONSE_TOO_LARGE,
/**
* Described in header.
*/
-pa_tnc_attr_t* swid_error_create(swid_error_code_t code, u_int32_t request_id,
- u_int32_t max_attr_size, char *description)
+pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request_id,
+ uint32_t max_attr_size, char *description)
{
bio_writer_t *writer;
chunk_t msg_info;
diff --git a/src/libimcv/swid/swid_error.h b/src/libimcv/swid/swid_error.h
index b459ba6..2ed0991 100644
--- a/src/libimcv/swid/swid_error.h
+++ b/src/libimcv/swid/swid_error.h
@@ -52,7 +52,7 @@ extern enum_name_t *swid_error_code_names;
* @param max_attr_size Maximum IF-M attribute size (if applicable)
* @param description Optional description string or NULL
*/
-pa_tnc_attr_t* swid_error_create(swid_error_code_t code, u_int32_t request,
- u_int32_t max_attr_size, char *description);
+pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request,
+ uint32_t max_attr_size, char *description);
#endif /** SWID_ERROR_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c
index 194cf1b..3ca24fa 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_aik.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c
@@ -108,7 +108,7 @@ METHOD(pa_tnc_attr_t, build, void,
private_tcg_pts_attr_aik_t *this)
{
bio_writer_t *writer;
- u_int8_t flags = PTS_AIK_FLAGS_NONE;
+ uint8_t flags = PTS_AIK_FLAGS_NONE;
cred_encoding_type_t encoding_type = CERT_ASN1_DER;
chunk_t aik_blob;
@@ -136,10 +136,10 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_aik_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_aik_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int8_t flags;
+ uint8_t flags;
certificate_type_t type;
chunk_t aik_blob;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c
index 2a15068..5cb81c1 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c
@@ -140,11 +140,11 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_dh_nonce_finish_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_dh_nonce_finish_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int8_t reserved, nonce_len;
- u_int16_t hash_algo;
+ uint8_t reserved, nonce_len;
+ uint16_t hash_algo;
*offset = 0;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h
index 78b5025..cbc9847 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h
@@ -43,7 +43,7 @@ struct tcg_pts_attr_dh_nonce_finish_t {
*
* @return Length of nonce
*/
- u_int8_t (*get_nonce_len)(tcg_pts_attr_dh_nonce_finish_t *this);
+ uint8_t (*get_nonce_len)(tcg_pts_attr_dh_nonce_finish_t *this);
/**
* Get selected hash algorithm
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c
index 0349ce5..9c24759 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c
@@ -72,7 +72,7 @@ struct private_tcg_pts_attr_dh_nonce_params_req_t {
/**
* Minimum acceptable length of nonce
*/
- u_int8_t min_nonce_len;
+ uint8_t min_nonce_len;
/**
* Diffie Hellman group set
@@ -129,11 +129,11 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_dh_nonce_params_req_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_dh_nonce_params_req_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int8_t reserved;
- u_int16_t dh_groups;
+ uint8_t reserved;
+ uint16_t dh_groups;
*offset = 0;
@@ -179,7 +179,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
}
}
-METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_min_nonce_len, u_int8_t,
+METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_min_nonce_len, uint8_t,
private_tcg_pts_attr_dh_nonce_params_req_t *this)
{
return this->min_nonce_len;
@@ -194,7 +194,7 @@ METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_dh_groups, pts_dh_group_t,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len,
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(uint8_t min_nonce_len,
pts_dh_group_t dh_groups)
{
private_tcg_pts_attr_dh_nonce_params_req_t *this;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h
index 4396bf6..3d83b6d 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h
@@ -44,7 +44,7 @@ struct tcg_pts_attr_dh_nonce_params_req_t {
*
* @return Minimum acceptable length of nonce
*/
- u_int8_t (*get_min_nonce_len)(tcg_pts_attr_dh_nonce_params_req_t *this);
+ uint8_t (*get_min_nonce_len)(tcg_pts_attr_dh_nonce_params_req_t *this);
/**
* Get supported Diffie Hellman Groups
@@ -60,7 +60,7 @@ struct tcg_pts_attr_dh_nonce_params_req_t {
* @param min_nonce_len Minimum acceptable length of nonce
* @param dh_groups Initiator's supported DH groups
*/
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len,
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create(uint8_t min_nonce_len,
pts_dh_group_t dh_groups);
/**
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c
index fa1dbdd..a4e66a6 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c
@@ -148,12 +148,12 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int32_t reserved;
- u_int8_t nonce_len;
- u_int16_t dh_group, hash_algo_set;
+ uint32_t reserved;
+ uint8_t nonce_len;
+ uint16_t dh_group, hash_algo_set;
*offset = 0;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c
index 3978829..aba34a8 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c
@@ -149,8 +149,8 @@ METHOD(pa_tnc_attr_t, build, void,
{
bio_writer_t *writer;
enumerator_t *enumerator;
- u_int64_t count;
- u_int16_t request_id;
+ uint64_t count;
+ uint16_t request_id;
char *filename;
chunk_t measurement;
bool first = TRUE;
@@ -192,7 +192,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_file_meas_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_file_meas_t *this, uint32_t *offset)
{
bio_reader_t *reader;
chunk_t measurement, filename;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c
index b7b4d7e..e203f71 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c
@@ -118,10 +118,10 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_gen_attest_evid_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_gen_attest_evid_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int32_t reserved;
+ uint32_t reserved;
*offset = 0;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c
index 8fda2b1..e2da704 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c
@@ -121,10 +121,10 @@ METHOD(pa_tnc_attr_t, add_segment, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_get_aik_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_get_aik_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int32_t reserved;
+ uint32_t reserved;
*offset = 0;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c
index a4c9dba..e98d7b4 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c
@@ -118,10 +118,10 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_get_tpm_version_info_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_get_tpm_version_info_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int32_t reserved;
+ uint32_t reserved;
*offset = 0;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c
index 8b0502a..ce38b62 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c
@@ -121,10 +121,10 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_meas_algo_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_meas_algo_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int16_t reserved, algorithms;
+ uint16_t reserved, algorithms;
*offset = 0;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c
index 0a562c0..ba01743 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c
@@ -123,10 +123,10 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_proto_caps_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_proto_caps_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int16_t reserved, flags;
+ uint16_t reserved, flags;
*offset = 0;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c
index a3c3ce5..b4f3367 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c
@@ -85,12 +85,12 @@ struct private_tcg_pts_attr_req_file_meas_t {
/**
* Request ID
*/
- u_int16_t request_id;
+ uint16_t request_id;
/**
* UTF8 Encoding of Delimiter Character
*/
- u_int32_t delimiter;
+ uint32_t delimiter;
/**
* Fully Qualified File Pathname
@@ -130,7 +130,7 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void,
METHOD(pa_tnc_attr_t, build, void,
private_tcg_pts_attr_req_file_meas_t *this)
{
- u_int8_t flags = PTS_REQ_FILE_MEAS_NO_FLAGS;
+ uint8_t flags = PTS_REQ_FILE_MEAS_NO_FLAGS;
chunk_t pathname;
bio_writer_t *writer;
@@ -156,11 +156,11 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_req_file_meas_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_req_file_meas_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int8_t flags;
- u_int8_t reserved;
+ uint8_t flags;
+ uint8_t reserved;
chunk_t pathname;
*offset = 0;
@@ -220,13 +220,13 @@ METHOD(tcg_pts_attr_req_file_meas_t, get_directory_flag, bool,
return this->directory_flag;
}
-METHOD(tcg_pts_attr_req_file_meas_t, get_request_id, u_int16_t,
+METHOD(tcg_pts_attr_req_file_meas_t, get_request_id, uint16_t,
private_tcg_pts_attr_req_file_meas_t *this)
{
return this->request_id;
}
-METHOD(tcg_pts_attr_req_file_meas_t, get_delimiter, u_int32_t,
+METHOD(tcg_pts_attr_req_file_meas_t, get_delimiter, uint32_t,
private_tcg_pts_attr_req_file_meas_t *this)
{
return this->delimiter;
@@ -242,8 +242,8 @@ METHOD(tcg_pts_attr_req_file_meas_t, get_pathname, char*,
* Described in header.
*/
pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create(bool directory_flag,
- u_int16_t request_id,
- u_int32_t delimiter,
+ uint16_t request_id,
+ uint32_t delimiter,
char *pathname)
{
private_tcg_pts_attr_req_file_meas_t *this;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h
index 20a54df..cbf429d 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h
@@ -50,14 +50,14 @@ struct tcg_pts_attr_req_file_meas_t {
*
* @return Request ID
*/
- u_int16_t (*get_request_id)(tcg_pts_attr_req_file_meas_t *this);
+ uint16_t (*get_request_id)(tcg_pts_attr_req_file_meas_t *this);
/**
* Get Delimiter
*
* @return UTF-8 encoding of a Delimiter Character
*/
- u_int32_t (*get_delimiter)(tcg_pts_attr_req_file_meas_t *this);
+ uint32_t (*get_delimiter)(tcg_pts_attr_req_file_meas_t *this);
/**
* Get Fully Qualified File Pathname
@@ -77,8 +77,8 @@ struct tcg_pts_attr_req_file_meas_t {
* @param pathname File Pathname
*/
pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create(bool directory_flag,
- u_int16_t request_id,
- u_int32_t delimiter,
+ uint16_t request_id,
+ uint32_t delimiter,
char *pathname);
/**
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
index f6befa8..d8acf06 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
@@ -83,7 +83,7 @@ struct private_tcg_pts_attr_req_file_meta_t {
/**
* UTF8 Encoding of Delimiter Character
*/
- u_int8_t delimiter;
+ uint8_t delimiter;
/**
* Fully Qualified File Pathname
@@ -123,7 +123,7 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void,
METHOD(pa_tnc_attr_t, build, void,
private_tcg_pts_attr_req_file_meta_t *this)
{
- u_int8_t flags = PTS_REQ_FILE_META_NO_FLAGS;
+ uint8_t flags = PTS_REQ_FILE_META_NO_FLAGS;
chunk_t pathname;
bio_writer_t *writer;
@@ -149,11 +149,11 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_req_file_meta_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_req_file_meta_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int8_t flags;
- u_int16_t reserved;
+ uint8_t flags;
+ uint16_t reserved;
chunk_t pathname;
*offset = 0;
@@ -212,7 +212,7 @@ METHOD(tcg_pts_attr_req_file_meta_t, get_directory_flag, bool,
return this->directory_flag;
}
-METHOD(tcg_pts_attr_req_file_meta_t, get_delimiter, u_int8_t,
+METHOD(tcg_pts_attr_req_file_meta_t, get_delimiter, uint8_t,
private_tcg_pts_attr_req_file_meta_t *this)
{
return this->delimiter;
@@ -228,7 +228,7 @@ METHOD(tcg_pts_attr_req_file_meta_t, get_pathname, char*,
* Described in header.
*/
pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create(bool directory_flag,
- u_int8_t delimiter,
+ uint8_t delimiter,
char *pathname)
{
private_tcg_pts_attr_req_file_meta_t *this;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h
index c2f1cca..91ab5c6 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h
@@ -50,7 +50,7 @@ struct tcg_pts_attr_req_file_meta_t {
*
* @return UTF-8 encoding of a Delimiter Character
*/
- u_int8_t (*get_delimiter)(tcg_pts_attr_req_file_meta_t *this);
+ uint8_t (*get_delimiter)(tcg_pts_attr_req_file_meta_t *this);
/**
* Get Fully Qualified File Pathname
@@ -69,7 +69,7 @@ struct tcg_pts_attr_req_file_meta_t {
* @param pathname File Pathname
*/
pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create(bool directory_flag,
- u_int8_t delimiter,
+ uint8_t delimiter,
char *pathname);
/**
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
index 0389110..da21003 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
@@ -110,16 +110,16 @@ typedef struct entry_t entry_t;
* Functional component entry
*/
struct entry_t {
- u_int8_t flags;
- u_int32_t depth;
+ uint8_t flags;
+ uint32_t depth;
pts_comp_func_name_t *name;
};
/**
* Enumerate functional component entries
*/
-static bool entry_filter(void *null, entry_t **entry, u_int8_t *flags,
- void *i2, u_int32_t *depth, void *i3,
+static bool entry_filter(void *null, entry_t **entry, uint8_t *flags,
+ void *i2, uint32_t *depth, void *i3,
pts_comp_func_name_t **name)
{
*flags = (*entry)->flags;
@@ -195,11 +195,11 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_req_func_comp_evid_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_req_func_comp_evid_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int32_t depth, vendor_id, name;
- u_int8_t flags, fam_and_qualifier, qualifier;
+ uint32_t depth, vendor_id, name;
+ uint8_t flags, fam_and_qualifier, qualifier;
status_t status = FAILED;
entry_t *entry = NULL;
@@ -296,8 +296,8 @@ METHOD(pa_tnc_attr_t, destroy, void,
}
METHOD(tcg_pts_attr_req_func_comp_evid_t, add_component, void,
- private_tcg_pts_attr_req_func_comp_evid_t *this, u_int8_t flags,
- u_int32_t depth, pts_comp_func_name_t *name)
+ private_tcg_pts_attr_req_func_comp_evid_t *this, uint8_t flags,
+ uint32_t depth, pts_comp_func_name_t *name)
{
entry_t *entry;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h
index 2f8657e..43abcbb 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h
@@ -47,7 +47,7 @@ struct tcg_pts_attr_req_func_comp_evid_t {
* @param name Functional Component Name
*/
void (*add_component)(tcg_pts_attr_req_func_comp_evid_t *this,
- u_int8_t flags, u_int32_t depth,
+ uint8_t flags, uint32_t depth,
pts_comp_func_name_t *name);
/**
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
index d94ee89..c249ca1 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
@@ -181,9 +181,9 @@ METHOD(pa_tnc_attr_t, build, void,
bio_writer_t *writer;
bool has_pcr_info;
char utc_time_buf[25], *policy_uri;
- u_int8_t flags;
- u_int16_t len;
- u_int32_t depth, extended_pcr;
+ uint8_t flags;
+ uint16_t len;
+ uint32_t depth, extended_pcr;
pts_comp_func_name_t *name;
pts_meas_algorithms_t hash_algorithm;
pts_pcr_transform_t transform;
@@ -301,14 +301,14 @@ bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time)
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_simple_comp_evid_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_simple_comp_evid_t *this, uint32_t *offset)
{
bio_reader_t *reader;
pts_comp_func_name_t *name;
- u_int8_t flags, fam_and_qualifier, qualifier, reserved;
- u_int8_t measurement_type, transform, validation;
- u_int16_t hash_algorithm, len;
- u_int32_t depth, vendor_id, comp_name, extended_pcr;
+ uint8_t flags, fam_and_qualifier, qualifier, reserved;
+ uint8_t measurement_type, transform, validation;
+ uint16_t hash_algorithm, len;
+ uint32_t depth, vendor_id, comp_name, extended_pcr;
chunk_t measurement, utc_time, policy_uri, pcr_before, pcr_after;
time_t measurement_time;
bool has_pcr_info = FALSE, has_validation = FALSE;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
index cfeaec6..267c857 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2011-2014 Andreas Steffen
+ * Copyright (C) 2011-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -15,7 +15,6 @@
*/
#include "tcg_pts_attr_simple_evid_final.h"
-#include "pts/pts_simple_evid_final.h"
#include <pa_tnc/pa_tnc_msg.h>
#include <bio/bio_writer.h>
@@ -27,6 +26,7 @@ typedef struct private_tcg_pts_attr_simple_evid_final_t private_tcg_pts_attr_sim
/**
* Simple Evidence Final
* see section 3.15.2 of PTS Protocol: Binding to TNC IF-M Specification
+ * plus non-standard extensions to cover the TPM 2.0 Quote Info format
*
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
@@ -37,17 +37,57 @@ typedef struct private_tcg_pts_attr_simple_evid_final_t private_tcg_pts_attr_sim
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* ~ Optional TPM PCR Composite (Variable Length) ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Opt. TPM Qual. Signer Length | Optional TPM Qualified Signer ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Optional TPM Qualified Signer (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Opt. TPM Clock Info Length | Optional TPM Clock Info ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Optional TPM Clock Info (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Opt. TPM Version Info Length | Optional TPM Version Info ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Optional TPM Version Info (Variable Length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Opt. TPM PCR Selection Length | Opt. TPM PCR Selection ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Optional TPM PCR Selection (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Optional TPM Quote Signature Length |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* ~ Optional TPM Quote Signature (Variable Length) ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* ~ Optional Evidence Signature (Variable Length) ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
+*/
#define PTS_SIMPLE_EVID_FINAL_SIZE 2
#define PTS_SIMPLE_EVID_FINAL_RESERVED 0x00
-#define PTS_SIMPLE_EVID_FINAL_FLAG_MASK 0xC0
+
+/**
+ * PTS Simple Evidence Final Flags
+ */
+enum pts_simple_evid_final_flag_t {
+ /** TPM PCR Composite and TPM Quote Signature not included */
+ PTS_SIMPLE_EVID_FINAL_NO = 0x00,
+ /** TPM Quote Info and TPM Quite Signature included
+ * using TPM 2.0 Quote Info format */
+ PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2 = 0x10,
+ /** Evidence Signature included */
+ PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20,
+ /** TPM PCR Composite and TPM Quote Signature included
+ * using TPM_QUOTE_INFO */
+ PTS_SIMPLE_EVID_FINAL_QUOTE_INFO = 0x40,
+ /** TPM PCR Composite and TPM Quote Signature included
+ * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO not appended */
+ PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 = 0x80,
+ /** TPM PCR Composite and TPM Quote Signature included
+ * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO appended */
+ PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER = 0xC0,
+ /** Mask for the TPM Quote Info flags */
+ PTS_SIMPLE_EVID_FINAL_QUOTE_INFO_MASK = 0xD0
+};
+
/**
* Private data of an tcg_pts_attr_simple_evid_final_t object.
*/
@@ -79,24 +119,14 @@ struct private_tcg_pts_attr_simple_evid_final_t {
bool noskip_flag;
/**
- * Set of flags for Simple Evidence Final
- */
- u_int8_t flags;
-
- /**
- * Optional Composite Hash Algorithm
- */
- pts_meas_algorithms_t comp_hash_algorithm;
-
- /**
- * Optional TPM PCR Composite
+ * Optional TPM Quote Info
*/
- chunk_t pcr_comp;
+ tpm_tss_quote_info_t *quote_info;
/**
* Optional TPM Quote Signature
*/
- chunk_t tpm_quote_sig;
+ chunk_t quote_sig;
/**
* Is Evidence Signature included?
@@ -156,9 +186,9 @@ METHOD(pa_tnc_attr_t, destroy, void,
{
if (ref_put(&this->ref))
{
+ DESTROY_IF(this->quote_info);
free(this->value.ptr);
- free(this->pcr_comp.ptr);
- free(this->tpm_quote_sig.ptr);
+ free(this->quote_sig.ptr);
free(this->evid_sig.ptr);
free(this);
}
@@ -167,14 +197,36 @@ METHOD(pa_tnc_attr_t, destroy, void,
METHOD(pa_tnc_attr_t, build, void,
private_tcg_pts_attr_simple_evid_final_t *this)
{
+ chunk_t pcr_digest, pcr_select, qualified_signer, clock_info, version_info;
+ hash_algorithm_t pcr_digest_alg;
+ tpm_quote_mode_t quote_mode;
bio_writer_t *writer;
- u_int8_t flags;
+ uint8_t flags;
if (this->value.ptr)
{
return;
}
- flags = this->flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK;
+
+ quote_mode = this->quote_info->get_quote_mode(this->quote_info);
+ switch (quote_mode)
+ {
+ case TPM_QUOTE:
+ flags = PTS_SIMPLE_EVID_FINAL_QUOTE_INFO;
+ break;
+ case TPM_QUOTE2:
+ flags = PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2;
+ break;
+ case TPM_QUOTE2_VERSION_INFO:
+ flags = PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER;
+ break;
+ case TPM_QUOTE_TPM2:
+ flags = PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2;
+ break;
+ case TPM_QUOTE_NONE:
+ default:
+ flags = PTS_SIMPLE_EVID_FINAL_NO;
+ }
if (this->has_evid_sig)
{
@@ -185,25 +237,35 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint8 (writer, flags);
writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED);
- /** Optional Composite Hash Algorithm field is always present
- * Field has value of all zeroes if not used.
- * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
- */
- writer->write_uint16(writer, this->comp_hash_algorithm);
+ pcr_digest_alg = this->quote_info->get_pcr_digest_alg(this->quote_info);
+ pcr_digest = this->quote_info->get_pcr_digest(this->quote_info);
+
+ writer->write_uint16(writer, pts_meas_algo_from_hash(pcr_digest_alg));
/* Optional fields */
- if (this->flags != PTS_SIMPLE_EVID_FINAL_NO)
+ if (quote_mode != TPM_QUOTE_NONE)
{
- writer->write_uint32 (writer, this->pcr_comp.len);
- writer->write_data (writer, this->pcr_comp);
-
- writer->write_uint32 (writer, this->tpm_quote_sig.len);
- writer->write_data (writer, this->tpm_quote_sig);
+ writer->write_data32(writer, pcr_digest);
}
- if (this->has_evid_sig)
+ if (quote_mode == TPM_QUOTE_TPM2)
{
- writer->write_data (writer, this->evid_sig);
+ version_info = this->quote_info->get_version_info(this->quote_info);
+ this->quote_info->get_tpm2_info(this->quote_info, &qualified_signer,
+ &clock_info, &pcr_select);
+ writer->write_data16(writer, qualified_signer);
+ writer->write_data16(writer, clock_info);
+ writer->write_data16(writer, version_info);
+ writer->write_data16(writer, pcr_select);
+ }
+
+ if (quote_mode != TPM_QUOTE_NONE)
+ {
+ writer->write_data32(writer, this->quote_sig);
+ if (this->has_evid_sig)
+ {
+ writer->write_data(writer, this->evid_sig);
+ }
}
this->value = writer->extract_buf(writer);
@@ -212,12 +274,16 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_simple_evid_final_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_simple_evid_final_t *this, uint32_t *offset)
{
+ hash_algorithm_t pcr_digest_alg;
+ tpm_quote_mode_t quote_mode;
bio_reader_t *reader;
- u_int8_t flags, reserved;
- u_int16_t algorithm;
- u_int32_t pcr_comp_len, tpm_quote_sig_len, evid_sig_len;
+ uint8_t flags, reserved;
+ uint16_t algorithm;
+ uint32_t evid_sig_len;
+ chunk_t pcr_digest = chunk_empty, quote_sig, evid_sig;
+ chunk_t qualified_signer, clock_info, version_info, pcr_select;
status_t status = FAILED;
*offset = 0;
@@ -236,56 +302,99 @@ METHOD(pa_tnc_attr_t, process, status_t,
reader->read_uint8(reader, &flags);
reader->read_uint8(reader, &reserved);
- this->flags = flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK;
-
this->has_evid_sig = (flags & PTS_SIMPLE_EVID_FINAL_EVID_SIG) != 0;
+ flags &= PTS_SIMPLE_EVID_FINAL_QUOTE_INFO_MASK;
+
+ switch (flags)
+ {
+ case PTS_SIMPLE_EVID_FINAL_QUOTE_INFO:
+ quote_mode = TPM_QUOTE;
+ break;
+ case PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2:
+ quote_mode = TPM_QUOTE2;
+ break;
+ case PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER:
+ quote_mode = TPM_QUOTE2_VERSION_INFO;
+ break;
+ case PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2:
+ quote_mode = TPM_QUOTE_TPM2;
+ break;
+ case PTS_SIMPLE_EVID_FINAL_NO:
+ default:
+ quote_mode = TPM_QUOTE_NONE;
+ break;
+ }
+
/** Optional Composite Hash Algorithm field is always present
* Field has value of all zeroes if not used.
* Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
*/
-
reader->read_uint16(reader, &algorithm);
- this->comp_hash_algorithm = algorithm;
+ pcr_digest_alg = pts_meas_algo_to_hash(algorithm);
- /* Optional Composite Hash Algorithm and TPM PCR Composite fields */
- if (this->flags != PTS_SIMPLE_EVID_FINAL_NO)
+ /* Optional fields */
+ if (quote_mode != TPM_QUOTE_NONE)
{
- if (!reader->read_uint32(reader, &pcr_comp_len))
+ if (!reader->read_data32(reader, &pcr_digest))
{
DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
- "PCR Composite Length");
+ "PCR Composite");
goto end;
}
- if (!reader->read_data(reader, pcr_comp_len, &this->pcr_comp))
+ }
+ this->quote_info = tpm_tss_quote_info_create(quote_mode, pcr_digest_alg,
+ pcr_digest);
+
+ if (quote_mode == TPM_QUOTE_TPM2)
+ {
+ if (!reader->read_data16(reader, &qualified_signer))
{
DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
- "PCR Composite");
+ "Qualified Signer");
goto end;
}
- this->pcr_comp = chunk_clone(this->pcr_comp);
-
- if (!reader->read_uint32(reader, &tpm_quote_sig_len))
+ if (!reader->read_data16(reader, &clock_info))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
+ "Clock Info");
+ goto end;
+ }
+ if (!reader->read_data16(reader, &version_info))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
+ "Version Info");
+ goto end;
+ }
+ if (!reader->read_data16(reader, &pcr_select))
{
DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
- "TPM Quote Singature Length");
+ "PCR select");
goto end;
}
- if (!reader->read_data(reader, tpm_quote_sig_len, &this->tpm_quote_sig))
+ this->quote_info->set_tpm2_info(this->quote_info, qualified_signer,
+ clock_info, pcr_select);
+ this->quote_info->set_version_info(this->quote_info, version_info);
+ }
+
+
+ if (quote_mode != TPM_QUOTE_NONE)
+ {
+ if (!reader->read_data32(reader, "e_sig))
{
DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
"TPM Quote Singature");
goto end;
}
- this->tpm_quote_sig = chunk_clone(this->tpm_quote_sig);
+ this->quote_sig = chunk_clone(quote_sig);
}
/* Optional Evidence Signature field */
if (this->has_evid_sig)
{
evid_sig_len = reader->remaining(reader);
- reader->read_data(reader, evid_sig_len, &this->evid_sig);
- this->evid_sig = chunk_clone(this->evid_sig);
+ reader->read_data(reader, evid_sig_len, &evid_sig);
+ this->evid_sig = chunk_clone(evid_sig);
}
reader->destroy(reader);
@@ -296,23 +405,18 @@ end:
return status;
}
-METHOD(tcg_pts_attr_simple_evid_final_t, get_quote_info, u_int8_t,
+METHOD(tcg_pts_attr_simple_evid_final_t, get_quote_info, void,
private_tcg_pts_attr_simple_evid_final_t *this,
- pts_meas_algorithms_t *comp_hash_algo, chunk_t *pcr_comp, chunk_t *tpm_quote_sig)
+ tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig)
{
- if (comp_hash_algo)
- {
- *comp_hash_algo = this->comp_hash_algorithm;
- }
- if (pcr_comp)
+ if (quote_info)
{
- *pcr_comp = this->pcr_comp;
+ *quote_info = this->quote_info;
}
- if (tpm_quote_sig)
+ if (quote_sig)
{
- *tpm_quote_sig = this->tpm_quote_sig;
+ *quote_sig = this->quote_sig;
}
- return this->flags;
}
METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sig, bool,
@@ -335,9 +439,8 @@ METHOD(tcg_pts_attr_simple_evid_final_t, set_evid_sig, void,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags,
- pts_meas_algorithms_t comp_hash_algorithm,
- chunk_t pcr_comp, chunk_t tpm_quote_sig)
+pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(
+ tpm_tss_quote_info_t *quote_info, chunk_t quote_sig)
{
private_tcg_pts_attr_simple_evid_final_t *this;
@@ -359,10 +462,8 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags,
.set_evid_sig = _set_evid_sig,
},
.type = { PEN_TCG, TCG_PTS_SIMPLE_EVID_FINAL },
- .flags = flags,
- .comp_hash_algorithm = comp_hash_algorithm,
- .pcr_comp = pcr_comp,
- .tpm_quote_sig = tpm_quote_sig,
+ .quote_info = quote_info,
+ .quote_sig = quote_sig,
.ref = 1,
);
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h
index 8343b5b..849174a 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -28,6 +28,8 @@ typedef struct tcg_pts_attr_simple_evid_final_t tcg_pts_attr_simple_evid_final_t
#include "tcg_pts_attr_meas_algo.h"
#include "pa_tnc/pa_tnc_attr.h"
+#include <tpm_tss_quote_info.h>
+
/**
* Class implementing the TCG PTS Simple Evidence Final attribute
*
@@ -40,16 +42,14 @@ struct tcg_pts_attr_simple_evid_final_t {
pa_tnc_attr_t pa_tnc_attribute;
/**
- * Get Optional PCR Composite and TPM Quote Signature
+ * Get Optional TPM Quote Info and TPM Quote Signature
*
- * @param comp_hash_algo Optional Composite Hash Algorithm
- * @param pcr_comp Optional PCR Composite
- * @param tpm_quote sig Optional TPM Quote Signature
- * @return PTS_SIMPLE_EVID_FINAL flags
+ * @param quote_info Optional TPM Quote Info
+ * @param quote sig Optional TPM Quote Signature
*/
- u_int8_t (*get_quote_info)(tcg_pts_attr_simple_evid_final_t *this,
- pts_meas_algorithms_t *comp_hash_algo,
- chunk_t *pcr_comp, chunk_t *tpm_quote_sig);
+ void (*get_quote_info)(tcg_pts_attr_simple_evid_final_t *this,
+ tpm_tss_quote_info_t **quote_info,
+ chunk_t *quote_sig);
/**
* Get Optional Evidence Signature
@@ -73,16 +73,11 @@ struct tcg_pts_attr_simple_evid_final_t {
/**
* Creates an tcg_pts_attr_simple_evid_final_t object
*
- * @param flags Set of flags
- * @param comp_hash_algorithm Composite Hash Algorithm
- * @param pcr_comp Optional TPM PCR Composite
- * @param tpm_quote_sign Optional TPM Quote Signature
+ * @param quote_info Optional TPM Quote Info
+ * @param quote_sig Optional TPM Quote Signature
*/
pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create(
- u_int8_t flags,
- pts_meas_algorithms_t comp_hash_algorithm,
- chunk_t pcr_comp,
- chunk_t tpm_quote_sign);
+ tpm_tss_quote_info_t *quote_info, chunk_t quote_sig);
/**
* Creates an tcg_pts_attr_simple_evid_final_t object from received data
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c
index db877e9..fca1932 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c
@@ -122,7 +122,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_tpm_version_info_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_tpm_version_info_t *this, uint32_t *offset)
{
bio_reader_t *reader;
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c
index 7c176fd..df5898c 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c
@@ -144,7 +144,7 @@ METHOD(pa_tnc_attr_t, build, void,
bio_writer_t *writer;
enumerator_t *enumerator;
pts_file_metadata_t *entry;
- u_int64_t number_of_files;
+ uint64_t number_of_files;
if (this->value.ptr)
{
@@ -179,14 +179,14 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_file_meta_t *this, u_int32_t *offset)
+ private_tcg_pts_attr_file_meta_t *this, uint32_t *offset)
{
bio_reader_t *reader;
pts_file_metadata_t *entry;
- u_int8_t type, reserved;
- u_int16_t len;
- u_int64_t number_of_files, filesize, created, modified, accessed;
- u_int64_t owner, group;
+ uint8_t type, reserved;
+ uint16_t len;
+ uint64_t number_of_files, filesize, created, modified, accessed;
+ uint64_t owner, group;
chunk_t filename;
status_t status = FAILED;
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c
index 010eaf8..e56a96f 100644
--- a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c
@@ -124,7 +124,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_seg_attr_max_size_t *this, u_int32_t *offset)
+ private_tcg_seg_attr_max_size_t *this, uint32_t *offset)
{
bio_reader_t *reader;
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c
index 995f64c..985e57b 100644
--- a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c
@@ -128,7 +128,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_seg_attr_next_seg_t *this, u_int32_t *offset)
+ private_tcg_seg_attr_next_seg_t *this, uint32_t *offset)
{
bio_reader_t *reader;
uint8_t flags;
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c
index 4f76753..7cd585a 100644
--- a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c
@@ -119,7 +119,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_seg_attr_seg_env_t *this, u_int32_t *offset)
+ private_tcg_seg_attr_seg_env_t *this, uint32_t *offset)
{
bio_reader_t *reader;
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c
index 5612427..f02bbcb 100644
--- a/src/libimcv/tcg/swid/tcg_swid_attr_req.c
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.c
@@ -80,17 +80,17 @@ struct private_tcg_swid_attr_req_t {
/**
* SWID request flags
*/
- u_int8_t flags;
+ uint8_t flags;
/**
* Request ID
*/
- u_int32_t request_id;
+ uint32_t request_id;
/**
* Earliest EID
*/
- u_int32_t earliest_eid;
+ uint32_t earliest_eid;
/**
* List of Target Tag Identifiers
@@ -162,10 +162,10 @@ METHOD(pa_tnc_attr_t, build, void,
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_req_t *this, u_int32_t *offset)
+ private_tcg_swid_attr_req_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int32_t tag_id_count;
+ uint32_t tag_id_count;
chunk_t tag_creator, unique_sw_id;
swid_tag_id_t *tag_id;
@@ -244,19 +244,19 @@ METHOD(pa_tnc_attr_t, destroy, void,
}
}
-METHOD(tcg_swid_attr_req_t, get_flags, u_int8_t,
+METHOD(tcg_swid_attr_req_t, get_flags, uint8_t,
private_tcg_swid_attr_req_t *this)
{
return this->flags;
}
-METHOD(tcg_swid_attr_req_t, get_request_id, u_int32_t,
+METHOD(tcg_swid_attr_req_t, get_request_id, uint32_t,
private_tcg_swid_attr_req_t *this)
{
return this->request_id;
}
-METHOD(tcg_swid_attr_req_t, get_earliest_eid, u_int32_t,
+METHOD(tcg_swid_attr_req_t, get_earliest_eid, uint32_t,
private_tcg_swid_attr_req_t *this)
{
return this->earliest_eid;
@@ -277,8 +277,8 @@ METHOD(tcg_swid_attr_req_t, get_targets, swid_inventory_t*,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id,
- u_int32_t eid)
+pa_tnc_attr_t *tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id,
+ uint32_t eid)
{
private_tcg_swid_attr_req_t *this;
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h
index fd2ccdc..b28c33a 100644
--- a/src/libimcv/tcg/swid/tcg_swid_attr_req.h
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.h
@@ -53,21 +53,21 @@ struct tcg_swid_attr_req_t {
*
* @return Flags
*/
- u_int8_t (*get_flags)(tcg_swid_attr_req_t *this);
+ uint8_t (*get_flags)(tcg_swid_attr_req_t *this);
/**
* Get Request ID
*
* @return Request ID
*/
- u_int32_t (*get_request_id)(tcg_swid_attr_req_t *this);
+ uint32_t (*get_request_id)(tcg_swid_attr_req_t *this);
/**
* Get Earliest EID
*
* @return Event ID
*/
- u_int32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this);
+ uint32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this);
/**
* Add Tag ID
@@ -92,8 +92,8 @@ struct tcg_swid_attr_req_t {
* @param request_id Request ID
* @param eid Earliest Event ID
*/
-pa_tnc_attr_t* tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id,
- u_int32_t eid);
+pa_tnc_attr_t* tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id,
+ uint32_t eid);
/**
* Creates an tcg_swid_attr_req_t object from received data
diff --git a/src/libimcv/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c
index 3ed6e86..ab1fa43 100644
--- a/src/libimcv/tcg/tcg_attr.c
+++ b/src/libimcv/tcg/tcg_attr.c
@@ -185,7 +185,7 @@ ENUM_END(tcg_attr_names, TCG_PTS_AIK);
/**
* See header
*/
-pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length, chunk_t value)
+pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t value)
{
switch (type)
{
diff --git a/src/libimcv/tcg/tcg_attr.h b/src/libimcv/tcg/tcg_attr.h
index 3a9a7b2..d915c78 100644
--- a/src/libimcv/tcg/tcg_attr.h
+++ b/src/libimcv/tcg/tcg_attr.h
@@ -101,7 +101,7 @@ extern enum_name_t *tcg_attr_names;
* @param length attribute length
* @param value attribute value or segment
*/
-pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length,
+pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length,
chunk_t value);
#endif /** TCG_ATTR_H_ @}*/
diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in
index a08d8c5..19a2577 100644
--- a/src/libipsec/Makefile.in
+++ b/src/libipsec/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libipsec
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -215,6 +224,7 @@ am__define_uniq_tagged_files = \
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -246,6 +256,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -295,6 +306,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -329,6 +341,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -440,6 +453,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -509,7 +523,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libipsec/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libipsec/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -894,6 +907,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipseclibLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c
index 2b003e3..6c7e9a1 100644
--- a/src/libipsec/esp_context.c
+++ b/src/libipsec/esp_context.c
@@ -49,7 +49,7 @@ struct private_esp_context_t {
* The highest sequence number that was successfully verified
* and authenticated, or assigned in an outbound context
*/
- u_int32_t last_seqno;
+ uint32_t last_seqno;
/**
* The bit in the window of the highest authenticated sequence number
@@ -103,7 +103,7 @@ static inline bool get_window_bit(private_esp_context_t *this, u_int index)
/**
* Returns TRUE if the supplied seqno is not already marked in the window
*/
-static bool check_window(private_esp_context_t *this, u_int32_t seqno)
+static bool check_window(private_esp_context_t *this, uint32_t seqno)
{
u_int offset;
@@ -113,7 +113,7 @@ static bool check_window(private_esp_context_t *this, u_int32_t seqno)
}
METHOD(esp_context_t, verify_seqno, bool,
- private_esp_context_t *this, u_int32_t seqno)
+ private_esp_context_t *this, uint32_t seqno)
{
if (!this->inbound)
{
@@ -145,7 +145,7 @@ METHOD(esp_context_t, verify_seqno, bool,
}
METHOD(esp_context_t, set_authenticated_seqno, void,
- private_esp_context_t *this, u_int32_t seqno)
+ private_esp_context_t *this, uint32_t seqno)
{
u_int i, shift;
@@ -173,14 +173,14 @@ METHOD(esp_context_t, set_authenticated_seqno, void,
}
}
-METHOD(esp_context_t, get_seqno, u_int32_t,
+METHOD(esp_context_t, get_seqno, uint32_t,
private_esp_context_t *this)
{
return this->last_seqno;
}
METHOD(esp_context_t, next_seqno, bool,
- private_esp_context_t *this, u_int32_t *seqno)
+ private_esp_context_t *this, uint32_t *seqno)
{
if (this->inbound || this->last_seqno == UINT32_MAX)
{ /* inbound or segno would cycle */
diff --git a/src/libipsec/esp_context.h b/src/libipsec/esp_context.h
index b33daf5..322dab9 100644
--- a/src/libipsec/esp_context.h
+++ b/src/libipsec/esp_context.h
@@ -46,7 +46,7 @@ struct esp_context_t {
*
* @return current sequence number, in host byte order
*/
- u_int32_t (*get_seqno)(esp_context_t *this);
+ uint32_t (*get_seqno)(esp_context_t *this);
/**
* Allocate the next outbound ESP sequence number.
@@ -54,7 +54,7 @@ struct esp_context_t {
* @param seqno the sequence number, in host byte order
* @return FALSE if the sequence number cycled or inbound context
*/
- bool (*next_seqno)(esp_context_t *this, u_int32_t *seqno);
+ bool (*next_seqno)(esp_context_t *this, uint32_t *seqno);
/**
* Verify an ESP sequence number. Checks whether a packet with this
@@ -66,7 +66,7 @@ struct esp_context_t {
* @param seqno the sequence number to verify, in host byte order
* @return TRUE when sequence number is valid
*/
- bool (*verify_seqno)(esp_context_t *this, u_int32_t seqno);
+ bool (*verify_seqno)(esp_context_t *this, uint32_t seqno);
/**
* Adds a sequence number that was successfully verified and
@@ -76,7 +76,7 @@ struct esp_context_t {
* @param seqno verified and authenticated seq number in host byte order
*/
void (*set_authenticated_seqno)(esp_context_t *this,
- u_int32_t seqno);
+ uint32_t seqno);
/**
* Destroy an esp_context_t
diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c
index 8223022..50bc8b4 100644
--- a/src/libipsec/esp_packet.c
+++ b/src/libipsec/esp_packet.c
@@ -52,7 +52,7 @@ struct private_esp_packet_t {
/**
* Next Header info (e.g. IPPROTO_IPIP)
*/
- u_int8_t next_header;
+ uint8_t next_header;
};
@@ -97,14 +97,14 @@ METHOD(packet_t, set_data, void,
return this->packet->set_data(this->packet, data);
}
-METHOD(packet_t, get_dscp, u_int8_t,
+METHOD(packet_t, get_dscp, uint8_t,
private_esp_packet_t *this)
{
return this->packet->get_dscp(this->packet);
}
METHOD(packet_t, set_dscp, void,
- private_esp_packet_t *this, u_int8_t value)
+ private_esp_packet_t *this, uint8_t value)
{
this->packet->set_dscp(this->packet, value);
}
@@ -127,10 +127,10 @@ METHOD(packet_t, clone_, packet_t*,
}
METHOD(esp_packet_t, parse_header, bool,
- private_esp_packet_t *this, u_int32_t *spi)
+ private_esp_packet_t *this, uint32_t *spi)
{
bio_reader_t *reader;
- u_int32_t seq;
+ uint32_t seq;
reader = bio_reader_create(this->packet->get_data(this->packet));
if (!reader->read_uint32(reader, spi) ||
@@ -156,7 +156,7 @@ static bool check_padding(chunk_t padding)
for (i = 0; i < padding.len; ++i)
{
- if (padding.ptr[i] != (u_int8_t)(i + 1))
+ if (padding.ptr[i] != (uint8_t)(i + 1))
{
return FALSE;
}
@@ -169,7 +169,7 @@ static bool check_padding(chunk_t padding)
*/
static bool remove_padding(private_esp_packet_t *this, chunk_t plaintext)
{
- u_int8_t next_header, pad_length;
+ uint8_t next_header, pad_length;
chunk_t padding, payload;
bio_reader_t *reader;
@@ -211,7 +211,7 @@ METHOD(esp_packet_t, decrypt, status_t,
private_esp_packet_t *this, esp_context_t *esp_context)
{
bio_reader_t *reader;
- u_int32_t spi, seq;
+ uint32_t spi, seq;
chunk_t data, iv, icv, aad, ciphertext, plaintext;
aead_t *aead;
@@ -272,16 +272,16 @@ static void generate_padding(chunk_t padding)
for (i = 0; i < padding.len; ++i)
{
- padding.ptr[i] = (u_int8_t)(i + 1);
+ padding.ptr[i] = (uint8_t)(i + 1);
}
}
METHOD(esp_packet_t, encrypt, status_t,
- private_esp_packet_t *this, esp_context_t *esp_context, u_int32_t spi)
+ private_esp_packet_t *this, esp_context_t *esp_context, uint32_t spi)
{
chunk_t iv, icv, aad, padding, payload, ciphertext;
bio_writer_t *writer;
- u_int32_t next_seqno;
+ uint32_t next_seqno;
size_t blocksize, plainlen;
aead_t *aead;
iv_gen_t *iv_gen;
@@ -316,7 +316,7 @@ METHOD(esp_packet_t, encrypt, status_t,
plainlen += padding.len;
/* len = spi, seq, IV, plaintext, ICV */
- writer = bio_writer_create(2 * sizeof(u_int32_t) + iv.len + plainlen +
+ writer = bio_writer_create(2 * sizeof(uint32_t) + iv.len + plainlen +
icv.len);
writer->write_uint32(writer, ntohl(spi));
writer->write_uint32(writer, next_seqno);
@@ -349,7 +349,7 @@ METHOD(esp_packet_t, encrypt, status_t,
DBG3(DBG_ESP, "ESP before encryption:\n payload = %B\n padding = %B\n "
"padding length = %hhu, next header = %hhu", &payload, &padding,
- (u_int8_t)padding.len, this->next_header);
+ (uint8_t)padding.len, this->next_header);
/* encrypt/authenticate the content inline */
if (!aead->encrypt(aead, ciphertext, aad, iv, NULL))
@@ -368,7 +368,7 @@ METHOD(esp_packet_t, encrypt, status_t,
return SUCCESS;
}
-METHOD(esp_packet_t, get_next_header, u_int8_t,
+METHOD(esp_packet_t, get_next_header, uint8_t,
private_esp_packet_t *this)
{
return this->next_header;
diff --git a/src/libipsec/esp_packet.h b/src/libipsec/esp_packet.h
index f1941a3..c42acba 100644
--- a/src/libipsec/esp_packet.h
+++ b/src/libipsec/esp_packet.h
@@ -64,7 +64,7 @@ struct esp_packet_t {
* @return TRUE when successful, FALSE otherwise (e.g. when the
* length of the packet is invalid)
*/
- bool (*parse_header)(esp_packet_t *this, u_int32_t *spi);
+ bool (*parse_header)(esp_packet_t *this, uint32_t *spi);
/**
* Authenticate and decrypt the packet. Also verifies the sequence number
@@ -94,7 +94,7 @@ struct esp_packet_t {
* - NOT_FOUND if no suitable IV generator provided
*/
status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context,
- u_int32_t spi);
+ uint32_t spi);
/**
* Get the next header field of a packet.
@@ -103,7 +103,7 @@ struct esp_packet_t {
*
* @return next header field
*/
- u_int8_t (*get_next_header)(esp_packet_t *this);
+ uint8_t (*get_next_header)(esp_packet_t *this);
/**
* Get the plaintext payload of this packet.
diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c
index 21dbd5e..0fdd5d3 100644
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -31,14 +31,14 @@
* and unfortunately Android does not define a variant with BSD names.
*/
struct tcphdr {
- u_int16_t source;
- u_int16_t dest;
- u_int32_t seq;
- u_int32_t ack_seq;
- u_int16_t flags;
- u_int16_t window;
- u_int16_t check;
- u_int16_t urg_ptr;
+ uint16_t source;
+ uint16_t dest;
+ uint32_t seq;
+ uint32_t ack_seq;
+ uint16_t flags;
+ uint16_t window;
+ uint16_t check;
+ uint16_t urg_ptr;
} __attribute__((packed));
/**
@@ -47,10 +47,10 @@ struct tcphdr {
* the BSD member names, but this is simpler and more consistent with the above.
*/
struct udphdr {
- u_int16_t source;
- u_int16_t dest;
- u_int16_t len;
- u_int16_t check;
+ uint16_t source;
+ uint16_t dest;
+ uint16_t len;
+ uint16_t check;
} __attribute__((packed));
typedef struct private_ip_packet_t private_ip_packet_t;
@@ -88,16 +88,16 @@ struct private_ip_packet_t {
/**
* IP version
*/
- u_int8_t version;
+ uint8_t version;
/**
* Protocol|Next Header field
*/
- u_int8_t next_header;
+ uint8_t next_header;
};
-METHOD(ip_packet_t, get_version, u_int8_t,
+METHOD(ip_packet_t, get_version, uint8_t,
private_ip_packet_t *this)
{
return this->version;
@@ -127,7 +127,7 @@ METHOD(ip_packet_t, get_payload, chunk_t,
return this->payload;
}
-METHOD(ip_packet_t, get_next_header, u_int8_t,
+METHOD(ip_packet_t, get_next_header, uint8_t,
private_ip_packet_t *this)
{
return this->next_header;
@@ -151,8 +151,8 @@ METHOD(ip_packet_t, destroy, void,
/**
* Parse transport protocol header
*/
-static bool parse_transport_header(chunk_t packet, u_int8_t proto,
- u_int16_t *sport, u_int16_t *dport)
+static bool parse_transport_header(chunk_t packet, uint8_t proto,
+ uint16_t *sport, uint16_t *dport)
{
switch (proto)
{
@@ -196,8 +196,8 @@ static bool parse_transport_header(chunk_t packet, u_int8_t proto,
ip_packet_t *ip_packet_create(chunk_t packet)
{
private_ip_packet_t *this;
- u_int8_t version, next_header;
- u_int16_t sport = 0, dport = 0;
+ uint8_t version, next_header;
+ uint16_t sport = 0, dport = 0;
host_t *src, *dst;
chunk_t payload;
@@ -296,19 +296,19 @@ failed:
/**
* Calculate the checksum for the pseudo IP header
*/
-static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst,
- u_int8_t proto, chunk_t payload)
+static uint16_t pseudo_header_checksum(host_t *src, host_t *dst,
+ uint8_t proto, chunk_t payload)
{
switch (src->get_family(src))
{
case AF_INET:
{
struct __attribute__((packed)) {
- u_int32_t src;
- u_int32_t dst;
+ uint32_t src;
+ uint32_t dst;
u_char zero;
u_char proto;
- u_int16_t len;
+ uint16_t len;
} pseudo = {
.proto = proto,
.len = htons(payload.len),
@@ -324,7 +324,7 @@ static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst,
struct __attribute__((packed)) {
u_char src[16];
u_char dst[16];
- u_int32_t len;
+ uint32_t len;
u_char zero[3];
u_char next_header;
} pseudo = {
@@ -344,10 +344,10 @@ static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst,
/**
* Apply transport ports and calculate header checksums
*/
-static void fix_transport_header(host_t *src, host_t *dst, u_int8_t proto,
+static void fix_transport_header(host_t *src, host_t *dst, uint8_t proto,
chunk_t payload)
{
- u_int16_t sum = 0, sport, dport;
+ uint16_t sum = 0, sport, dport;
sport = src->get_port(src);
dport = dst->get_port(dst);
@@ -407,7 +407,7 @@ static void fix_transport_header(host_t *src, host_t *dst, u_int8_t proto,
* Described in header.
*/
ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst,
- u_int8_t next_header, chunk_t data)
+ uint8_t next_header, chunk_t data)
{
chunk_t packet;
int family;
diff --git a/src/libipsec/ip_packet.h b/src/libipsec/ip_packet.h
index fa38eac..1e1d619 100644
--- a/src/libipsec/ip_packet.h
+++ b/src/libipsec/ip_packet.h
@@ -37,7 +37,7 @@ struct ip_packet_t {
*
* @return ip version
*/
- u_int8_t (*get_version)(ip_packet_t *this);
+ uint8_t (*get_version)(ip_packet_t *this);
/**
* Get the source address of this packet
@@ -58,7 +58,7 @@ struct ip_packet_t {
*
* @return protocol|next header field
*/
- u_int8_t (*get_next_header)(ip_packet_t *this);
+ uint8_t (*get_next_header)(ip_packet_t *this);
/**
* Get the complete IP packet (including the header)
@@ -113,7 +113,7 @@ ip_packet_t *ip_packet_create(chunk_t packet);
* @return ip_packet_t instance, or NULL if invalid
*/
ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst,
- u_int8_t next_header, chunk_t data);
+ uint8_t next_header, chunk_t data);
/**
* Encode a UDP packet from the given data.
diff --git a/src/libipsec/ipsec_event_listener.h b/src/libipsec/ipsec_event_listener.h
index f15f6fe..e784ced 100644
--- a/src/libipsec/ipsec_event_listener.h
+++ b/src/libipsec/ipsec_event_listener.h
@@ -40,7 +40,7 @@ struct ipsec_event_listener_t {
* @param dst destination address of expired SA
* @param hard TRUE if this is a hard expire, FALSE otherwise
*/
- void (*expire)(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard);
+ void (*expire)(uint8_t protocol, uint32_t spi, host_t *dst, bool hard);
};
#endif /** IPSEC_EVENT_LISTENER_H_ @}*/
diff --git a/src/libipsec/ipsec_event_relay.c b/src/libipsec/ipsec_event_relay.c
index 0480630..94cc652 100644
--- a/src/libipsec/ipsec_event_relay.c
+++ b/src/libipsec/ipsec_event_relay.c
@@ -67,12 +67,12 @@ typedef struct {
/**
* Protocol of the SA
*/
- u_int8_t protocol;
+ uint8_t protocol;
/**
* SPI of the SA, if any
*/
- u_int32_t spi;
+ uint32_t spi;
/**
* SA destination address
@@ -135,7 +135,7 @@ static job_requeue_t handle_events(private_ipsec_event_relay_t *this)
}
METHOD(ipsec_event_relay_t, expire, void,
- private_ipsec_event_relay_t *this, u_int8_t protocol, u_int32_t spi,
+ private_ipsec_event_relay_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, bool hard)
{
ipsec_event_t *event;
diff --git a/src/libipsec/ipsec_event_relay.h b/src/libipsec/ipsec_event_relay.h
index 1dddf12..056352e 100644
--- a/src/libipsec/ipsec_event_relay.h
+++ b/src/libipsec/ipsec_event_relay.h
@@ -43,7 +43,7 @@ struct ipsec_event_relay_t {
* @param dst destination address of expired SA
* @param hard TRUE for a hard expire, FALSE otherwise
*/
- void (*expire)(ipsec_event_relay_t *this, u_int8_t protocol, u_int32_t spi,
+ void (*expire)(ipsec_event_relay_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, bool hard);
/**
diff --git a/src/libipsec/ipsec_policy.c b/src/libipsec/ipsec_policy.c
index 8407921..8077d3c 100644
--- a/src/libipsec/ipsec_policy.c
+++ b/src/libipsec/ipsec_policy.c
@@ -54,7 +54,7 @@ struct private_ipsec_policy_t {
/**
* If any of the two TS has a protocol selector we cache it here
*/
- u_int8_t protocol;
+ uint8_t protocol;
/**
* Traffic direction
@@ -90,7 +90,7 @@ struct private_ipsec_policy_t {
METHOD(ipsec_policy_t, match, bool,
private_ipsec_policy_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+ traffic_selector_t *dst_ts, policy_dir_t direction, uint32_t reqid,
mark_t mark, policy_priority_t priority)
{
return (this->direction == direction &&
@@ -104,7 +104,7 @@ METHOD(ipsec_policy_t, match, bool,
METHOD(ipsec_policy_t, match_packet, bool,
private_ipsec_policy_t *this, ip_packet_t *packet)
{
- u_int8_t proto = packet->get_next_header(packet);
+ uint8_t proto = packet->get_next_header(packet);
host_t *src = packet->get_source(packet),
*dst = packet->get_destination(packet);
@@ -125,7 +125,7 @@ METHOD(ipsec_policy_t, get_destination_ts, traffic_selector_t*,
return this->dst_ts;
}
-METHOD(ipsec_policy_t, get_reqid, u_int32_t,
+METHOD(ipsec_policy_t, get_reqid, uint32_t,
private_ipsec_policy_t *this)
{
return this->sa.reqid;
diff --git a/src/libipsec/ipsec_policy.h b/src/libipsec/ipsec_policy.h
index 23a9ea9..6d67a60 100644
--- a/src/libipsec/ipsec_policy.h
+++ b/src/libipsec/ipsec_policy.h
@@ -77,7 +77,7 @@ struct ipsec_policy_t {
*
* @return the reqid
*/
- u_int32_t (*get_reqid)(ipsec_policy_t *this);
+ uint32_t (*get_reqid)(ipsec_policy_t *this);
/**
* Get another reference to this policy
@@ -99,7 +99,7 @@ struct ipsec_policy_t {
*/
bool (*match)(ipsec_policy_t *this, traffic_selector_t *src_ts,
traffic_selector_t *dst_ts, policy_dir_t direction,
- u_int32_t reqid, mark_t mark, policy_priority_t priority);
+ uint32_t reqid, mark_t mark, policy_priority_t priority);
/**
* Check if this policy matches the given IP packet
diff --git a/src/libipsec/ipsec_policy_mgr.c b/src/libipsec/ipsec_policy_mgr.c
index 3f312ff..8570e07 100644
--- a/src/libipsec/ipsec_policy_mgr.c
+++ b/src/libipsec/ipsec_policy_mgr.c
@@ -57,7 +57,7 @@ typedef struct {
/**
* Priority used to sort policies
*/
- u_int32_t priority;
+ uint32_t priority;
/**
* The policy
@@ -70,13 +70,13 @@ typedef struct {
* Calculate the pseudo-priority to sort policies. This is the same algorithm
* used by the NETLINK kernel interface (i.e. high priority -> low value).
*/
-static u_int32_t calculate_priority(policy_priority_t policy_priority,
+static uint32_t calculate_priority(policy_priority_t policy_priority,
traffic_selector_t *src,
traffic_selector_t *dst)
{
- u_int32_t priority = PRIO_BASE;
- u_int16_t port;
- u_int8_t mask, proto;
+ uint32_t priority = PRIO_BASE;
+ uint16_t port;
+ uint8_t mask, proto;
host_t *net;
switch (policy_priority)
@@ -182,7 +182,7 @@ METHOD(ipsec_policy_mgr_t, del_policy, status_t,
{
enumerator_t *enumerator;
ipsec_policy_entry_t *current, *found = NULL;
- u_int32_t priority;
+ uint32_t priority;
if (type != POLICY_IPSEC || direction == POLICY_FWD)
{ /* we ignore these policies as we currently have no use for them */
@@ -235,7 +235,7 @@ METHOD(ipsec_policy_mgr_t, flush_policies, status_t,
METHOD(ipsec_policy_mgr_t, find_by_packet, ipsec_policy_t*,
private_ipsec_policy_mgr_t *this, ip_packet_t *packet, bool inbound,
- u_int32_t reqid)
+ uint32_t reqid)
{
enumerator_t *enumerator;
ipsec_policy_entry_t *current;
diff --git a/src/libipsec/ipsec_policy_mgr.h b/src/libipsec/ipsec_policy_mgr.h
index 0ea797e..97e147e 100644
--- a/src/libipsec/ipsec_policy_mgr.h
+++ b/src/libipsec/ipsec_policy_mgr.h
@@ -105,7 +105,7 @@ struct ipsec_policy_mgr_t {
*/
ipsec_policy_t *(*find_by_packet)(ipsec_policy_mgr_t *this,
ip_packet_t *packet, bool inbound,
- u_int32_t reqid);
+ uint32_t reqid);
/**
* Destroy an ipsec_policy_mgr_t
diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c
index ee297a3..af79707 100644
--- a/src/libipsec/ipsec_processor.c
+++ b/src/libipsec/ipsec_processor.c
@@ -93,8 +93,8 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this)
esp_packet_t *packet;
ip_packet_t *ip_packet;
ipsec_sa_t *sa;
- u_int8_t next_header;
- u_int32_t spi, reqid;
+ uint8_t next_header;
+ uint32_t spi, reqid;
packet = (esp_packet_t*)this->inbound_queue->dequeue(this->inbound_queue);
diff --git a/src/libipsec/ipsec_sa.c b/src/libipsec/ipsec_sa.c
index ccbbb1b..ba02065 100644
--- a/src/libipsec/ipsec_sa.c
+++ b/src/libipsec/ipsec_sa.c
@@ -36,7 +36,7 @@ struct private_ipsec_sa_t {
/**
* SPI of this SA
*/
- u_int32_t spi;
+ uint32_t spi;
/**
* Source address
@@ -51,12 +51,12 @@ struct private_ipsec_sa_t {
/**
* Protocol
*/
- u_int8_t protocol;
+ uint8_t protocol;
/**
* Reqid of this SA
*/
- u_int32_t reqid;
+ uint32_t reqid;
/**
* Lifetime configuration
@@ -90,9 +90,9 @@ struct private_ipsec_sa_t {
/** last time of use */
time_t time;
/** number of packets processed */
- u_int64_t packets;
+ uint64_t packets;
/** number of bytes processed */
- u_int64_t bytes;
+ uint64_t bytes;
} use;
/**
@@ -132,19 +132,19 @@ METHOD(ipsec_sa_t, set_destination, void,
this->dst = addr->clone(addr);
}
-METHOD(ipsec_sa_t, get_spi, u_int32_t,
+METHOD(ipsec_sa_t, get_spi, uint32_t,
private_ipsec_sa_t *this)
{
return this->spi;
}
-METHOD(ipsec_sa_t, get_reqid, u_int32_t,
+METHOD(ipsec_sa_t, get_reqid, uint32_t,
private_ipsec_sa_t *this)
{
return this->reqid;
}
-METHOD(ipsec_sa_t, get_protocol, u_int8_t,
+METHOD(ipsec_sa_t, get_protocol, uint8_t,
private_ipsec_sa_t *this)
{
return this->protocol;
@@ -169,7 +169,7 @@ METHOD(ipsec_sa_t, get_esp_context, esp_context_t*,
}
METHOD(ipsec_sa_t, get_usestats, void,
- private_ipsec_sa_t *this, u_int64_t *bytes, u_int64_t *packets,
+ private_ipsec_sa_t *this, uint64_t *bytes, uint64_t *packets,
time_t *time)
{
if (bytes)
@@ -210,7 +210,7 @@ METHOD(ipsec_sa_t, expire, void,
}
METHOD(ipsec_sa_t, update_usestats, void,
- private_ipsec_sa_t *this, u_int32_t bytes)
+ private_ipsec_sa_t *this, uint32_t bytes)
{
this->use.time = time_monotonic(NULL);
this->use.packets++;
@@ -239,21 +239,21 @@ METHOD(ipsec_sa_t, update_usestats, void,
}
METHOD(ipsec_sa_t, match_by_spi_dst, bool,
- private_ipsec_sa_t *this, u_int32_t spi, host_t *dst)
+ private_ipsec_sa_t *this, uint32_t spi, host_t *dst)
{
return this->spi == spi && this->dst->ip_equals(this->dst, dst) &&
!this->hard_expired;
}
METHOD(ipsec_sa_t, match_by_spi_src_dst, bool,
- private_ipsec_sa_t *this, u_int32_t spi, host_t *src, host_t *dst)
+ private_ipsec_sa_t *this, uint32_t spi, host_t *src, host_t *dst)
{
return this->spi == spi && this->src->ip_equals(this->src, src) &&
this->dst->ip_equals(this->dst, dst);
}
METHOD(ipsec_sa_t, match_by_reqid, bool,
- private_ipsec_sa_t *this, u_int32_t reqid, bool inbound)
+ private_ipsec_sa_t *this, uint32_t reqid, bool inbound)
{
return this->reqid == reqid && this->inbound == inbound &&
!this->hard_expired;
@@ -271,11 +271,11 @@ METHOD(ipsec_sa_t, destroy, void,
/**
* Described in header.
*/
-ipsec_sa_t *ipsec_sa_create(u_int32_t spi, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
- lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound)
+ipsec_sa_t *ipsec_sa_create(uint32_t spi, host_t *src, host_t *dst,
+ uint8_t protocol, uint32_t reqid, mark_t mark, uint32_t tfc,
+ lifetime_cfg_t *lifetime, uint16_t enc_alg, chunk_t enc_key,
+ uint16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
+ uint16_t ipcomp, uint16_t cpi, bool encap, bool esn, bool inbound)
{
private_ipsec_sa_t *this;
diff --git a/src/libipsec/ipsec_sa.h b/src/libipsec/ipsec_sa.h
index 8dad29a..36fe483 100644
--- a/src/libipsec/ipsec_sa.h
+++ b/src/libipsec/ipsec_sa.h
@@ -70,21 +70,21 @@ struct ipsec_sa_t {
*
* @return SPI of this SA
*/
- u_int32_t (*get_spi)(ipsec_sa_t *this);
+ uint32_t (*get_spi)(ipsec_sa_t *this);
/**
* Get the reqid of this SA
*
* @return reqid of this SA
*/
- u_int32_t (*get_reqid)(ipsec_sa_t *this);
+ uint32_t (*get_reqid)(ipsec_sa_t *this);
/**
* Get the protocol (e.g. IPPROTO_ESP) of this SA
*
* @return protocol of this SA
*/
- u_int8_t (*get_protocol)(ipsec_sa_t *this);
+ uint8_t (*get_protocol)(ipsec_sa_t *this);
/**
* Returns whether this SA is inbound or outbound
@@ -116,7 +116,7 @@ struct ipsec_sa_t {
* @param packets receives number of processed packets, or NULL
* @param time receives last use time of this SA, or NULL
*/
- void (*get_usestats)(ipsec_sa_t *this, u_int64_t *bytes, u_int64_t *packets,
+ void (*get_usestats)(ipsec_sa_t *this, uint64_t *bytes, uint64_t *packets,
time_t *time);
/**
@@ -124,7 +124,7 @@ struct ipsec_sa_t {
*
* @param bytes length of packet processed
*/
- void (*update_usestats)(ipsec_sa_t *this, u_int32_t bytes);
+ void (*update_usestats)(ipsec_sa_t *this, uint32_t bytes);
/**
* Expire this SA, soft or hard.
@@ -145,7 +145,7 @@ struct ipsec_sa_t {
* @param dst destination address
* @return TRUE if this SA matches all parameters, FALSE otherwise
*/
- bool (*match_by_spi_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *dst);
+ bool (*match_by_spi_dst)(ipsec_sa_t *this, uint32_t spi, host_t *dst);
/**
* Check if this SA matches all given parameters
@@ -155,7 +155,7 @@ struct ipsec_sa_t {
* @param dst destination address
* @return TRUE if this SA matches all parameters, FALSE otherwise
*/
- bool (*match_by_spi_src_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *src,
+ bool (*match_by_spi_src_dst)(ipsec_sa_t *this, uint32_t spi, host_t *src,
host_t *dst);
/**
@@ -167,7 +167,7 @@ struct ipsec_sa_t {
* @param inbound TRUE for inbound SA, FALSE for outbound
* @return TRUE if this SA matches all parameters, FALSE otherwise
*/
- bool (*match_by_reqid)(ipsec_sa_t *this, u_int32_t reqid, bool inbound);
+ bool (*match_by_reqid)(ipsec_sa_t *this, uint32_t reqid, bool inbound);
/**
* Destroy an ipsec_sa_t
@@ -199,12 +199,12 @@ struct ipsec_sa_t {
* @param inbound TRUE if this is an inbound SA, FALSE otherwise
* @return the IPsec SA, or NULL if the creation failed
*/
-ipsec_sa_t *ipsec_sa_create(u_int32_t spi, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t reqid, mark_t mark,
- u_int32_t tfc, lifetime_cfg_t *lifetime,
- u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+ipsec_sa_t *ipsec_sa_create(uint32_t spi, host_t *src, host_t *dst,
+ uint8_t protocol, uint32_t reqid, mark_t mark,
+ uint32_t tfc, lifetime_cfg_t *lifetime,
+ uint16_t enc_alg, chunk_t enc_key,
+ uint16_t int_alg, chunk_t int_key,
+ ipsec_mode_t mode, uint16_t ipcomp, uint16_t cpi,
bool encap, bool esn, bool inbound);
#endif /** IPSEC_SA_H_ @}*/
diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c
index 9d461f2..ec35c6e 100644
--- a/src/libipsec/ipsec_sa_mgr.c
+++ b/src/libipsec/ipsec_sa_mgr.c
@@ -109,19 +109,19 @@ typedef struct {
/**
* 0 if this is a hard expire, otherwise the offset in s (soft->hard)
*/
- u_int32_t hard_offset;
+ uint32_t hard_offset;
} ipsec_sa_expired_t;
/*
* Used for the hash table of allocated SPIs
*/
-static bool spi_equals(u_int32_t *spi, u_int32_t *other_spi)
+static bool spi_equals(uint32_t *spi, uint32_t *other_spi)
{
return *spi == *other_spi;
}
-static u_int spi_hash(u_int32_t *spi)
+static u_int spi_hash(uint32_t *spi)
{
return chunk_hash(chunk_from_thing(*spi));
}
@@ -237,26 +237,26 @@ static bool match_entry_by_sa_ptr(ipsec_sa_entry_t *item, ipsec_sa_t *sa)
return item->sa == sa;
}
-static bool match_entry_by_spi_inbound(ipsec_sa_entry_t *item, u_int32_t *spi,
+static bool match_entry_by_spi_inbound(ipsec_sa_entry_t *item, uint32_t *spi,
bool *inbound)
{
return item->sa->get_spi(item->sa) == *spi &&
item->sa->is_inbound(item->sa) == *inbound;
}
-static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, u_int32_t *spi,
+static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, uint32_t *spi,
host_t *src, host_t *dst)
{
return item->sa->match_by_spi_src_dst(item->sa, *spi, src, dst);
}
static bool match_entry_by_reqid_inbound(ipsec_sa_entry_t *item,
- u_int32_t *reqid, bool *inbound)
+ uint32_t *reqid, bool *inbound)
{
return item->sa->match_by_reqid(item->sa, *reqid, *inbound);
}
-static bool match_entry_by_spi_dst(ipsec_sa_entry_t *item, u_int32_t *spi,
+static bool match_entry_by_spi_dst(ipsec_sa_entry_t *item, uint32_t *spi,
host_t *dst)
{
return item->sa->match_by_spi_dst(item->sa, *spi, dst);
@@ -299,7 +299,7 @@ static job_requeue_t sa_expired(ipsec_sa_expired_t *expired)
if (this->sas->find_first(this->sas, (void*)match_entry_by_ptr,
NULL, expired->entry) == SUCCESS)
{
- u_int32_t hard_offset;
+ uint32_t hard_offset;
hard_offset = expired->hard_offset;
expired->entry->sa->expire(expired->entry->sa, hard_offset == 0);
@@ -328,7 +328,7 @@ static void schedule_expiration(private_ipsec_sa_mgr_t *this,
lifetime_cfg_t *lifetime = entry->sa->get_lifetime(entry->sa);
ipsec_sa_expired_t *expired;
callback_job_t *job;
- u_int32_t timeout;
+ uint32_t timeout;
if (!lifetime->time.life)
{ /* no expiration at all */
@@ -362,7 +362,7 @@ static void schedule_expiration(private_ipsec_sa_mgr_t *this,
static void flush_allocated_spis(private_ipsec_sa_mgr_t *this)
{
enumerator_t *enumerator;
- u_int32_t *current;
+ uint32_t *current;
DBG2(DBG_ESP, "flushing allocated SPIs");
enumerator = this->allocated_spis->create_enumerator(this->allocated_spis);
@@ -378,9 +378,9 @@ static void flush_allocated_spis(private_ipsec_sa_mgr_t *this)
/**
* Pre-allocate an SPI for an inbound SA
*/
-static bool allocate_spi(private_ipsec_sa_mgr_t *this, u_int32_t spi)
+static bool allocate_spi(private_ipsec_sa_mgr_t *this, uint32_t spi)
{
- u_int32_t *spi_alloc;
+ uint32_t *spi_alloc;
if (this->allocated_spis->get(this->allocated_spis, &spi) ||
this->sas->find_first(this->sas, (void*)match_entry_by_spi_inbound,
@@ -388,17 +388,17 @@ static bool allocate_spi(private_ipsec_sa_mgr_t *this, u_int32_t spi)
{
return FALSE;
}
- spi_alloc = malloc_thing(u_int32_t);
+ spi_alloc = malloc_thing(uint32_t);
*spi_alloc = spi;
this->allocated_spis->put(this->allocated_spis, spi_alloc, spi_alloc);
return TRUE;
}
METHOD(ipsec_sa_mgr_t, get_spi, status_t,
- private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, u_int8_t protocol,
- u_int32_t *spi)
+ private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, uint8_t protocol,
+ uint32_t *spi)
{
- u_int32_t spi_new;
+ uint32_t spi_new;
this->mutex->lock(this->mutex);
if (!this->rng)
@@ -415,7 +415,7 @@ METHOD(ipsec_sa_mgr_t, get_spi, status_t,
do
{
if (!this->rng->get_bytes(this->rng, sizeof(spi_new),
- (u_int8_t*)&spi_new))
+ (uint8_t*)&spi_new))
{
this->mutex->unlock(this->mutex);
DBG1(DBG_ESP, "failed to allocate SPI");
@@ -435,11 +435,11 @@ METHOD(ipsec_sa_mgr_t, get_spi, status_t,
}
METHOD(ipsec_sa_mgr_t, add_sa, status_t,
- private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, u_int32_t spi,
- u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
- lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
- u_int16_t cpi, bool initiator, bool encap, bool esn, bool inbound,
+ private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, uint32_t spi,
+ uint8_t protocol, uint32_t reqid, mark_t mark, uint32_t tfc,
+ lifetime_cfg_t *lifetime, uint16_t enc_alg, chunk_t enc_key,
+ uint16_t int_alg, chunk_t int_key, ipsec_mode_t mode, uint16_t ipcomp,
+ uint16_t cpi, bool initiator, bool encap, bool esn, bool inbound,
bool update)
{
ipsec_sa_entry_t *entry;
@@ -465,7 +465,7 @@ METHOD(ipsec_sa_mgr_t, add_sa, status_t,
if (update)
{ /* remove any pre-allocated SPIs */
- u_int32_t *spi_alloc;
+ uint32_t *spi_alloc;
spi_alloc = this->allocated_spis->remove(this->allocated_spis, &spi);
free(spi_alloc);
@@ -489,8 +489,8 @@ METHOD(ipsec_sa_mgr_t, add_sa, status_t,
}
METHOD(ipsec_sa_mgr_t, update_sa, status_t,
- private_ipsec_sa_mgr_t *this, u_int32_t spi, u_int8_t protocol,
- u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+ private_ipsec_sa_mgr_t *this, uint32_t spi, uint8_t protocol,
+ uint16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
bool encap, bool new_encap, mark_t mark)
{
ipsec_sa_entry_t *entry = NULL;
@@ -528,8 +528,8 @@ METHOD(ipsec_sa_mgr_t, update_sa, status_t,
METHOD(ipsec_sa_mgr_t, query_sa, status_t,
private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time)
+ uint32_t spi, uint8_t protocol, mark_t mark,
+ uint64_t *bytes, uint64_t *packets, time_t *time)
{
ipsec_sa_entry_t *entry = NULL;
@@ -549,8 +549,8 @@ METHOD(ipsec_sa_mgr_t, query_sa, status_t,
}
METHOD(ipsec_sa_mgr_t, del_sa, status_t,
- private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, u_int32_t spi,
- u_int8_t protocol, u_int16_t cpi, mark_t mark)
+ private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, uint32_t spi,
+ uint8_t protocol, uint16_t cpi, mark_t mark)
{
ipsec_sa_entry_t *current, *found = NULL;
enumerator_t *enumerator;
@@ -583,7 +583,7 @@ METHOD(ipsec_sa_mgr_t, del_sa, status_t,
}
METHOD(ipsec_sa_mgr_t, checkout_by_reqid, ipsec_sa_t*,
- private_ipsec_sa_mgr_t *this, u_int32_t reqid, bool inbound)
+ private_ipsec_sa_mgr_t *this, uint32_t reqid, bool inbound)
{
ipsec_sa_entry_t *entry;
ipsec_sa_t *sa = NULL;
@@ -600,7 +600,7 @@ METHOD(ipsec_sa_mgr_t, checkout_by_reqid, ipsec_sa_t*,
}
METHOD(ipsec_sa_mgr_t, checkout_by_spi, ipsec_sa_t*,
- private_ipsec_sa_mgr_t *this, u_int32_t spi, host_t *dst)
+ private_ipsec_sa_mgr_t *this, uint32_t spi, host_t *dst)
{
ipsec_sa_entry_t *entry;
ipsec_sa_t *sa = NULL;
diff --git a/src/libipsec/ipsec_sa_mgr.h b/src/libipsec/ipsec_sa_mgr.h
index a57eab4..708af1f 100644
--- a/src/libipsec/ipsec_sa_mgr.h
+++ b/src/libipsec/ipsec_sa_mgr.h
@@ -49,7 +49,7 @@ struct ipsec_sa_mgr_t {
* @return SUCCESS of operation successful
*/
status_t (*get_spi)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi);
+ uint8_t protocol, uint32_t *spi);
/**
* Add a new SA
@@ -77,11 +77,11 @@ struct ipsec_sa_mgr_t {
* @return SUCCESS if operation completed
*/
status_t (*add_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int32_t reqid,
- mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime,
- u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg,
- chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
- u_int16_t cpi, bool initiator, bool encap, bool esn,
+ uint32_t spi, uint8_t protocol, uint32_t reqid,
+ mark_t mark, uint32_t tfc, lifetime_cfg_t *lifetime,
+ uint16_t enc_alg, chunk_t enc_key, uint16_t int_alg,
+ chunk_t int_key, ipsec_mode_t mode, uint16_t ipcomp,
+ uint16_t cpi, bool initiator, bool encap, bool esn,
bool inbound, bool update);
/**
@@ -100,7 +100,7 @@ struct ipsec_sa_mgr_t {
* @return SUCCESS if operation completed
*/
status_t (*update_sa)(ipsec_sa_mgr_t *this,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
+ uint32_t spi, uint8_t protocol, uint16_t cpi,
host_t *src, host_t *dst,
host_t *new_src, host_t *new_dst,
bool encap, bool new_encap, mark_t mark);
@@ -119,8 +119,8 @@ struct ipsec_sa_mgr_t {
* @return SUCCESS if operation completed
*/
status_t (*query_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time);
+ uint32_t spi, uint8_t protocol, mark_t mark,
+ uint64_t *bytes, uint64_t *packets, time_t *time);
/**
* Delete a previously added SA
@@ -134,7 +134,7 @@ struct ipsec_sa_mgr_t {
* @return SUCCESS if operation completed
*/
status_t (*del_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
+ uint32_t spi, uint8_t protocol, uint16_t cpi,
mark_t mark);
/**
@@ -159,7 +159,7 @@ struct ipsec_sa_mgr_t {
* @param dst destination address (e.g. of an inbound packet)
* @return the matching IPsec SA, or NULL if none is found
*/
- ipsec_sa_t *(*checkout_by_spi)(ipsec_sa_mgr_t *this, u_int32_t spi,
+ ipsec_sa_t *(*checkout_by_spi)(ipsec_sa_mgr_t *this, uint32_t spi,
host_t *dst);
/**
@@ -177,7 +177,7 @@ struct ipsec_sa_mgr_t {
* @param inbound TRUE for an inbound SA, FALSE for an outbound SA
* @return the matching IPsec SA, or NULL if none is found
*/
- ipsec_sa_t *(*checkout_by_reqid)(ipsec_sa_mgr_t *this, u_int32_t reqid,
+ ipsec_sa_t *(*checkout_by_reqid)(ipsec_sa_mgr_t *this, uint32_t reqid,
bool inbound);
/**
diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in
index ebf6e7e..db73e1f 100644
--- a/src/libipsec/tests/Makefile.in
+++ b/src/libipsec/tests/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ host_triplet = @host@
TESTS = ipsec_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libipsec/tests
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -196,12 +205,14 @@ am__tty_colors = { \
std='�[m'; \
fi; \
}
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -251,6 +262,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -285,6 +297,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -396,6 +409,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libipsec/tests/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libipsec/tests/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -866,6 +879,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libipsec/tests/suites/test_chapoly.c b/src/libipsec/tests/suites/test_chapoly.c
index 31dc2ac..67099de 100644
--- a/src/libipsec/tests/suites/test_chapoly.c
+++ b/src/libipsec/tests/suites/test_chapoly.c
@@ -27,7 +27,7 @@ METHOD(aead_t, get_iv_gen, iv_gen_t*,
}
METHOD(iv_gen_t, get_iv, bool,
- iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer)
+ iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer)
{
if (size != 8)
{
@@ -38,7 +38,7 @@ METHOD(iv_gen_t, get_iv, bool,
}
METHOD(iv_gen_t, allocate_iv, bool,
- iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk)
+ iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk)
{
if (size != 8)
{
@@ -58,7 +58,7 @@ START_TEST(test_chapoly)
esp_packet_t *esp;
esp_context_t *ctx;
chunk_t data, exp;
- u_int32_t seq = 0;
+ uint32_t seq = 0;
icmp = ip_packet_create(chunk_clone(chunk_from_chars(
0x45,0x00,0x00,0x54,0xa6,0xf2,0x00,0x00,
diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in
index c4eb8b4..a4d4b33 100644
--- a/src/libpttls/Makefile.in
+++ b/src/libpttls/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
@USE_WINDOWS_TRUE at am__append_1 = -lws2_32
subdir = src/libpttls
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -465,7 +479,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpttls/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libpttls/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -798,6 +811,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipseclibLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libpttls/pt_tls.c b/src/libpttls/pt_tls.c
index 3c1f874..01493f4 100644
--- a/src/libpttls/pt_tls.c
+++ b/src/libpttls/pt_tls.c
@@ -17,6 +17,7 @@
#include <utils/debug.h>
#include <pen/pen.h>
+
/**
* Described in header.
*/
@@ -87,12 +88,12 @@ static bio_reader_t* read_tls(tls_socket_t *tls, size_t len)
/**
* Read a PT-TLS message, return header data
*/
-bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor,
- u_int32_t *type, u_int32_t *identifier)
+bio_reader_t* pt_tls_read(tls_socket_t *tls, uint32_t *vendor,
+ uint32_t *type, uint32_t *identifier)
{
bio_reader_t *reader;
- u_int32_t len;
- u_int8_t reserved;
+ uint32_t len;
+ uint8_t reserved;
reader = read_tls(tls, PT_TLS_HEADER_LEN);
if (!reader)
@@ -135,7 +136,7 @@ bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor,
* Prepend a PT-TLS header to a writer, send data, destroy writer
*/
bool pt_tls_write(tls_socket_t *tls, pt_tls_message_type_t type,
- u_int32_t identifier, chunk_t data)
+ uint32_t identifier, chunk_t data)
{
bio_writer_t *writer;
chunk_t out;
diff --git a/src/libpttls/pt_tls.h b/src/libpttls/pt_tls.h
index b2f3198..2cee8e1 100644
--- a/src/libpttls/pt_tls.h
+++ b/src/libpttls/pt_tls.h
@@ -105,8 +105,8 @@ enum pt_tls_auth_t {
* @param identifier receives Message Identifer
* @return reader over message value, NULL on error
*/
-bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor,
- u_int32_t *type, u_int32_t *identifier);
+bio_reader_t* pt_tls_read(tls_socket_t *tls, uint32_t *vendor,
+ uint32_t *type, uint32_t *identifier);
/**
* Prepend a PT-TLS header to a writer, send data, destroy writer.
@@ -118,7 +118,7 @@ bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor,
* @return TRUE if data written successfully
*/
bool pt_tls_write(tls_socket_t *tls, pt_tls_message_type_t type,
- u_int32_t identifier, chunk_t data);
+ uint32_t identifier, chunk_t data);
/**
* Dummy libpttls initialization function needed for integrity test
diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c
index bd5b96f..1679188 100644
--- a/src/libpttls/pt_tls_client.c
+++ b/src/libpttls/pt_tls_client.c
@@ -60,7 +60,7 @@ struct private_pt_tls_client_t {
/**
* Current PT-TLS message identifier
*/
- u_int32_t identifier;
+ uint32_t identifier;
};
/**
@@ -101,8 +101,8 @@ static bool negotiate_version(private_pt_tls_client_t *this)
{
bio_writer_t *writer;
bio_reader_t *reader;
- u_int32_t type, vendor, identifier, reserved;
- u_int8_t version;
+ uint32_t type, vendor, identifier, reserved;
+ uint8_t version;
bool res;
DBG1(DBG_TNC, "sending offer for PT-TLS version %d", PT_TLS_VERSION);
@@ -143,8 +143,8 @@ static bool negotiate_version(private_pt_tls_client_t *this)
*/
static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl)
{
- u_int32_t type, vendor, identifier;
- u_int8_t result;
+ uint32_t type, vendor, identifier;
+ uint8_t result;
bio_reader_t *reader;
bio_writer_t *writer;
chunk_t data;
@@ -277,8 +277,8 @@ static status_t select_and_do_sasl(private_pt_tls_client_t *this)
{
bio_reader_t *reader;
sasl_mechanism_t *sasl = NULL;
- u_int32_t type, vendor, identifier;
- u_int8_t len;
+ uint32_t type, vendor, identifier;
+ uint8_t len;
chunk_t chunk;
char buf[21];
status_t status = NEED_MORE;
@@ -364,7 +364,7 @@ static bool assess(private_pt_tls_client_t *this, tls_t *tnccs)
size_t buflen = PT_TLS_MAX_MESSAGE_LEN;
char buf[buflen];
bio_reader_t *reader;
- u_int32_t vendor, type, identifier;
+ uint32_t vendor, type, identifier;
chunk_t data;
switch (tnccs->build(tnccs, buf, &buflen, &msglen))
diff --git a/src/libpttls/pt_tls_server.c b/src/libpttls/pt_tls_server.c
index cedc263..a1c6453 100644
--- a/src/libpttls/pt_tls_server.c
+++ b/src/libpttls/pt_tls_server.c
@@ -55,7 +55,7 @@ struct private_pt_tls_server_t {
/**
* Message Identifier
*/
- u_int32_t identifier;
+ uint32_t identifier;
/**
* TNCCS protocol handler, implemented as tls_t
@@ -71,8 +71,8 @@ static bool negotiate_version(private_pt_tls_server_t *this)
{
bio_reader_t *reader;
bio_writer_t *writer;
- u_int32_t vendor, type, identifier;
- u_int8_t reserved, vmin, vmax, vpref;
+ uint32_t vendor, type, identifier;
+ uint8_t reserved, vmin, vmax, vpref;
bool res;
reader = pt_tls_read(this->tls, &vendor, &type, &identifier);
@@ -161,7 +161,7 @@ static status_t process_sasl(private_pt_tls_server_t *this,
static status_t read_sasl(private_pt_tls_server_t *this,
sasl_mechanism_t *sasl)
{
- u_int32_t vendor, type, identifier;
+ uint32_t vendor, type, identifier;
bio_reader_t *reader;
status_t status;
chunk_t data;
@@ -260,11 +260,11 @@ static bool send_sasl_mechs(private_pt_tls_server_t *this)
static status_t read_sasl_mech_selection(private_pt_tls_server_t *this,
sasl_mechanism_t **out)
{
- u_int32_t vendor, type, identifier;
+ uint32_t vendor, type, identifier;
sasl_mechanism_t *sasl;
bio_reader_t *reader;
chunk_t chunk;
- u_int8_t len;
+ uint8_t len;
char buf[21];
reader = pt_tls_read(this->tls, &vendor, &type, &identifier);
@@ -406,7 +406,7 @@ static status_t assess(private_pt_tls_server_t *this, tls_t *tnccs)
size_t buflen = PT_TLS_MAX_MESSAGE_LEN;
char buf[buflen];
bio_reader_t *reader;
- u_int32_t vendor, type, identifier;
+ uint32_t vendor, type, identifier;
chunk_t data;
status_t status;
diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in
index 9b03099..f5a5d12 100644
--- a/src/libradius/Makefile.in
+++ b/src/libradius/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libradius
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -196,12 +205,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -251,6 +262,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -285,6 +297,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -396,6 +409,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libradius/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libradius/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -762,6 +775,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipseclibLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libradius/radius_config.c b/src/libradius/radius_config.c
index 6631734..521cd1d 100644
--- a/src/libradius/radius_config.c
+++ b/src/libradius/radius_config.c
@@ -200,7 +200,7 @@ METHOD(radius_config_t, destroy, void,
* See header
*/
radius_config_t *radius_config_create(char *name, char *address,
- u_int16_t auth_port, u_int16_t acct_port,
+ uint16_t auth_port, uint16_t acct_port,
char *nas_identifier, char *secret,
int sockets, int preference,
u_int tries, double timeout, double base)
diff --git a/src/libradius/radius_config.h b/src/libradius/radius_config.h
index c0ff057..c9a2f63 100644
--- a/src/libradius/radius_config.h
+++ b/src/libradius/radius_config.h
@@ -118,7 +118,7 @@ struct radius_config_t {
* @param base base to calculate retransmission timeout
*/
radius_config_t *radius_config_create(char *name, char *address,
- u_int16_t auth_port, u_int16_t acct_port,
+ uint16_t auth_port, uint16_t acct_port,
char *nas_identifier, char *secret,
int sockets, int preference,
u_int tries, double timeout, double base);
diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c
index 01c8298..9705d3b 100644
--- a/src/libradius/radius_message.c
+++ b/src/libradius/radius_message.c
@@ -28,15 +28,15 @@ typedef struct rattr_t rattr_t;
*/
struct rmsg_t {
/** message code, radius_message_code_t */
- u_int8_t code;
+ uint8_t code;
/** message identifier */
- u_int8_t identifier;
+ uint8_t identifier;
/** length of Code, Identifier, Length, Authenticator and Attributes */
- u_int16_t length;
+ uint16_t length;
/** message authenticator, MD5 hash */
- u_int8_t authenticator[HASH_SIZE_MD5];
+ uint8_t authenticator[HASH_SIZE_MD5];
/** variable list of packed attributes */
- u_int8_t attributes[];
+ uint8_t attributes[];
} __attribute__((packed));
/**
@@ -44,11 +44,11 @@ struct rmsg_t {
*/
struct rattr_t {
/** attribute type, radius_attribute_type_t */
- u_int8_t type;
+ uint8_t type;
/** length of the attriubte, including the Type, Length and Value fields */
- u_int8_t length;
+ uint8_t length;
/** variable length attribute value */
- u_int8_t value[];
+ uint8_t value[];
} __attribute__((packed));
/**
@@ -293,7 +293,7 @@ typedef struct {
/** inner attribute enumerator */
enumerator_t *inner;
/** current vendor ID */
- u_int32_t vendor;
+ uint32_t vendor;
/** reader for current vendor ID */
bio_reader_t *reader;
} vendor_enumerator_t;
@@ -303,7 +303,7 @@ METHOD(enumerator_t, vendor_enumerate, bool,
{
chunk_t inner_data;
int inner_type;
- u_int8_t type8, len;
+ uint8_t type8, len;
while (TRUE)
{
@@ -449,7 +449,7 @@ METHOD(radius_message_t, crypt, bool,
}
METHOD(radius_message_t, sign, bool,
- private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
+ private_radius_message_t *this, uint8_t *req_auth, chunk_t secret,
hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth)
{
if (rng)
@@ -516,7 +516,7 @@ METHOD(radius_message_t, sign, bool,
}
METHOD(radius_message_t, verify, bool,
- private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
+ private_radius_message_t *this, uint8_t *req_auth, chunk_t secret,
hasher_t *hasher, signer_t *signer)
{
char buf[HASH_SIZE_MD5], res_auth[HASH_SIZE_MD5];
@@ -606,19 +606,19 @@ METHOD(radius_message_t, get_code, radius_message_code_t,
return this->msg->code;
}
-METHOD(radius_message_t, get_identifier, u_int8_t,
+METHOD(radius_message_t, get_identifier, uint8_t,
private_radius_message_t *this)
{
return this->msg->identifier;
}
METHOD(radius_message_t, set_identifier, void,
- private_radius_message_t *this, u_int8_t identifier)
+ private_radius_message_t *this, uint8_t identifier)
{
this->msg->identifier = identifier;
}
-METHOD(radius_message_t, get_authenticator, u_int8_t*,
+METHOD(radius_message_t, get_authenticator, uint8_t*,
private_radius_message_t *this)
{
return this->msg->authenticator;
diff --git a/src/libradius/radius_message.h b/src/libradius/radius_message.h
index e6cb40b..c727733 100644
--- a/src/libradius/radius_message.h
+++ b/src/libradius/radius_message.h
@@ -241,21 +241,21 @@ struct radius_message_t {
*
* @return message identifier
*/
- u_int8_t (*get_identifier)(radius_message_t *this);
+ uint8_t (*get_identifier)(radius_message_t *this);
/**
* Set the message identifier.
*
* @param identifier message identifier
*/
- void (*set_identifier)(radius_message_t *this, u_int8_t identifier);
+ void (*set_identifier)(radius_message_t *this, uint8_t identifier);
/**
* Get the 16 byte authenticator.
*
* @return pointer to the Authenticator field
*/
- u_int8_t* (*get_authenticator)(radius_message_t *this);
+ uint8_t* (*get_authenticator)(radius_message_t *this);
/**
* Get the RADIUS message in its encoded form.
@@ -275,7 +275,7 @@ struct radius_message_t {
* @param msg_auth calculate and add Message-Authenticator
* @return TRUE if signed successfully
*/
- bool (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
+ bool (*sign)(radius_message_t *this, uint8_t *req_auth, chunk_t secret,
hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth);
/**
@@ -286,7 +286,7 @@ struct radius_message_t {
* @param signer HMAC-MD5 signer with secret set
* @param hasher MD5 hasher
*/
- bool (*verify)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
+ bool (*verify)(radius_message_t *this, uint8_t *req_auth, chunk_t secret,
hasher_t *hasher, signer_t *signer);
/**
diff --git a/src/libradius/radius_mppe.h b/src/libradius/radius_mppe.h
index 1b7a732..5006ca9 100644
--- a/src/libradius/radius_mppe.h
+++ b/src/libradius/radius_mppe.h
@@ -30,11 +30,11 @@
typedef struct mppe_key_t mppe_key_t;
struct mppe_key_t {
- u_int32_t id;
- u_int8_t type;
- u_int8_t length;
- u_int16_t salt;
- u_int8_t key[];
+ uint32_t id;
+ uint8_t type;
+ uint8_t length;
+ uint16_t salt;
+ uint8_t key[];
} __attribute__((packed));
#endif /** RADIUS_MPPE_H_ @}*/
diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c
index 065f264..115be79 100644
--- a/src/libradius/radius_socket.c
+++ b/src/libradius/radius_socket.c
@@ -60,7 +60,7 @@ struct private_radius_socket_t {
/**
* Server port for authentication
*/
- u_int16_t auth_port;
+ uint16_t auth_port;
/**
* socket file descriptor for authentication
@@ -70,7 +70,7 @@ struct private_radius_socket_t {
/**
* Server port for accounting
*/
- u_int16_t acct_port;
+ uint16_t acct_port;
/**
* socket file descriptor for accounting
@@ -85,7 +85,7 @@ struct private_radius_socket_t {
/**
* current RADIUS identifier
*/
- u_int8_t identifier;
+ uint8_t identifier;
/**
* hasher to use for response verification
@@ -127,7 +127,7 @@ struct private_radius_socket_t {
* Check or establish RADIUS connection
*/
static bool check_connection(private_radius_socket_t *this,
- int *fd, u_int16_t port)
+ int *fd, uint16_t port)
{
if (*fd == -1)
{
@@ -166,7 +166,7 @@ static bool check_connection(private_radius_socket_t *this,
/**
* Receive the response to the message with the given ID
*/
-static status_t receive_response(int fd, int timeout, u_int8_t id,
+static status_t receive_response(int fd, int timeout, uint8_t id,
radius_message_t **response)
{
radius_message_t *msg;
@@ -224,7 +224,7 @@ METHOD(radius_socket_t, request, radius_message_t*,
radius_message_t *response;
chunk_t data;
int *fd, retransmit = 0, timeout;
- u_int16_t port;
+ uint16_t port;
rng_t *rng = NULL;
if (request->get_code(request) == RMC_ACCOUNTING_REQUEST)
@@ -299,7 +299,7 @@ METHOD(radius_socket_t, request, radius_message_t*,
/**
* Decrypt a MS-MPPE-Send/Recv-Key
*/
-static chunk_t decrypt_mppe_key(private_radius_socket_t *this, u_int16_t salt,
+static chunk_t decrypt_mppe_key(private_radius_socket_t *this, uint16_t salt,
chunk_t C, radius_message_t *request)
{
chunk_t decrypted;
@@ -375,8 +375,8 @@ METHOD(radius_socket_t, destroy, void,
/**
* See header
*/
-radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port,
- u_int16_t acct_port, chunk_t secret,
+radius_socket_t *radius_socket_create(char *address, uint16_t auth_port,
+ uint16_t acct_port, chunk_t secret,
u_int tries, double timeout, double base)
{
private_radius_socket_t *this;
diff --git a/src/libradius/radius_socket.h b/src/libradius/radius_socket.h
index 84b146a..acc6c36 100644
--- a/src/libradius/radius_socket.h
+++ b/src/libradius/radius_socket.h
@@ -96,8 +96,8 @@ struct radius_socket_t {
* @param timeout retransmission timeout
* @param base base to calculate retransmission timeout
*/
-radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port,
- u_int16_t acct_port, chunk_t secret,
+radius_socket_t *radius_socket_create(char *address, uint16_t auth_port,
+ uint16_t acct_port, chunk_t secret,
u_int tries, double timeout, double base);
#endif /** RADIUS_SOCKET_H_ @}*/
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index e813eb0..a7bc8e3 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
@USE_WINDOWS_TRUE at am__append_1 = -lws2_32
subdir = src/libsimaka
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -199,12 +208,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -254,6 +265,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -288,6 +300,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -399,6 +412,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libsimaka/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libsimaka/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -762,6 +775,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipseclibLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libsimaka/simaka_card.h b/src/libsimaka/simaka_card.h
index 52cb325..b705923 100644
--- a/src/libsimaka/simaka_card.h
+++ b/src/libsimaka/simaka_card.h
@@ -66,7 +66,7 @@ struct simaka_card_t {
* @param ck buffer receiving encryption key ck
* @param ik buffer receiving integrity key ik
* @param res buffer receiving authentication result res
- * @param res_len nubmer of bytes written to res buffer
+ * @param res_len number of bytes written to res buffer
* @return SUCCESS, FAILED, or INVALID_STATE if out of sync
*/
status_t (*get_quintuplet)(simaka_card_t *this, identification_t *id,
@@ -112,7 +112,7 @@ struct simaka_card_t {
*/
void (*set_reauth)(simaka_card_t *this, identification_t *id,
identification_t *next, char mk[HASH_SIZE_SHA1],
- u_int16_t counter);
+ uint16_t counter);
/**
* Retrieve parameters for fast reauthentication stored via set_reauth().
@@ -123,7 +123,7 @@ struct simaka_card_t {
* @return fast reauthentication identity, NULL if not found
*/
identification_t* (*get_reauth)(simaka_card_t *this, identification_t *id,
- char mk[HASH_SIZE_SHA1], u_int16_t *counter);
+ char mk[HASH_SIZE_SHA1], uint16_t *counter);
};
#endif /** SIMAKA_CARD_H_ @}*/
diff --git a/src/libsimaka/simaka_manager.c b/src/libsimaka/simaka_manager.c
index e85dd66..47f1f6f 100644
--- a/src/libsimaka/simaka_manager.c
+++ b/src/libsimaka/simaka_manager.c
@@ -207,7 +207,7 @@ METHOD(simaka_manager_t, card_get_pseudonym, identification_t*,
METHOD(simaka_manager_t, card_set_reauth, void,
private_simaka_manager_t *this, identification_t *id, identification_t *next,
- char mk[HASH_SIZE_SHA1], u_int16_t counter)
+ char mk[HASH_SIZE_SHA1], uint16_t counter)
{
enumerator_t *enumerator;
simaka_card_t *card;
@@ -227,7 +227,7 @@ METHOD(simaka_manager_t, card_set_reauth, void,
METHOD(simaka_manager_t, card_get_reauth, identification_t*,
private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1],
- u_int16_t *counter)
+ uint16_t *counter)
{
enumerator_t *enumerator;
simaka_card_t *card;
@@ -393,7 +393,7 @@ METHOD(simaka_manager_t, provider_gen_pseudonym, identification_t*,
METHOD(simaka_manager_t, provider_is_reauth, identification_t*,
private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1],
- u_int16_t *counter)
+ uint16_t *counter)
{
enumerator_t *enumerator;
simaka_provider_t *provider;
diff --git a/src/libsimaka/simaka_manager.h b/src/libsimaka/simaka_manager.h
index bdd5029..b10d165 100644
--- a/src/libsimaka/simaka_manager.h
+++ b/src/libsimaka/simaka_manager.h
@@ -84,7 +84,7 @@ struct simaka_manager_t {
* @param ck buffer receiving encryption key ck
* @param ik buffer receiving integrity key ik
* @param res buffer receiving authentication result res
- * @param res_len nubmer of bytes written to res buffer
+ * @param res_len number of bytes written to res buffer
* @return SUCCESS, FAILED, or INVALID_STATE if out of sync
*/
status_t (*card_get_quintuplet)(simaka_manager_t *this, identification_t *id,
@@ -131,7 +131,7 @@ struct simaka_manager_t {
*/
void (*card_set_reauth)(simaka_manager_t *this, identification_t *id,
identification_t *next, char mk[HASH_SIZE_SHA1],
- u_int16_t counter);
+ uint16_t counter);
/**
* Retrieve fast reauthentication parameters from one of the registered cards.
@@ -143,7 +143,7 @@ struct simaka_manager_t {
*/
identification_t* (*card_get_reauth)(simaka_manager_t *this,
identification_t *id, char mk[HASH_SIZE_SHA1],
- u_int16_t *counter);
+ uint16_t *counter);
/**
* Register a triplet provider (server) at the manager.
@@ -228,7 +228,7 @@ struct simaka_manager_t {
*/
identification_t* (*provider_is_reauth)(simaka_manager_t *this,
identification_t *id, char mk[HASH_SIZE_SHA1],
- u_int16_t *counter);
+ uint16_t *counter);
/**
* Generate a fast reauth id using one of the registered providers.
diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c
index 7dd1548..234d7ef 100644
--- a/src/libsimaka/simaka_message.c
+++ b/src/libsimaka/simaka_message.c
@@ -30,17 +30,17 @@ typedef struct attr_t attr_t;
*/
struct hdr_t {
/** EAP code (REQUEST/RESPONSE) */
- u_int8_t code;
+ uint8_t code;
/** unique message identifier */
- u_int8_t identifier;
+ uint8_t identifier;
/** length of whole message */
- u_int16_t length;
+ uint16_t length;
/** EAP type => EAP_SIM/EAP_AKA */
- u_int8_t type;
+ uint8_t type;
/** SIM subtype */
- u_int8_t subtype;
+ uint8_t subtype;
/** reserved bytes */
- u_int16_t reserved;
+ uint16_t reserved;
} __attribute__((__packed__));
/**
@@ -48,9 +48,9 @@ struct hdr_t {
*/
struct attr_hdr_t {
/** attribute type */
- u_int8_t type;
+ uint8_t type;
/** attibute length */
- u_int8_t length;
+ uint8_t length;
} __attribute__((__packed__));
/**
@@ -204,7 +204,7 @@ METHOD(simaka_message_t, is_request, bool,
return this->hdr->code == EAP_REQUEST;
}
-METHOD(simaka_message_t, get_identifier, u_int8_t,
+METHOD(simaka_message_t, get_identifier, uint8_t,
private_simaka_message_t *this)
{
return this->hdr->identifier;
@@ -366,7 +366,7 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in)
case AT_IDENTITY:
case AT_VERSION_LIST:
{
- u_int16_t len;
+ uint16_t len;
if (hdr->length < 1 || in.len < 4)
{
@@ -610,7 +610,7 @@ METHOD(simaka_message_t, generate, bool,
chunk_t out, encr, data, *target, mac = chunk_empty;
simaka_attribute_t type;
attr_hdr_t *hdr;
- u_int16_t len;
+ uint16_t len;
signer_t *signer;
call_hook(this, FALSE, TRUE);
@@ -684,7 +684,7 @@ METHOD(simaka_message_t, generate, bool,
case AT_VERSION_LIST:
case AT_RES:
{
- u_int16_t len, padding;
+ uint16_t len, padding;
len = htons(data.len);
if (type == AT_RES)
@@ -912,7 +912,7 @@ simaka_message_t *simaka_message_create_from_payload(chunk_t data,
/**
* See header.
*/
-simaka_message_t *simaka_message_create(bool request, u_int8_t identifier,
+simaka_message_t *simaka_message_create(bool request, uint8_t identifier,
eap_type_t type, simaka_subtype_t subtype,
simaka_crypto_t *crypto)
{
diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h
index 9e2c7de..2393d34 100644
--- a/src/libsimaka/simaka_message.h
+++ b/src/libsimaka/simaka_message.h
@@ -176,7 +176,7 @@ struct simaka_message_t {
*
* @return EAP message identifier
*/
- u_int8_t (*get_identifier)(simaka_message_t *this);
+ uint8_t (*get_identifier)(simaka_message_t *this);
/**
* Get the EAP type of the message.
@@ -257,7 +257,7 @@ struct simaka_message_t {
* @param crypto EAP-SIM/AKA crypto helper
* @return empty message of requested kind, NULL on error
*/
-simaka_message_t *simaka_message_create(bool request, u_int8_t identifier,
+simaka_message_t *simaka_message_create(bool request, uint8_t identifier,
eap_type_t type, simaka_subtype_t subtype,
simaka_crypto_t *crypto);
diff --git a/src/libsimaka/simaka_provider.h b/src/libsimaka/simaka_provider.h
index f1bf800..ef1c739 100644
--- a/src/libsimaka/simaka_provider.h
+++ b/src/libsimaka/simaka_provider.h
@@ -62,7 +62,7 @@ struct simaka_provider_t {
* @param id permanent identity of peer to create challenge for
* @param rand buffer receiving random value rand
* @param xres buffer receiving expected authentication result xres
- * @param xres_len nubmer of bytes written to xres buffer
+ * @param xres_len number of bytes written to xres buffer
* @param ck buffer receiving encryption key ck
* @param ik buffer receiving integrity key ik
* @param autn authentication token autn
@@ -112,7 +112,7 @@ struct simaka_provider_t {
* @return permanent identity, NULL if id not a reauth identity
*/
identification_t* (*is_reauth)(simaka_provider_t *this, identification_t *id,
- char mk[HASH_SIZE_SHA1], u_int16_t *counter);
+ char mk[HASH_SIZE_SHA1], uint16_t *counter);
/**
* Generate a fast reauthentication identity, associated to a master key.
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 0bac61b..9be93f1 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -120,7 +120,9 @@ endif
library.lo : $(top_builddir)/config.status
-libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) $(BFDLIB) $(UNWINDLIB)
+libstrongswan_la_LIBADD = \
+ $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \
+ $(RTLIB) $(BFDLIB) $(UNWINDLIB)
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index d88c96f..d1b65bd 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -221,12 +231,6 @@ host_triplet = @host@
@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE at am__append_123 = plugins/test_vectors/libstrongswan-test-vectors.la
@USE_BLISS_TRUE at am__append_124 = plugins/bliss/tests
subdir = src/libstrongswan
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- settings/settings_parser.h settings/settings_parser.c \
- settings/settings_lexer.c $(top_srcdir)/depcomp \
- $(top_srcdir)/ylwrap \
- $(am__nobase_strongswan_include_HEADERS_DIST) \
- $(noinst_HEADERS)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -240,6 +244,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am \
+ $(am__nobase_strongswan_include_HEADERS_DIST) \
+ $(noinst_HEADERS) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -280,26 +287,27 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1) $(am__append_19) $(am__append_21) \
- $(am__append_23) $(am__append_25) $(am__append_27) \
- $(am__append_29) $(am__append_31) $(am__append_33) \
- $(am__append_35) $(am__append_37) $(am__append_39) \
- $(am__append_41) $(am__append_43) $(am__append_45) \
- $(am__append_47) $(am__append_49) $(am__append_51) \
- $(am__append_53) $(am__append_55) $(am__append_57) \
- $(am__append_59) $(am__append_61) $(am__append_63) \
- $(am__append_65) $(am__append_67) $(am__append_69) \
- $(am__append_71) $(am__append_73) $(am__append_75) \
- $(am__append_77) $(am__append_79) $(am__append_81) \
- $(am__append_83) $(am__append_85) $(am__append_87) \
- $(am__append_89) $(am__append_91) $(am__append_93) \
- $(am__append_95) $(am__append_97) $(am__append_99) \
- $(am__append_101) $(am__append_103) $(am__append_105) \
- $(am__append_107) $(am__append_109) $(am__append_111) \
- $(am__append_113) $(am__append_115) $(am__append_117) \
- $(am__append_119) $(am__append_121) $(am__append_123)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_19) \
+ $(am__append_21) $(am__append_23) $(am__append_25) \
+ $(am__append_27) $(am__append_29) $(am__append_31) \
+ $(am__append_33) $(am__append_35) $(am__append_37) \
+ $(am__append_39) $(am__append_41) $(am__append_43) \
+ $(am__append_45) $(am__append_47) $(am__append_49) \
+ $(am__append_51) $(am__append_53) $(am__append_55) \
+ $(am__append_57) $(am__append_59) $(am__append_61) \
+ $(am__append_63) $(am__append_65) $(am__append_67) \
+ $(am__append_69) $(am__append_71) $(am__append_73) \
+ $(am__append_75) $(am__append_77) $(am__append_79) \
+ $(am__append_81) $(am__append_83) $(am__append_85) \
+ $(am__append_87) $(am__append_89) $(am__append_91) \
+ $(am__append_93) $(am__append_95) $(am__append_97) \
+ $(am__append_99) $(am__append_101) $(am__append_103) \
+ $(am__append_105) $(am__append_107) $(am__append_109) \
+ $(am__append_111) $(am__append_113) $(am__append_115) \
+ $(am__append_117) $(am__append_119) $(am__append_121) \
+ $(am__append_123)
am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \
bio/bio_writer.c collections/blocking_queue.c \
@@ -632,6 +640,9 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \
plugins/chapoly plugins/ctr plugins/ccm plugins/gcm \
plugins/ntru plugins/bliss plugins/test_vectors tests \
plugins/bliss/tests
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
+ $(top_srcdir)/ylwrap settings/settings_lexer.c \
+ settings/settings_parser.c settings/settings_parser.h
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -663,6 +674,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -712,6 +724,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -746,6 +759,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -857,6 +871,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -1003,27 +1018,28 @@ settings/settings_types.h
@USE_DEV_HEADERS_TRUE at utils/utils/string.h utils/utils/memory.h utils/utils/tty.h utils/utils/path.h \
@USE_DEV_HEADERS_TRUE at utils/utils/status.h utils/utils/object.h utils/utils/time.h utils/utils/align.h
-libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) \
- $(BFDLIB) $(UNWINDLIB) $(am__append_2) $(am__append_4) \
- $(am__append_5) $(am__append_13) $(am__append_15) \
- $(am__append_17) $(am__append_19) $(am__append_21) \
- $(am__append_23) $(am__append_25) $(am__append_27) \
- $(am__append_29) $(am__append_31) $(am__append_33) \
- $(am__append_35) $(am__append_37) $(am__append_39) \
- $(am__append_41) $(am__append_43) $(am__append_45) \
- $(am__append_47) $(am__append_49) $(am__append_51) \
- $(am__append_53) $(am__append_55) $(am__append_57) \
- $(am__append_59) $(am__append_61) $(am__append_63) \
- $(am__append_65) $(am__append_67) $(am__append_69) \
- $(am__append_71) $(am__append_73) $(am__append_75) \
- $(am__append_77) $(am__append_79) $(am__append_81) \
- $(am__append_83) $(am__append_85) $(am__append_87) \
- $(am__append_89) $(am__append_91) $(am__append_93) \
- $(am__append_95) $(am__append_97) $(am__append_99) \
- $(am__append_101) $(am__append_103) $(am__append_105) \
- $(am__append_107) $(am__append_109) $(am__append_111) \
- $(am__append_113) $(am__append_115) $(am__append_117) \
- $(am__append_119) $(am__append_121) $(am__append_123)
+libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \
+ $(RTLIB) $(BFDLIB) $(UNWINDLIB) $(am__append_2) \
+ $(am__append_4) $(am__append_5) $(am__append_13) \
+ $(am__append_15) $(am__append_17) $(am__append_19) \
+ $(am__append_21) $(am__append_23) $(am__append_25) \
+ $(am__append_27) $(am__append_29) $(am__append_31) \
+ $(am__append_33) $(am__append_35) $(am__append_37) \
+ $(am__append_39) $(am__append_41) $(am__append_43) \
+ $(am__append_45) $(am__append_47) $(am__append_49) \
+ $(am__append_51) $(am__append_53) $(am__append_55) \
+ $(am__append_57) $(am__append_59) $(am__append_61) \
+ $(am__append_63) $(am__append_65) $(am__append_67) \
+ $(am__append_69) $(am__append_71) $(am__append_73) \
+ $(am__append_75) $(am__append_77) $(am__append_79) \
+ $(am__append_81) $(am__append_83) $(am__append_85) \
+ $(am__append_87) $(am__append_89) $(am__append_91) \
+ $(am__append_93) $(am__append_95) $(am__append_97) \
+ $(am__append_99) $(am__append_101) $(am__append_103) \
+ $(am__append_105) $(am__append_107) $(am__append_109) \
+ $(am__append_111) $(am__append_113) $(am__append_115) \
+ $(am__append_117) $(am__append_119) $(am__append_121) \
+ $(am__append_123)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \
-DPLUGINDIR=\"${plugindir}\" \
@@ -1124,7 +1140,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -2322,6 +2337,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \
uninstall-ipseclibLTLIBRARIES \
uninstall-nobase_strongswan_includeHEADERS
+.PRECIOUS: Makefile
+
library.lo : $(top_builddir)/config.status
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 628bb99..2ee414a 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -592,15 +592,15 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c
/*
* Described in header
*/
-u_int64_t asn1_parse_integer_uint64(chunk_t blob)
+uint64_t asn1_parse_integer_uint64(chunk_t blob)
{
- u_int64_t val = 0;
+ uint64_t val = 0;
int i;
for (i = 0; i < blob.len; i++)
{ /* if it is longer than 8 bytes, we just use the 8 LSBs */
val <<= 8;
- val |= (u_int64_t)blob.ptr[i];
+ val |= (uint64_t)blob.ptr[i];
}
return val;
}
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index 8ac0056..f0b3e17 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -172,13 +172,13 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level0,
const char* name);
/**
- * Converts an ASN.1 INTEGER object to an u_int64_t. If the INTEGER is longer
+ * Converts an ASN.1 INTEGER object to an uint64_t. If the INTEGER is longer
* than 8 bytes only the 8 LSBs are returned.
*
* @param blob body of an ASN.1 coded integer object
* @return converted integer
*/
-u_int64_t asn1_parse_integer_uint64(chunk_t blob);
+uint64_t asn1_parse_integer_uint64(chunk_t blob);
/**
* Print the value of an ASN.1 simple object
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index ed953d4..c23746e 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -28,8 +28,8 @@ const oid_t oid_names[] = {
{ 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */
{ 0x01, 17, 0, 9, "UID" }, /* 16 */
{ 0x19, 0, 0, 9, "DC" }, /* 17 */
- {0x55, 66, 1, 0, "X.500" }, /* 18 */
- { 0x04, 38, 1, 1, "X.509" }, /* 19 */
+ {0x55, 67, 1, 0, "X.500" }, /* 18 */
+ { 0x04, 39, 1, 1, "X.509" }, /* 19 */
{ 0x03, 21, 0, 2, "CN" }, /* 20 */
{ 0x04, 22, 0, 2, "S" }, /* 21 */
{ 0x05, 23, 0, 2, "SN" }, /* 22 */
@@ -46,447 +46,448 @@ const oid_t oid_names[] = {
{ 0x2B, 34, 0, 2, "I" }, /* 33 */
{ 0x2D, 35, 0, 2, "ID" }, /* 34 */
{ 0x2E, 36, 0, 2, "dnQualifier" }, /* 35 */
- { 0x41, 37, 0, 2, "pseudonym" }, /* 36 */
- { 0x48, 0, 0, 2, "role" }, /* 37 */
- { 0x1D, 0, 1, 1, "id-ce" }, /* 38 */
- { 0x09, 40, 0, 2, "subjectDirectoryAttrs" }, /* 39 */
- { 0x0E, 41, 0, 2, "subjectKeyIdentifier" }, /* 40 */
- { 0x0F, 42, 0, 2, "keyUsage" }, /* 41 */
- { 0x10, 43, 0, 2, "privateKeyUsagePeriod" }, /* 42 */
- { 0x11, 44, 0, 2, "subjectAltName" }, /* 43 */
- { 0x12, 45, 0, 2, "issuerAltName" }, /* 44 */
- { 0x13, 46, 0, 2, "basicConstraints" }, /* 45 */
- { 0x14, 47, 0, 2, "crlNumber" }, /* 46 */
- { 0x15, 48, 0, 2, "reasonCode" }, /* 47 */
- { 0x17, 49, 0, 2, "holdInstructionCode" }, /* 48 */
- { 0x18, 50, 0, 2, "invalidityDate" }, /* 49 */
- { 0x1B, 51, 0, 2, "deltaCrlIndicator" }, /* 50 */
- { 0x1C, 52, 0, 2, "issuingDistributionPoint" }, /* 51 */
- { 0x1D, 53, 0, 2, "certificateIssuer" }, /* 52 */
- { 0x1E, 54, 0, 2, "nameConstraints" }, /* 53 */
- { 0x1F, 55, 0, 2, "crlDistributionPoints" }, /* 54 */
- { 0x20, 57, 1, 2, "certificatePolicies" }, /* 55 */
- { 0x00, 0, 0, 3, "anyPolicy" }, /* 56 */
- { 0x21, 58, 0, 2, "policyMappings" }, /* 57 */
- { 0x23, 59, 0, 2, "authorityKeyIdentifier" }, /* 58 */
- { 0x24, 60, 0, 2, "policyConstraints" }, /* 59 */
- { 0x25, 62, 1, 2, "extendedKeyUsage" }, /* 60 */
- { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 61 */
- { 0x2E, 63, 0, 2, "freshestCRL" }, /* 62 */
- { 0x36, 64, 0, 2, "inhibitAnyPolicy" }, /* 63 */
- { 0x37, 65, 0, 2, "targetInformation" }, /* 64 */
- { 0x38, 0, 0, 2, "noRevAvail" }, /* 65 */
- {0x2A, 190, 1, 0, "" }, /* 66 */
- { 0x83, 79, 1, 1, "" }, /* 67 */
- { 0x08, 0, 1, 2, "jp" }, /* 68 */
- { 0x8C, 0, 1, 3, "" }, /* 69 */
- { 0x9A, 0, 1, 4, "" }, /* 70 */
- { 0x4B, 0, 1, 5, "" }, /* 71 */
- { 0x3D, 0, 1, 6, "" }, /* 72 */
- { 0x01, 0, 1, 7, "security" }, /* 73 */
- { 0x01, 0, 1, 8, "algorithm" }, /* 74 */
- { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 75 */
- { 0x02, 77, 0, 10, "camellia128-cbc" }, /* 76 */
- { 0x03, 78, 0, 10, "camellia192-cbc" }, /* 77 */
- { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 78 */
- { 0x86, 0, 1, 1, "" }, /* 79 */
- { 0x48, 0, 1, 2, "us" }, /* 80 */
- { 0x86, 149, 1, 3, "" }, /* 81 */
- { 0xF6, 87, 1, 4, "" }, /* 82 */
- { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 83 */
- { 0x07, 0, 1, 6, "Entrust" }, /* 84 */
- { 0x41, 0, 1, 7, "nsn-ce" }, /* 85 */
- { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 86 */
- { 0xF7, 0, 1, 4, "" }, /* 87 */
- { 0x0D, 0, 1, 5, "RSADSI" }, /* 88 */
- { 0x01, 144, 1, 6, "PKCS" }, /* 89 */
- { 0x01, 102, 1, 7, "PKCS-1" }, /* 90 */
- { 0x01, 92, 0, 8, "rsaEncryption" }, /* 91 */
- { 0x02, 93, 0, 8, "md2WithRSAEncryption" }, /* 92 */
- { 0x04, 94, 0, 8, "md5WithRSAEncryption" }, /* 93 */
- { 0x05, 95, 0, 8, "sha-1WithRSAEncryption" }, /* 94 */
- { 0x07, 96, 0, 8, "id-RSAES-OAEP" }, /* 95 */
- { 0x08, 97, 0, 8, "id-mgf1" }, /* 96 */
- { 0x09, 98, 0, 8, "id-pSpecified" }, /* 97 */
- { 0x0B, 99, 0, 8, "sha256WithRSAEncryption" }, /* 98 */
- { 0x0C, 100, 0, 8, "sha384WithRSAEncryption" }, /* 99 */
- { 0x0D, 101, 0, 8, "sha512WithRSAEncryption" }, /* 100 */
- { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 101 */
- { 0x05, 107, 1, 7, "PKCS-5" }, /* 102 */
- { 0x03, 104, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 103 */
- { 0x0A, 105, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 104 */
- { 0x0C, 106, 0, 8, "id-PBKDF2" }, /* 105 */
- { 0x0D, 0, 0, 8, "id-PBES2" }, /* 106 */
- { 0x07, 114, 1, 7, "PKCS-7" }, /* 107 */
- { 0x01, 109, 0, 8, "data" }, /* 108 */
- { 0x02, 110, 0, 8, "signedData" }, /* 109 */
- { 0x03, 111, 0, 8, "envelopedData" }, /* 110 */
- { 0x04, 112, 0, 8, "signedAndEnvelopedData" }, /* 111 */
- { 0x05, 113, 0, 8, "digestedData" }, /* 112 */
- { 0x06, 0, 0, 8, "encryptedData" }, /* 113 */
- { 0x09, 128, 1, 7, "PKCS-9" }, /* 114 */
- { 0x01, 116, 0, 8, "E" }, /* 115 */
- { 0x02, 117, 0, 8, "unstructuredName" }, /* 116 */
- { 0x03, 118, 0, 8, "contentType" }, /* 117 */
- { 0x04, 119, 0, 8, "messageDigest" }, /* 118 */
- { 0x05, 120, 0, 8, "signingTime" }, /* 119 */
- { 0x06, 121, 0, 8, "counterSignature" }, /* 120 */
- { 0x07, 122, 0, 8, "challengePassword" }, /* 121 */
- { 0x08, 123, 0, 8, "unstructuredAddress" }, /* 122 */
- { 0x0E, 124, 0, 8, "extensionRequest" }, /* 123 */
- { 0x0F, 125, 0, 8, "S/MIME Capabilities" }, /* 124 */
- { 0x16, 0, 1, 8, "certTypes" }, /* 125 */
- { 0x01, 127, 0, 9, "X.509" }, /* 126 */
- { 0x02, 0, 0, 9, "SDSI" }, /* 127 */
- { 0x0c, 0, 1, 7, "PKCS-12" }, /* 128 */
- { 0x01, 136, 1, 8, "pbeIds" }, /* 129 */
- { 0x01, 131, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 130 */
- { 0x02, 132, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 131 */
- { 0x03, 133, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 132 */
- { 0x04, 134, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 133 */
- { 0x05, 135, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 134 */
- { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 135 */
- { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 136 */
- { 0x01, 0, 1, 9, "bagIds" }, /* 137 */
- { 0x01, 139, 0, 10, "keyBag" }, /* 138 */
- { 0x02, 140, 0, 10, "pkcs8ShroudedKeyBag" }, /* 139 */
- { 0x03, 141, 0, 10, "certBag" }, /* 140 */
- { 0x04, 142, 0, 10, "crlBag" }, /* 141 */
- { 0x05, 143, 0, 10, "secretBag" }, /* 142 */
- { 0x06, 0, 0, 10, "safeContentsBag" }, /* 143 */
- { 0x02, 147, 1, 6, "digestAlgorithm" }, /* 144 */
- { 0x02, 146, 0, 7, "md2" }, /* 145 */
- { 0x05, 0, 0, 7, "md5" }, /* 146 */
- { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 147 */
- { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 148 */
- { 0xCE, 0, 1, 3, "" }, /* 149 */
- { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 150 */
- { 0x02, 153, 1, 5, "id-publicKeyType" }, /* 151 */
- { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 152 */
- { 0x03, 183, 1, 5, "ellipticCurve" }, /* 153 */
- { 0x00, 175, 1, 6, "c-TwoCurve" }, /* 154 */
- { 0x01, 156, 0, 7, "c2pnb163v1" }, /* 155 */
- { 0x02, 157, 0, 7, "c2pnb163v2" }, /* 156 */
- { 0x03, 158, 0, 7, "c2pnb163v3" }, /* 157 */
- { 0x04, 159, 0, 7, "c2pnb176w1" }, /* 158 */
- { 0x05, 160, 0, 7, "c2tnb191v1" }, /* 159 */
- { 0x06, 161, 0, 7, "c2tnb191v2" }, /* 160 */
- { 0x07, 162, 0, 7, "c2tnb191v3" }, /* 161 */
- { 0x08, 163, 0, 7, "c2onb191v4" }, /* 162 */
- { 0x09, 164, 0, 7, "c2onb191v5" }, /* 163 */
- { 0x0A, 165, 0, 7, "c2pnb208w1" }, /* 164 */
- { 0x0B, 166, 0, 7, "c2tnb239v1" }, /* 165 */
- { 0x0C, 167, 0, 7, "c2tnb239v2" }, /* 166 */
- { 0x0D, 168, 0, 7, "c2tnb239v3" }, /* 167 */
- { 0x0E, 169, 0, 7, "c2onb239v4" }, /* 168 */
- { 0x0F, 170, 0, 7, "c2onb239v5" }, /* 169 */
- { 0x10, 171, 0, 7, "c2pnb272w1" }, /* 170 */
- { 0x11, 172, 0, 7, "c2pnb304w1" }, /* 171 */
- { 0x12, 173, 0, 7, "c2tnb359v1" }, /* 172 */
- { 0x13, 174, 0, 7, "c2pnb368w1" }, /* 173 */
- { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 174 */
- { 0x01, 0, 1, 6, "primeCurve" }, /* 175 */
- { 0x01, 177, 0, 7, "prime192v1" }, /* 176 */
- { 0x02, 178, 0, 7, "prime192v2" }, /* 177 */
- { 0x03, 179, 0, 7, "prime192v3" }, /* 178 */
- { 0x04, 180, 0, 7, "prime239v1" }, /* 179 */
- { 0x05, 181, 0, 7, "prime239v2" }, /* 180 */
- { 0x06, 182, 0, 7, "prime239v3" }, /* 181 */
- { 0x07, 0, 0, 7, "prime256v1" }, /* 182 */
- { 0x04, 0, 1, 5, "id-ecSigType" }, /* 183 */
- { 0x01, 185, 0, 6, "ecdsa-with-SHA1" }, /* 184 */
- { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 185 */
- { 0x01, 187, 0, 7, "ecdsa-with-SHA224" }, /* 186 */
- { 0x02, 188, 0, 7, "ecdsa-with-SHA256" }, /* 187 */
- { 0x03, 189, 0, 7, "ecdsa-with-SHA384" }, /* 188 */
- { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 189 */
- {0x2B, 417, 1, 0, "" }, /* 190 */
- { 0x06, 331, 1, 1, "dod" }, /* 191 */
- { 0x01, 0, 1, 2, "internet" }, /* 192 */
- { 0x04, 282, 1, 3, "private" }, /* 193 */
- { 0x01, 0, 1, 4, "enterprise" }, /* 194 */
- { 0x82, 232, 1, 5, "" }, /* 195 */
- { 0x37, 208, 1, 6, "Microsoft" }, /* 196 */
- { 0x0A, 201, 1, 7, "" }, /* 197 */
- { 0x03, 0, 1, 8, "" }, /* 198 */
- { 0x03, 200, 0, 9, "msSGC" }, /* 199 */
- { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 200 */
- { 0x14, 205, 1, 7, "msEnrollmentInfrastructure" }, /* 201 */
- { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 202 */
- { 0x02, 204, 0, 9, "msSmartcardLogon" }, /* 203 */
- { 0x03, 0, 0, 9, "msUPN" }, /* 204 */
- { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 205 */
- { 0x07, 207, 0, 8, "msCertTemplate" }, /* 206 */
- { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 207 */
- { 0xA0, 0, 1, 6, "" }, /* 208 */
- { 0x2A, 0, 1, 7, "ITA" }, /* 209 */
- { 0x01, 211, 0, 8, "strongSwan" }, /* 210 */
- { 0x02, 212, 0, 8, "cps" }, /* 211 */
- { 0x03, 213, 0, 8, "e-voting" }, /* 212 */
- { 0x05, 0, 1, 8, "BLISS" }, /* 213 */
- { 0x01, 216, 1, 9, "keyType" }, /* 214 */
- { 0x01, 0, 0, 10, "blissPublicKey" }, /* 215 */
- { 0x02, 225, 1, 9, "parameters" }, /* 216 */
- { 0x01, 218, 0, 10, "BLISS-I" }, /* 217 */
- { 0x02, 219, 0, 10, "BLISS-II" }, /* 218 */
- { 0x03, 220, 0, 10, "BLISS-III" }, /* 219 */
- { 0x04, 221, 0, 10, "BLISS-IV" }, /* 220 */
- { 0x05, 222, 0, 10, "BLISS-B-I" }, /* 221 */
- { 0x06, 223, 0, 10, "BLISS-B-II" }, /* 222 */
- { 0x07, 224, 0, 10, "BLISS-B-III" }, /* 223 */
- { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 224 */
- { 0x03, 0, 1, 9, "blissSigType" }, /* 225 */
- { 0x01, 227, 0, 10, "BLISS-with-SHA2-512" }, /* 226 */
- { 0x02, 228, 0, 10, "BLISS-with-SHA2-384" }, /* 227 */
- { 0x03, 229, 0, 10, "BLISS-with-SHA2-256" }, /* 228 */
- { 0x04, 230, 0, 10, "BLISS-with-SHA3-512" }, /* 229 */
- { 0x05, 231, 0, 10, "BLISS-with-SHA3-384" }, /* 230 */
- { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 231 */
- { 0x89, 239, 1, 5, "" }, /* 232 */
- { 0x31, 0, 1, 6, "" }, /* 233 */
- { 0x01, 0, 1, 7, "" }, /* 234 */
- { 0x01, 0, 1, 8, "" }, /* 235 */
- { 0x02, 0, 1, 9, "" }, /* 236 */
- { 0x02, 0, 1, 10, "" }, /* 237 */
- { 0x4B, 0, 0, 11, "TCGID" }, /* 238 */
- { 0x97, 243, 1, 5, "" }, /* 239 */
- { 0x55, 0, 1, 6, "" }, /* 240 */
- { 0x01, 0, 1, 7, "" }, /* 241 */
- { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 242 */
- { 0xC1, 0, 1, 5, "" }, /* 243 */
- { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 244 */
- { 0x01, 0, 1, 7, "eess" }, /* 245 */
- { 0x01, 0, 1, 8, "eess1" }, /* 246 */
- { 0x01, 251, 1, 9, "eess1-algs" }, /* 247 */
- { 0x01, 249, 0, 10, "ntru-EESS1v1-SVES" }, /* 248 */
- { 0x02, 250, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 249 */
- { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 250 */
- { 0x02, 281, 1, 9, "eess1-params" }, /* 251 */
- { 0x01, 253, 0, 10, "ees251ep1" }, /* 252 */
- { 0x02, 254, 0, 10, "ees347ep1" }, /* 253 */
- { 0x03, 255, 0, 10, "ees503ep1" }, /* 254 */
- { 0x07, 256, 0, 10, "ees251sp2" }, /* 255 */
- { 0x0C, 257, 0, 10, "ees251ep4" }, /* 256 */
- { 0x0D, 258, 0, 10, "ees251ep5" }, /* 257 */
- { 0x0E, 259, 0, 10, "ees251sp3" }, /* 258 */
- { 0x0F, 260, 0, 10, "ees251sp4" }, /* 259 */
- { 0x10, 261, 0, 10, "ees251sp5" }, /* 260 */
- { 0x11, 262, 0, 10, "ees251sp6" }, /* 261 */
- { 0x12, 263, 0, 10, "ees251sp7" }, /* 262 */
- { 0x13, 264, 0, 10, "ees251sp8" }, /* 263 */
- { 0x14, 265, 0, 10, "ees251sp9" }, /* 264 */
- { 0x22, 266, 0, 10, "ees401ep1" }, /* 265 */
- { 0x23, 267, 0, 10, "ees449ep1" }, /* 266 */
- { 0x24, 268, 0, 10, "ees677ep1" }, /* 267 */
- { 0x25, 269, 0, 10, "ees1087ep2" }, /* 268 */
- { 0x26, 270, 0, 10, "ees541ep1" }, /* 269 */
- { 0x27, 271, 0, 10, "ees613ep1" }, /* 270 */
- { 0x28, 272, 0, 10, "ees887ep1" }, /* 271 */
- { 0x29, 273, 0, 10, "ees1171ep1" }, /* 272 */
- { 0x2A, 274, 0, 10, "ees659ep1" }, /* 273 */
- { 0x2B, 275, 0, 10, "ees761ep1" }, /* 274 */
- { 0x2C, 276, 0, 10, "ees1087ep1" }, /* 275 */
- { 0x2D, 277, 0, 10, "ees1499ep1" }, /* 276 */
- { 0x2E, 278, 0, 10, "ees401ep2" }, /* 277 */
- { 0x2F, 279, 0, 10, "ees439ep1" }, /* 278 */
- { 0x30, 280, 0, 10, "ees593ep1" }, /* 279 */
- { 0x31, 0, 0, 10, "ees743ep1" }, /* 280 */
- { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 281 */
- { 0x05, 0, 1, 3, "security" }, /* 282 */
- { 0x05, 0, 1, 4, "mechanisms" }, /* 283 */
- { 0x07, 328, 1, 5, "id-pkix" }, /* 284 */
- { 0x01, 289, 1, 6, "id-pe" }, /* 285 */
- { 0x01, 287, 0, 7, "authorityInfoAccess" }, /* 286 */
- { 0x03, 288, 0, 7, "qcStatements" }, /* 287 */
- { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 288 */
- { 0x02, 292, 1, 6, "id-qt" }, /* 289 */
- { 0x01, 291, 0, 7, "cps" }, /* 290 */
- { 0x02, 0, 0, 7, "unotice" }, /* 291 */
- { 0x03, 302, 1, 6, "id-kp" }, /* 292 */
- { 0x01, 294, 0, 7, "serverAuth" }, /* 293 */
- { 0x02, 295, 0, 7, "clientAuth" }, /* 294 */
- { 0x03, 296, 0, 7, "codeSigning" }, /* 295 */
- { 0x04, 297, 0, 7, "emailProtection" }, /* 296 */
- { 0x05, 298, 0, 7, "ipsecEndSystem" }, /* 297 */
- { 0x06, 299, 0, 7, "ipsecTunnel" }, /* 298 */
- { 0x07, 300, 0, 7, "ipsecUser" }, /* 299 */
- { 0x08, 301, 0, 7, "timeStamping" }, /* 300 */
- { 0x09, 0, 0, 7, "ocspSigning" }, /* 301 */
- { 0x08, 310, 1, 6, "id-otherNames" }, /* 302 */
- { 0x01, 304, 0, 7, "personalData" }, /* 303 */
- { 0x02, 305, 0, 7, "userGroup" }, /* 304 */
- { 0x03, 306, 0, 7, "id-on-permanentIdentifier" }, /* 305 */
- { 0x04, 307, 0, 7, "id-on-hardwareModuleName" }, /* 306 */
- { 0x05, 308, 0, 7, "xmppAddr" }, /* 307 */
- { 0x06, 309, 0, 7, "id-on-SIM" }, /* 308 */
- { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 309 */
- { 0x0A, 315, 1, 6, "id-aca" }, /* 310 */
- { 0x01, 312, 0, 7, "authenticationInfo" }, /* 311 */
- { 0x02, 313, 0, 7, "accessIdentity" }, /* 312 */
- { 0x03, 314, 0, 7, "chargingIdentity" }, /* 313 */
- { 0x04, 0, 0, 7, "group" }, /* 314 */
- { 0x0B, 316, 0, 6, "subjectInfoAccess" }, /* 315 */
- { 0x30, 0, 1, 6, "id-ad" }, /* 316 */
- { 0x01, 325, 1, 7, "ocsp" }, /* 317 */
- { 0x01, 319, 0, 8, "basic" }, /* 318 */
- { 0x02, 320, 0, 8, "nonce" }, /* 319 */
- { 0x03, 321, 0, 8, "crl" }, /* 320 */
- { 0x04, 322, 0, 8, "response" }, /* 321 */
- { 0x05, 323, 0, 8, "noCheck" }, /* 322 */
- { 0x06, 324, 0, 8, "archiveCutoff" }, /* 323 */
- { 0x07, 0, 0, 8, "serviceLocator" }, /* 324 */
- { 0x02, 326, 0, 7, "caIssuers" }, /* 325 */
- { 0x03, 327, 0, 7, "timeStamping" }, /* 326 */
- { 0x05, 0, 0, 7, "caRepository" }, /* 327 */
- { 0x08, 0, 1, 5, "ipsec" }, /* 328 */
- { 0x02, 0, 1, 6, "certificate" }, /* 329 */
- { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 330 */
- { 0x0E, 337, 1, 1, "oiw" }, /* 331 */
- { 0x03, 0, 1, 2, "secsig" }, /* 332 */
- { 0x02, 0, 1, 3, "algorithms" }, /* 333 */
- { 0x07, 335, 0, 4, "des-cbc" }, /* 334 */
- { 0x1A, 336, 0, 4, "sha-1" }, /* 335 */
- { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 336 */
- { 0x24, 383, 1, 1, "TeleTrusT" }, /* 337 */
- { 0x03, 0, 1, 2, "algorithm" }, /* 338 */
- { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 339 */
- { 0x01, 344, 1, 4, "rsaSignature" }, /* 340 */
- { 0x02, 342, 0, 5, "rsaSigWithripemd160" }, /* 341 */
- { 0x03, 343, 0, 5, "rsaSigWithripemd128" }, /* 342 */
- { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 343 */
- { 0x02, 0, 1, 4, "ecSign" }, /* 344 */
- { 0x01, 346, 0, 5, "ecSignWithsha1" }, /* 345 */
- { 0x02, 347, 0, 5, "ecSignWithripemd160" }, /* 346 */
- { 0x03, 348, 0, 5, "ecSignWithmd2" }, /* 347 */
- { 0x04, 349, 0, 5, "ecSignWithmd5" }, /* 348 */
- { 0x05, 366, 1, 5, "ttt-ecg" }, /* 349 */
- { 0x01, 354, 1, 6, "fieldType" }, /* 350 */
- { 0x01, 0, 1, 7, "characteristictwoField" }, /* 351 */
- { 0x01, 0, 1, 8, "basisType" }, /* 352 */
- { 0x01, 0, 0, 9, "ipBasis" }, /* 353 */
- { 0x02, 356, 1, 6, "keyType" }, /* 354 */
- { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 355 */
- { 0x03, 357, 0, 6, "curve" }, /* 356 */
- { 0x04, 364, 1, 6, "signatures" }, /* 357 */
- { 0x01, 359, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 358 */
- { 0x02, 360, 0, 7, "ecgdsa-with-SHA1" }, /* 359 */
- { 0x03, 361, 0, 7, "ecgdsa-with-SHA224" }, /* 360 */
- { 0x04, 362, 0, 7, "ecgdsa-with-SHA256" }, /* 361 */
- { 0x05, 363, 0, 7, "ecgdsa-with-SHA384" }, /* 362 */
- { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 363 */
- { 0x05, 0, 1, 6, "module" }, /* 364 */
- { 0x01, 0, 0, 7, "1" }, /* 365 */
- { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 366 */
- { 0x01, 0, 1, 6, "ellipticCurve" }, /* 367 */
- { 0x01, 0, 1, 7, "versionOne" }, /* 368 */
- { 0x01, 370, 0, 8, "brainpoolP160r1" }, /* 369 */
- { 0x02, 371, 0, 8, "brainpoolP160t1" }, /* 370 */
- { 0x03, 372, 0, 8, "brainpoolP192r1" }, /* 371 */
- { 0x04, 373, 0, 8, "brainpoolP192t1" }, /* 372 */
- { 0x05, 374, 0, 8, "brainpoolP224r1" }, /* 373 */
- { 0x06, 375, 0, 8, "brainpoolP224t1" }, /* 374 */
- { 0x07, 376, 0, 8, "brainpoolP256r1" }, /* 375 */
- { 0x08, 377, 0, 8, "brainpoolP256t1" }, /* 376 */
- { 0x09, 378, 0, 8, "brainpoolP320r1" }, /* 377 */
- { 0x0A, 379, 0, 8, "brainpoolP320t1" }, /* 378 */
- { 0x0B, 380, 0, 8, "brainpoolP384r1" }, /* 379 */
- { 0x0C, 381, 0, 8, "brainpoolP384t1" }, /* 380 */
- { 0x0D, 382, 0, 8, "brainpoolP512r1" }, /* 381 */
- { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 382 */
- { 0x81, 0, 1, 1, "" }, /* 383 */
- { 0x04, 0, 1, 2, "Certicom" }, /* 384 */
- { 0x00, 0, 1, 3, "curve" }, /* 385 */
- { 0x01, 387, 0, 4, "sect163k1" }, /* 386 */
- { 0x02, 388, 0, 4, "sect163r1" }, /* 387 */
- { 0x03, 389, 0, 4, "sect239k1" }, /* 388 */
- { 0x04, 390, 0, 4, "sect113r1" }, /* 389 */
- { 0x05, 391, 0, 4, "sect113r2" }, /* 390 */
- { 0x06, 392, 0, 4, "secp112r1" }, /* 391 */
- { 0x07, 393, 0, 4, "secp112r2" }, /* 392 */
- { 0x08, 394, 0, 4, "secp160r1" }, /* 393 */
- { 0x09, 395, 0, 4, "secp160k1" }, /* 394 */
- { 0x0A, 396, 0, 4, "secp256k1" }, /* 395 */
- { 0x0F, 397, 0, 4, "sect163r2" }, /* 396 */
- { 0x10, 398, 0, 4, "sect283k1" }, /* 397 */
- { 0x11, 399, 0, 4, "sect283r1" }, /* 398 */
- { 0x16, 400, 0, 4, "sect131r1" }, /* 399 */
- { 0x17, 401, 0, 4, "sect131r2" }, /* 400 */
- { 0x18, 402, 0, 4, "sect193r1" }, /* 401 */
- { 0x19, 403, 0, 4, "sect193r2" }, /* 402 */
- { 0x1A, 404, 0, 4, "sect233k1" }, /* 403 */
- { 0x1B, 405, 0, 4, "sect233r1" }, /* 404 */
- { 0x1C, 406, 0, 4, "secp128r1" }, /* 405 */
- { 0x1D, 407, 0, 4, "secp128r2" }, /* 406 */
- { 0x1E, 408, 0, 4, "secp160r2" }, /* 407 */
- { 0x1F, 409, 0, 4, "secp192k1" }, /* 408 */
- { 0x20, 410, 0, 4, "secp224k1" }, /* 409 */
- { 0x21, 411, 0, 4, "secp224r1" }, /* 410 */
- { 0x22, 412, 0, 4, "secp384r1" }, /* 411 */
- { 0x23, 413, 0, 4, "secp521r1" }, /* 412 */
- { 0x24, 414, 0, 4, "sect409k1" }, /* 413 */
- { 0x25, 415, 0, 4, "sect409r1" }, /* 414 */
- { 0x26, 416, 0, 4, "sect571k1" }, /* 415 */
- { 0x27, 0, 0, 4, "sect571r1" }, /* 416 */
- {0x60, 471, 1, 0, "" }, /* 417 */
- { 0x86, 0, 1, 1, "" }, /* 418 */
- { 0x48, 0, 1, 2, "" }, /* 419 */
- { 0x01, 0, 1, 3, "organization" }, /* 420 */
- { 0x65, 447, 1, 4, "gov" }, /* 421 */
- { 0x03, 0, 1, 5, "csor" }, /* 422 */
- { 0x04, 0, 1, 6, "nistalgorithm" }, /* 423 */
- { 0x01, 434, 1, 7, "aes" }, /* 424 */
- { 0x02, 426, 0, 8, "id-aes128-CBC" }, /* 425 */
- { 0x06, 427, 0, 8, "id-aes128-GCM" }, /* 426 */
- { 0x07, 428, 0, 8, "id-aes128-CCM" }, /* 427 */
- { 0x16, 429, 0, 8, "id-aes192-CBC" }, /* 428 */
- { 0x1A, 430, 0, 8, "id-aes192-GCM" }, /* 429 */
- { 0x1B, 431, 0, 8, "id-aes192-CCM" }, /* 430 */
- { 0x2A, 432, 0, 8, "id-aes256-CBC" }, /* 431 */
- { 0x2E, 433, 0, 8, "id-aes256-GCM" }, /* 432 */
- { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 433 */
- { 0x02, 0, 1, 7, "hashalgs" }, /* 434 */
- { 0x01, 436, 0, 8, "id-sha256" }, /* 435 */
- { 0x02, 437, 0, 8, "id-sha384" }, /* 436 */
- { 0x03, 438, 0, 8, "id-sha512" }, /* 437 */
- { 0x04, 439, 0, 8, "id-sha224" }, /* 438 */
- { 0x05, 440, 0, 8, "id-sha512-224" }, /* 439 */
- { 0x06, 441, 0, 8, "id-sha512-256" }, /* 440 */
- { 0x07, 442, 0, 8, "id-sha3-224" }, /* 441 */
- { 0x08, 443, 0, 8, "id-sha3-256" }, /* 442 */
- { 0x09, 444, 0, 8, "id-sha3-384" }, /* 443 */
- { 0x0A, 445, 0, 8, "id-sha3-512" }, /* 444 */
- { 0x0B, 446, 0, 8, "id-shake128" }, /* 445 */
- { 0x0C, 0, 0, 8, "id-shake256" }, /* 446 */
- { 0x86, 0, 1, 4, "" }, /* 447 */
- { 0xf8, 0, 1, 5, "" }, /* 448 */
- { 0x42, 461, 1, 6, "netscape" }, /* 449 */
- { 0x01, 456, 1, 7, "" }, /* 450 */
- { 0x01, 452, 0, 8, "nsCertType" }, /* 451 */
- { 0x03, 453, 0, 8, "nsRevocationUrl" }, /* 452 */
- { 0x04, 454, 0, 8, "nsCaRevocationUrl" }, /* 453 */
- { 0x08, 455, 0, 8, "nsCaPolicyUrl" }, /* 454 */
- { 0x0d, 0, 0, 8, "nsComment" }, /* 455 */
- { 0x03, 459, 1, 7, "directory" }, /* 456 */
- { 0x01, 0, 1, 8, "" }, /* 457 */
- { 0x03, 0, 0, 9, "employeeNumber" }, /* 458 */
- { 0x04, 0, 1, 7, "policy" }, /* 459 */
- { 0x01, 0, 0, 8, "nsSGC" }, /* 460 */
- { 0x45, 0, 1, 6, "verisign" }, /* 461 */
- { 0x01, 0, 1, 7, "pki" }, /* 462 */
- { 0x09, 0, 1, 8, "attributes" }, /* 463 */
- { 0x02, 465, 0, 9, "messageType" }, /* 464 */
- { 0x03, 466, 0, 9, "pkiStatus" }, /* 465 */
- { 0x04, 467, 0, 9, "failInfo" }, /* 466 */
- { 0x05, 468, 0, 9, "senderNonce" }, /* 467 */
- { 0x06, 469, 0, 9, "recipientNonce" }, /* 468 */
- { 0x07, 470, 0, 9, "transID" }, /* 469 */
- { 0x08, 0, 0, 9, "extensionReq" }, /* 470 */
- {0x67, 0, 1, 0, "" }, /* 471 */
- { 0x81, 0, 1, 1, "" }, /* 472 */
- { 0x05, 0, 1, 2, "" }, /* 473 */
- { 0x02, 0, 1, 3, "tcg-attribute" }, /* 474 */
- { 0x01, 476, 0, 4, "tcg-at-tpmManufacturer" }, /* 475 */
- { 0x02, 477, 0, 4, "tcg-at-tpmModel" }, /* 476 */
- { 0x03, 478, 0, 4, "tcg-at-tpmVersion" }, /* 477 */
- { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 478 */
+ { 0x36, 37, 0, 2, "dmdName" }, /* 36 */
+ { 0x41, 38, 0, 2, "pseudonym" }, /* 37 */
+ { 0x48, 0, 0, 2, "role" }, /* 38 */
+ { 0x1D, 0, 1, 1, "id-ce" }, /* 39 */
+ { 0x09, 41, 0, 2, "subjectDirectoryAttrs" }, /* 40 */
+ { 0x0E, 42, 0, 2, "subjectKeyIdentifier" }, /* 41 */
+ { 0x0F, 43, 0, 2, "keyUsage" }, /* 42 */
+ { 0x10, 44, 0, 2, "privateKeyUsagePeriod" }, /* 43 */
+ { 0x11, 45, 0, 2, "subjectAltName" }, /* 44 */
+ { 0x12, 46, 0, 2, "issuerAltName" }, /* 45 */
+ { 0x13, 47, 0, 2, "basicConstraints" }, /* 46 */
+ { 0x14, 48, 0, 2, "crlNumber" }, /* 47 */
+ { 0x15, 49, 0, 2, "reasonCode" }, /* 48 */
+ { 0x17, 50, 0, 2, "holdInstructionCode" }, /* 49 */
+ { 0x18, 51, 0, 2, "invalidityDate" }, /* 50 */
+ { 0x1B, 52, 0, 2, "deltaCrlIndicator" }, /* 51 */
+ { 0x1C, 53, 0, 2, "issuingDistributionPoint" }, /* 52 */
+ { 0x1D, 54, 0, 2, "certificateIssuer" }, /* 53 */
+ { 0x1E, 55, 0, 2, "nameConstraints" }, /* 54 */
+ { 0x1F, 56, 0, 2, "crlDistributionPoints" }, /* 55 */
+ { 0x20, 58, 1, 2, "certificatePolicies" }, /* 56 */
+ { 0x00, 0, 0, 3, "anyPolicy" }, /* 57 */
+ { 0x21, 59, 0, 2, "policyMappings" }, /* 58 */
+ { 0x23, 60, 0, 2, "authorityKeyIdentifier" }, /* 59 */
+ { 0x24, 61, 0, 2, "policyConstraints" }, /* 60 */
+ { 0x25, 63, 1, 2, "extendedKeyUsage" }, /* 61 */
+ { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 62 */
+ { 0x2E, 64, 0, 2, "freshestCRL" }, /* 63 */
+ { 0x36, 65, 0, 2, "inhibitAnyPolicy" }, /* 64 */
+ { 0x37, 66, 0, 2, "targetInformation" }, /* 65 */
+ { 0x38, 0, 0, 2, "noRevAvail" }, /* 66 */
+ {0x2A, 191, 1, 0, "" }, /* 67 */
+ { 0x83, 80, 1, 1, "" }, /* 68 */
+ { 0x08, 0, 1, 2, "jp" }, /* 69 */
+ { 0x8C, 0, 1, 3, "" }, /* 70 */
+ { 0x9A, 0, 1, 4, "" }, /* 71 */
+ { 0x4B, 0, 1, 5, "" }, /* 72 */
+ { 0x3D, 0, 1, 6, "" }, /* 73 */
+ { 0x01, 0, 1, 7, "security" }, /* 74 */
+ { 0x01, 0, 1, 8, "algorithm" }, /* 75 */
+ { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 76 */
+ { 0x02, 78, 0, 10, "camellia128-cbc" }, /* 77 */
+ { 0x03, 79, 0, 10, "camellia192-cbc" }, /* 78 */
+ { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 79 */
+ { 0x86, 0, 1, 1, "" }, /* 80 */
+ { 0x48, 0, 1, 2, "us" }, /* 81 */
+ { 0x86, 150, 1, 3, "" }, /* 82 */
+ { 0xF6, 88, 1, 4, "" }, /* 83 */
+ { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 84 */
+ { 0x07, 0, 1, 6, "Entrust" }, /* 85 */
+ { 0x41, 0, 1, 7, "nsn-ce" }, /* 86 */
+ { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 87 */
+ { 0xF7, 0, 1, 4, "" }, /* 88 */
+ { 0x0D, 0, 1, 5, "RSADSI" }, /* 89 */
+ { 0x01, 145, 1, 6, "PKCS" }, /* 90 */
+ { 0x01, 103, 1, 7, "PKCS-1" }, /* 91 */
+ { 0x01, 93, 0, 8, "rsaEncryption" }, /* 92 */
+ { 0x02, 94, 0, 8, "md2WithRSAEncryption" }, /* 93 */
+ { 0x04, 95, 0, 8, "md5WithRSAEncryption" }, /* 94 */
+ { 0x05, 96, 0, 8, "sha-1WithRSAEncryption" }, /* 95 */
+ { 0x07, 97, 0, 8, "id-RSAES-OAEP" }, /* 96 */
+ { 0x08, 98, 0, 8, "id-mgf1" }, /* 97 */
+ { 0x09, 99, 0, 8, "id-pSpecified" }, /* 98 */
+ { 0x0B, 100, 0, 8, "sha256WithRSAEncryption" }, /* 99 */
+ { 0x0C, 101, 0, 8, "sha384WithRSAEncryption" }, /* 100 */
+ { 0x0D, 102, 0, 8, "sha512WithRSAEncryption" }, /* 101 */
+ { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 102 */
+ { 0x05, 108, 1, 7, "PKCS-5" }, /* 103 */
+ { 0x03, 105, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 104 */
+ { 0x0A, 106, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 105 */
+ { 0x0C, 107, 0, 8, "id-PBKDF2" }, /* 106 */
+ { 0x0D, 0, 0, 8, "id-PBES2" }, /* 107 */
+ { 0x07, 115, 1, 7, "PKCS-7" }, /* 108 */
+ { 0x01, 110, 0, 8, "data" }, /* 109 */
+ { 0x02, 111, 0, 8, "signedData" }, /* 110 */
+ { 0x03, 112, 0, 8, "envelopedData" }, /* 111 */
+ { 0x04, 113, 0, 8, "signedAndEnvelopedData" }, /* 112 */
+ { 0x05, 114, 0, 8, "digestedData" }, /* 113 */
+ { 0x06, 0, 0, 8, "encryptedData" }, /* 114 */
+ { 0x09, 129, 1, 7, "PKCS-9" }, /* 115 */
+ { 0x01, 117, 0, 8, "E" }, /* 116 */
+ { 0x02, 118, 0, 8, "unstructuredName" }, /* 117 */
+ { 0x03, 119, 0, 8, "contentType" }, /* 118 */
+ { 0x04, 120, 0, 8, "messageDigest" }, /* 119 */
+ { 0x05, 121, 0, 8, "signingTime" }, /* 120 */
+ { 0x06, 122, 0, 8, "counterSignature" }, /* 121 */
+ { 0x07, 123, 0, 8, "challengePassword" }, /* 122 */
+ { 0x08, 124, 0, 8, "unstructuredAddress" }, /* 123 */
+ { 0x0E, 125, 0, 8, "extensionRequest" }, /* 124 */
+ { 0x0F, 126, 0, 8, "S/MIME Capabilities" }, /* 125 */
+ { 0x16, 0, 1, 8, "certTypes" }, /* 126 */
+ { 0x01, 128, 0, 9, "X.509" }, /* 127 */
+ { 0x02, 0, 0, 9, "SDSI" }, /* 128 */
+ { 0x0c, 0, 1, 7, "PKCS-12" }, /* 129 */
+ { 0x01, 137, 1, 8, "pbeIds" }, /* 130 */
+ { 0x01, 132, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 131 */
+ { 0x02, 133, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 132 */
+ { 0x03, 134, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 133 */
+ { 0x04, 135, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 134 */
+ { 0x05, 136, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 135 */
+ { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 136 */
+ { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 137 */
+ { 0x01, 0, 1, 9, "bagIds" }, /* 138 */
+ { 0x01, 140, 0, 10, "keyBag" }, /* 139 */
+ { 0x02, 141, 0, 10, "pkcs8ShroudedKeyBag" }, /* 140 */
+ { 0x03, 142, 0, 10, "certBag" }, /* 141 */
+ { 0x04, 143, 0, 10, "crlBag" }, /* 142 */
+ { 0x05, 144, 0, 10, "secretBag" }, /* 143 */
+ { 0x06, 0, 0, 10, "safeContentsBag" }, /* 144 */
+ { 0x02, 148, 1, 6, "digestAlgorithm" }, /* 145 */
+ { 0x02, 147, 0, 7, "md2" }, /* 146 */
+ { 0x05, 0, 0, 7, "md5" }, /* 147 */
+ { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 148 */
+ { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 149 */
+ { 0xCE, 0, 1, 3, "" }, /* 150 */
+ { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 151 */
+ { 0x02, 154, 1, 5, "id-publicKeyType" }, /* 152 */
+ { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 153 */
+ { 0x03, 184, 1, 5, "ellipticCurve" }, /* 154 */
+ { 0x00, 176, 1, 6, "c-TwoCurve" }, /* 155 */
+ { 0x01, 157, 0, 7, "c2pnb163v1" }, /* 156 */
+ { 0x02, 158, 0, 7, "c2pnb163v2" }, /* 157 */
+ { 0x03, 159, 0, 7, "c2pnb163v3" }, /* 158 */
+ { 0x04, 160, 0, 7, "c2pnb176w1" }, /* 159 */
+ { 0x05, 161, 0, 7, "c2tnb191v1" }, /* 160 */
+ { 0x06, 162, 0, 7, "c2tnb191v2" }, /* 161 */
+ { 0x07, 163, 0, 7, "c2tnb191v3" }, /* 162 */
+ { 0x08, 164, 0, 7, "c2onb191v4" }, /* 163 */
+ { 0x09, 165, 0, 7, "c2onb191v5" }, /* 164 */
+ { 0x0A, 166, 0, 7, "c2pnb208w1" }, /* 165 */
+ { 0x0B, 167, 0, 7, "c2tnb239v1" }, /* 166 */
+ { 0x0C, 168, 0, 7, "c2tnb239v2" }, /* 167 */
+ { 0x0D, 169, 0, 7, "c2tnb239v3" }, /* 168 */
+ { 0x0E, 170, 0, 7, "c2onb239v4" }, /* 169 */
+ { 0x0F, 171, 0, 7, "c2onb239v5" }, /* 170 */
+ { 0x10, 172, 0, 7, "c2pnb272w1" }, /* 171 */
+ { 0x11, 173, 0, 7, "c2pnb304w1" }, /* 172 */
+ { 0x12, 174, 0, 7, "c2tnb359v1" }, /* 173 */
+ { 0x13, 175, 0, 7, "c2pnb368w1" }, /* 174 */
+ { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 175 */
+ { 0x01, 0, 1, 6, "primeCurve" }, /* 176 */
+ { 0x01, 178, 0, 7, "prime192v1" }, /* 177 */
+ { 0x02, 179, 0, 7, "prime192v2" }, /* 178 */
+ { 0x03, 180, 0, 7, "prime192v3" }, /* 179 */
+ { 0x04, 181, 0, 7, "prime239v1" }, /* 180 */
+ { 0x05, 182, 0, 7, "prime239v2" }, /* 181 */
+ { 0x06, 183, 0, 7, "prime239v3" }, /* 182 */
+ { 0x07, 0, 0, 7, "prime256v1" }, /* 183 */
+ { 0x04, 0, 1, 5, "id-ecSigType" }, /* 184 */
+ { 0x01, 186, 0, 6, "ecdsa-with-SHA1" }, /* 185 */
+ { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 186 */
+ { 0x01, 188, 0, 7, "ecdsa-with-SHA224" }, /* 187 */
+ { 0x02, 189, 0, 7, "ecdsa-with-SHA256" }, /* 188 */
+ { 0x03, 190, 0, 7, "ecdsa-with-SHA384" }, /* 189 */
+ { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 190 */
+ {0x2B, 418, 1, 0, "" }, /* 191 */
+ { 0x06, 332, 1, 1, "dod" }, /* 192 */
+ { 0x01, 0, 1, 2, "internet" }, /* 193 */
+ { 0x04, 283, 1, 3, "private" }, /* 194 */
+ { 0x01, 0, 1, 4, "enterprise" }, /* 195 */
+ { 0x82, 233, 1, 5, "" }, /* 196 */
+ { 0x37, 209, 1, 6, "Microsoft" }, /* 197 */
+ { 0x0A, 202, 1, 7, "" }, /* 198 */
+ { 0x03, 0, 1, 8, "" }, /* 199 */
+ { 0x03, 201, 0, 9, "msSGC" }, /* 200 */
+ { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 201 */
+ { 0x14, 206, 1, 7, "msEnrollmentInfrastructure" }, /* 202 */
+ { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 203 */
+ { 0x02, 205, 0, 9, "msSmartcardLogon" }, /* 204 */
+ { 0x03, 0, 0, 9, "msUPN" }, /* 205 */
+ { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 206 */
+ { 0x07, 208, 0, 8, "msCertTemplate" }, /* 207 */
+ { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 208 */
+ { 0xA0, 0, 1, 6, "" }, /* 209 */
+ { 0x2A, 0, 1, 7, "ITA" }, /* 210 */
+ { 0x01, 212, 0, 8, "strongSwan" }, /* 211 */
+ { 0x02, 213, 0, 8, "cps" }, /* 212 */
+ { 0x03, 214, 0, 8, "e-voting" }, /* 213 */
+ { 0x05, 0, 1, 8, "BLISS" }, /* 214 */
+ { 0x01, 217, 1, 9, "keyType" }, /* 215 */
+ { 0x01, 0, 0, 10, "blissPublicKey" }, /* 216 */
+ { 0x02, 226, 1, 9, "parameters" }, /* 217 */
+ { 0x01, 219, 0, 10, "BLISS-I" }, /* 218 */
+ { 0x02, 220, 0, 10, "BLISS-II" }, /* 219 */
+ { 0x03, 221, 0, 10, "BLISS-III" }, /* 220 */
+ { 0x04, 222, 0, 10, "BLISS-IV" }, /* 221 */
+ { 0x05, 223, 0, 10, "BLISS-B-I" }, /* 222 */
+ { 0x06, 224, 0, 10, "BLISS-B-II" }, /* 223 */
+ { 0x07, 225, 0, 10, "BLISS-B-III" }, /* 224 */
+ { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 225 */
+ { 0x03, 0, 1, 9, "blissSigType" }, /* 226 */
+ { 0x01, 228, 0, 10, "BLISS-with-SHA2-512" }, /* 227 */
+ { 0x02, 229, 0, 10, "BLISS-with-SHA2-384" }, /* 228 */
+ { 0x03, 230, 0, 10, "BLISS-with-SHA2-256" }, /* 229 */
+ { 0x04, 231, 0, 10, "BLISS-with-SHA3-512" }, /* 230 */
+ { 0x05, 232, 0, 10, "BLISS-with-SHA3-384" }, /* 231 */
+ { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 232 */
+ { 0x89, 240, 1, 5, "" }, /* 233 */
+ { 0x31, 0, 1, 6, "" }, /* 234 */
+ { 0x01, 0, 1, 7, "" }, /* 235 */
+ { 0x01, 0, 1, 8, "" }, /* 236 */
+ { 0x02, 0, 1, 9, "" }, /* 237 */
+ { 0x02, 0, 1, 10, "" }, /* 238 */
+ { 0x4B, 0, 0, 11, "TCGID" }, /* 239 */
+ { 0x97, 244, 1, 5, "" }, /* 240 */
+ { 0x55, 0, 1, 6, "" }, /* 241 */
+ { 0x01, 0, 1, 7, "" }, /* 242 */
+ { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 243 */
+ { 0xC1, 0, 1, 5, "" }, /* 244 */
+ { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 245 */
+ { 0x01, 0, 1, 7, "eess" }, /* 246 */
+ { 0x01, 0, 1, 8, "eess1" }, /* 247 */
+ { 0x01, 252, 1, 9, "eess1-algs" }, /* 248 */
+ { 0x01, 250, 0, 10, "ntru-EESS1v1-SVES" }, /* 249 */
+ { 0x02, 251, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 250 */
+ { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 251 */
+ { 0x02, 282, 1, 9, "eess1-params" }, /* 252 */
+ { 0x01, 254, 0, 10, "ees251ep1" }, /* 253 */
+ { 0x02, 255, 0, 10, "ees347ep1" }, /* 254 */
+ { 0x03, 256, 0, 10, "ees503ep1" }, /* 255 */
+ { 0x07, 257, 0, 10, "ees251sp2" }, /* 256 */
+ { 0x0C, 258, 0, 10, "ees251ep4" }, /* 257 */
+ { 0x0D, 259, 0, 10, "ees251ep5" }, /* 258 */
+ { 0x0E, 260, 0, 10, "ees251sp3" }, /* 259 */
+ { 0x0F, 261, 0, 10, "ees251sp4" }, /* 260 */
+ { 0x10, 262, 0, 10, "ees251sp5" }, /* 261 */
+ { 0x11, 263, 0, 10, "ees251sp6" }, /* 262 */
+ { 0x12, 264, 0, 10, "ees251sp7" }, /* 263 */
+ { 0x13, 265, 0, 10, "ees251sp8" }, /* 264 */
+ { 0x14, 266, 0, 10, "ees251sp9" }, /* 265 */
+ { 0x22, 267, 0, 10, "ees401ep1" }, /* 266 */
+ { 0x23, 268, 0, 10, "ees449ep1" }, /* 267 */
+ { 0x24, 269, 0, 10, "ees677ep1" }, /* 268 */
+ { 0x25, 270, 0, 10, "ees1087ep2" }, /* 269 */
+ { 0x26, 271, 0, 10, "ees541ep1" }, /* 270 */
+ { 0x27, 272, 0, 10, "ees613ep1" }, /* 271 */
+ { 0x28, 273, 0, 10, "ees887ep1" }, /* 272 */
+ { 0x29, 274, 0, 10, "ees1171ep1" }, /* 273 */
+ { 0x2A, 275, 0, 10, "ees659ep1" }, /* 274 */
+ { 0x2B, 276, 0, 10, "ees761ep1" }, /* 275 */
+ { 0x2C, 277, 0, 10, "ees1087ep1" }, /* 276 */
+ { 0x2D, 278, 0, 10, "ees1499ep1" }, /* 277 */
+ { 0x2E, 279, 0, 10, "ees401ep2" }, /* 278 */
+ { 0x2F, 280, 0, 10, "ees439ep1" }, /* 279 */
+ { 0x30, 281, 0, 10, "ees593ep1" }, /* 280 */
+ { 0x31, 0, 0, 10, "ees743ep1" }, /* 281 */
+ { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 282 */
+ { 0x05, 0, 1, 3, "security" }, /* 283 */
+ { 0x05, 0, 1, 4, "mechanisms" }, /* 284 */
+ { 0x07, 329, 1, 5, "id-pkix" }, /* 285 */
+ { 0x01, 290, 1, 6, "id-pe" }, /* 286 */
+ { 0x01, 288, 0, 7, "authorityInfoAccess" }, /* 287 */
+ { 0x03, 289, 0, 7, "qcStatements" }, /* 288 */
+ { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 289 */
+ { 0x02, 293, 1, 6, "id-qt" }, /* 290 */
+ { 0x01, 292, 0, 7, "cps" }, /* 291 */
+ { 0x02, 0, 0, 7, "unotice" }, /* 292 */
+ { 0x03, 303, 1, 6, "id-kp" }, /* 293 */
+ { 0x01, 295, 0, 7, "serverAuth" }, /* 294 */
+ { 0x02, 296, 0, 7, "clientAuth" }, /* 295 */
+ { 0x03, 297, 0, 7, "codeSigning" }, /* 296 */
+ { 0x04, 298, 0, 7, "emailProtection" }, /* 297 */
+ { 0x05, 299, 0, 7, "ipsecEndSystem" }, /* 298 */
+ { 0x06, 300, 0, 7, "ipsecTunnel" }, /* 299 */
+ { 0x07, 301, 0, 7, "ipsecUser" }, /* 300 */
+ { 0x08, 302, 0, 7, "timeStamping" }, /* 301 */
+ { 0x09, 0, 0, 7, "ocspSigning" }, /* 302 */
+ { 0x08, 311, 1, 6, "id-otherNames" }, /* 303 */
+ { 0x01, 305, 0, 7, "personalData" }, /* 304 */
+ { 0x02, 306, 0, 7, "userGroup" }, /* 305 */
+ { 0x03, 307, 0, 7, "id-on-permanentIdentifier" }, /* 306 */
+ { 0x04, 308, 0, 7, "id-on-hardwareModuleName" }, /* 307 */
+ { 0x05, 309, 0, 7, "xmppAddr" }, /* 308 */
+ { 0x06, 310, 0, 7, "id-on-SIM" }, /* 309 */
+ { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 310 */
+ { 0x0A, 316, 1, 6, "id-aca" }, /* 311 */
+ { 0x01, 313, 0, 7, "authenticationInfo" }, /* 312 */
+ { 0x02, 314, 0, 7, "accessIdentity" }, /* 313 */
+ { 0x03, 315, 0, 7, "chargingIdentity" }, /* 314 */
+ { 0x04, 0, 0, 7, "group" }, /* 315 */
+ { 0x0B, 317, 0, 6, "subjectInfoAccess" }, /* 316 */
+ { 0x30, 0, 1, 6, "id-ad" }, /* 317 */
+ { 0x01, 326, 1, 7, "ocsp" }, /* 318 */
+ { 0x01, 320, 0, 8, "basic" }, /* 319 */
+ { 0x02, 321, 0, 8, "nonce" }, /* 320 */
+ { 0x03, 322, 0, 8, "crl" }, /* 321 */
+ { 0x04, 323, 0, 8, "response" }, /* 322 */
+ { 0x05, 324, 0, 8, "noCheck" }, /* 323 */
+ { 0x06, 325, 0, 8, "archiveCutoff" }, /* 324 */
+ { 0x07, 0, 0, 8, "serviceLocator" }, /* 325 */
+ { 0x02, 327, 0, 7, "caIssuers" }, /* 326 */
+ { 0x03, 328, 0, 7, "timeStamping" }, /* 327 */
+ { 0x05, 0, 0, 7, "caRepository" }, /* 328 */
+ { 0x08, 0, 1, 5, "ipsec" }, /* 329 */
+ { 0x02, 0, 1, 6, "certificate" }, /* 330 */
+ { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 331 */
+ { 0x0E, 338, 1, 1, "oiw" }, /* 332 */
+ { 0x03, 0, 1, 2, "secsig" }, /* 333 */
+ { 0x02, 0, 1, 3, "algorithms" }, /* 334 */
+ { 0x07, 336, 0, 4, "des-cbc" }, /* 335 */
+ { 0x1A, 337, 0, 4, "sha-1" }, /* 336 */
+ { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 337 */
+ { 0x24, 384, 1, 1, "TeleTrusT" }, /* 338 */
+ { 0x03, 0, 1, 2, "algorithm" }, /* 339 */
+ { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 340 */
+ { 0x01, 345, 1, 4, "rsaSignature" }, /* 341 */
+ { 0x02, 343, 0, 5, "rsaSigWithripemd160" }, /* 342 */
+ { 0x03, 344, 0, 5, "rsaSigWithripemd128" }, /* 343 */
+ { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 344 */
+ { 0x02, 0, 1, 4, "ecSign" }, /* 345 */
+ { 0x01, 347, 0, 5, "ecSignWithsha1" }, /* 346 */
+ { 0x02, 348, 0, 5, "ecSignWithripemd160" }, /* 347 */
+ { 0x03, 349, 0, 5, "ecSignWithmd2" }, /* 348 */
+ { 0x04, 350, 0, 5, "ecSignWithmd5" }, /* 349 */
+ { 0x05, 367, 1, 5, "ttt-ecg" }, /* 350 */
+ { 0x01, 355, 1, 6, "fieldType" }, /* 351 */
+ { 0x01, 0, 1, 7, "characteristictwoField" }, /* 352 */
+ { 0x01, 0, 1, 8, "basisType" }, /* 353 */
+ { 0x01, 0, 0, 9, "ipBasis" }, /* 354 */
+ { 0x02, 357, 1, 6, "keyType" }, /* 355 */
+ { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 356 */
+ { 0x03, 358, 0, 6, "curve" }, /* 357 */
+ { 0x04, 365, 1, 6, "signatures" }, /* 358 */
+ { 0x01, 360, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 359 */
+ { 0x02, 361, 0, 7, "ecgdsa-with-SHA1" }, /* 360 */
+ { 0x03, 362, 0, 7, "ecgdsa-with-SHA224" }, /* 361 */
+ { 0x04, 363, 0, 7, "ecgdsa-with-SHA256" }, /* 362 */
+ { 0x05, 364, 0, 7, "ecgdsa-with-SHA384" }, /* 363 */
+ { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 364 */
+ { 0x05, 0, 1, 6, "module" }, /* 365 */
+ { 0x01, 0, 0, 7, "1" }, /* 366 */
+ { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 367 */
+ { 0x01, 0, 1, 6, "ellipticCurve" }, /* 368 */
+ { 0x01, 0, 1, 7, "versionOne" }, /* 369 */
+ { 0x01, 371, 0, 8, "brainpoolP160r1" }, /* 370 */
+ { 0x02, 372, 0, 8, "brainpoolP160t1" }, /* 371 */
+ { 0x03, 373, 0, 8, "brainpoolP192r1" }, /* 372 */
+ { 0x04, 374, 0, 8, "brainpoolP192t1" }, /* 373 */
+ { 0x05, 375, 0, 8, "brainpoolP224r1" }, /* 374 */
+ { 0x06, 376, 0, 8, "brainpoolP224t1" }, /* 375 */
+ { 0x07, 377, 0, 8, "brainpoolP256r1" }, /* 376 */
+ { 0x08, 378, 0, 8, "brainpoolP256t1" }, /* 377 */
+ { 0x09, 379, 0, 8, "brainpoolP320r1" }, /* 378 */
+ { 0x0A, 380, 0, 8, "brainpoolP320t1" }, /* 379 */
+ { 0x0B, 381, 0, 8, "brainpoolP384r1" }, /* 380 */
+ { 0x0C, 382, 0, 8, "brainpoolP384t1" }, /* 381 */
+ { 0x0D, 383, 0, 8, "brainpoolP512r1" }, /* 382 */
+ { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 383 */
+ { 0x81, 0, 1, 1, "" }, /* 384 */
+ { 0x04, 0, 1, 2, "Certicom" }, /* 385 */
+ { 0x00, 0, 1, 3, "curve" }, /* 386 */
+ { 0x01, 388, 0, 4, "sect163k1" }, /* 387 */
+ { 0x02, 389, 0, 4, "sect163r1" }, /* 388 */
+ { 0x03, 390, 0, 4, "sect239k1" }, /* 389 */
+ { 0x04, 391, 0, 4, "sect113r1" }, /* 390 */
+ { 0x05, 392, 0, 4, "sect113r2" }, /* 391 */
+ { 0x06, 393, 0, 4, "secp112r1" }, /* 392 */
+ { 0x07, 394, 0, 4, "secp112r2" }, /* 393 */
+ { 0x08, 395, 0, 4, "secp160r1" }, /* 394 */
+ { 0x09, 396, 0, 4, "secp160k1" }, /* 395 */
+ { 0x0A, 397, 0, 4, "secp256k1" }, /* 396 */
+ { 0x0F, 398, 0, 4, "sect163r2" }, /* 397 */
+ { 0x10, 399, 0, 4, "sect283k1" }, /* 398 */
+ { 0x11, 400, 0, 4, "sect283r1" }, /* 399 */
+ { 0x16, 401, 0, 4, "sect131r1" }, /* 400 */
+ { 0x17, 402, 0, 4, "sect131r2" }, /* 401 */
+ { 0x18, 403, 0, 4, "sect193r1" }, /* 402 */
+ { 0x19, 404, 0, 4, "sect193r2" }, /* 403 */
+ { 0x1A, 405, 0, 4, "sect233k1" }, /* 404 */
+ { 0x1B, 406, 0, 4, "sect233r1" }, /* 405 */
+ { 0x1C, 407, 0, 4, "secp128r1" }, /* 406 */
+ { 0x1D, 408, 0, 4, "secp128r2" }, /* 407 */
+ { 0x1E, 409, 0, 4, "secp160r2" }, /* 408 */
+ { 0x1F, 410, 0, 4, "secp192k1" }, /* 409 */
+ { 0x20, 411, 0, 4, "secp224k1" }, /* 410 */
+ { 0x21, 412, 0, 4, "secp224r1" }, /* 411 */
+ { 0x22, 413, 0, 4, "secp384r1" }, /* 412 */
+ { 0x23, 414, 0, 4, "secp521r1" }, /* 413 */
+ { 0x24, 415, 0, 4, "sect409k1" }, /* 414 */
+ { 0x25, 416, 0, 4, "sect409r1" }, /* 415 */
+ { 0x26, 417, 0, 4, "sect571k1" }, /* 416 */
+ { 0x27, 0, 0, 4, "sect571r1" }, /* 417 */
+ {0x60, 472, 1, 0, "" }, /* 418 */
+ { 0x86, 0, 1, 1, "" }, /* 419 */
+ { 0x48, 0, 1, 2, "" }, /* 420 */
+ { 0x01, 0, 1, 3, "organization" }, /* 421 */
+ { 0x65, 448, 1, 4, "gov" }, /* 422 */
+ { 0x03, 0, 1, 5, "csor" }, /* 423 */
+ { 0x04, 0, 1, 6, "nistalgorithm" }, /* 424 */
+ { 0x01, 435, 1, 7, "aes" }, /* 425 */
+ { 0x02, 427, 0, 8, "id-aes128-CBC" }, /* 426 */
+ { 0x06, 428, 0, 8, "id-aes128-GCM" }, /* 427 */
+ { 0x07, 429, 0, 8, "id-aes128-CCM" }, /* 428 */
+ { 0x16, 430, 0, 8, "id-aes192-CBC" }, /* 429 */
+ { 0x1A, 431, 0, 8, "id-aes192-GCM" }, /* 430 */
+ { 0x1B, 432, 0, 8, "id-aes192-CCM" }, /* 431 */
+ { 0x2A, 433, 0, 8, "id-aes256-CBC" }, /* 432 */
+ { 0x2E, 434, 0, 8, "id-aes256-GCM" }, /* 433 */
+ { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 434 */
+ { 0x02, 0, 1, 7, "hashalgs" }, /* 435 */
+ { 0x01, 437, 0, 8, "id-sha256" }, /* 436 */
+ { 0x02, 438, 0, 8, "id-sha384" }, /* 437 */
+ { 0x03, 439, 0, 8, "id-sha512" }, /* 438 */
+ { 0x04, 440, 0, 8, "id-sha224" }, /* 439 */
+ { 0x05, 441, 0, 8, "id-sha512-224" }, /* 440 */
+ { 0x06, 442, 0, 8, "id-sha512-256" }, /* 441 */
+ { 0x07, 443, 0, 8, "id-sha3-224" }, /* 442 */
+ { 0x08, 444, 0, 8, "id-sha3-256" }, /* 443 */
+ { 0x09, 445, 0, 8, "id-sha3-384" }, /* 444 */
+ { 0x0A, 446, 0, 8, "id-sha3-512" }, /* 445 */
+ { 0x0B, 447, 0, 8, "id-shake128" }, /* 446 */
+ { 0x0C, 0, 0, 8, "id-shake256" }, /* 447 */
+ { 0x86, 0, 1, 4, "" }, /* 448 */
+ { 0xf8, 0, 1, 5, "" }, /* 449 */
+ { 0x42, 462, 1, 6, "netscape" }, /* 450 */
+ { 0x01, 457, 1, 7, "" }, /* 451 */
+ { 0x01, 453, 0, 8, "nsCertType" }, /* 452 */
+ { 0x03, 454, 0, 8, "nsRevocationUrl" }, /* 453 */
+ { 0x04, 455, 0, 8, "nsCaRevocationUrl" }, /* 454 */
+ { 0x08, 456, 0, 8, "nsCaPolicyUrl" }, /* 455 */
+ { 0x0d, 0, 0, 8, "nsComment" }, /* 456 */
+ { 0x03, 460, 1, 7, "directory" }, /* 457 */
+ { 0x01, 0, 1, 8, "" }, /* 458 */
+ { 0x03, 0, 0, 9, "employeeNumber" }, /* 459 */
+ { 0x04, 0, 1, 7, "policy" }, /* 460 */
+ { 0x01, 0, 0, 8, "nsSGC" }, /* 461 */
+ { 0x45, 0, 1, 6, "verisign" }, /* 462 */
+ { 0x01, 0, 1, 7, "pki" }, /* 463 */
+ { 0x09, 0, 1, 8, "attributes" }, /* 464 */
+ { 0x02, 466, 0, 9, "messageType" }, /* 465 */
+ { 0x03, 467, 0, 9, "pkiStatus" }, /* 466 */
+ { 0x04, 468, 0, 9, "failInfo" }, /* 467 */
+ { 0x05, 469, 0, 9, "senderNonce" }, /* 468 */
+ { 0x06, 470, 0, 9, "recipientNonce" }, /* 469 */
+ { 0x07, 471, 0, 9, "transID" }, /* 470 */
+ { 0x08, 0, 0, 9, "extensionReq" }, /* 471 */
+ {0x67, 0, 1, 0, "" }, /* 472 */
+ { 0x81, 0, 1, 1, "" }, /* 473 */
+ { 0x05, 0, 1, 2, "" }, /* 474 */
+ { 0x02, 0, 1, 3, "tcg-attribute" }, /* 475 */
+ { 0x01, 477, 0, 4, "tcg-at-tpmManufacturer" }, /* 476 */
+ { 0x02, 478, 0, 4, "tcg-at-tpmModel" }, /* 477 */
+ { 0x03, 479, 0, 4, "tcg-at-tpmVersion" }, /* 478 */
+ { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 479 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 1120156..042f108 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -40,221 +40,222 @@ extern const oid_t oid_names[];
#define OID_INITIALS 33
#define OID_UNIQUE_IDENTIFIER 34
#define OID_DN_QUALIFIER 35
-#define OID_PSEUDONYM 36
-#define OID_ROLE 37
-#define OID_SUBJECT_KEY_ID 40
-#define OID_KEY_USAGE 41
-#define OID_SUBJECT_ALT_NAME 43
-#define OID_BASIC_CONSTRAINTS 45
-#define OID_CRL_NUMBER 46
-#define OID_CRL_REASON_CODE 47
-#define OID_DELTA_CRL_INDICATOR 50
-#define OID_ISSUING_DIST_POINT 51
-#define OID_NAME_CONSTRAINTS 53
-#define OID_CRL_DISTRIBUTION_POINTS 54
-#define OID_CERTIFICATE_POLICIES 55
-#define OID_ANY_POLICY 56
-#define OID_POLICY_MAPPINGS 57
-#define OID_AUTHORITY_KEY_ID 58
-#define OID_POLICY_CONSTRAINTS 59
-#define OID_EXTENDED_KEY_USAGE 60
-#define OID_FRESHEST_CRL 62
-#define OID_INHIBIT_ANY_POLICY 63
-#define OID_TARGET_INFORMATION 64
-#define OID_NO_REV_AVAIL 65
-#define OID_CAMELLIA128_CBC 76
-#define OID_CAMELLIA192_CBC 77
-#define OID_CAMELLIA256_CBC 78
-#define OID_RSA_ENCRYPTION 91
-#define OID_MD2_WITH_RSA 92
-#define OID_MD5_WITH_RSA 93
-#define OID_SHA1_WITH_RSA 94
-#define OID_RSAES_OAEP 95
-#define OID_SHA256_WITH_RSA 98
-#define OID_SHA384_WITH_RSA 99
-#define OID_SHA512_WITH_RSA 100
-#define OID_SHA224_WITH_RSA 101
-#define OID_PBE_MD5_DES_CBC 103
-#define OID_PBE_SHA1_DES_CBC 104
-#define OID_PBKDF2 105
-#define OID_PBES2 106
-#define OID_PKCS7_DATA 108
-#define OID_PKCS7_SIGNED_DATA 109
-#define OID_PKCS7_ENVELOPED_DATA 110
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA 111
-#define OID_PKCS7_DIGESTED_DATA 112
-#define OID_PKCS7_ENCRYPTED_DATA 113
-#define OID_EMAIL_ADDRESS 115
-#define OID_UNSTRUCTURED_NAME 116
-#define OID_PKCS9_CONTENT_TYPE 117
-#define OID_PKCS9_MESSAGE_DIGEST 118
-#define OID_PKCS9_SIGNING_TIME 119
-#define OID_CHALLENGE_PASSWORD 121
-#define OID_UNSTRUCTURED_ADDRESS 122
-#define OID_EXTENSION_REQUEST 123
-#define OID_X509_CERTIFICATE 126
-#define OID_PBE_SHA1_RC4_128 130
-#define OID_PBE_SHA1_RC4_40 131
-#define OID_PBE_SHA1_3DES_CBC 132
-#define OID_PBE_SHA1_3DES_2KEY_CBC 133
-#define OID_PBE_SHA1_RC2_CBC_128 134
-#define OID_PBE_SHA1_RC2_CBC_40 135
-#define OID_P12_KEY_BAG 138
-#define OID_P12_PKCS8_KEY_BAG 139
-#define OID_P12_CERT_BAG 140
-#define OID_P12_CRL_BAG 141
-#define OID_MD2 145
-#define OID_MD5 146
-#define OID_3DES_EDE_CBC 148
-#define OID_EC_PUBLICKEY 152
-#define OID_C2PNB163V1 155
-#define OID_C2PNB163V2 156
-#define OID_C2PNB163V3 157
-#define OID_C2PNB176W1 158
-#define OID_C2PNB191V1 159
-#define OID_C2PNB191V2 160
-#define OID_C2PNB191V3 161
-#define OID_C2PNB191V4 162
-#define OID_C2PNB191V5 163
-#define OID_C2PNB208W1 164
-#define OID_C2PNB239V1 165
-#define OID_C2PNB239V2 166
-#define OID_C2PNB239V3 167
-#define OID_C2PNB239V4 168
-#define OID_C2PNB239V5 169
-#define OID_C2PNB272W1 170
-#define OID_C2PNB304W1 171
-#define OID_C2PNB359V1 172
-#define OID_C2PNB368W1 173
-#define OID_C2PNB431R1 174
-#define OID_PRIME192V1 176
-#define OID_PRIME192V2 177
-#define OID_PRIME192V3 178
-#define OID_PRIME239V1 179
-#define OID_PRIME239V2 180
-#define OID_PRIME239V3 181
-#define OID_PRIME256V1 182
-#define OID_ECDSA_WITH_SHA1 184
-#define OID_ECDSA_WITH_SHA224 186
-#define OID_ECDSA_WITH_SHA256 187
-#define OID_ECDSA_WITH_SHA384 188
-#define OID_ECDSA_WITH_SHA512 189
-#define OID_MS_SMARTCARD_LOGON 203
-#define OID_USER_PRINCIPAL_NAME 204
-#define OID_STRONGSWAN 210
-#define OID_BLISS_PUBLICKEY 215
-#define OID_BLISS_I 217
-#define OID_BLISS_II 218
-#define OID_BLISS_III 219
-#define OID_BLISS_IV 220
-#define OID_BLISS_B_I 221
-#define OID_BLISS_B_II 222
-#define OID_BLISS_B_III 223
-#define OID_BLISS_B_IV 224
-#define OID_BLISS_WITH_SHA2_512 226
-#define OID_BLISS_WITH_SHA2_384 227
-#define OID_BLISS_WITH_SHA2_256 228
-#define OID_BLISS_WITH_SHA3_512 229
-#define OID_BLISS_WITH_SHA3_384 230
-#define OID_BLISS_WITH_SHA3_256 231
-#define OID_TCGID 238
-#define OID_BLOWFISH_CBC 242
-#define OID_AUTHORITY_INFO_ACCESS 286
-#define OID_IP_ADDR_BLOCKS 288
-#define OID_POLICY_QUALIFIER_CPS 290
-#define OID_POLICY_QUALIFIER_UNOTICE 291
-#define OID_SERVER_AUTH 293
-#define OID_CLIENT_AUTH 294
-#define OID_OCSP_SIGNING 301
-#define OID_XMPP_ADDR 307
-#define OID_AUTHENTICATION_INFO 311
-#define OID_ACCESS_IDENTITY 312
-#define OID_CHARGING_IDENTITY 313
-#define OID_GROUP 314
-#define OID_OCSP 317
-#define OID_BASIC 318
-#define OID_NONCE 319
-#define OID_CRL 320
-#define OID_RESPONSE 321
-#define OID_NO_CHECK 322
-#define OID_ARCHIVE_CUTOFF 323
-#define OID_SERVICE_LOCATOR 324
-#define OID_CA_ISSUERS 325
-#define OID_IKE_INTERMEDIATE 330
-#define OID_DES_CBC 334
-#define OID_SHA1 335
-#define OID_SHA1_WITH_RSA_OIW 336
-#define OID_ECGDSA_PUBKEY 355
-#define OID_ECGDSA_SIG_WITH_RIPEMD160 358
-#define OID_ECGDSA_SIG_WITH_SHA1 359
-#define OID_ECGDSA_SIG_WITH_SHA224 360
-#define OID_ECGDSA_SIG_WITH_SHA256 361
-#define OID_ECGDSA_SIG_WITH_SHA384 362
-#define OID_ECGDSA_SIG_WITH_SHA512 363
-#define OID_SECT163K1 386
-#define OID_SECT163R1 387
-#define OID_SECT239K1 388
-#define OID_SECT113R1 389
-#define OID_SECT113R2 390
-#define OID_SECT112R1 391
-#define OID_SECT112R2 392
-#define OID_SECT160R1 393
-#define OID_SECT160K1 394
-#define OID_SECT256K1 395
-#define OID_SECT163R2 396
-#define OID_SECT283K1 397
-#define OID_SECT283R1 398
-#define OID_SECT131R1 399
-#define OID_SECT131R2 400
-#define OID_SECT193R1 401
-#define OID_SECT193R2 402
-#define OID_SECT233K1 403
-#define OID_SECT233R1 404
-#define OID_SECT128R1 405
-#define OID_SECT128R2 406
-#define OID_SECT160R2 407
-#define OID_SECT192K1 408
-#define OID_SECT224K1 409
-#define OID_SECT224R1 410
-#define OID_SECT384R1 411
-#define OID_SECT521R1 412
-#define OID_SECT409K1 413
-#define OID_SECT409R1 414
-#define OID_SECT571K1 415
-#define OID_SECT571R1 416
-#define OID_AES128_CBC 425
-#define OID_AES128_GCM 426
-#define OID_AES128_CCM 427
-#define OID_AES192_CBC 428
-#define OID_AES192_GCM 429
-#define OID_AES192_CCM 430
-#define OID_AES256_CBC 431
-#define OID_AES256_GCM 432
-#define OID_AES256_CCM 433
-#define OID_SHA256 435
-#define OID_SHA384 436
-#define OID_SHA512 437
-#define OID_SHA224 438
-#define OID_SHA3_224 441
-#define OID_SHA3_256 442
-#define OID_SHA3_384 443
-#define OID_SHA3_512 444
-#define OID_NS_REVOCATION_URL 452
-#define OID_NS_CA_REVOCATION_URL 453
-#define OID_NS_CA_POLICY_URL 454
-#define OID_NS_COMMENT 455
-#define OID_EMPLOYEE_NUMBER 458
-#define OID_PKI_MESSAGE_TYPE 464
-#define OID_PKI_STATUS 465
-#define OID_PKI_FAIL_INFO 466
-#define OID_PKI_SENDER_NONCE 467
-#define OID_PKI_RECIPIENT_NONCE 468
-#define OID_PKI_TRANS_ID 469
-#define OID_TPM_MANUFACTURER 475
-#define OID_TPM_MODEL 476
-#define OID_TPM_VERSION 477
-#define OID_TPM_ID_LABEL 478
+#define OID_DMD_NAME 36
+#define OID_PSEUDONYM 37
+#define OID_ROLE 38
+#define OID_SUBJECT_KEY_ID 41
+#define OID_KEY_USAGE 42
+#define OID_SUBJECT_ALT_NAME 44
+#define OID_BASIC_CONSTRAINTS 46
+#define OID_CRL_NUMBER 47
+#define OID_CRL_REASON_CODE 48
+#define OID_DELTA_CRL_INDICATOR 51
+#define OID_ISSUING_DIST_POINT 52
+#define OID_NAME_CONSTRAINTS 54
+#define OID_CRL_DISTRIBUTION_POINTS 55
+#define OID_CERTIFICATE_POLICIES 56
+#define OID_ANY_POLICY 57
+#define OID_POLICY_MAPPINGS 58
+#define OID_AUTHORITY_KEY_ID 59
+#define OID_POLICY_CONSTRAINTS 60
+#define OID_EXTENDED_KEY_USAGE 61
+#define OID_FRESHEST_CRL 63
+#define OID_INHIBIT_ANY_POLICY 64
+#define OID_TARGET_INFORMATION 65
+#define OID_NO_REV_AVAIL 66
+#define OID_CAMELLIA128_CBC 77
+#define OID_CAMELLIA192_CBC 78
+#define OID_CAMELLIA256_CBC 79
+#define OID_RSA_ENCRYPTION 92
+#define OID_MD2_WITH_RSA 93
+#define OID_MD5_WITH_RSA 94
+#define OID_SHA1_WITH_RSA 95
+#define OID_RSAES_OAEP 96
+#define OID_SHA256_WITH_RSA 99
+#define OID_SHA384_WITH_RSA 100
+#define OID_SHA512_WITH_RSA 101
+#define OID_SHA224_WITH_RSA 102
+#define OID_PBE_MD5_DES_CBC 104
+#define OID_PBE_SHA1_DES_CBC 105
+#define OID_PBKDF2 106
+#define OID_PBES2 107
+#define OID_PKCS7_DATA 109
+#define OID_PKCS7_SIGNED_DATA 110
+#define OID_PKCS7_ENVELOPED_DATA 111
+#define OID_PKCS7_SIGNED_ENVELOPED_DATA 112
+#define OID_PKCS7_DIGESTED_DATA 113
+#define OID_PKCS7_ENCRYPTED_DATA 114
+#define OID_EMAIL_ADDRESS 116
+#define OID_UNSTRUCTURED_NAME 117
+#define OID_PKCS9_CONTENT_TYPE 118
+#define OID_PKCS9_MESSAGE_DIGEST 119
+#define OID_PKCS9_SIGNING_TIME 120
+#define OID_CHALLENGE_PASSWORD 122
+#define OID_UNSTRUCTURED_ADDRESS 123
+#define OID_EXTENSION_REQUEST 124
+#define OID_X509_CERTIFICATE 127
+#define OID_PBE_SHA1_RC4_128 131
+#define OID_PBE_SHA1_RC4_40 132
+#define OID_PBE_SHA1_3DES_CBC 133
+#define OID_PBE_SHA1_3DES_2KEY_CBC 134
+#define OID_PBE_SHA1_RC2_CBC_128 135
+#define OID_PBE_SHA1_RC2_CBC_40 136
+#define OID_P12_KEY_BAG 139
+#define OID_P12_PKCS8_KEY_BAG 140
+#define OID_P12_CERT_BAG 141
+#define OID_P12_CRL_BAG 142
+#define OID_MD2 146
+#define OID_MD5 147
+#define OID_3DES_EDE_CBC 149
+#define OID_EC_PUBLICKEY 153
+#define OID_C2PNB163V1 156
+#define OID_C2PNB163V2 157
+#define OID_C2PNB163V3 158
+#define OID_C2PNB176W1 159
+#define OID_C2PNB191V1 160
+#define OID_C2PNB191V2 161
+#define OID_C2PNB191V3 162
+#define OID_C2PNB191V4 163
+#define OID_C2PNB191V5 164
+#define OID_C2PNB208W1 165
+#define OID_C2PNB239V1 166
+#define OID_C2PNB239V2 167
+#define OID_C2PNB239V3 168
+#define OID_C2PNB239V4 169
+#define OID_C2PNB239V5 170
+#define OID_C2PNB272W1 171
+#define OID_C2PNB304W1 172
+#define OID_C2PNB359V1 173
+#define OID_C2PNB368W1 174
+#define OID_C2PNB431R1 175
+#define OID_PRIME192V1 177
+#define OID_PRIME192V2 178
+#define OID_PRIME192V3 179
+#define OID_PRIME239V1 180
+#define OID_PRIME239V2 181
+#define OID_PRIME239V3 182
+#define OID_PRIME256V1 183
+#define OID_ECDSA_WITH_SHA1 185
+#define OID_ECDSA_WITH_SHA224 187
+#define OID_ECDSA_WITH_SHA256 188
+#define OID_ECDSA_WITH_SHA384 189
+#define OID_ECDSA_WITH_SHA512 190
+#define OID_MS_SMARTCARD_LOGON 204
+#define OID_USER_PRINCIPAL_NAME 205
+#define OID_STRONGSWAN 211
+#define OID_BLISS_PUBLICKEY 216
+#define OID_BLISS_I 218
+#define OID_BLISS_II 219
+#define OID_BLISS_III 220
+#define OID_BLISS_IV 221
+#define OID_BLISS_B_I 222
+#define OID_BLISS_B_II 223
+#define OID_BLISS_B_III 224
+#define OID_BLISS_B_IV 225
+#define OID_BLISS_WITH_SHA2_512 227
+#define OID_BLISS_WITH_SHA2_384 228
+#define OID_BLISS_WITH_SHA2_256 229
+#define OID_BLISS_WITH_SHA3_512 230
+#define OID_BLISS_WITH_SHA3_384 231
+#define OID_BLISS_WITH_SHA3_256 232
+#define OID_TCGID 239
+#define OID_BLOWFISH_CBC 243
+#define OID_AUTHORITY_INFO_ACCESS 287
+#define OID_IP_ADDR_BLOCKS 289
+#define OID_POLICY_QUALIFIER_CPS 291
+#define OID_POLICY_QUALIFIER_UNOTICE 292
+#define OID_SERVER_AUTH 294
+#define OID_CLIENT_AUTH 295
+#define OID_OCSP_SIGNING 302
+#define OID_XMPP_ADDR 308
+#define OID_AUTHENTICATION_INFO 312
+#define OID_ACCESS_IDENTITY 313
+#define OID_CHARGING_IDENTITY 314
+#define OID_GROUP 315
+#define OID_OCSP 318
+#define OID_BASIC 319
+#define OID_NONCE 320
+#define OID_CRL 321
+#define OID_RESPONSE 322
+#define OID_NO_CHECK 323
+#define OID_ARCHIVE_CUTOFF 324
+#define OID_SERVICE_LOCATOR 325
+#define OID_CA_ISSUERS 326
+#define OID_IKE_INTERMEDIATE 331
+#define OID_DES_CBC 335
+#define OID_SHA1 336
+#define OID_SHA1_WITH_RSA_OIW 337
+#define OID_ECGDSA_PUBKEY 356
+#define OID_ECGDSA_SIG_WITH_RIPEMD160 359
+#define OID_ECGDSA_SIG_WITH_SHA1 360
+#define OID_ECGDSA_SIG_WITH_SHA224 361
+#define OID_ECGDSA_SIG_WITH_SHA256 362
+#define OID_ECGDSA_SIG_WITH_SHA384 363
+#define OID_ECGDSA_SIG_WITH_SHA512 364
+#define OID_SECT163K1 387
+#define OID_SECT163R1 388
+#define OID_SECT239K1 389
+#define OID_SECT113R1 390
+#define OID_SECT113R2 391
+#define OID_SECT112R1 392
+#define OID_SECT112R2 393
+#define OID_SECT160R1 394
+#define OID_SECT160K1 395
+#define OID_SECT256K1 396
+#define OID_SECT163R2 397
+#define OID_SECT283K1 398
+#define OID_SECT283R1 399
+#define OID_SECT131R1 400
+#define OID_SECT131R2 401
+#define OID_SECT193R1 402
+#define OID_SECT193R2 403
+#define OID_SECT233K1 404
+#define OID_SECT233R1 405
+#define OID_SECT128R1 406
+#define OID_SECT128R2 407
+#define OID_SECT160R2 408
+#define OID_SECT192K1 409
+#define OID_SECT224K1 410
+#define OID_SECT224R1 411
+#define OID_SECT384R1 412
+#define OID_SECT521R1 413
+#define OID_SECT409K1 414
+#define OID_SECT409R1 415
+#define OID_SECT571K1 416
+#define OID_SECT571R1 417
+#define OID_AES128_CBC 426
+#define OID_AES128_GCM 427
+#define OID_AES128_CCM 428
+#define OID_AES192_CBC 429
+#define OID_AES192_GCM 430
+#define OID_AES192_CCM 431
+#define OID_AES256_CBC 432
+#define OID_AES256_GCM 433
+#define OID_AES256_CCM 434
+#define OID_SHA256 436
+#define OID_SHA384 437
+#define OID_SHA512 438
+#define OID_SHA224 439
+#define OID_SHA3_224 442
+#define OID_SHA3_256 443
+#define OID_SHA3_384 444
+#define OID_SHA3_512 445
+#define OID_NS_REVOCATION_URL 453
+#define OID_NS_CA_REVOCATION_URL 454
+#define OID_NS_CA_POLICY_URL 455
+#define OID_NS_COMMENT 456
+#define OID_EMPLOYEE_NUMBER 459
+#define OID_PKI_MESSAGE_TYPE 465
+#define OID_PKI_STATUS 466
+#define OID_PKI_FAIL_INFO 467
+#define OID_PKI_SENDER_NONCE 468
+#define OID_PKI_RECIPIENT_NONCE 469
+#define OID_PKI_TRANS_ID 470
+#define OID_TPM_MANUFACTURER 476
+#define OID_TPM_MODEL 477
+#define OID_TPM_VERSION 478
+#define OID_TPM_ID_LABEL 479
-#define OID_MAX 479
+#define OID_MAX 480
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index b5ec15f..eeeb234 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -34,6 +34,7 @@
0x2B "I" OID_INITIALS
0x2D "ID" OID_UNIQUE_IDENTIFIER
0x2E "dnQualifier" OID_DN_QUALIFIER
+ 0x36 "dmdName" OID_DMD_NAME
0x41 "pseudonym" OID_PSEUDONYM
0x48 "role" OID_ROLE
0x1D "id-ce"
diff --git a/src/libstrongswan/bio/bio_reader.c b/src/libstrongswan/bio/bio_reader.c
index 29b9e72..6e35999 100644
--- a/src/libstrongswan/bio/bio_reader.c
+++ b/src/libstrongswan/bio/bio_reader.c
@@ -43,7 +43,7 @@ struct private_bio_reader_t {
chunk_t cleanup;
};
-METHOD(bio_reader_t, remaining, u_int32_t,
+METHOD(bio_reader_t, remaining, uint32_t,
private_bio_reader_t *this)
{
return this->buf.len;
@@ -76,16 +76,16 @@ static inline chunk_t chunk_skip_end(chunk_t chunk, size_t bytes, bool from_end)
/**
* Returns a pointer to the data to read, optionally from the end
*/
-static inline u_char *get_ptr_end(private_bio_reader_t *this, u_int32_t len,
+static inline u_char *get_ptr_end(private_bio_reader_t *this, uint32_t len,
bool from_end)
{
return from_end ? this->buf.ptr + (this->buf.len - len) : this->buf.ptr;
}
/**
- * Read an u_int8_t from the buffer, optionally from the end of the buffer
+ * Read an uint8_t from the buffer, optionally from the end of the buffer
*/
-static bool read_uint8_internal(private_bio_reader_t *this, u_int8_t *res,
+static bool read_uint8_internal(private_bio_reader_t *this, uint8_t *res,
bool from_end)
{
if (this->buf.len < 1)
@@ -100,9 +100,9 @@ static bool read_uint8_internal(private_bio_reader_t *this, u_int8_t *res,
}
/**
- * Read an u_int16_t from the buffer, optionally from the end
+ * Read an uint16_t from the buffer, optionally from the end
*/
-static bool read_uint16_internal(private_bio_reader_t *this, u_int16_t *res,
+static bool read_uint16_internal(private_bio_reader_t *this, uint16_t *res,
bool from_end)
{
if (this->buf.len < 2)
@@ -117,9 +117,9 @@ static bool read_uint16_internal(private_bio_reader_t *this, u_int16_t *res,
}
/**
- * Read an u_int32_t (only 24-bit) from the buffer, optionally from the end
+ * Read an uint32_t (only 24-bit) from the buffer, optionally from the end
*/
-static bool read_uint24_internal(private_bio_reader_t *this, u_int32_t *res,
+static bool read_uint24_internal(private_bio_reader_t *this, uint32_t *res,
bool from_end)
{
if (this->buf.len < 3)
@@ -134,9 +134,9 @@ static bool read_uint24_internal(private_bio_reader_t *this, u_int32_t *res,
}
/**
- * Read an u_int32_t from the buffer, optionally from the end
+ * Read an uint32_t from the buffer, optionally from the end
*/
-static bool read_uint32_internal(private_bio_reader_t *this, u_int32_t *res,
+static bool read_uint32_internal(private_bio_reader_t *this, uint32_t *res,
bool from_end)
{
if (this->buf.len < 4)
@@ -151,9 +151,9 @@ static bool read_uint32_internal(private_bio_reader_t *this, u_int32_t *res,
}
/**
- * Read an u_int64_t from the buffer, optionally from the end
+ * Read an uint64_t from the buffer, optionally from the end
*/
-static bool read_uint64_internal(private_bio_reader_t *this, u_int64_t *res,
+static bool read_uint64_internal(private_bio_reader_t *this, uint64_t *res,
bool from_end)
{
if (this->buf.len < 8)
@@ -170,7 +170,7 @@ static bool read_uint64_internal(private_bio_reader_t *this, u_int64_t *res,
/**
* Read a chunk of data from the buffer, optionally from the end
*/
-static bool read_data_internal(private_bio_reader_t *this, u_int32_t len,
+static bool read_data_internal(private_bio_reader_t *this, uint32_t len,
chunk_t *res, bool from_end)
{
if (this->buf.len < len)
@@ -185,73 +185,73 @@ static bool read_data_internal(private_bio_reader_t *this, u_int32_t len,
}
METHOD(bio_reader_t, read_uint8, bool,
- private_bio_reader_t *this, u_int8_t *res)
+ private_bio_reader_t *this, uint8_t *res)
{
return read_uint8_internal(this, res, FALSE);
}
METHOD(bio_reader_t, read_uint16, bool,
- private_bio_reader_t *this, u_int16_t *res)
+ private_bio_reader_t *this, uint16_t *res)
{
return read_uint16_internal(this, res, FALSE);
}
METHOD(bio_reader_t, read_uint24, bool,
- private_bio_reader_t *this, u_int32_t *res)
+ private_bio_reader_t *this, uint32_t *res)
{
return read_uint24_internal(this, res, FALSE);
}
METHOD(bio_reader_t, read_uint32, bool,
- private_bio_reader_t *this, u_int32_t *res)
+ private_bio_reader_t *this, uint32_t *res)
{
return read_uint32_internal(this, res, FALSE);
}
METHOD(bio_reader_t, read_uint64, bool,
- private_bio_reader_t *this, u_int64_t *res)
+ private_bio_reader_t *this, uint64_t *res)
{
return read_uint64_internal(this, res, FALSE);
}
METHOD(bio_reader_t, read_data, bool,
- private_bio_reader_t *this, u_int32_t len, chunk_t *res)
+ private_bio_reader_t *this, uint32_t len, chunk_t *res)
{
return read_data_internal(this, len, res, FALSE);
}
METHOD(bio_reader_t, read_uint8_end, bool,
- private_bio_reader_t *this, u_int8_t *res)
+ private_bio_reader_t *this, uint8_t *res)
{
return read_uint8_internal(this, res, TRUE);
}
METHOD(bio_reader_t, read_uint16_end, bool,
- private_bio_reader_t *this, u_int16_t *res)
+ private_bio_reader_t *this, uint16_t *res)
{
return read_uint16_internal(this, res, TRUE);
}
METHOD(bio_reader_t, read_uint24_end, bool,
- private_bio_reader_t *this, u_int32_t *res)
+ private_bio_reader_t *this, uint32_t *res)
{
return read_uint24_internal(this, res, TRUE);
}
METHOD(bio_reader_t, read_uint32_end, bool,
- private_bio_reader_t *this, u_int32_t *res)
+ private_bio_reader_t *this, uint32_t *res)
{
return read_uint32_internal(this, res, TRUE);
}
METHOD(bio_reader_t, read_uint64_end, bool,
- private_bio_reader_t *this, u_int64_t *res)
+ private_bio_reader_t *this, uint64_t *res)
{
return read_uint64_internal(this, res, TRUE);
}
METHOD(bio_reader_t, read_data_end, bool,
- private_bio_reader_t *this, u_int32_t len, chunk_t *res)
+ private_bio_reader_t *this, uint32_t len, chunk_t *res)
{
return read_data_internal(this, len, res, TRUE);
}
@@ -259,7 +259,7 @@ METHOD(bio_reader_t, read_data_end, bool,
METHOD(bio_reader_t, read_data8, bool,
private_bio_reader_t *this, chunk_t *res)
{
- u_int8_t len;
+ uint8_t len;
if (!read_uint8(this, &len))
{
@@ -271,7 +271,7 @@ METHOD(bio_reader_t, read_data8, bool,
METHOD(bio_reader_t, read_data16, bool,
private_bio_reader_t *this, chunk_t *res)
{
- u_int16_t len;
+ uint16_t len;
if (!read_uint16(this, &len))
{
@@ -283,7 +283,7 @@ METHOD(bio_reader_t, read_data16, bool,
METHOD(bio_reader_t, read_data24, bool,
private_bio_reader_t *this, chunk_t *res)
{
- u_int32_t len;
+ uint32_t len;
if (!read_uint24(this, &len))
{
@@ -295,7 +295,7 @@ METHOD(bio_reader_t, read_data24, bool,
METHOD(bio_reader_t, read_data32, bool,
private_bio_reader_t *this, chunk_t *res)
{
- u_int32_t len;
+ uint32_t len;
if (!read_uint32(this, &len))
{
diff --git a/src/libstrongswan/bio/bio_reader.h b/src/libstrongswan/bio/bio_reader.h
index 4754224..358993c 100644
--- a/src/libstrongswan/bio/bio_reader.h
+++ b/src/libstrongswan/bio/bio_reader.h
@@ -40,7 +40,7 @@ struct bio_reader_t {
*
* @return number of remaining bytes in buffer
*/
- u_int32_t (*remaining)(bio_reader_t *this);
+ uint32_t (*remaining)(bio_reader_t *this);
/**
* Peek the remaining data, not consuming any bytes.
@@ -55,7 +55,7 @@ struct bio_reader_t {
* @param res pointer to result
* @return TRUE if integer read successfully
*/
- bool (*read_uint8)(bio_reader_t *this, u_int8_t *res);
+ bool (*read_uint8)(bio_reader_t *this, uint8_t *res);
/**
* Read a 16-bit integer from the buffer, advance.
@@ -63,7 +63,7 @@ struct bio_reader_t {
* @param res pointer to result
* @return TRUE if integer read successfully
*/
- bool (*read_uint16)(bio_reader_t *this, u_int16_t *res);
+ bool (*read_uint16)(bio_reader_t *this, uint16_t *res);
/**
* Read a 24-bit integer from the buffer, advance.
@@ -71,7 +71,7 @@ struct bio_reader_t {
* @param res pointer to result
* @return TRUE if integer read successfully
*/
- bool (*read_uint24)(bio_reader_t *this, u_int32_t *res);
+ bool (*read_uint24)(bio_reader_t *this, uint32_t *res);
/**
* Read a 32-bit integer from the buffer, advance.
@@ -79,7 +79,7 @@ struct bio_reader_t {
* @param res pointer to result
* @return TRUE if integer read successfully
*/
- bool (*read_uint32)(bio_reader_t *this, u_int32_t *res);
+ bool (*read_uint32)(bio_reader_t *this, uint32_t *res);
/**
* Read a 64-bit integer from the buffer, advance.
@@ -87,7 +87,7 @@ struct bio_reader_t {
* @param res pointer to result
* @return TRUE if integer read successfully
*/
- bool (*read_uint64)(bio_reader_t *this, u_int64_t *res);
+ bool (*read_uint64)(bio_reader_t *this, uint64_t *res);
/**
* Read a chunk of len bytes, advance.
@@ -96,7 +96,7 @@ struct bio_reader_t {
* @param res pointer to result, not cloned
* @return TRUE if data read successfully
*/
- bool (*read_data)(bio_reader_t *this, u_int32_t len, chunk_t *res);
+ bool (*read_data)(bio_reader_t *this, uint32_t len, chunk_t *res);
/**
* Read a 8-bit integer from the end of the buffer, reduce remaining.
@@ -104,7 +104,7 @@ struct bio_reader_t {
* @param res pointer to result
* @return TRUE if integer read successfully
*/
- bool (*read_uint8_end)(bio_reader_t *this, u_int8_t *res);
+ bool (*read_uint8_end)(bio_reader_t *this, uint8_t *res);
/**
* Read a 16-bit integer from the end of the buffer, reduce remaining.
@@ -112,7 +112,7 @@ struct bio_reader_t {
* @param res pointer to result
* @return TRUE if integer read successfully
*/
- bool (*read_uint16_end)(bio_reader_t *this, u_int16_t *res);
+ bool (*read_uint16_end)(bio_reader_t *this, uint16_t *res);
/**
* Read a 24-bit integer from the end of the buffer, reduce remaining.
@@ -120,7 +120,7 @@ struct bio_reader_t {
* @param res pointer to result
* @return TRUE if integer read successfully
*/
- bool (*read_uint24_end)(bio_reader_t *this, u_int32_t *res);
+ bool (*read_uint24_end)(bio_reader_t *this, uint32_t *res);
/**
* Read a 32-bit integer from the end of the buffer, reduce remaining.
@@ -128,7 +128,7 @@ struct bio_reader_t {
* @param res pointer to result
* @return TRUE if integer read successfully
*/
- bool (*read_uint32_end)(bio_reader_t *this, u_int32_t *res);
+ bool (*read_uint32_end)(bio_reader_t *this, uint32_t *res);
/**
* Read a 64-bit integer from the end of the buffer, reduce remaining.
@@ -136,7 +136,7 @@ struct bio_reader_t {
* @param res pointer to result
* @return TRUE if integer read successfully
*/
- bool (*read_uint64_end)(bio_reader_t *this, u_int64_t *res);
+ bool (*read_uint64_end)(bio_reader_t *this, uint64_t *res);
/**
* Read a chunk of len bytes from the end of the buffer, reduce remaining.
@@ -145,7 +145,7 @@ struct bio_reader_t {
* @param res ponter to result, not cloned
* @return TRUE if data read successfully
*/
- bool (*read_data_end)(bio_reader_t *this, u_int32_t len, chunk_t *res);
+ bool (*read_data_end)(bio_reader_t *this, uint32_t len, chunk_t *res);
/**
* Read a chunk of bytes with a 8-bit length header, advance.
diff --git a/src/libstrongswan/bio/bio_writer.c b/src/libstrongswan/bio/bio_writer.c
index 152d9ce..a21b376 100644
--- a/src/libstrongswan/bio/bio_writer.c
+++ b/src/libstrongswan/bio/bio_writer.c
@@ -65,7 +65,7 @@ static inline void increase(private_bio_writer_t *this, size_t required)
}
METHOD(bio_writer_t, write_uint8, void,
- private_bio_writer_t *this, u_int8_t value)
+ private_bio_writer_t *this, uint8_t value)
{
increase(this, 1);
this->buf.ptr[this->used] = value;
@@ -73,7 +73,7 @@ METHOD(bio_writer_t, write_uint8, void,
}
METHOD(bio_writer_t, write_uint16, void,
- private_bio_writer_t *this, u_int16_t value)
+ private_bio_writer_t *this, uint16_t value)
{
increase(this, 2);
htoun16(this->buf.ptr + this->used, value);
@@ -81,7 +81,7 @@ METHOD(bio_writer_t, write_uint16, void,
}
METHOD(bio_writer_t, write_uint24, void,
- private_bio_writer_t *this, u_int32_t value)
+ private_bio_writer_t *this, uint32_t value)
{
increase(this, 3);
value = htonl(value);
@@ -90,7 +90,7 @@ METHOD(bio_writer_t, write_uint24, void,
}
METHOD(bio_writer_t, write_uint32, void,
- private_bio_writer_t *this, u_int32_t value)
+ private_bio_writer_t *this, uint32_t value)
{
increase(this, 4);
htoun32(this->buf.ptr + this->used, value);
@@ -98,7 +98,7 @@ METHOD(bio_writer_t, write_uint32, void,
}
METHOD(bio_writer_t, write_uint64, void,
- private_bio_writer_t *this, u_int64_t value)
+ private_bio_writer_t *this, uint64_t value)
{
increase(this, 8);
htoun64(this->buf.ptr + this->used, value);
@@ -166,7 +166,7 @@ METHOD(bio_writer_t, wrap16, void,
METHOD(bio_writer_t, wrap24, void,
private_bio_writer_t *this)
{
- u_int32_t len;
+ uint32_t len;
increase(this, 3);
memmove(this->buf.ptr + 3, this->buf.ptr, this->used);
@@ -221,7 +221,7 @@ METHOD(bio_writer_t, destroy, void,
/**
* See header
*/
-bio_writer_t *bio_writer_create(u_int32_t bufsize)
+bio_writer_t *bio_writer_create(uint32_t bufsize)
{
private_bio_writer_t *this;
diff --git a/src/libstrongswan/bio/bio_writer.h b/src/libstrongswan/bio/bio_writer.h
index 2ac4f35..b6e3db7 100644
--- a/src/libstrongswan/bio/bio_writer.h
+++ b/src/libstrongswan/bio/bio_writer.h
@@ -40,35 +40,35 @@ struct bio_writer_t {
*
* @param value value to append
*/
- void (*write_uint8)(bio_writer_t *this, u_int8_t value);
+ void (*write_uint8)(bio_writer_t *this, uint8_t value);
/**
* Append a 16-bit integer to the buffer.
*
* @param value value to append
*/
- void (*write_uint16)(bio_writer_t *this, u_int16_t value);
+ void (*write_uint16)(bio_writer_t *this, uint16_t value);
/**
* Append a 24-bit integer to the buffer.
*
* @param value value to append
*/
- void (*write_uint24)(bio_writer_t *this, u_int32_t value);
+ void (*write_uint24)(bio_writer_t *this, uint32_t value);
/**
* Append a 32-bit integer to the buffer.
*
* @param value value to append
*/
- void (*write_uint32)(bio_writer_t *this, u_int32_t value);
+ void (*write_uint32)(bio_writer_t *this, uint32_t value);
/**
* Append a 64-bit integer to the buffer.
*
* @param value value to append
*/
- void (*write_uint64)(bio_writer_t *this, u_int64_t value);
+ void (*write_uint64)(bio_writer_t *this, uint64_t value);
/**
* Append a chunk of data without a length header.
@@ -166,6 +166,6 @@ struct bio_writer_t {
*
* @param bufsize initially allocated buffer size
*/
-bio_writer_t *bio_writer_create(u_int32_t bufsize);
+bio_writer_t *bio_writer_create(uint32_t bufsize);
#endif /** BIO_WRITER_H_ @}*/
diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c
index a45a68a..69e7df9 100644
--- a/src/libstrongswan/collections/array.c
+++ b/src/libstrongswan/collections/array.c
@@ -42,13 +42,13 @@
*/
struct array_t {
/** number of elements currently in array (not counting head/tail) */
- u_int32_t count;
+ uint32_t count;
/** size of each element, 0 for a pointer based array */
- u_int16_t esize;
+ uint16_t esize;
/** allocated but unused elements at array front */
- u_int8_t head;
+ uint8_t head;
/** allocated but unused elements at array end */
- u_int8_t tail;
+ uint8_t tail;
/** array elements */
void *data;
};
@@ -64,7 +64,7 @@ struct array_t {
/**
* Get the actual size of a number of elements
*/
-static size_t get_size(array_t *array, u_int32_t num)
+static size_t get_size(array_t *array, uint32_t num)
{
if (array->esize)
{
@@ -76,7 +76,7 @@ static size_t get_size(array_t *array, u_int32_t num)
/**
* Increase allocated but unused tail room to at least "room"
*/
-static void make_tail_room(array_t *array, u_int8_t room)
+static void make_tail_room(array_t *array, uint8_t room)
{
if (array->tail < room)
{
@@ -89,11 +89,11 @@ static void make_tail_room(array_t *array, u_int8_t room)
/**
* Increase allocated but unused head room to at least "room"
*/
-static void make_head_room(array_t *array, u_int8_t room)
+static void make_head_room(array_t *array, uint8_t room)
{
if (array->head < room)
{
- u_int8_t increase = room - array->head;
+ uint8_t increase = room - array->head;
array->data = realloc(array->data,
get_size(array, array->count + array->tail + room));
@@ -158,7 +158,7 @@ static void remove_head(array_t *array, int idx)
array->head++;
}
-array_t *array_create(u_int esize, u_int8_t reserve)
+array_t *array_create(u_int esize, uint8_t reserve)
{
array_t *array;
@@ -186,7 +186,7 @@ void array_compress(array_t *array)
{
if (array)
{
- u_int32_t tail;
+ uint32_t tail;
tail = array->tail;
if (array->head)
diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h
index c3be1a1..d8a16b5 100644
--- a/src/libstrongswan/collections/array.h
+++ b/src/libstrongswan/collections/array.h
@@ -68,7 +68,7 @@ typedef void (*array_callback_t)(void *data, int idx, void *user);
* @param reserve number of items to allocate space for
* @return array instance
*/
-array_t *array_create(u_int esize, u_int8_t reserve);
+array_t *array_create(u_int esize, uint8_t reserve);
/**
* Get the number of elements currently in the array.
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index 6940069..7191dc1 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -78,7 +78,7 @@ enum auth_rule_t {
AUTH_RULE_EAP_IDENTITY,
/** EAP type to propose for peer authentication, eap_type_t */
AUTH_RULE_EAP_TYPE,
- /** EAP vendor for vendor specific type, u_int32_t */
+ /** EAP vendor for vendor specific type, uint32_t */
AUTH_RULE_EAP_VENDOR,
/** XAUTH backend name to use, char* */
AUTH_RULE_XAUTH_BACKEND,
diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c
index 7b812d2..9e7815d 100644
--- a/src/libstrongswan/credentials/containers/pkcs12.c
+++ b/src/libstrongswan/credentials/containers/pkcs12.c
@@ -42,8 +42,8 @@ static inline void copy_chunk(chunk_t dst, chunk_t src)
*/
static void add_chunks(chunk_t a, chunk_t b)
{
- u_int16_t sum;
- u_int8_t rem = 0;
+ uint16_t sum;
+ uint8_t rem = 0;
ssize_t i, j;
for (i = a.len - 1, j = b.len -1; i >= 0 && j >= 0; i--, j--)
@@ -64,12 +64,12 @@ static void add_chunks(chunk_t a, chunk_t b)
* Do the actual key derivation with the given hasher, password and id.
*/
static bool derive_key(hash_algorithm_t hash, chunk_t unicode, chunk_t salt,
- u_int64_t iterations, char id, chunk_t result)
+ uint64_t iterations, char id, chunk_t result)
{
chunk_t out = result, D, S, P = chunk_empty, I, Ai, B, Ij;
hasher_t *hasher;
size_t Slen, v, u;
- u_int64_t i;
+ uint64_t i;
bool success = FALSE;
hasher = lib->crypto->create_hasher(lib->crypto, hash);
@@ -149,7 +149,7 @@ end:
* Described in header
*/
bool pkcs12_derive_key(hash_algorithm_t hash, chunk_t password, chunk_t salt,
- u_int64_t iterations, pkcs12_key_type_t type, chunk_t key)
+ uint64_t iterations, pkcs12_key_type_t type, chunk_t key)
{
chunk_t unicode = chunk_empty;
bool success;
diff --git a/src/libstrongswan/credentials/containers/pkcs12.h b/src/libstrongswan/credentials/containers/pkcs12.h
index f22ef04..fc4fb39 100644
--- a/src/libstrongswan/credentials/containers/pkcs12.h
+++ b/src/libstrongswan/credentials/containers/pkcs12.h
@@ -73,6 +73,6 @@ struct pkcs12_t {
* @return TRUE on success
*/
bool pkcs12_derive_key(hash_algorithm_t hash, chunk_t password, chunk_t salt,
- u_int64_t iterations, pkcs12_key_type_t type, chunk_t key);
+ uint64_t iterations, pkcs12_key_type_t type, chunk_t key);
#endif /** PKCS12_H_ @}*/
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c
index 4884c4b..988e709 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -250,6 +250,7 @@ METHOD(mem_cred_t, add_crl, bool,
if (new)
{
this->untrusted->remove_at(this->untrusted, enumerator);
+ current->destroy(current);
}
else
{
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index b0b8637..35dcf25 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -347,6 +347,10 @@ METHOD(crypto_factory_t, create_nonce_gen, nonce_gen_t*,
while (enumerator->enumerate(enumerator, &entry))
{
nonce_gen = entry->create_nonce_gen();
+ if (nonce_gen)
+ {
+ break;
+ }
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 272502c..2d28b20 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -90,7 +90,7 @@ struct hasher_t {
* @return TRUE if hash created successfully
*/
bool (*get_hash)(hasher_t *this, chunk_t data,
- u_int8_t *hash) __attribute__((warn_unused_result));
+ uint8_t *hash) __attribute__((warn_unused_result));
/**
* Hash data and allocate space for the hash.
diff --git a/src/libstrongswan/crypto/iv/iv_gen.h b/src/libstrongswan/crypto/iv/iv_gen.h
index 81b0701..292fc32 100644
--- a/src/libstrongswan/crypto/iv/iv_gen.h
+++ b/src/libstrongswan/crypto/iv/iv_gen.h
@@ -38,8 +38,8 @@ struct iv_gen_t {
* @param buffer pointer where the generated IV will be written
* @return TRUE if IV allocation was successful, FALSE otherwise
*/
- bool (*get_iv)(iv_gen_t *this, u_int64_t seq, size_t size,
- u_int8_t *buffer) __attribute__((warn_unused_result));
+ bool (*get_iv)(iv_gen_t *this, uint64_t seq, size_t size,
+ uint8_t *buffer) __attribute__((warn_unused_result));
/**
* Generates an IV and allocates space for it.
@@ -49,7 +49,7 @@ struct iv_gen_t {
* @param chunk chunk which will hold the generated IV
* @return TRUE if IV allocation was successful, FALSE otherwise
*/
- bool (*allocate_iv)(iv_gen_t *this, u_int64_t seq, size_t size,
+ bool (*allocate_iv)(iv_gen_t *this, uint64_t seq, size_t size,
chunk_t *chunk) __attribute__((warn_unused_result));
/**
diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.c b/src/libstrongswan/crypto/iv/iv_gen_null.c
index b13de06..3b8f939 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_null.c
+++ b/src/libstrongswan/crypto/iv/iv_gen_null.c
@@ -29,13 +29,13 @@ struct private_iv_gen_t {
};
METHOD(iv_gen_t, get_iv, bool,
- private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer)
+ private_iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer)
{
return size == 0;
}
METHOD(iv_gen_t, allocate_iv, bool,
- private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk)
+ private_iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk)
{
*chunk = chunk_empty;
return size == 0;
diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.c b/src/libstrongswan/crypto/iv/iv_gen_rand.c
index 2bed63f..1474b3a 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_rand.c
+++ b/src/libstrongswan/crypto/iv/iv_gen_rand.c
@@ -36,7 +36,7 @@ struct private_iv_gen_t {
};
METHOD(iv_gen_t, get_iv, bool,
- private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer)
+ private_iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer)
{
if (!this->rng)
{
@@ -46,7 +46,7 @@ METHOD(iv_gen_t, get_iv, bool,
}
METHOD(iv_gen_t, allocate_iv, bool,
- private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk)
+ private_iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk)
{
if (!this->rng)
{
diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c
index 9f99c51..5662029 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_seq.c
+++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c
@@ -18,7 +18,7 @@
/**
* Magic value for the initial IV state
*/
-#define SEQ_IV_INIT_STATE (~(u_int64_t)0)
+#define SEQ_IV_INIT_STATE (~(uint64_t)0)
#define SEQ_IV_HIGH_MASK (1ULL << 63)
typedef struct private_iv_gen_t private_iv_gen_t;
@@ -36,30 +36,30 @@ struct private_iv_gen_t {
/**
* Previously passed sequence number in lower space to enforce uniqueness
*/
- u_int64_t prevl;
+ uint64_t prevl;
/**
* Previously passed sequence number in upper space to enforce uniqueness
*/
- u_int64_t prevh;
+ uint64_t prevh;
/**
* Salt to mask counter
*/
- u_int8_t *salt;
+ uint8_t *salt;
};
METHOD(iv_gen_t, get_iv, bool,
- private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer)
+ private_iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer)
{
- u_int8_t iv[sizeof(u_int64_t)];
+ uint8_t iv[sizeof(uint64_t)];
size_t len = size;
if (!this->salt)
{
return FALSE;
}
- if (size < sizeof(u_int64_t))
+ if (size < sizeof(uint64_t))
{
return FALSE;
}
@@ -83,19 +83,19 @@ METHOD(iv_gen_t, get_iv, bool,
{
this->prevl = seq;
}
- if (len > sizeof(u_int64_t))
+ if (len > sizeof(uint64_t))
{
- len = sizeof(u_int64_t);
+ len = sizeof(uint64_t);
memset(buffer, 0, size - len);
}
htoun64(iv, seq);
- memxor(iv, this->salt, sizeof(u_int64_t));
- memcpy(buffer + size - len, iv + sizeof(u_int64_t) - len, len);
+ memxor(iv, this->salt, sizeof(uint64_t));
+ memcpy(buffer + size - len, iv + sizeof(uint64_t) - len, len);
return TRUE;
}
METHOD(iv_gen_t, allocate_iv, bool,
- private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk)
+ private_iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk)
{
*chunk = chunk_alloc(size);
if (!get_iv(this, seq, chunk->len, chunk->ptr))
@@ -131,8 +131,8 @@ iv_gen_t *iv_gen_seq_create()
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (rng)
{
- this->salt = malloc(sizeof(u_int64_t));
- if (!rng->get_bytes(rng, sizeof(u_int64_t), this->salt))
+ this->salt = malloc(sizeof(uint64_t));
+ if (!rng->get_bytes(rng, sizeof(uint64_t), this->salt))
{
free(this->salt);
this->salt = NULL;
diff --git a/src/libstrongswan/crypto/mac.h b/src/libstrongswan/crypto/mac.h
index f7b43ba..f23c675 100644
--- a/src/libstrongswan/crypto/mac.h
+++ b/src/libstrongswan/crypto/mac.h
@@ -47,7 +47,7 @@ struct mac_t {
* @return TRUE if mac generated successfully
*/
bool (*get_mac)(mac_t *this, chunk_t data,
- u_int8_t *out) __attribute__((warn_unused_result));
+ uint8_t *out) __attribute__((warn_unused_result));
/**
* Get the size of the resulting MAC.
diff --git a/src/libstrongswan/crypto/mgf1/mgf1.c b/src/libstrongswan/crypto/mgf1/mgf1.c
index 4bbcd6e..5116dfe 100644
--- a/src/libstrongswan/crypto/mgf1/mgf1.c
+++ b/src/libstrongswan/crypto/mgf1/mgf1.c
@@ -39,7 +39,7 @@ struct private_mgf1_t {
/**
* Counter
*/
- u_int32_t counter;
+ uint32_t counter;
/**
* Set if counter has reached 2^32
diff --git a/src/libstrongswan/crypto/nonce_gen.h b/src/libstrongswan/crypto/nonce_gen.h
index 7dae4f7..98d159e 100644
--- a/src/libstrongswan/crypto/nonce_gen.h
+++ b/src/libstrongswan/crypto/nonce_gen.h
@@ -38,7 +38,7 @@ struct nonce_gen_t {
* @return TRUE if nonce allocation was successful, FALSE otherwise
*/
bool (*get_nonce)(nonce_gen_t *this, size_t size,
- u_int8_t *buffer) __attribute__((warn_unused_result));
+ uint8_t *buffer) __attribute__((warn_unused_result));
/**
* Generates a nonce and allocates space for it.
diff --git a/src/libstrongswan/crypto/pkcs5.c b/src/libstrongswan/crypto/pkcs5.c
index 478926f..8a14524 100644
--- a/src/libstrongswan/crypto/pkcs5.c
+++ b/src/libstrongswan/crypto/pkcs5.c
@@ -41,7 +41,7 @@ struct private_pkcs5_t {
/**
* Iterations for key derivation
*/
- u_int64_t iterations;
+ uint64_t iterations;
/**
* Encryption algorithm
@@ -110,7 +110,7 @@ struct private_pkcs5_t {
*/
static bool verify_padding(crypter_t *crypter, chunk_t *blob)
{
- u_int8_t padding, count;
+ uint8_t padding, count;
padding = count = blob->ptr[blob->len - 1];
@@ -181,10 +181,10 @@ static bool pkcs12_kdf(private_pkcs5_t *this, chunk_t password, chunk_t keymat)
* Function F of PBKDF2
*/
static bool pbkdf2_f(chunk_t block, prf_t *prf, chunk_t seed,
- u_int64_t iterations)
+ uint64_t iterations)
{
chunk_t u;
- u_int64_t i;
+ uint64_t i;
u = chunk_alloca(prf->get_block_size(prf));
if (!prf->get_bytes(prf, seed, u.ptr))
@@ -212,7 +212,7 @@ static bool pbkdf2(private_pkcs5_t *this, chunk_t password, chunk_t key)
prf_t *prf;
chunk_t keymat, block, seed;
size_t blocks;
- u_int32_t i = 0;
+ uint32_t i = 0;
prf = this->data.pbes2.prf;
@@ -247,7 +247,7 @@ static bool pbkdf1(private_pkcs5_t *this, chunk_t password, chunk_t key)
{
hasher_t *hasher;
chunk_t hash;
- u_int64_t i;
+ uint64_t i;
hasher = this->data.pbes1.hasher;
diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c
index 94be1d5..6b7f8f8 100644
--- a/src/libstrongswan/crypto/prf_plus.c
+++ b/src/libstrongswan/crypto/prf_plus.c
@@ -44,7 +44,7 @@ struct private_prf_plus_t {
/**
* Octet which will be appended to the seed, 0 if not used
*/
- u_int8_t counter;
+ uint8_t counter;
/**
* Already given out bytes in current buffer.
@@ -58,7 +58,7 @@ struct private_prf_plus_t {
};
METHOD(prf_plus_t, get_bytes, bool,
- private_prf_plus_t *this, size_t length, u_int8_t *buffer)
+ private_prf_plus_t *this, size_t length, uint8_t *buffer)
{
size_t round, written = 0;
diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h
index f994dce..2c4b885 100644
--- a/src/libstrongswan/crypto/prf_plus.h
+++ b/src/libstrongswan/crypto/prf_plus.h
@@ -39,7 +39,7 @@ struct prf_plus_t {
* @return TRUE if bytes generated successfully
*/
bool (*get_bytes)(prf_plus_t *this, size_t length,
- u_int8_t *buffer) __attribute__((warn_unused_result));
+ uint8_t *buffer) __attribute__((warn_unused_result));
/**
* Allocate pseudo random bytes.
diff --git a/src/libstrongswan/crypto/prfs/mac_prf.c b/src/libstrongswan/crypto/prfs/mac_prf.c
index b5f6be9..3f8eb7e 100644
--- a/src/libstrongswan/crypto/prfs/mac_prf.c
+++ b/src/libstrongswan/crypto/prfs/mac_prf.c
@@ -36,7 +36,7 @@ struct private_prf_t {
};
METHOD(prf_t, get_bytes, bool,
- private_prf_t *this, chunk_t seed, u_int8_t *buffer)
+ private_prf_t *this, chunk_t seed, uint8_t *buffer)
{
return this->mac->get_mac(this->mac, seed, buffer);
}
diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h
index 46e23b2..bf443e5 100644
--- a/src/libstrongswan/crypto/prfs/prf.h
+++ b/src/libstrongswan/crypto/prfs/prf.h
@@ -80,7 +80,7 @@ struct prf_t {
* @return TRUE if bytes generated successfully
*/
bool (*get_bytes)(prf_t *this, chunk_t seed,
- u_int8_t *buffer) __attribute__((warn_unused_result));
+ uint8_t *buffer) __attribute__((warn_unused_result));
/**
* Generates pseudo random bytes and allocate space for them.
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index bbb97d0..282d40e 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -134,7 +134,7 @@ METHOD(proposal_keywords_t, get_token, const proposal_token_t*,
METHOD(proposal_keywords_t, register_token, void,
private_proposal_keywords_t *this, const char *name, transform_type_t type,
- u_int16_t algorithm, u_int16_t keysize)
+ uint16_t algorithm, uint16_t keysize)
{
proposal_token_t *token;
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
index 5cdbafc..856abdc 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.h
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
@@ -69,12 +69,12 @@ struct proposal_token_t {
/**
* The IKE id of the algorithm.
*/
- u_int16_t algorithm;
+ uint16_t algorithm;
/**
* The key size associated with the specific algorithm.
*/
- u_int16_t keysize;
+ uint16_t keysize;
};
/**
@@ -100,8 +100,8 @@ struct proposal_keywords_t {
* @param keysize the key size associated with the specific algorithm
*/
void (*register_token)(proposal_keywords_t *this, const char *name,
- transform_type_t type, u_int16_t algorithm,
- u_int16_t keysize);
+ transform_type_t type, uint16_t algorithm,
+ uint16_t keysize);
/**
* Register an algorithm name parser.
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
index 51b9d78..ba4c895 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
@@ -55,16 +55,16 @@ error "gperf generated tables don't work with this execution character set. Plea
struct proposal_token {
char *name;
transform_type_t type;
- u_int16_t algorithm;
- u_int16_t keysize;
+ uint16_t algorithm;
+ uint16_t keysize;
};
-#define TOTAL_KEYWORDS 139
+#define TOTAL_KEYWORDS 140
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 18
-#define MAX_HASH_VALUE 276
-/* maximum key range = 259, duplicates = 0 */
+#define MIN_HASH_VALUE 11
+#define MAX_HASH_VALUE 266
+/* maximum key range = 256, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -80,32 +80,32 @@ hash (str, len)
{
static const unsigned short asso_values[] =
{
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 66, 6,
- 18, 39, 81, 30, 9, 27, 3, 0, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 105, 277, 33, 0, 6,
- 57, 60, 15, 96, 3, 0, 277, 277, 0, 0,
- 0, 18, 126, 30, 111, 24, 36, 159, 277, 277,
- 9, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
- 277, 277, 277, 277, 277, 277, 277
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 71, 4,
+ 20, 6, 48, 32, 10, 30, 5, 3, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 97, 267, 4, 8, 18,
+ 56, 107, 107, 78, 10, 4, 267, 267, 3, 5,
+ 7, 4, 30, 92, 104, 3, 32, 145, 267, 267,
+ 3, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
+ 267, 267, 267, 267, 267, 267, 267
};
register int hval = len;
@@ -144,177 +144,177 @@ hash (str, len)
static const struct proposal_token wordlist[] =
{
- {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0},
{"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
- {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0},
- {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
{"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
- {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0},
+ {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
{"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
+ {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0},
{"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
{"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0},
- {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
{"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
- {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0},
+ {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0},
+ {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
+ {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
+ {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
{"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
- {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
{"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
- {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
{"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
- {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
- {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
+ {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
{"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
- {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
- {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0},
- {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
+ {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
+ {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0},
{"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
- {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
- {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0},
- {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
+ {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
{"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0},
- {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
- {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
{"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
- {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
- {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
- {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
{"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
- {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
- {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
- {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
+ {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
{"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
+ {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
{"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0},
- {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
- {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
- {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
- {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
+ {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
{"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
- {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
+ {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
{"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
- {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
+ {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
+ {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
{"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
+ {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0},
+ {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
{"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
+ {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
+ {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
{"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
- {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
- {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
{"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
{"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
+ {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
{"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
- {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
- {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
- {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
- {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
{"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
- {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
{"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
- {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
- {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
+ {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
- {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
+ {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
{"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
- {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0},
+ {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
- {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
- {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0},
{"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
- {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
- {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
+ {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0},
+ {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
+ {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
{"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
- {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
- {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
{"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
- {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
- {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
+ {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
+ {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
{"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
- {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
- {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
{"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
- {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
- {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
- {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
- {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
- {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
- {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
- {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
+ {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
+ {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
+ {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
{"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
+ {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
{"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
- {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
- {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
- {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
- {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
- {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
+ {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
+ {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
+ {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
+ {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
+ {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
+ {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
{"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
+ {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
+ {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
+ {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
+ {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
+ {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
{"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
- {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
+ {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
{"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
+ {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
{"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0},
+ {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
+ {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
+ {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
{"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
- {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
- {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
- {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0},
- {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
{"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0},
- {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
+ {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
{"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256},
+ {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
+ {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
{"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0},
- {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}
+ {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0},
+ {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
+ {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
+ {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0},
+ {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
+ {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}
};
static const short lookup[] =
{
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, 0, -1,
- -1, -1, 1, 2, -1, 3, -1, 4, -1, -1,
- 5, -1, -1, 6, -1, 7, -1, 8, -1, -1,
- 9, -1, 10, 11, 12, 13, 14, 15, 16, 17,
- 18, 19, 20, 21, 22, 23, 24, 25, -1, 26,
- -1, 27, 28, -1, -1, 29, 30, 31, -1, 32,
- -1, 33, 34, 35, 36, -1, -1, 37, 38, -1,
- 39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
- 49, 50, 51, -1, 52, 53, 54, 55, 56, -1,
- 57, 58, 59, -1, -1, -1, 60, 61, 62, 63,
- -1, -1, 64, 65, -1, 66, -1, -1, 67, -1,
- -1, -1, -1, 68, -1, 69, -1, 70, 71, -1,
- 72, -1, -1, 73, 74, 75, 76, 77, 78, 79,
- 80, -1, 81, 82, 83, 84, 85, 86, 87, 88,
- 89, 90, 91, 92, -1, 93, 94, 95, 96, -1,
- 97, 98, -1, 99, 100, 101, -1, 102, -1, -1,
- 103, -1, -1, 104, 105, 106, 107, -1, 108, 109,
- -1, 110, 111, -1, -1, 112, 113, -1, 114, -1,
- -1, -1, -1, 115, -1, 116, 117, -1, 118, -1,
- 119, 120, 121, 122, 123, -1, 124, 125, -1, 126,
- -1, -1, 127, -1, 128, 129, -1, -1, 130, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- 131, -1, 132, 133, -1, -1, 134, -1, -1, -1,
- -1, 135, -1, -1, -1, -1, -1, -1, 136, -1,
+ -1, 0, -1, -1, 1, -1, -1, -1, -1, -1,
+ -1, -1, -1, 2, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, 3,
+ 4, -1, 5, -1, 6, 7, -1, 8, 9, -1,
+ -1, -1, -1, -1, -1, 10, -1, 11, 12, 13,
+ 14, -1, -1, -1, 15, -1, 16, 17, -1, 18,
+ 19, 20, 21, 22, 23, 24, 25, 26, 27, -1,
+ -1, -1, 28, 29, 30, -1, 31, -1, 32, 33,
+ 34, -1, 35, 36, 37, 38, -1, 39, 40, 41,
+ 42, -1, 43, 44, -1, -1, -1, -1, -1, 45,
+ -1, 46, 47, 48, 49, 50, 51, 52, 53, 54,
+ 55, 56, -1, 57, 58, 59, 60, 61, 62, 63,
+ 64, 65, 66, 67, 68, 69, 70, 71, 72, 73,
+ 74, 75, 76, 77, 78, 79, 80, 81, 82, 83,
+ 84, -1, 85, 86, -1, 87, 88, 89, 90, 91,
+ 92, -1, 93, 94, 95, 96, 97, 98, 99, 100,
+ -1, -1, 101, 102, 103, -1, -1, 104, 105, 106,
+ 107, 108, 109, -1, -1, 110, -1, 111, 112, 113,
+ 114, -1, 115, 116, -1, 117, 118, 119, 120, 121,
+ -1, -1, -1, -1, 122, 123, 124, -1, 125, -1,
+ -1, -1, 126, 127, 128, -1, 129, 130, 131, -1,
+ -1, 132, 133, -1, -1, -1, 134, -1, 135, 136,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, 137, -1, -1, -1, 138
+ -1, 137, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, 138, -1, -1, 139
};
#ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index da92409..8760243 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -25,8 +25,8 @@
struct proposal_token {
char *name;
transform_type_t type;
- u_int16_t algorithm;
- u_int16_t keysize;
+ uint16_t algorithm;
+ uint16_t keysize;
};
%%
null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0
@@ -141,6 +141,7 @@ prfmd5, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0
prfaesxcbc, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0
prfcamelliaxcbc, PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0
prfaescmac, PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0
+modpnone, DIFFIE_HELLMAN_GROUP, MODP_NONE, 0
modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0
modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0
modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0
diff --git a/src/libstrongswan/crypto/rngs/rng.c b/src/libstrongswan/crypto/rngs/rng.c
index f8fd50d..1f39ded 100644
--- a/src/libstrongswan/crypto/rngs/rng.c
+++ b/src/libstrongswan/crypto/rngs/rng.c
@@ -25,9 +25,9 @@ ENUM(rng_quality_names, RNG_WEAK, RNG_TRUE,
/*
* Described in header.
*/
-bool rng_get_bytes_not_zero(rng_t *rng, size_t len, u_int8_t *buffer, bool all)
+bool rng_get_bytes_not_zero(rng_t *rng, size_t len, uint8_t *buffer, bool all)
{
- u_int8_t *pos = buffer, *check = buffer + (all ? len : min(1, len));
+ uint8_t *pos = buffer, *check = buffer + (all ? len : min(1, len));
if (!rng->get_bytes(rng, len, pos))
{
diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h
index aee829d..0ca2cb1 100644
--- a/src/libstrongswan/crypto/rngs/rng.h
+++ b/src/libstrongswan/crypto/rngs/rng.h
@@ -57,7 +57,7 @@ struct rng_t {
* @return TRUE if bytes successfully written
*/
bool (*get_bytes)(rng_t *this, size_t len,
- u_int8_t *buffer) __attribute__((warn_unused_result));
+ uint8_t *buffer) __attribute__((warn_unused_result));
/**
* Generates random bytes and allocate space for them.
@@ -85,7 +85,7 @@ struct rng_t {
* @param all TRUE if all bytes have to be non-zero, FALSE for first
* @return TRUE if bytes successfully written
*/
-bool rng_get_bytes_not_zero(rng_t *rng, size_t len, u_int8_t *buffer,
+bool rng_get_bytes_not_zero(rng_t *rng, size_t len, uint8_t *buffer,
bool all) __attribute__((warn_unused_result));
/**
diff --git a/src/libstrongswan/crypto/signers/mac_signer.c b/src/libstrongswan/crypto/signers/mac_signer.c
index 1094c44..4426782 100644
--- a/src/libstrongswan/crypto/signers/mac_signer.c
+++ b/src/libstrongswan/crypto/signers/mac_signer.c
@@ -41,11 +41,11 @@ struct private_signer_t {
};
METHOD(signer_t, get_signature, bool,
- private_signer_t *this, chunk_t data, u_int8_t *buffer)
+ private_signer_t *this, chunk_t data, uint8_t *buffer)
{
if (buffer)
{
- u_int8_t mac[this->mac->get_mac_size(this->mac)];
+ uint8_t mac[this->mac->get_mac_size(this->mac)];
if (!this->mac->get_mac(this->mac, data, mac))
{
@@ -62,7 +62,7 @@ METHOD(signer_t, allocate_signature, bool,
{
if (chunk)
{
- u_int8_t mac[this->mac->get_mac_size(this->mac)];
+ uint8_t mac[this->mac->get_mac_size(this->mac)];
if (!this->mac->get_mac(this->mac, data, mac))
{
@@ -78,7 +78,7 @@ METHOD(signer_t, allocate_signature, bool,
METHOD(signer_t, verify_signature, bool,
private_signer_t *this, chunk_t data, chunk_t signature)
{
- u_int8_t mac[this->mac->get_mac_size(this->mac)];
+ uint8_t mac[this->mac->get_mac_size(this->mac)];
if (signature.len != this->truncation)
{
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index e0cf7eb..01b702d 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -96,7 +96,7 @@ struct signer_t {
* @return TRUE if signature created successfully
*/
bool (*get_signature)(signer_t *this, chunk_t data,
- u_int8_t *buffer) __attribute__((warn_unused_result));
+ uint8_t *buffer) __attribute__((warn_unused_result));
/**
* Generate a signature and allocate space for it.
diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h
index 08d88ba..2d4a238 100644
--- a/src/libstrongswan/eap/eap.h
+++ b/src/libstrongswan/eap/eap.h
@@ -99,18 +99,18 @@ struct eap_vendor_type_t {
/**
* Vendor Id
*/
- u_int32_t vendor;
+ uint32_t vendor;
};
/**
* EAP packet format
*/
typedef struct __attribute__((packed)) {
- u_int8_t code;
- u_int8_t identifier;
- u_int16_t length;
- u_int8_t type;
- u_int8_t data;
+ uint8_t code;
+ uint8_t identifier;
+ uint16_t length;
+ uint8_t type;
+ uint8_t data;
} eap_packet_t;
/**
diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c
index f2ee11e..a52a1eb 100644
--- a/src/libstrongswan/ipsec/ipsec_types.c
+++ b/src/libstrongswan/ipsec/ipsec_types.c
@@ -40,6 +40,22 @@ ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH,
/*
* See header
*/
+bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b)
+{
+ return a->mode == b->mode &&
+ a->reqid == b->reqid &&
+ a->policy_count == b->policy_count &&
+ a->esp.use == b->esp.use &&
+ a->esp.spi == b->esp.spi &&
+ a->ah.use == b->ah.use &&
+ a->ah.spi == b->ah.spi &&
+ a->ipcomp.transform == b->ipcomp.transform &&
+ a->ipcomp.cpi == b->ipcomp.cpi;
+}
+
+/*
+ * See header
+ */
bool mark_from_string(const char *value, mark_t *mark)
{
char *endptr;
diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h
index fa122af..c93d955 100644
--- a/src/libstrongswan/ipsec/ipsec_types.h
+++ b/src/libstrongswan/ipsec/ipsec_types.h
@@ -123,26 +123,35 @@ struct ipsec_sa_cfg_t {
/** mode of SA (tunnel, transport) */
ipsec_mode_t mode;
/** unique ID */
- u_int32_t reqid;
+ uint32_t reqid;
/** number of policies of the same kind (in/out/fwd) attached to SA */
- u_int32_t policy_count;
+ uint32_t policy_count;
/** details about ESP/AH */
struct {
/** TRUE if this protocol is used */
bool use;
/** SPI for ESP/AH */
- u_int32_t spi;
+ uint32_t spi;
} esp, ah;
/** details about IPComp */
struct {
/** the IPComp transform used */
- u_int16_t transform;
+ uint16_t transform;
/** CPI for IPComp */
- u_int16_t cpi;
+ uint16_t cpi;
} ipcomp;
};
/**
+ * Compare two ipsec_sa_cfg_t objects for equality.
+ *
+ * @param a first object
+ * @param b second object
+ * @return TRUE if both objects are equal
+ */
+bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b);
+
+/**
* A lifetime_cfg_t defines the lifetime limits of an SA.
*
* Set any of these values to 0 to ignore.
@@ -150,11 +159,11 @@ struct ipsec_sa_cfg_t {
struct lifetime_cfg_t {
struct {
/** Limit before the SA gets invalid. */
- u_int64_t life;
+ uint64_t life;
/** Limit before the SA gets rekeyed. */
- u_int64_t rekey;
+ uint64_t rekey;
/** The range of a random value subtracted from rekey. */
- u_int64_t jitter;
+ uint64_t jitter;
} time, bytes, packets;
};
@@ -163,9 +172,9 @@ struct lifetime_cfg_t {
*/
struct mark_t {
/** Mark value */
- u_int32_t value;
+ uint32_t value;
/** Mark mask */
- u_int32_t mask;
+ uint32_t mask;
};
/**
diff --git a/src/libstrongswan/networking/host.c b/src/libstrongswan/networking/host.c
index 2e464b0..b71d2da 100644
--- a/src/libstrongswan/networking/host.c
+++ b/src/libstrongswan/networking/host.c
@@ -79,7 +79,7 @@ METHOD(host_t, get_sockaddr_len, socklen_t*,
METHOD(host_t, is_anyaddr, bool,
private_host_t *this)
{
- static const u_int8_t zeroes[IPV6_LEN];
+ static const uint8_t zeroes[IPV6_LEN];
switch (this->address.sa_family)
{
@@ -119,7 +119,7 @@ int host_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
else
{
void *address;
- u_int16_t port;
+ uint16_t port;
int len;
address = &this->address6.sin6_addr;
@@ -191,7 +191,7 @@ METHOD(host_t, get_family, int,
return this->address.sa_family;
}
-METHOD(host_t, get_port, u_int16_t,
+METHOD(host_t, get_port, uint16_t,
private_host_t *this)
{
switch (this->address.sa_family)
@@ -212,7 +212,7 @@ METHOD(host_t, get_port, u_int16_t,
}
METHOD(host_t, set_port, void,
- private_host_t *this, u_int16_t port)
+ private_host_t *this, uint16_t port)
{
switch (this->address.sa_family)
{
@@ -334,7 +334,7 @@ static private_host_t *host_create_empty(void)
/*
* Create a %any host with port
*/
-static host_t *host_create_any_port(int family, u_int16_t port)
+static host_t *host_create_any_port(int family, uint16_t port)
{
host_t *this;
@@ -347,7 +347,7 @@ static host_t *host_create_any_port(int family, u_int16_t port)
* Described in header.
*/
host_t *host_create_from_string_and_family(char *string, int family,
- u_int16_t port)
+ uint16_t port)
{
union {
struct sockaddr_in v4;
@@ -415,7 +415,7 @@ host_t *host_create_from_string_and_family(char *string, int family,
/*
* Described in header.
*/
-host_t *host_create_from_string(char *string, u_int16_t port)
+host_t *host_create_from_string(char *string, uint16_t port)
{
return host_create_from_string_and_family(string, AF_UNSPEC, port);
}
@@ -455,7 +455,7 @@ host_t *host_create_from_sockaddr(sockaddr_t *sockaddr)
/*
* Described in header.
*/
-host_t *host_create_from_dns(char *string, int af, u_int16_t port)
+host_t *host_create_from_dns(char *string, int af, uint16_t port)
{
host_t *this;
@@ -474,7 +474,7 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port)
/*
* Described in header.
*/
-host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port)
+host_t *host_create_from_chunk(int family, chunk_t address, uint16_t port)
{
private_host_t *this;
@@ -646,7 +646,7 @@ host_t *host_create_netmask(int family, int netbits)
if (bytes < len)
{
memset(target + bytes, 0x00, len - bytes);
- target[bytes] = (u_int8_t)(0xff << bits);
+ target[bytes] = (uint8_t)(0xff << bits);
}
return &this->public;
}
diff --git a/src/libstrongswan/networking/host.h b/src/libstrongswan/networking/host.h
index db6f4dd..a777f9f 100644
--- a/src/libstrongswan/networking/host.h
+++ b/src/libstrongswan/networking/host.h
@@ -99,14 +99,14 @@ struct host_t {
*
* @return port number
*/
- u_int16_t (*get_port) (host_t *this);
+ uint16_t (*get_port) (host_t *this);
/**
* Set the port of this host
*
* @param port port number
*/
- void (*set_port) (host_t *this, u_int16_t port);
+ void (*set_port) (host_t *this, uint16_t port);
/**
* Compare the ips of two hosts hosts.
@@ -137,7 +137,7 @@ struct host_t {
* @param port port number
* @return host_t, NULL if string not an address.
*/
-host_t *host_create_from_string(char *string, u_int16_t port);
+host_t *host_create_from_string(char *string, uint16_t port);
/**
* Same as host_create_from_string(), but with the option to enforce a family.
@@ -148,7 +148,7 @@ host_t *host_create_from_string(char *string, u_int16_t port);
* @return host_t, NULL if string not an address.
*/
host_t *host_create_from_string_and_family(char *string, int family,
- u_int16_t port);
+ uint16_t port);
/**
* Constructor to create a host_t from a DNS name.
@@ -158,7 +158,7 @@ host_t *host_create_from_string_and_family(char *string, int family,
* @param port port number
* @return host_t, NULL lookup failed
*/
-host_t *host_create_from_dns(char *string, int family, u_int16_t port);
+host_t *host_create_from_dns(char *string, int family, uint16_t port);
/**
* Constructor to create a host_t object from an address chunk.
@@ -170,7 +170,7 @@ host_t *host_create_from_dns(char *string, int family, u_int16_t port);
* @param port port number
* @return host_t, NULL if family not supported/chunk invalid
*/
-host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port);
+host_t *host_create_from_chunk(int family, chunk_t address, uint16_t port);
/**
* Constructor to create a host_t object from a sockaddr struct
diff --git a/src/libstrongswan/networking/packet.c b/src/libstrongswan/networking/packet.c
index 4ff7fc4..f76a85a 100644
--- a/src/libstrongswan/networking/packet.c
+++ b/src/libstrongswan/networking/packet.c
@@ -42,7 +42,7 @@ struct private_packet_t {
/**
* DSCP value on packet
*/
- u_int8_t dscp;
+ uint8_t dscp;
/**
* message data
@@ -94,13 +94,13 @@ METHOD(packet_t, set_data, void,
this->adjusted_data = this->data = data;
}
-METHOD(packet_t, get_dscp, u_int8_t,
+METHOD(packet_t, get_dscp, uint8_t,
private_packet_t *this)
{
return this->dscp;
}
METHOD(packet_t, set_dscp, void,
- private_packet_t *this, u_int8_t value)
+ private_packet_t *this, uint8_t value)
{
this->dscp = value;
}
diff --git a/src/libstrongswan/networking/packet.h b/src/libstrongswan/networking/packet.h
index 1492dd0..8699d4a 100644
--- a/src/libstrongswan/networking/packet.h
+++ b/src/libstrongswan/networking/packet.h
@@ -85,14 +85,14 @@ struct packet_t {
*
* @return DSCP value
*/
- u_int8_t (*get_dscp)(packet_t *this);
+ uint8_t (*get_dscp)(packet_t *this);
/**
* Set the DiffServ Code Point to use on this packet.
*
* @param value DSCP value
*/
- void (*set_dscp)(packet_t *this, u_int8_t value);
+ void (*set_dscp)(packet_t *this, uint8_t value);
/**
* Increase the offset where the actual packet data starts.
diff --git a/src/libstrongswan/networking/tun_device.c b/src/libstrongswan/networking/tun_device.c
index 81d2156..de92555 100644
--- a/src/libstrongswan/networking/tun_device.c
+++ b/src/libstrongswan/networking/tun_device.c
@@ -96,7 +96,7 @@ struct private_tun_device_t {
/**
* Netmask for address
*/
- u_int8_t netmask;
+ uint8_t netmask;
};
/**
@@ -105,7 +105,7 @@ struct private_tun_device_t {
#if __FreeBSD__ >= 10
static bool set_address_and_mask(struct in_aliasreq *ifra, host_t *addr,
- u_int8_t netmask)
+ uint8_t netmask)
{
host_t *mask;
@@ -132,7 +132,7 @@ static bool set_address_and_mask(struct in_aliasreq *ifra, host_t *addr,
* on FreeBSD 10 an newer.
*/
static bool set_address_impl(private_tun_device_t *this, host_t *addr,
- u_int8_t netmask)
+ uint8_t netmask)
{
struct in_aliasreq ifra;
@@ -171,7 +171,7 @@ static bool set_address_impl(private_tun_device_t *this, host_t *addr,
* Set the address using the classic SIOCSIFADDR etc. commands on other systems.
*/
static bool set_address_impl(private_tun_device_t *this, host_t *addr,
- u_int8_t netmask)
+ uint8_t netmask)
{
struct ifreq ifr;
host_t *mask;
@@ -218,7 +218,7 @@ static bool set_address_impl(private_tun_device_t *this, host_t *addr,
#endif /* __FreeBSD__ */
METHOD(tun_device_t, set_address, bool,
- private_tun_device_t *this, host_t *addr, u_int8_t netmask)
+ private_tun_device_t *this, host_t *addr, uint8_t netmask)
{
if (!set_address_impl(this, addr, netmask))
{
@@ -231,7 +231,7 @@ METHOD(tun_device_t, set_address, bool,
}
METHOD(tun_device_t, get_address, host_t*,
- private_tun_device_t *this, u_int8_t *netmask)
+ private_tun_device_t *this, uint8_t *netmask)
{
if (netmask && this->address)
{
@@ -326,7 +326,7 @@ METHOD(tun_device_t, write_packet, bool,
#ifdef __APPLE__
/* UTUN's expect the packets to be prepended by a 32-bit protocol number
* instead of parsing the packet again, we assume IPv4 for now */
- u_int32_t proto = htonl(AF_INET);
+ uint32_t proto = htonl(AF_INET);
packet = chunk_cata("cc", chunk_from_thing(proto), packet);
#endif
s = write(this->tunfd, packet.ptr, packet.len);
@@ -364,7 +364,7 @@ METHOD(tun_device_t, read_packet, bool,
data.len = len;
#ifdef __APPLE__
/* UTUN's prepend packets with a 32-bit protocol number */
- data = chunk_skip(data, sizeof(u_int32_t));
+ data = chunk_skip(data, sizeof(uint32_t));
#endif
*packet = chunk_clone(data);
return TRUE;
diff --git a/src/libstrongswan/networking/tun_device.h b/src/libstrongswan/networking/tun_device.h
index 880369b..4f9eacb 100644
--- a/src/libstrongswan/networking/tun_device.h
+++ b/src/libstrongswan/networking/tun_device.h
@@ -60,7 +60,7 @@ struct tun_device_t {
* @param netmask the netmask to use
* @return TRUE if operation successful
*/
- bool (*set_address)(tun_device_t *this, host_t *addr, u_int8_t netmask);
+ bool (*set_address)(tun_device_t *this, host_t *addr, uint8_t netmask);
/**
* Get the IP address previously assigned to using set_address().
@@ -68,7 +68,7 @@ struct tun_device_t {
* @param netmask pointer receiving the configured netmask, or NULL
* @return address previously set, NULL if none
*/
- host_t* (*get_address)(tun_device_t *this, u_int8_t *netmask);
+ host_t* (*get_address)(tun_device_t *this, uint8_t *netmask);
/**
* Bring the TUN device up
diff --git a/src/libstrongswan/pen/pen.h b/src/libstrongswan/pen/pen.h
index 2c55923..50e63f7 100644
--- a/src/libstrongswan/pen/pen.h
+++ b/src/libstrongswan/pen/pen.h
@@ -59,7 +59,7 @@ enum pen_t {
*/
struct pen_type_t {
pen_t vendor_id;
- u_int32_t type;
+ uint32_t type;
};
/**
@@ -69,7 +69,7 @@ struct pen_type_t {
* @param type type to create a pen_type_t
* @return created pen_type_t
*/
-static inline pen_type_t pen_type_create(pen_t vendor_id, u_int32_t type)
+static inline pen_type_t pen_type_create(pen_t vendor_id, uint32_t type)
{
pen_type_t pen_type = { vendor_id, type };
return pen_type;
@@ -96,7 +96,7 @@ static inline bool pen_type_equals(pen_type_t a, pen_type_t b)
* @return TRUE if vendor_id and type matches pen_type
*/
static inline bool pen_type_is(pen_type_t pen_type,
- pen_t vendor_id, u_int32_t type)
+ pen_t vendor_id, uint32_t type)
{
return pen_type.vendor_id == vendor_id && pen_type.type == type;
}
diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in
index 034ab48..a1ee0f8 100644
--- a/src/libstrongswan/plugins/acert/Makefile.in
+++ b/src/libstrongswan/plugins/acert/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/acert
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/acert/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/acert/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 6ad68a5..02cd0f8 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/aes
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c
index f9775c8..8829ba1 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.c
+++ b/src/libstrongswan/plugins/aes/aes_crypter.c
@@ -49,27 +49,27 @@ struct private_aes_crypter_t {
/**
* Number of words in the key input block.
*/
- u_int32_t aes_Nkey;
+ uint32_t aes_Nkey;
/**
* The number of cipher rounds.
*/
- u_int32_t aes_Nrnd;
+ uint32_t aes_Nrnd;
/**
* The encryption key schedule.
*/
- u_int32_t aes_e_key[AES_KS_LENGTH];
+ uint32_t aes_e_key[AES_KS_LENGTH];
/**
* The decryption key schedule.
*/
- u_int32_t aes_d_key[AES_KS_LENGTH];
+ uint32_t aes_d_key[AES_KS_LENGTH];
/**
* Key size of this AES cypher object.
*/
- u_int32_t key_size;
+ uint32_t key_size;
};
/**
@@ -88,7 +88,7 @@ struct private_aes_crypter_t {
*/
#define bval(x,n) ((unsigned char)((x) >> 8 * (n)))
#define bytes2word(b0, b1, b2, b3) \
- ((u_int32_t)(b3) << 24 | (u_int32_t)(b2) << 16 | (u_int32_t)(b1) << 8 | (b0))
+ ((uint32_t)(b3) << 24 | (uint32_t)(b2) << 16 | (uint32_t)(b1) << 8 | (b0))
/* little endian processor without data alignment restrictions: AES_LE_OK */
@@ -105,15 +105,15 @@ struct private_aes_crypter_t {
#ifdef AES_LE_OK
/* little endian processor without data alignment restrictions */
-#define word_in(x) *(u_int32_t*)(x)
-#define const_word_in(x) *(const u_int32_t*)(x)
-#define word_out(x,v) *(u_int32_t*)(x) = (v)
-#define const_word_out(x,v) *(const u_int32_t*)(x) = (v)
+#define word_in(x) *(uint32_t*)(x)
+#define const_word_in(x) *(const uint32_t*)(x)
+#define word_out(x,v) *(uint32_t*)(x) = (v)
+#define const_word_out(x,v) *(const uint32_t*)(x) = (v)
#else
/* slower but generic big endian or with data alignment restrictions */
/* some additional "const" touches to stop "gcc -Wcast-qual" complains --jjo */
-#define word_in(x) ((u_int32_t)(((unsigned char *)(x))[0])|((u_int32_t)(((unsigned char *)(x))[1])<<8)|((u_int32_t)(((unsigned char *)(x))[2])<<16)|((u_int32_t)(((unsigned char *)(x))[3])<<24))
-#define const_word_in(x) ((const u_int32_t)(((const unsigned char *)(x))[0])|((const u_int32_t)(((const unsigned char *)(x))[1])<<8)|((const u_int32_t)(((const unsigned char *)(x))[2])<<16)|((const u_int32_t)(((const unsigned char *)(x))[3])<<24))
+#define word_in(x) ((uint32_t)(((unsigned char *)(x))[0])|((uint32_t)(((unsigned char *)(x))[1])<<8)|((uint32_t)(((unsigned char *)(x))[2])<<16)|((uint32_t)(((unsigned char *)(x))[3])<<24))
+#define const_word_in(x) ((const uint32_t)(((const unsigned char *)(x))[0])|((const uint32_t)(((const unsigned char *)(x))[1])<<8)|((const uint32_t)(((const unsigned char *)(x))[2])<<16)|((const uint32_t)(((const unsigned char *)(x))[3])<<24))
#define word_out(x,v) ((unsigned char *)(x))[0]=(v),((unsigned char *)(x))[1]=((v)>>8),((unsigned char *)(x))[2]=((v)>>16),((unsigned char *)(x))[3]=((v)>>24)
#define const_word_out(x,v) ((const unsigned char *)(x))[0]=(v),((const unsigned char *)(x))[1]=((v)>>8),((const unsigned char *)(x))[2]=((v)>>16),((const unsigned char *)(x))[3]=((v)>>24)
#endif
@@ -156,7 +156,7 @@ struct private_aes_crypter_t {
// this table can be a table of bytes if the key schedule
// code is adjusted accordingly
-static const u_int32_t rcon_tab[29] =
+static const uint32_t rcon_tab[29] =
{
w0(01), w0(02), w0(04), w0(08),
w0(10), w0(20), w0(40), w0(80),
@@ -320,7 +320,7 @@ static const u_int32_t rcon_tab[29] =
#undef r
#define r r0
-static const u_int32_t ft_tab[4][256] =
+static const uint32_t ft_tab[4][256] =
{ { f_table },
#undef r
#define r r1
@@ -335,7 +335,7 @@ static const u_int32_t ft_tab[4][256] =
#undef r
#define r r0
-static const u_int32_t it_tab[4][256] =
+static const uint32_t it_tab[4][256] =
{ { i_table },
#undef r
#define r r1
@@ -386,7 +386,7 @@ static const u_int32_t it_tab[4][256] =
#undef r
#define r(p,q,r,s) w0(q)
-static const u_int32_t fl_tab[4][256] =
+static const uint32_t fl_tab[4][256] =
{ { f_table },
#undef r
#define r(p,q,r,s) w1(q)
@@ -401,7 +401,7 @@ static const u_int32_t fl_tab[4][256] =
#undef w
#define w w0
-static const u_int32_t il_tab[4][256] =
+static const uint32_t il_tab[4][256] =
{ { li_table },
#undef w
#define w w1
@@ -483,7 +483,7 @@ static const u_int32_t il_tab[4][256] =
#undef r
#define r r0
-static const u_int32_t im_tab[4][256] =
+static const uint32_t im_tab[4][256] =
{ { m_table },
#undef r
#define r r1
@@ -717,8 +717,8 @@ static const u_int32_t im_tab[4][256] =
static void encrypt_block(const private_aes_crypter_t *this,
const unsigned char in_blk[], unsigned char out_blk[])
{
- u_int32_t locals(b0, b1);
- const u_int32_t *kp = this->aes_e_key;
+ uint32_t locals(b0, b1);
+ const uint32_t *kp = this->aes_e_key;
state_in(b0, in_blk, kp); kp += nc;
@@ -754,8 +754,8 @@ static void encrypt_block(const private_aes_crypter_t *this,
static void decrypt_block(const private_aes_crypter_t *this,
const unsigned char in_blk[], unsigned char out_blk[])
{
- u_int32_t locals(b0, b1);
- const u_int32_t *kp = this->aes_d_key;
+ uint32_t locals(b0, b1);
+ const uint32_t *kp = this->aes_d_key;
state_in(b0, in_blk, kp); kp += nc;
@@ -789,8 +789,8 @@ METHOD(crypter_t, decrypt, bool,
private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
int pos;
- const u_int32_t *iv_i;
- u_int8_t *in, *out;
+ const uint32_t *iv_i;
+ uint8_t *in, *out;
if (decrypted)
{
@@ -811,16 +811,16 @@ METHOD(crypter_t, decrypt, bool,
decrypt_block(this, in, out);
if (pos==0)
{
- iv_i=(const u_int32_t*) (iv.ptr);
+ iv_i=(const uint32_t*) (iv.ptr);
}
else
{
- iv_i=(const u_int32_t*) (in-16);
+ iv_i=(const uint32_t*) (in-16);
}
- *((u_int32_t *)(&out[ 0])) ^= iv_i[0];
- *((u_int32_t *)(&out[ 4])) ^= iv_i[1];
- *((u_int32_t *)(&out[ 8])) ^= iv_i[2];
- *((u_int32_t *)(&out[12])) ^= iv_i[3];
+ *((uint32_t *)(&out[ 0])) ^= iv_i[0];
+ *((uint32_t *)(&out[ 4])) ^= iv_i[1];
+ *((uint32_t *)(&out[ 8])) ^= iv_i[2];
+ *((uint32_t *)(&out[12])) ^= iv_i[3];
in-=16;
out-=16;
pos-=16;
@@ -832,8 +832,8 @@ METHOD(crypter_t, encrypt, bool,
private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
int pos;
- const u_int32_t *iv_i;
- u_int8_t *in, *out;
+ const uint32_t *iv_i;
+ uint8_t *in, *out;
in = data.ptr;
out = data.ptr;
@@ -848,16 +848,16 @@ METHOD(crypter_t, encrypt, bool,
{
if (pos==0)
{
- iv_i=(const u_int32_t*) iv.ptr;
+ iv_i=(const uint32_t*) iv.ptr;
}
else
{
- iv_i=(const u_int32_t*) (out-16);
+ iv_i=(const uint32_t*) (out-16);
}
- *((u_int32_t *)(&out[ 0])) = iv_i[0]^*((const u_int32_t *)(&in[ 0]));
- *((u_int32_t *)(&out[ 4])) = iv_i[1]^*((const u_int32_t *)(&in[ 4]));
- *((u_int32_t *)(&out[ 8])) = iv_i[2]^*((const u_int32_t *)(&in[ 8]));
- *((u_int32_t *)(&out[12])) = iv_i[3]^*((const u_int32_t *)(&in[12]));
+ *((uint32_t *)(&out[ 0])) = iv_i[0]^*((const uint32_t *)(&in[ 0]));
+ *((uint32_t *)(&out[ 4])) = iv_i[1]^*((const uint32_t *)(&in[ 4]));
+ *((uint32_t *)(&out[ 8])) = iv_i[2]^*((const uint32_t *)(&in[ 8]));
+ *((uint32_t *)(&out[12])) = iv_i[3]^*((const uint32_t *)(&in[12]));
encrypt_block(this, out, out);
in+=16;
out+=16;
@@ -887,8 +887,8 @@ METHOD(crypter_t, get_key_size, size_t,
METHOD(crypter_t, set_key, bool,
private_aes_crypter_t *this, chunk_t key)
{
- u_int32_t *kf, *kt, rci, f = 0;
- u_int8_t *in_key = key.ptr;
+ uint32_t *kf, *kt, rci, f = 0;
+ uint8_t *in_key = key.ptr;
this->aes_Nrnd = (this->aes_Nkey > (nc) ? this->aes_Nkey : (nc)) + 6;
@@ -948,7 +948,7 @@ METHOD(crypter_t, set_key, bool,
if(!f)
{
- u_int32_t i;
+ uint32_t i;
kt = this->aes_d_key + nc * this->aes_Nrnd;
kf = this->aes_e_key;
diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in
index 7f91e43..576b6da 100644
--- a/src/libstrongswan/plugins/aesni/Makefile.in
+++ b/src/libstrongswan/plugins/aesni/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/aesni
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/aesni/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/aesni/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -789,6 +802,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/aesni/aesni_ccm.c b/src/libstrongswan/plugins/aesni/aesni_ccm.c
index d523bc1..1207486 100644
--- a/src/libstrongswan/plugins/aesni/aesni_ccm.c
+++ b/src/libstrongswan/plugins/aesni/aesni_ccm.c
@@ -83,7 +83,7 @@ struct private_aesni_ccm_t {
* First block with control information
*/
typedef struct __attribute__((packed)) {
- BITFIELD4(u_int8_t,
+ BITFIELD4(uint8_t,
/* size of p length field q, as q-1 */
q_len: 3,
/* size of our ICV t, as (t-2)/2 */
@@ -105,7 +105,7 @@ typedef struct __attribute__((packed)) {
* Counter block
*/
typedef struct __attribute__((packed)) {
- BITFIELD3(u_int8_t,
+ BITFIELD3(uint8_t,
/* size of p length field q, as q-1 */
q_len: 3,
zero: 3,
@@ -140,7 +140,7 @@ static void build_b0(private_aesni_ccm_t *this, size_t len, size_t alen,
/**
* Build a counter block for counter i
*/
-static void build_ctr(private_aesni_ccm_t *this, u_int32_t i, u_char *iv,
+static void build_ctr(private_aesni_ccm_t *this, uint32_t i, u_char *iv,
void *out)
{
ctr_t *ctr = out;
@@ -157,7 +157,7 @@ static void build_ctr(private_aesni_ccm_t *this, u_int32_t i, u_char *iv,
* Calculate the ICV for the b0 and associated data
*/
static __m128i icv_header(private_aesni_ccm_t *this, size_t len, u_char *iv,
- u_int16_t alen, u_char *assoc)
+ uint16_t alen, u_char *assoc)
{
__m128i *ks, b, t, c;
u_int i, round, blocks, rem;
diff --git a/src/libstrongswan/plugins/aesni/aesni_cmac.c b/src/libstrongswan/plugins/aesni/aesni_cmac.c
index d6a87e6..07580c8 100644
--- a/src/libstrongswan/plugins/aesni/aesni_cmac.c
+++ b/src/libstrongswan/plugins/aesni/aesni_cmac.c
@@ -65,7 +65,7 @@ struct private_mac_t {
};
METHOD(mac_t, get_mac, bool,
- private_mac_t *this, chunk_t data, u_int8_t *out)
+ private_mac_t *this, chunk_t data, uint8_t *out)
{
__m128i *ks, t, l, *bi;
u_int blocks, rem, i;
diff --git a/src/libstrongswan/plugins/aesni/aesni_ctr.c b/src/libstrongswan/plugins/aesni/aesni_ctr.c
index 9898138..d9a555a 100644
--- a/src/libstrongswan/plugins/aesni/aesni_ctr.c
+++ b/src/libstrongswan/plugins/aesni/aesni_ctr.c
@@ -61,7 +61,7 @@ struct private_aesni_ctr_t {
struct {
char nonce[4];
char iv[8];
- u_int32_t counter;
+ uint32_t counter;
} __attribute__((packed, aligned(sizeof(__m128i)))) state;
};
diff --git a/src/libstrongswan/plugins/aesni/aesni_gcm.c b/src/libstrongswan/plugins/aesni/aesni_gcm.c
index 53c0b14..330dc6c 100644
--- a/src/libstrongswan/plugins/aesni/aesni_gcm.c
+++ b/src/libstrongswan/plugins/aesni/aesni_gcm.c
@@ -316,7 +316,7 @@ static __m128i icv_tailer(private_aesni_gcm_t *this, __m128i y,
__m128i b;
htoun64(&b, alen * 8);
- htoun64((u_char*)&b + sizeof(u_int64_t), dlen * 8);
+ htoun64((u_char*)&b + sizeof(uint64_t), dlen * 8);
return ghash(this->h, y, b);
}
diff --git a/src/libstrongswan/plugins/aesni/aesni_xcbc.c b/src/libstrongswan/plugins/aesni/aesni_xcbc.c
index 24a75ce..974c5fe 100644
--- a/src/libstrongswan/plugins/aesni/aesni_xcbc.c
+++ b/src/libstrongswan/plugins/aesni/aesni_xcbc.c
@@ -70,7 +70,7 @@ struct private_aesni_mac_t {
};
METHOD(mac_t, get_mac, bool,
- private_aesni_mac_t *this, chunk_t data, u_int8_t *out)
+ private_aesni_mac_t *this, chunk_t data, uint8_t *out)
{
__m128i *ks, e, *bi;
u_int blocks, rem, i;
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index 7aaea45..1f09228 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/af_alg
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +417,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/af_alg/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/af_alg/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -784,6 +797,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c
index 6119755..62fea51 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c
@@ -107,7 +107,7 @@ METHOD(hasher_t, reset, bool,
}
METHOD(hasher_t, get_hash, bool,
- private_af_alg_hasher_t *this, chunk_t chunk, u_int8_t *hash)
+ private_af_alg_hasher_t *this, chunk_t chunk, uint8_t *hash)
{
return this->ops->hash(this->ops, chunk, hash, this->size);
}
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.c b/src/libstrongswan/plugins/af_alg/af_alg_ops.c
index 331d1e8..7e12930 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_ops.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.c
@@ -108,7 +108,7 @@ METHOD(af_alg_ops_t, hash, bool,
}
METHOD(af_alg_ops_t, crypt, bool,
- private_af_alg_ops_t *this, u_int32_t type, chunk_t iv, chunk_t data,
+ private_af_alg_ops_t *this, uint32_t type, chunk_t iv, chunk_t data,
char *out)
{
struct msghdr msg = {};
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.h b/src/libstrongswan/plugins/af_alg/af_alg_ops.h
index e34f229..51342d7 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_ops.h
+++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.h
@@ -64,7 +64,7 @@ struct af_alg_ops_t {
* @param out buffer write processed data to
* @return TRUE if successful
*/
- bool (*crypt)(af_alg_ops_t *this, u_int32_t type, chunk_t iv, chunk_t data,
+ bool (*crypt)(af_alg_ops_t *this, uint32_t type, chunk_t iv, chunk_t data,
char *out);
/**
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c
index 4456675..571882c 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c
@@ -22,6 +22,8 @@
#include "af_alg_prf.h"
#include "af_alg_crypter.h"
+#include <unistd.h>
+
typedef struct private_af_alg_plugin_t private_af_alg_plugin_t;
/**
@@ -41,6 +43,19 @@ METHOD(plugin_t, get_name, char*,
return "af-alg";
}
+static bool af_alg_supported()
+{
+ int fd;
+
+ fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+ if (fd != -1)
+ {
+ close(fd);
+ return true;
+ }
+ return false;
+}
+
METHOD(plugin_t, get_features, int,
private_af_alg_plugin_t *this, plugin_feature_t *features[])
{
@@ -50,6 +65,10 @@ METHOD(plugin_t, get_features, int,
if (!count)
{ /* initialize only once */
+ if (!af_alg_supported())
+ {
+ return 0;
+ }
f[count++] = PLUGIN_REGISTER(HASHER, af_alg_hasher_create);
af_alg_hasher_probe(f, &count);
f[count++] = PLUGIN_REGISTER(SIGNER, af_alg_signer_create);
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.c b/src/libstrongswan/plugins/af_alg/af_alg_prf.c
index 2b7d513..8c3627a 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_prf.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.c
@@ -106,7 +106,7 @@ static size_t lookup_alg(pseudo_random_function_t algo, char **name, bool *xcbc)
}
METHOD(prf_t, get_bytes, bool,
- private_af_alg_prf_t *this, chunk_t seed, u_int8_t *buffer)
+ private_af_alg_prf_t *this, chunk_t seed, uint8_t *buffer)
{
return this->ops->hash(this->ops, seed, buffer, this->block_size);
}
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.c b/src/libstrongswan/plugins/af_alg/af_alg_signer.c
index 1403144..e54b457 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_signer.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.c
@@ -109,7 +109,7 @@ static size_t lookup_alg(integrity_algorithm_t algo, char **name,
}
METHOD(signer_t, get_signature, bool,
- private_af_alg_signer_t *this, chunk_t data, u_int8_t *buffer)
+ private_af_alg_signer_t *this, chunk_t data, uint8_t *buffer)
{
return this->ops->hash(this->ops, data, buffer, this->block_size);
}
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index cbdc8e8..5e1b1f3 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/agent
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index c2e82a9..bb55c45 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -98,18 +98,18 @@ static u_char read_byte(chunk_t *blob)
}
/**
- * read a u_int32_t from a blob
+ * read a uint32_t from a blob
*/
-static u_int32_t read_uint32(chunk_t *blob)
+static uint32_t read_uint32(chunk_t *blob)
{
- u_int32_t val;
+ uint32_t val;
- if (blob->len < sizeof(u_int32_t))
+ if (blob->len < sizeof(uint32_t))
{
return 0;
}
- val = ntohl(*(u_int32_t*)blob->ptr);
- *blob = chunk_skip(*blob, sizeof(u_int32_t));
+ val = ntohl(*(uint32_t*)blob->ptr);
+ *blob = chunk_skip(*blob, sizeof(uint32_t));
return val;
}
@@ -182,7 +182,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
blob = chunk_create(buf, sizeof(buf));
blob.len = read(this->socket, blob.ptr, blob.len);
- if (blob.len < sizeof(u_int32_t) + sizeof(u_char) ||
+ if (blob.len < sizeof(uint32_t) + sizeof(u_char) ||
read_uint32(&blob) != blob.len ||
read_byte(&blob) != SSH_AGENT_ID_RESPONSE)
{
@@ -236,7 +236,7 @@ METHOD(private_key_t, sign, bool,
private_agent_private_key_t *this, signature_scheme_t scheme,
chunk_t data, chunk_t *signature)
{
- u_int32_t len, flags;
+ uint32_t len, flags;
char buf[2048];
chunk_t blob;
@@ -247,7 +247,7 @@ METHOD(private_key_t, sign, bool,
return FALSE;
}
- len = htonl(1 + sizeof(u_int32_t) * 3 + this->key.len + data.len);
+ len = htonl(1 + sizeof(uint32_t) * 3 + this->key.len + data.len);
buf[0] = SSH_AGENT_SIGN_REQUEST;
if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
write(this->socket, &buf, 1) != 1)
@@ -281,7 +281,7 @@ METHOD(private_key_t, sign, bool,
blob = chunk_create(buf, sizeof(buf));
blob.len = read(this->socket, blob.ptr, blob.len);
- if (blob.len < sizeof(u_int32_t) + sizeof(u_char) ||
+ if (blob.len < sizeof(uint32_t) + sizeof(u_char) ||
read_uint32(&blob) != blob.len ||
read_byte(&blob) != SSH_AGENT_SIGN_RESPONSE)
{
diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in
index 8f91cdc..389e20e 100644
--- a/src/libstrongswan/plugins/bliss/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -82,8 +92,6 @@ host_triplet = @host@
@MONOLITHIC_TRUE at am__append_1 = libstrongswan-bliss.la
noinst_PROGRAMS = bliss_huffman$(EXEEXT)
subdir = src/libstrongswan/plugins/bliss
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -97,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -220,12 +229,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -275,6 +286,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -309,6 +321,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -420,6 +433,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -502,7 +516,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -850,6 +863,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
tags tags-am uninstall uninstall-am \
uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
recreate-bliss-huffman : bliss_huffman bliss_huffman_code.h
$(AM_V_GEN) \
diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in
index 43e508b..85619c5 100644
--- a/src/libstrongswan/plugins/bliss/tests/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ host_triplet = @host@
TESTS = bliss_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libstrongswan/plugins/bliss/tests
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__tty_colors = { \
std='�[m'; \
fi; \
}
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -471,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/tests/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/tests/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -981,6 +994,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index a6c3287..d543311 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/blowfish
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
index 253f9b4..1708e07 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
@@ -84,14 +84,14 @@ struct private_blowfish_crypter_t {
/**
* Key size of this Blowfish cipher object.
*/
- u_int32_t key_size;
+ uint32_t key_size;
};
METHOD(crypter_t, decrypt, bool,
private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *decrypted)
{
- u_int8_t *in, *out;
+ uint8_t *in, *out;
if (decrypted)
{
@@ -116,7 +116,7 @@ METHOD(crypter_t, encrypt, bool,
private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *encrypted)
{
- u_int8_t *in, *out;
+ uint8_t *in, *out;
if (encrypted)
{
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index 3d56b98..d93b047 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/ccm
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.c b/src/libstrongswan/plugins/ccm/ccm_aead.c
index 676d676..9cf9bed 100644
--- a/src/libstrongswan/plugins/ccm/ccm_aead.c
+++ b/src/libstrongswan/plugins/ccm/ccm_aead.c
@@ -60,7 +60,7 @@ struct private_ccm_aead_t {
* First block with control information
*/
typedef struct __attribute__((packed)) {
- BITFIELD4(u_int8_t,
+ BITFIELD4(uint8_t,
/* size of p length field q, as q-1 */
q_len: 3,
/* size of our ICV t, as (t-2)/2 */
@@ -82,7 +82,7 @@ typedef struct __attribute__((packed)) {
* Counter block
*/
typedef struct __attribute__((packed)) {
- BITFIELD3(u_int8_t,
+ BITFIELD3(uint8_t,
/* size of p length field q, as q-1 */
q_len: 3,
zero: 3,
@@ -117,7 +117,7 @@ static void build_b0(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
/**
* Build a counter block for counter i
*/
-static void build_ctr(private_ccm_aead_t *this, u_int32_t i, chunk_t iv,
+static void build_ctr(private_ccm_aead_t *this, uint32_t i, chunk_t iv,
char *out)
{
ctr_t *ctr = (ctr_t*)out;
diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in
index b350658..d5b77a9 100644
--- a/src/libstrongswan/plugins/chapoly/Makefile.in
+++ b/src/libstrongswan/plugins/chapoly/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
@MONOLITHIC_TRUE at am__append_1 = libstrongswan-chapoly.la
subdir = src/libstrongswan/plugins/chapoly
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -215,12 +224,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -270,6 +281,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -304,6 +316,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -415,6 +428,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -479,7 +493,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/chapoly/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/chapoly/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -806,6 +819,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/chapoly/chapoly_aead.c b/src/libstrongswan/plugins/chapoly/chapoly_aead.c
index 50ad84b..39d51e9 100644
--- a/src/libstrongswan/plugins/chapoly/chapoly_aead.c
+++ b/src/libstrongswan/plugins/chapoly/chapoly_aead.c
@@ -84,8 +84,8 @@ static bool poly_head(private_chapoly_aead_t *this, u_char *assoc, size_t len)
static bool poly_tail(private_chapoly_aead_t *this, size_t alen, size_t clen)
{
struct {
- u_int64_t alen;
- u_int64_t clen;
+ uint64_t alen;
+ uint64_t clen;
} b;
b.alen = htole64(alen);
@@ -190,7 +190,7 @@ METHOD(aead_t, encrypt, bool,
{
u_char *out;
- if (sizeof(plain.len) > sizeof(u_int32_t) && plain.len > P_MAX)
+ if (sizeof(plain.len) > sizeof(uint32_t) && plain.len > P_MAX)
{
return FALSE;
}
@@ -220,7 +220,7 @@ METHOD(aead_t, decrypt, bool,
return FALSE;
}
encr.len -= POLY_ICV_SIZE;
- if (sizeof(encr.len) > sizeof(u_int32_t) && encr.len > P_MAX)
+ if (sizeof(encr.len) > sizeof(uint32_t) && encr.len > P_MAX)
{
return FALSE;
}
diff --git a/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c b/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c
index dfed4d5..59962b8 100644
--- a/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c
+++ b/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c
@@ -39,30 +39,30 @@ struct private_chapoly_drv_portable_t {
/**
* ChaCha20 state matrix
*/
- u_int32_t m[16];
+ uint32_t m[16];
/**
* Poly1305 update key
*/
- u_int32_t r[5];
+ uint32_t r[5];
/**
* Poly1305 state
*/
- u_int32_t h[5];
+ uint32_t h[5];
/**
* Poly1305 finalize key
*/
- u_int32_t s[4];
+ uint32_t s[4];
};
/**
* XOR a 32-bit integer into an unaligned destination
*/
-static inline void xor32u(void *p, u_int32_t x)
+static inline void xor32u(void *p, uint32_t x)
{
- u_int32_t y;
+ uint32_t y;
memcpy(&y, p, sizeof(y));
y ^= x;
@@ -72,7 +72,7 @@ static inline void xor32u(void *p, u_int32_t x)
/**
* Multiply two 64-bit words
*/
-static inline u_int64_t mlt(u_int64_t a, u_int64_t b)
+static inline uint64_t mlt(uint64_t a, uint64_t b)
{
return a * b;
}
@@ -80,7 +80,7 @@ static inline u_int64_t mlt(u_int64_t a, u_int64_t b)
/**
* Shift a 64-bit unsigned integer v right by n bits, clamp to 32 bit
*/
-static inline u_int32_t sr(u_int64_t v, u_char n)
+static inline uint32_t sr(uint64_t v, u_char n)
{
return v >> n;
}
@@ -88,13 +88,13 @@ static inline u_int32_t sr(u_int64_t v, u_char n)
/**
* Circular left shift by n bits
*/
-static inline u_int32_t rotl32(u_int32_t v, u_char n)
+static inline uint32_t rotl32(uint32_t v, u_char n)
{
return (v << n) | (v >> (sizeof(v) * 8 - n));
}
/**
- * AND two values, using a native integer size >= sizeof(u_int32_t)
+ * AND two values, using a native integer size >= sizeof(uint32_t)
*/
static inline u_long and(u_long v, u_long mask)
{
@@ -106,8 +106,8 @@ static inline u_long and(u_long v, u_long mask)
*/
static void chacha_block_xor(private_chapoly_drv_portable_t *this, void *data)
{
- u_int32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xa, xb, xc, xd, xe, xf;
- u_int32_t *out = data;
+ uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xa, xb, xc, xd, xe, xf;
+ uint32_t *out = data;
u_int i;
x0 = this->m[ 0];
@@ -246,10 +246,10 @@ METHOD(chapoly_drv_t, init, bool,
METHOD(chapoly_drv_t, poly, bool,
private_chapoly_drv_portable_t *this, u_char *data, u_int blocks)
{
- u_int32_t r0, r1, r2, r3, r4;
- u_int32_t s1, s2, s3, s4;
- u_int32_t h0, h1, h2, h3, h4;
- u_int64_t d0, d1, d2, d3, d4;
+ uint32_t r0, r1, r2, r3, r4;
+ uint32_t s1, s2, s3, s4;
+ uint32_t h0, h1, h2, h3, h4;
+ uint64_t d0, d1, d2, d3, d4;
u_int i;
r0 = this->r[0];
@@ -345,10 +345,10 @@ METHOD(chapoly_drv_t, decrypt, bool,
METHOD(chapoly_drv_t, finish, bool,
private_chapoly_drv_portable_t *this, u_char *mac)
{
- u_int32_t h0, h1, h2, h3, h4;
- u_int32_t g0, g1, g2, g3, g4;
- u_int32_t mask;
- u_int64_t f = 0;
+ uint32_t h0, h1, h2, h3, h4;
+ uint32_t g0, g1, g2, g3, g4;
+ uint32_t mask;
+ uint64_t f = 0;
/* fully carry h */
h0 = this->h[0];
@@ -371,7 +371,7 @@ METHOD(chapoly_drv_t, finish, bool,
g4 = h4 + (g3 >> 26) - (1 << 26); g3 &= 0x3ffffff;
/* select h if h < p, or h + -p if h >= p */
- mask = (g4 >> ((sizeof(u_int32_t) * 8) - 1)) - 1;
+ mask = (g4 >> ((sizeof(uint32_t) * 8) - 1)) - 1;
g0 &= mask;
g1 &= mask;
g2 &= mask;
diff --git a/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c b/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c
index df88e7d..3981ed5 100644
--- a/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c
+++ b/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c
@@ -45,30 +45,30 @@ struct private_chapoly_drv_ssse3_t {
/**
* Poly1305 update key
*/
- u_int32_t r[5];
+ uint32_t r[5];
/**
* Poly1305 update key r^2
*/
- u_int32_t u[5];
+ uint32_t u[5];
/**
* Poly1305 state
*/
- u_int32_t h[5];
+ uint32_t h[5];
/**
* Poly1305 finalize key
*/
- u_int32_t s[4];
+ uint32_t s[4];
};
/**
* Read a 32-bit integer from an unaligned address
*/
-static inline u_int32_t ru32(void *p)
+static inline uint32_t ru32(void *p)
{
- u_int32_t ret;
+ uint32_t ret;
memcpy(&ret, p, sizeof(ret));
return ret;
@@ -77,7 +77,7 @@ static inline u_int32_t ru32(void *p)
/**
* Write a 32-bit word to an unaligned address
*/
-static inline void wu32(void *p, u_int32_t v)
+static inline void wu32(void *p, uint32_t v)
{
memcpy(p, &v, sizeof(v));
}
@@ -85,13 +85,13 @@ static inline void wu32(void *p, u_int32_t v)
/**
* Shift a 64-bit unsigned integer v right by n bits, clamp to 32 bit
*/
-static inline u_int32_t sr(u_int64_t v, u_char n)
+static inline uint32_t sr(uint64_t v, u_char n)
{
return v >> n;
}
/**
- * AND two values, using a native integer size >= sizeof(u_int32_t)
+ * AND two values, using a native integer size >= sizeof(uint32_t)
*/
static inline u_long and(u_long v, u_long mask)
{
@@ -189,7 +189,7 @@ static void chacha_4block_xor(private_chapoly_drv_ssse3_t *this, void *data)
{
__m128i x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xa, xb, xc, xd, xe, xf;
__m128i r8, r16, ctrinc, t, *out = data;
- u_int32_t *m = (u_int32_t*)this->m;
+ uint32_t *m = (uint32_t*)this->m;
u_int i;
r8 = _mm_set_epi8(14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3);
@@ -364,7 +364,7 @@ METHOD(chapoly_drv_t, set_key, bool,
/**
* r[127:64] = h[95:64] * a, r[63:0] = h[31:0] * b
*/
-static inline __m128i mul2(__m128i h, u_int32_t a, u_int32_t b)
+static inline __m128i mul2(__m128i h, uint32_t a, uint32_t b)
{
return _mm_mul_epu32(h, _mm_set_epi32(0, a, 0, b));
}
@@ -374,7 +374,7 @@ static inline __m128i mul2(__m128i h, u_int32_t a, u_int32_t b)
* z = x[127:64] + x[63:0] + y[127:64] + y[63:0]
*/
static inline void sum2(__m128i a, __m128i b, __m128i x, __m128i y,
- u_int64_t *c, u_int64_t *z)
+ uint64_t *c, uint64_t *z)
{
__m128i r, s;
@@ -392,10 +392,10 @@ static inline void sum2(__m128i a, __m128i b, __m128i x, __m128i y,
* r = a[127:64] + b[127:64] + c[127:64] + d[127:64] + e[127:64]
* + a[63:0] + b[63:0] + c[63:0] + d[63:0] + e[63:0]
*/
-static inline u_int64_t sum5(__m128i a, __m128i b, __m128i c,
+static inline uint64_t sum5(__m128i a, __m128i b, __m128i c,
__m128i d, __m128i e)
{
- u_int64_t r;
+ uint64_t r;
a = _mm_add_epi64(a, b);
c = _mm_add_epi64(c, d);
@@ -414,10 +414,10 @@ static inline u_int64_t sum5(__m128i a, __m128i b, __m128i c,
static void make_u(private_chapoly_drv_ssse3_t *this)
{
__m128i r01, r23, r44, x0, x1, y0, y1, z0;
- u_int32_t r0, r1, r2, r3, r4;
- u_int32_t u0, u1, u2, u3, u4;
- u_int32_t s1, s2, s3, s4;
- u_int64_t d0, d1, d2, d3, d4;
+ uint32_t r0, r1, r2, r3, r4;
+ uint32_t u0, u1, u2, u3, u4;
+ uint32_t s1, s2, s3, s4;
+ uint64_t d0, d1, d2, d3, d4;
r0 = this->r[0];
r1 = this->r[1];
@@ -513,12 +513,12 @@ METHOD(chapoly_drv_t, init, bool,
*/
static void poly2(private_chapoly_drv_ssse3_t *this, u_char *data, u_int dblks)
{
- u_int32_t r0, r1, r2, r3, r4, u0, u1, u2, u3, u4;
- u_int32_t s1, s2, s3, s4, v1, v2, v3, v4;
+ uint32_t r0, r1, r2, r3, r4, u0, u1, u2, u3, u4;
+ uint32_t s1, s2, s3, s4, v1, v2, v3, v4;
__m128i hc0, hc1, hc2, hc3, hc4;
- u_int32_t h0, h1, h2, h3, h4;
- u_int32_t c0, c1, c2, c3, c4;
- u_int64_t d0, d1, d2, d3, d4;
+ uint32_t h0, h1, h2, h3, h4;
+ uint32_t c0, c1, c2, c3, c4;
+ uint64_t d0, d1, d2, d3, d4;
u_int i;
r0 = this->r[0];
@@ -622,13 +622,13 @@ static void poly2(private_chapoly_drv_ssse3_t *this, u_char *data, u_int dblks)
*/
static void poly1(private_chapoly_drv_ssse3_t *this, u_char *data)
{
- u_int32_t r0, r1, r2, r3, r4;
- u_int32_t s1, s2, s3, s4;
- u_int32_t h0, h1, h2, h3, h4;
- u_int64_t d0, d1, d2, d3, d4;
+ uint32_t r0, r1, r2, r3, r4;
+ uint32_t s1, s2, s3, s4;
+ uint32_t h0, h1, h2, h3, h4;
+ uint64_t d0, d1, d2, d3, d4;
__m128i h01, h23, h44;
__m128i x0, x1, y0, y1, z0;
- u_int32_t t0, t1;
+ uint32_t t0, t1;
r0 = this->r[0];
r1 = this->r[1];
@@ -764,10 +764,10 @@ METHOD(chapoly_drv_t, decrypt, bool,
METHOD(chapoly_drv_t, finish, bool,
private_chapoly_drv_ssse3_t *this, u_char *mac)
{
- u_int32_t h0, h1, h2, h3, h4;
- u_int32_t g0, g1, g2, g3, g4;
- u_int32_t mask;
- u_int64_t f = 0;
+ uint32_t h0, h1, h2, h3, h4;
+ uint32_t g0, g1, g2, g3, g4;
+ uint32_t mask;
+ uint64_t f = 0;
/* fully carry h */
h0 = this->h[0];
@@ -790,7 +790,7 @@ METHOD(chapoly_drv_t, finish, bool,
g4 = h4 + (g3 >> 26) - (1 << 26); g3 &= 0x3ffffff;
/* select h if h < p, or h + -p if h >= p */
- mask = (g4 >> ((sizeof(u_int32_t) * 8) - 1)) - 1;
+ mask = (g4 >> ((sizeof(uint32_t) * 8) - 1)) - 1;
g0 &= mask;
g1 &= mask;
g2 &= mask;
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index 2ffaa06..2703dc4 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/cmac
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/cmac/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/cmac/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/cmac/cmac.c b/src/libstrongswan/plugins/cmac/cmac.c
index 4f222ff..22f077f 100644
--- a/src/libstrongswan/plugins/cmac/cmac.c
+++ b/src/libstrongswan/plugins/cmac/cmac.c
@@ -39,7 +39,7 @@ struct private_mac_t {
/**
* Block size, in bytes
*/
- u_int8_t b;
+ uint8_t b;
/**
* Crypter with key K
@@ -49,22 +49,22 @@ struct private_mac_t {
/**
* K1
*/
- u_int8_t *k1;
+ uint8_t *k1;
/**
* K2
*/
- u_int8_t *k2;
+ uint8_t *k2;
/**
* T
*/
- u_int8_t *t;
+ uint8_t *t;
/**
* remaining, unprocessed bytes in append mode
*/
- u_int8_t *remaining;
+ uint8_t *remaining;
/**
* number of bytes in remaining
@@ -127,7 +127,7 @@ static bool update(private_mac_t *this, chunk_t data)
/**
* process last block M_last
*/
-static bool final(private_mac_t *this, u_int8_t *out)
+static bool final(private_mac_t *this, uint8_t *out)
{
chunk_t iv;
@@ -179,7 +179,7 @@ static bool final(private_mac_t *this, u_int8_t *out)
}
METHOD(mac_t, get_mac, bool,
- private_mac_t *this, chunk_t data, u_int8_t *out)
+ private_mac_t *this, chunk_t data, uint8_t *out)
{
/* update T, do not process last block */
if (!update(this, data))
@@ -316,7 +316,7 @@ mac_t *cmac_create(encryption_algorithm_t algo, size_t key_size)
{
private_mac_t *this;
crypter_t *crypter;
- u_int8_t b;
+ uint8_t b;
crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size);
if (!crypter)
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index f263f77..90fd6bd 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/constraints
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/constraints/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/constraints/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 9558f87..94a7f11 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/ctr
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
index 59d201a..854030b 100644
--- a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
+++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
@@ -38,7 +38,7 @@ struct private_ctr_ipsec_crypter_t {
struct {
char nonce[4];
char iv[8];
- u_int32_t counter;
+ uint32_t counter;
} __attribute__((packed)) state;
};
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index 8fc366c..5092c54 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/curl
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index 8929667..42ae9cd 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -60,7 +60,7 @@ static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
char *proto, plugin_feature_t f)
{
/* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */
- if (strpfx(ssl, "OpenSSL"))
+ if (strpfx(ssl, "OpenSSL") || strpfx(ssl, "LibreSSL"))
{
add_feature(this, f);
add_feature(this, PLUGIN_DEPENDS(CUSTOM, "openssl-threading"));
@@ -70,7 +70,8 @@ static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
add_feature(this, f);
add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading"));
}
- else if (strpfx(ssl, "NSS"))
+ else if (strpfx(ssl, "NSS") ||
+ strpfx(ssl, "BoringSSL"))
{
add_feature(this, f);
}
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 6a09d63..c2e49b6 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/des
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c
index 6010f9d..d236bd4 100644
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@@ -96,7 +96,7 @@ struct private_des_crypter_t {
#define DES_ENCRYPT 1
#define DES_DECRYPT 0
-#define DES_LONG u_int32_t
+#define DES_LONG uint32_t
#if defined(WIN32) || defined(WIN16)
#ifndef MSDOS
@@ -1420,7 +1420,7 @@ METHOD(crypter_t, decrypt, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
des_cblock ivb;
- u_int8_t *out;
+ uint8_t *out;
out = data.ptr;
if (decrypted)
@@ -1439,7 +1439,7 @@ METHOD(crypter_t, encrypt, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
des_cblock ivb;
- u_int8_t *out;
+ uint8_t *out;
out = data.ptr;
if (encrypted)
@@ -1456,7 +1456,7 @@ METHOD(crypter_t, encrypt, bool,
METHOD(crypter_t, decrypt_ecb, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
- u_int8_t *out;
+ uint8_t *out;
out = data.ptr;
if (decrypted)
@@ -1472,7 +1472,7 @@ METHOD(crypter_t, decrypt_ecb, bool,
METHOD(crypter_t, encrypt_ecb, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
- u_int8_t *out;
+ uint8_t *out;
out = data.ptr;
if (encrypted)
@@ -1489,7 +1489,7 @@ METHOD(crypter_t, decrypt3, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
des_cblock ivb;
- u_int8_t *out;
+ uint8_t *out;
out = data.ptr;
if (decrypted)
@@ -1508,7 +1508,7 @@ METHOD(crypter_t, encrypt3, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
des_cblock ivb;
- u_int8_t *out;
+ uint8_t *out;
out = data.ptr;
if (encrypted)
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index 55ebb34..1481f8d 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/dnskey
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/dnskey/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/dnskey/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.c b/src/libstrongswan/plugins/dnskey/dnskey_builder.c
index 7104043..fd2471a 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_builder.c
+++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.c
@@ -26,10 +26,10 @@ typedef enum dnskey_algorithm_t dnskey_algorithm_t;
* Header of a DNSKEY resource record
*/
struct dnskey_rr_t {
- u_int16_t flags;
- u_int8_t protocol;
- u_int8_t algorithm;
- u_int8_t data[];
+ uint16_t flags;
+ uint8_t protocol;
+ uint8_t algorithm;
+ uint8_t data[];
} __attribute__((__packed__));
/**
diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in
index 6c2e792..7623a95 100644
--- a/src/libstrongswan/plugins/files/Makefile.in
+++ b/src/libstrongswan/plugins/files/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/files
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/files/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/files/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index 252035c..7c2ae7c 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/fips_prf
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c
index 9297790..47676b3 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c
@@ -31,7 +31,7 @@ struct private_fips_prf_t {
/**
* key of prf function, "b" long
*/
- u_int8_t *key;
+ uint8_t *key;
/**
* size of "b" in bytes
@@ -46,19 +46,19 @@ struct private_fips_prf_t {
/**
* G function, either SHA1 or DES
*/
- bool (*g)(private_fips_prf_t *this, chunk_t c, u_int8_t res[]);
+ bool (*g)(private_fips_prf_t *this, chunk_t c, uint8_t res[]);
};
/**
* sum = (a + b) mod 2 ^ (length * 8)
*/
-static void add_mod(size_t length, u_int8_t a[], u_int8_t b[], u_int8_t sum[])
+static void add_mod(size_t length, uint8_t a[], uint8_t b[], uint8_t sum[])
{
int i, c = 0;
for(i = length - 1; i >= 0; i--)
{
- u_int32_t tmp;
+ uint32_t tmp;
tmp = a[i] + b[i] + c;
sum[i] = 0xff & tmp;
@@ -69,7 +69,7 @@ static void add_mod(size_t length, u_int8_t a[], u_int8_t b[], u_int8_t sum[])
/**
* calculate "chunk mod 2^(length*8)" and save it into buffer
*/
-static void chunk_mod(size_t length, chunk_t chunk, u_int8_t buffer[])
+static void chunk_mod(size_t length, chunk_t chunk, uint8_t buffer[])
{
if (chunk.len < length)
{
@@ -105,14 +105,14 @@ static void chunk_mod(size_t length, chunk_t chunk, u_int8_t buffer[])
* 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16
*/
METHOD(prf_t, get_bytes, bool,
- private_fips_prf_t *this, chunk_t seed, u_int8_t w[])
+ private_fips_prf_t *this, chunk_t seed, uint8_t w[])
{
int i;
- u_int8_t xval[this->b];
- u_int8_t xseed[this->b];
- u_int8_t sum[this->b];
- u_int8_t *xkey = this->key;
- u_int8_t one[this->b];
+ uint8_t xval[this->b];
+ uint8_t xseed[this->b];
+ uint8_t sum[this->b];
+ uint8_t *xkey = this->key;
+ uint8_t one[this->b];
if (!w)
{
@@ -175,9 +175,9 @@ METHOD(prf_t, set_key, bool,
/**
* Implementation of the G() function based on SHA1
*/
-static bool g_sha1(private_fips_prf_t *this, chunk_t c, u_int8_t res[])
+static bool g_sha1(private_fips_prf_t *this, chunk_t c, uint8_t res[])
{
- u_int8_t buf[64];
+ uint8_t buf[64];
if (c.len < sizeof(buf))
{
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index f9c4a69..eb4a0ae 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/gcm
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c
index 6e1694a..e9a0724 100644
--- a/src/libstrongswan/plugins/gcm/gcm_aead.c
+++ b/src/libstrongswan/plugins/gcm/gcm_aead.c
@@ -67,11 +67,11 @@ struct private_gcm_aead_t {
#if ULONG_MAX == 18446744073709551615UL && defined(htobe64)
# define htobeword htobe64
# define bewordtoh be64toh
-# define SHIFT_WORD_TYPE u_int64_t
+# define SHIFT_WORD_TYPE uint64_t
#else
# define htobeword htonl
# define bewordtoh ntohl
-# define SHIFT_WORD_TYPE u_int32_t
+# define SHIFT_WORD_TYPE uint32_t
#endif
/**
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 774c447..727cc24 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/gcrypt
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +417,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -786,6 +799,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
index a737cb1..80a8dc9 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
@@ -52,7 +52,7 @@ struct private_gcrypt_crypter_t {
struct {
char nonce[4];
char iv[8];
- u_int32_t counter;
+ uint32_t counter;
} __attribute__((packed)) ctr;
};
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
index af79931..199c1d6 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
@@ -51,7 +51,7 @@ METHOD(hasher_t, reset, bool,
}
METHOD(hasher_t, get_hash, bool,
- private_gcrypt_hasher_t *this, chunk_t chunk, u_int8_t *hash)
+ private_gcrypt_hasher_t *this, chunk_t chunk, uint8_t *hash)
{
gcry_md_write(this->hd, chunk.ptr, chunk.len);
if (hash)
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
index dc34a8d..bf11758 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
@@ -36,7 +36,7 @@ struct private_gcrypt_rng_t {
};
METHOD(rng_t, get_bytes, bool,
- private_gcrypt_rng_t *this, size_t bytes, u_int8_t *buffer)
+ private_gcrypt_rng_t *this, size_t bytes, uint8_t *buffer)
{
switch (this->quality)
{
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index 9a2d301..32d5beb 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/gmp
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index 052b107..e5d418e 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -142,7 +142,7 @@ chunk_t gmp_mpz_to_chunk(const mpz_t value)
static void mpz_clear_sensitive(mpz_t z)
{
size_t len = mpz_size(z) * GMP_LIMB_BITS / BITS_PER_BYTE;
- u_int8_t *zeros = alloca(len);
+ uint8_t *zeros = alloca(len);
memset(zeros, 0, len);
/* overwrite mpz_t with zero bytes before clearing it */
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index 46fac4a..6d8a845 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/hmac
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c
index 96a14ae..c777b47 100644
--- a/src/libstrongswan/plugins/hmac/hmac.c
+++ b/src/libstrongswan/plugins/hmac/hmac.c
@@ -38,7 +38,7 @@ struct private_mac_t {
/**
* Block size, as in RFC.
*/
- u_int8_t b;
+ uint8_t b;
/**
* Hash function.
@@ -57,7 +57,7 @@ struct private_mac_t {
};
METHOD(mac_t, get_mac, bool,
- private_mac_t *this, chunk_t data, u_int8_t *out)
+ private_mac_t *this, chunk_t data, uint8_t *out)
{
/* H(K XOR opad, H(K XOR ipad, text))
*
@@ -66,7 +66,7 @@ METHOD(mac_t, get_mac, bool,
*
*/
- u_int8_t buffer[this->h->get_hash_size(this->h)];
+ uint8_t buffer[this->h->get_hash_size(this->h)];
chunk_t inner;
if (out == NULL)
@@ -96,7 +96,7 @@ METHOD(mac_t, set_key, bool,
private_mac_t *this, chunk_t key)
{
int i;
- u_int8_t buffer[this->b];
+ uint8_t buffer[this->b];
memset(buffer, 0, this->b);
diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in
index eb0bdf3..e290c80 100644
--- a/src/libstrongswan/plugins/keychain/Makefile.in
+++ b/src/libstrongswan/plugins/keychain/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/keychain
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/keychain/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/keychain/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index 0a03fd8..429cd9e 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/ldap
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 4dbdbe0..669856c 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/md4
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c
index 06c9ec2..ada6c05 100644
--- a/src/libstrongswan/plugins/md4/md4_hasher.c
+++ b/src/libstrongswan/plugins/md4/md4_hasher.c
@@ -39,7 +39,7 @@
#define S33 11
#define S34 15
-static u_int8_t PADDING[64] = {
+static uint8_t PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
@@ -65,11 +65,11 @@ static u_int8_t PADDING[64] = {
(a) = ROTATE_LEFT ((a), (s)); \
}
#define GG(a, b, c, d, x, s) { \
- (a) += G ((b), (c), (d)) + (x) + (u_int32_t)0x5a827999; \
+ (a) += G ((b), (c), (d)) + (x) + (uint32_t)0x5a827999; \
(a) = ROTATE_LEFT ((a), (s)); \
}
#define HH(a, b, c, d, x, s) { \
- (a) += H ((b), (c), (d)) + (x) + (u_int32_t)0x6ed9eba1; \
+ (a) += H ((b), (c), (d)) + (x) + (uint32_t)0x6ed9eba1; \
(a) = ROTATE_LEFT ((a), (s)); \
}
@@ -87,40 +87,40 @@ struct private_md4_hasher_t {
/*
* State of the hasher.
*/
- u_int32_t state[4];
- u_int32_t count[2];
- u_int8_t buffer[64];
+ uint32_t state[4];
+ uint32_t count[2];
+ uint8_t buffer[64];
};
#if BYTE_ORDER != LITTLE_ENDIAN
-/* Encodes input (u_int32_t) into output (u_int8_t). Assumes len is
+/* Encodes input (uint32_t) into output (uint8_t). Assumes len is
* a multiple of 4.
*/
-static void Encode (u_int8_t *output, u_int32_t *input, size_t len)
+static void Encode (uint8_t *output, uint32_t *input, size_t len)
{
size_t i, j;
for (i = 0, j = 0; j < len; i++, j += 4)
{
- output[j] = (u_int8_t)(input[i] & 0xff);
- output[j+1] = (u_int8_t)((input[i] >> 8) & 0xff);
- output[j+2] = (u_int8_t)((input[i] >> 16) & 0xff);
- output[j+3] = (u_int8_t)((input[i] >> 24) & 0xff);
+ output[j] = (uint8_t)(input[i] & 0xff);
+ output[j+1] = (uint8_t)((input[i] >> 8) & 0xff);
+ output[j+2] = (uint8_t)((input[i] >> 16) & 0xff);
+ output[j+3] = (uint8_t)((input[i] >> 24) & 0xff);
}
}
-/* Decodes input (u_int8_t) into output (u_int32_t). Assumes len is
+/* Decodes input (uint8_t) into output (uint32_t). Assumes len is
* a multiple of 4.
*/
-static void Decode(u_int32_t *output, u_int8_t *input, size_t len)
+static void Decode(uint32_t *output, uint8_t *input, size_t len)
{
size_t i, j;
for (i = 0, j = 0; j < len; i++, j += 4)
{
- output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) |
- (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24);
+ output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
+ (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
}
}
@@ -132,9 +132,9 @@ static void Decode(u_int32_t *output, u_int8_t *input, size_t len)
/*
* MD4 basic transformation. Transforms state based on block.
*/
-static void MD4Transform(u_int32_t state[4], u_int8_t block[64])
+static void MD4Transform(uint32_t state[4], uint8_t block[64])
{
- u_int32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16];
+ uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16];
Decode(x, block, 64);
@@ -202,13 +202,13 @@ static void MD4Transform(u_int32_t state[4], u_int8_t block[64])
* operation, processing another message block, and updating the
* context.
*/
-static void MD4Update(private_md4_hasher_t *this, u_int8_t *input, size_t inputLen)
+static void MD4Update(private_md4_hasher_t *this, uint8_t *input, size_t inputLen)
{
- u_int32_t i;
+ uint32_t i;
size_t index, partLen;
/* Compute number of bytes mod 64 */
- index = (u_int8_t)((this->count[0] >> 3) & 0x3F);
+ index = (uint8_t)((this->count[0] >> 3) & 0x3F);
/* Update number of bits */
if ((this->count[0] += (inputLen << 3)) < (inputLen << 3))
@@ -243,9 +243,9 @@ static void MD4Update(private_md4_hasher_t *this, u_int8_t *input, size_t inputL
/* MD4 finalization. Ends an MD4 message-digest operation, writing the
* the message digest and zeroizing the context.
*/
-static void MD4Final (private_md4_hasher_t *this, u_int8_t digest[16])
+static void MD4Final (private_md4_hasher_t *this, uint8_t digest[16])
{
- u_int8_t bits[8];
+ uint8_t bits[8];
size_t index, padLen;
/* Save number of bits */
@@ -280,7 +280,7 @@ METHOD(hasher_t, reset, bool,
}
METHOD(hasher_t, get_hash, bool,
- private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
+ private_md4_hasher_t *this, chunk_t chunk, uint8_t *buffer)
{
MD4Update(this, chunk.ptr, chunk.len);
if (buffer != NULL)
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index 6fc25b0..d937ca3 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/md5
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c
index 99b505e..d14c10a 100644
--- a/src/libstrongswan/plugins/md5/md5_hasher.c
+++ b/src/libstrongswan/plugins/md5/md5_hasher.c
@@ -42,7 +42,7 @@
#define S43 15
#define S44 21
-static u_int8_t PADDING[64] = {
+static uint8_t PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
@@ -66,22 +66,22 @@ static u_int8_t PADDING[64] = {
Rotation is separate from addition to prevent recomputation.
*/
#define FF(a, b, c, d, x, s, ac) { \
- (a) += F ((b), (c), (d)) + (x) + (u_int32_t)(ac); \
+ (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define GG(a, b, c, d, x, s, ac) { \
- (a) += G ((b), (c), (d)) + (x) + (u_int32_t)(ac); \
+ (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define HH(a, b, c, d, x, s, ac) { \
- (a) += H ((b), (c), (d)) + (x) + (u_int32_t)(ac); \
+ (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define II(a, b, c, d, x, s, ac) { \
- (a) += I ((b), (c), (d)) + (x) + (u_int32_t)(ac); \
+ (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
@@ -102,41 +102,41 @@ struct private_md5_hasher_t {
/*
* State of the hasher.
*/
- u_int32_t state[5];
- u_int32_t count[2];
- u_int8_t buffer[64];
+ uint32_t state[5];
+ uint32_t count[2];
+ uint8_t buffer[64];
};
#if BYTE_ORDER != LITTLE_ENDIAN
-/* Encodes input (u_int32_t) into output (u_int8_t). Assumes len is
+/* Encodes input (uint32_t) into output (uint8_t). Assumes len is
* a multiple of 4.
*/
-static void Encode (u_int8_t *output, u_int32_t *input, size_t len)
+static void Encode (uint8_t *output, uint32_t *input, size_t len)
{
size_t i, j;
for (i = 0, j = 0; j < len; i++, j += 4)
{
- output[j] = (u_int8_t)(input[i] & 0xff);
- output[j+1] = (u_int8_t)((input[i] >> 8) & 0xff);
- output[j+2] = (u_int8_t)((input[i] >> 16) & 0xff);
- output[j+3] = (u_int8_t)((input[i] >> 24) & 0xff);
+ output[j] = (uint8_t)(input[i] & 0xff);
+ output[j+1] = (uint8_t)((input[i] >> 8) & 0xff);
+ output[j+2] = (uint8_t)((input[i] >> 16) & 0xff);
+ output[j+3] = (uint8_t)((input[i] >> 24) & 0xff);
}
}
-/* Decodes input (u_int8_t) into output (u_int32_t). Assumes len is
+/* Decodes input (uint8_t) into output (uint32_t). Assumes len is
* a multiple of 4.
*/
-static void Decode(u_int32_t *output, u_int8_t *input, size_t len)
+static void Decode(uint32_t *output, uint8_t *input, size_t len)
{
size_t i, j;
for (i = 0, j = 0; j < len; i++, j += 4)
{
- output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) |
- (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24);
+ output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
+ (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
}
}
@@ -147,9 +147,9 @@ static void Decode(u_int32_t *output, u_int8_t *input, size_t len)
/* MD5 basic transformation. Transforms state based on block.
*/
-static void MD5Transform(u_int32_t state[4], u_int8_t block[64])
+static void MD5Transform(uint32_t state[4], uint8_t block[64])
{
- u_int32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16];
+ uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16];
Decode(x, block, 64);
@@ -235,13 +235,13 @@ static void MD5Transform(u_int32_t state[4], u_int8_t block[64])
* operation, processing another message block, and updating the
* context.
*/
-static void MD5Update(private_md5_hasher_t *this, u_int8_t *input, size_t inputLen)
+static void MD5Update(private_md5_hasher_t *this, uint8_t *input, size_t inputLen)
{
- u_int32_t i;
+ uint32_t i;
size_t index, partLen;
/* Compute number of bytes mod 64 */
- index = (u_int8_t)((this->count[0] >> 3) & 0x3F);
+ index = (uint8_t)((this->count[0] >> 3) & 0x3F);
/* Update number of bits */
if ((this->count[0] += (inputLen << 3)) < (inputLen << 3))
@@ -276,9 +276,9 @@ static void MD5Update(private_md5_hasher_t *this, u_int8_t *input, size_t inputL
/* MD5 finalization. Ends an MD5 message-digest operation, writing the
* the message digest and zeroizing the context.
*/
-static void MD5Final (private_md5_hasher_t *this, u_int8_t digest[16])
+static void MD5Final (private_md5_hasher_t *this, uint8_t digest[16])
{
- u_int8_t bits[8];
+ uint8_t bits[8];
size_t index, padLen;
/* Save number of bits */
@@ -313,7 +313,7 @@ METHOD(hasher_t, reset, bool,
}
METHOD(hasher_t, get_hash, bool,
- private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
+ private_md5_hasher_t *this, chunk_t chunk, uint8_t *buffer)
{
MD5Update(this, chunk.ptr, chunk.len);
if (buffer != NULL)
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index 17409db..821dbc1 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/mysql
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in
index 68be3f4..58a2750 100644
--- a/src/libstrongswan/plugins/nonce/Makefile.in
+++ b/src/libstrongswan/plugins/nonce/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/nonce
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/nonce/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/nonce/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.c b/src/libstrongswan/plugins/nonce/nonce_nonceg.c
index 64ed2e0..22c161d 100644
--- a/src/libstrongswan/plugins/nonce/nonce_nonceg.c
+++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.c
@@ -36,7 +36,7 @@ struct private_nonce_nonceg_t {
};
METHOD(nonce_gen_t, get_nonce, bool,
- private_nonce_nonceg_t *this, size_t size, u_int8_t *buffer)
+ private_nonce_nonceg_t *this, size_t size, uint8_t *buffer)
{
return this->rng->get_bytes(this->rng, size, buffer);
}
diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
index 97a7067..fd123a1 100644
--- a/src/libstrongswan/plugins/ntru/Makefile.in
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/ntru
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -788,6 +801,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.c b/src/libstrongswan/plugins/ntru/ntru_drbg.c
index ef0d3d9..b7a951d 100644
--- a/src/libstrongswan/plugins/ntru/ntru_drbg.c
+++ b/src/libstrongswan/plugins/ntru/ntru_drbg.c
@@ -35,17 +35,17 @@ struct private_ntru_drbg_t {
/**
* Security strength in bits of the DRBG
*/
- u_int32_t strength;
+ uint32_t strength;
/**
* Number of requests for pseudorandom bits
*/
- u_int32_t reseed_counter;
+ uint32_t reseed_counter;
/**
* Maximum number of requests for pseudorandom bits
*/
- u_int32_t max_requests;
+ uint32_t max_requests;
/**
* True entropy source
@@ -111,7 +111,7 @@ static bool update(private_ntru_drbg_t *this, chunk_t data)
return TRUE;
}
-METHOD(ntru_drbg_t, get_strength, u_int32_t,
+METHOD(ntru_drbg_t, get_strength, uint32_t,
private_ntru_drbg_t *this)
{
return this->strength;
@@ -142,7 +142,7 @@ METHOD(ntru_drbg_t, reseed, bool,
}
METHOD(ntru_drbg_t, generate, bool,
- private_ntru_drbg_t *this, u_int32_t strength, u_int32_t len, u_int8_t *out)
+ private_ntru_drbg_t *this, uint32_t strength, uint32_t len, uint8_t *out)
{
size_t delta;
chunk_t output;
@@ -206,14 +206,14 @@ METHOD(ntru_drbg_t, destroy, void,
/*
* Described in header.
*/
-ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str,
+ntru_drbg_t *ntru_drbg_create(uint32_t strength, chunk_t pers_str,
rng_t *entropy)
{
private_ntru_drbg_t *this;
chunk_t seed;
signer_t *hmac;
size_t entropy_len;
- u_int32_t max_requests;
+ uint32_t max_requests;
if (strength > MAX_STRENGTH_BITS)
{
diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.h b/src/libstrongswan/plugins/ntru/ntru_drbg.h
index 83cef11..3fee180 100644
--- a/src/libstrongswan/plugins/ntru/ntru_drbg.h
+++ b/src/libstrongswan/plugins/ntru/ntru_drbg.h
@@ -36,7 +36,7 @@ struct ntru_drbg_t {
*
* @return configured security strength in bits
*/
- u_int32_t (*get_strength)(ntru_drbg_t *this);
+ uint32_t (*get_strength)(ntru_drbg_t *this);
/**
* Reseed the instantiated DRBG
@@ -54,8 +54,8 @@ struct ntru_drbg_t {
* @param out address of output buffer
* @return TRUE if successful
*/
- bool (*generate)(ntru_drbg_t *this, u_int32_t strength, u_int32_t len,
- u_int8_t *out);
+ bool (*generate)(ntru_drbg_t *this, uint32_t strength, uint32_t len,
+ uint8_t *out);
/**
* Get a reference on an ntru_drbg_t object increasing the count by one
@@ -77,7 +77,7 @@ struct ntru_drbg_t {
* @param pers_str personalization string
* @param entropy entropy source to use
*/
-ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str,
+ntru_drbg_t *ntru_drbg_create(uint32_t strength, chunk_t pers_str,
rng_t *entropy);
#endif /** NTRU_DRBG_H_ @}*/
diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c
index 3b5df81..efc660b 100644
--- a/src/libstrongswan/plugins/ntru/ntru_ke.c
+++ b/src/libstrongswan/plugins/ntru/ntru_ke.c
@@ -66,7 +66,7 @@ struct private_ntru_ke_t {
/**
* Cryptographical strength in bits of the NTRU Parameter Set
*/
- u_int32_t strength;
+ uint32_t strength;
/**
* NTRU Public Key
@@ -247,7 +247,7 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
rng_t *entropy;
ntru_drbg_t *drbg;
char *parameter_set;
- u_int32_t strength;
+ uint32_t strength;
parameter_set = lib->settings->get_str(lib->settings,
"%s.plugins.ntru.parameter_set", "optimum", lib->ns);
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 3020169..f453f43 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/openssl
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -210,12 +219,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -265,6 +276,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -299,6 +311,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -410,6 +423,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -485,7 +499,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -815,6 +828,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index cb02c66..20bac6b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -46,6 +46,17 @@
#include <collections/enumerator.h>
#include <credentials/certificates/x509.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) {
+ if (psig) { *psig = crl->signature; }
+ if (palg) { *palg = crl->sig_alg; }
+}
+#define X509_REVOKED_get0_serialNumber(r) ({ (r)->serialNumber; })
+#define X509_REVOKED_get0_revocationDate(r) ({ (r)->revocationDate; })
+#define X509_CRL_get0_extensions(c) ({ (c)->crl->extensions; })
+#define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; })
+#endif
+
typedef struct private_openssl_crl_t private_openssl_crl_t;
/**
@@ -141,11 +152,13 @@ METHOD(enumerator_t, crl_enumerate, bool,
revoked = sk_X509_REVOKED_value(this->stack, this->i);
if (serial)
{
- *serial = openssl_asn1_str2chunk(revoked->serialNumber);
+ *serial = openssl_asn1_str2chunk(
+ X509_REVOKED_get0_serialNumber(revoked));
}
if (date)
{
- *date = openssl_asn1_to_time(revoked->revocationDate);
+ *date = openssl_asn1_to_time(
+ X509_REVOKED_get0_revocationDate(revoked));
}
if (reason)
{
@@ -231,6 +244,7 @@ METHOD(certificate_t, issued_by, bool,
chunk_t fingerprint, tbs;
public_key_t *key;
x509_t *x509;
+ ASN1_BIT_STRING *sig;
bool valid;
if (issuer->get_type(issuer) != CERT_X509)
@@ -266,9 +280,14 @@ METHOD(certificate_t, issued_by, bool,
{
return FALSE;
}
+ /* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl);
+#else
tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
- valid = key->verify(key, this->scheme, tbs,
- openssl_asn1_str2chunk(this->crl->signature));
+#endif
+ X509_CRL_get0_signature(&sig, NULL, this->crl);
+ valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig));
free(tbs.ptr);
key->destroy(key);
if (valid && scheme)
@@ -448,7 +467,7 @@ static bool parse_extensions(private_openssl_crl_t *this)
X509_EXTENSION *ext;
STACK_OF(X509_EXTENSION) *extensions;
- extensions = this->crl->crl->extensions;
+ extensions = X509_CRL_get0_extensions(this->crl);
if (extensions)
{
num = sk_X509_EXTENSION_num(extensions);
@@ -494,6 +513,8 @@ static bool parse_extensions(private_openssl_crl_t *this)
static bool parse_crl(private_openssl_crl_t *this)
{
const unsigned char *ptr = this->encoding.ptr;
+ ASN1_OBJECT *oid;
+ X509_ALGOR *alg;
this->crl = d2i_X509_CRL(NULL, &ptr, this->encoding.len);
if (!this->crl)
@@ -501,14 +522,28 @@ static bool parse_crl(private_openssl_crl_t *this)
return FALSE;
}
+ X509_CRL_get0_signature(NULL, &alg, this->crl);
+ X509_ALGOR_get0(&oid, NULL, NULL, alg);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (!chunk_equals(
openssl_asn1_obj2chunk(this->crl->crl->sig_alg->algorithm),
openssl_asn1_obj2chunk(this->crl->sig_alg->algorithm)))
{
return FALSE;
}
- this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(
- this->crl->sig_alg->algorithm));
+#elif 0
+ /* FIXME: we currently can't do this if X509_CRL is opaque (>= 1.1.0) as
+ * X509_CRL_get0_tbs_sigalg() does not exist and there does not seem to be
+ * another easy way to get the algorithm from the tbsCertList of the CRL */
+ alg = X509_CRL_get0_tbs_sigalg(this->crl);
+ X509_ALGOR_get0(&oid_tbs, NULL, NULL, alg);
+ if (!chunk_equals(openssl_asn1_obj2chunk(oid),
+ openssl_asn1_obj2chunk(oid_tbs)))
+ {
+ return FALSE;
+ }
+#endif
+ this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(oid));
this->issuer = openssl_x509_name2id(X509_CRL_get_issuer(this->crl));
if (!this->issuer)
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index 26f4700..b9085f9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -43,7 +43,7 @@ struct private_openssl_crypter_t {
/**
* Look up an OpenSSL algorithm name and validate its key size
*/
-static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size)
+static char* lookup_algorithm(uint16_t ikev2_algo, size_t *key_size)
{
struct {
/* identifier specified in IKEv2 */
@@ -57,12 +57,12 @@ static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size)
/* maximum key size */
size_t key_max;
} mappings[] = {
- {ENCR_DES, "des", 8, 8, 8},
- {ENCR_3DES, "des3", 24, 24, 24},
- {ENCR_RC5, "rc5", 16, 5, 255},
- {ENCR_IDEA, "idea", 16, 16, 16},
- {ENCR_CAST, "cast", 16, 5, 16},
- {ENCR_BLOWFISH, "blowfish", 16, 5, 56},
+ {ENCR_DES, "des-cbc", 8, 8, 8},
+ {ENCR_3DES, "des-ede3-cbc", 24, 24, 24},
+ {ENCR_RC5, "rc5-cbc", 16, 5, 255},
+ {ENCR_IDEA, "idea-cbc", 16, 16, 16},
+ {ENCR_CAST, "cast5-cbc", 16, 5, 16},
+ {ENCR_BLOWFISH, "bf-cbc", 16, 5, 56},
};
int i;
@@ -93,8 +93,10 @@ static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size)
static bool crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *dst, int enc)
{
+ EVP_CIPHER_CTX *ctx;
int len;
u_char *out;
+ bool success = FALSE;
out = data.ptr;
if (dst)
@@ -102,16 +104,19 @@ static bool crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
*dst = chunk_alloc(data.len);
out = dst->ptr;
}
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- return EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc) &&
- EVP_CIPHER_CTX_set_padding(&ctx, 0) /* disable padding */ &&
- EVP_CIPHER_CTX_set_key_length(&ctx, this->key.len) &&
- EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, iv.ptr, enc) &&
- EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len) &&
- /* since padding is disabled this does nothing */
- EVP_CipherFinal_ex(&ctx, out + len, &len) &&
- EVP_CIPHER_CTX_cleanup(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (EVP_CipherInit_ex(ctx, this->cipher, NULL, NULL, NULL, enc) &&
+ EVP_CIPHER_CTX_set_padding(ctx, 0) /* disable padding */ &&
+ EVP_CIPHER_CTX_set_key_length(ctx, this->key.len) &&
+ EVP_CipherInit_ex(ctx, NULL, NULL, this->key.ptr, iv.ptr, enc) &&
+ EVP_CipherUpdate(ctx, out, &len, data.ptr, data.len) &&
+ /* since padding is disabled this does nothing */
+ EVP_CipherFinal_ex(ctx, out + len, &len))
+ {
+ success = TRUE;
+ }
+ EVP_CIPHER_CTX_free(ctx);
+ return success;
}
METHOD(crypter_t, decrypt, bool,
@@ -129,13 +134,13 @@ METHOD(crypter_t, encrypt, bool,
METHOD(crypter_t, get_block_size, size_t,
private_openssl_crypter_t *this)
{
- return this->cipher->block_size;
+ return EVP_CIPHER_block_size(this->cipher);
}
METHOD(crypter_t, get_iv_size, size_t,
private_openssl_crypter_t *this)
{
- return this->cipher->iv_len;
+ return EVP_CIPHER_iv_length(this->cipher);
}
METHOD(crypter_t, get_key_size, size_t,
@@ -193,13 +198,13 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
key_size = 16;
/* FALL */
case 16: /* AES 128 */
- this->cipher = EVP_get_cipherbyname("aes128");
+ this->cipher = EVP_get_cipherbyname("aes-128-cbc");
break;
case 24: /* AES-192 */
- this->cipher = EVP_get_cipherbyname("aes192");
+ this->cipher = EVP_get_cipherbyname("aes-192-cbc");
break;
case 32: /* AES-256 */
- this->cipher = EVP_get_cipherbyname("aes256");
+ this->cipher = EVP_get_cipherbyname("aes-256-cbc");
break;
default:
free(this);
@@ -213,13 +218,13 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
key_size = 16;
/* FALL */
case 16: /* CAMELLIA 128 */
- this->cipher = EVP_get_cipherbyname("camellia128");
+ this->cipher = EVP_get_cipherbyname("camellia-128-cbc");
break;
case 24: /* CAMELLIA 192 */
- this->cipher = EVP_get_cipherbyname("camellia192");
+ this->cipher = EVP_get_cipherbyname("camellia-192-cbc");
break;
case 32: /* CAMELLIA 256 */
- this->cipher = EVP_get_cipherbyname("camellia256");
+ this->cipher = EVP_get_cipherbyname("camellia-256-cbc");
break;
default:
free(this);
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index 49ec488..f08dfff 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -22,9 +22,17 @@
#include <openssl/dh.h>
#include "openssl_diffie_hellman.h"
+#include "openssl_util.h"
#include <utils/debug.h>
+/* these were added with 1.1.0 when DH was made opaque */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(DH, key, pub_key, priv_key)
+OPENSSL_KEY_FALLBACK(DH, pqg, p, q, g)
+#define DH_set_length(dh, len) ({ (dh)->length = len; 1; })
+#endif
+
typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
/**
@@ -65,10 +73,12 @@ struct private_openssl_diffie_hellman_t {
METHOD(diffie_hellman_t, get_my_public_value, bool,
private_openssl_diffie_hellman_t *this, chunk_t *value)
{
+ const BIGNUM *pubkey;
+
*value = chunk_alloc(DH_size(this->dh));
memset(value->ptr, 0, value->len);
- BN_bn2bin(this->dh->pub_key,
- value->ptr + value->len - BN_num_bytes(this->dh->pub_key));
+ DH_get0_key(this->dh, &pubkey, NULL);
+ BN_bn2bin(pubkey, value->ptr + value->len - BN_num_bytes(pubkey));
return TRUE;
}
@@ -116,8 +126,15 @@ METHOD(diffie_hellman_t, set_other_public_value, bool,
METHOD(diffie_hellman_t, set_private_value, bool,
private_openssl_diffie_hellman_t *this, chunk_t value)
{
- if (BN_bin2bn(value.ptr, value.len, this->dh->priv_key))
+ BIGNUM *privkey;
+
+ privkey = BN_bin2bn(value.ptr, value.len, NULL);
+ if (privkey)
{
+ if (!DH_set0_key(this->dh, NULL, privkey))
+ {
+ return FALSE;
+ }
chunk_clear(&this->shared_secret);
this->computed = FALSE;
return DH_generate_key(this->dh);
@@ -136,16 +153,29 @@ METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
*/
static status_t set_modulus(private_openssl_diffie_hellman_t *this)
{
+ BIGNUM *p, *g;
+
diffie_hellman_params_t *params = diffie_hellman_get_params(this->group);
if (!params)
{
return NOT_FOUND;
}
- this->dh->p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL);
- this->dh->g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL);
+ p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL);
+ g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL);
+ if (!DH_set0_pqg(this->dh, p, NULL, g))
+ {
+ return FAILED;
+ }
if (params->exp_len != params->prime.len)
{
- this->dh->length = params->exp_len * 8;
+#ifdef OPENSSL_IS_BORINGSSL
+ this->dh->priv_length = params->exp_len * 8;
+#else
+ if (!DH_set_length(this->dh, params->exp_len * 8))
+ {
+ return FAILED;
+ }
+#endif
}
return SUCCESS;
}
@@ -166,6 +196,7 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(
diffie_hellman_group_t group, chunk_t g, chunk_t p)
{
private_openssl_diffie_hellman_t *this;
+ const BIGNUM *privkey;
INIT(this,
.public = {
@@ -194,8 +225,12 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(
if (group == MODP_CUSTOM)
{
- this->dh->p = BN_bin2bn(p.ptr, p.len, NULL);
- this->dh->g = BN_bin2bn(g.ptr, g.len, NULL);
+ if (!DH_set0_pqg(this->dh, BN_bin2bn(p.ptr, p.len, NULL), NULL,
+ BN_bin2bn(g.ptr, g.len, NULL)))
+ {
+ destroy(this);
+ return NULL;
+ }
}
else
{
@@ -213,9 +248,8 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(
destroy(this);
return NULL;
}
- DBG2(DBG_LIB, "size of DH secret exponent: %d bits",
- BN_num_bits(this->dh->priv_key));
-
+ DH_get0_key(this->dh, NULL, &privkey);
+ DBG2(DBG_LIB, "size of DH secret exponent: %d bits", BN_num_bits(privkey));
return &this->public;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index bc7884c..24fe623 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -28,6 +28,10 @@
#include <openssl/ecdsa.h>
#include <openssl/x509.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
+#endif
+
typedef struct private_openssl_ec_private_key_t private_openssl_ec_private_key_t;
/**
@@ -59,15 +63,17 @@ bool openssl_ec_fingerprint(EC_KEY *ec, cred_encoding_type_t type, chunk_t *fp);
static bool build_signature(private_openssl_ec_private_key_t *this,
chunk_t hash, chunk_t *signature)
{
- bool built = FALSE;
+ const BIGNUM *r, *s;
ECDSA_SIG *sig;
+ bool built = FALSE;
sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec);
if (sig)
{
+ ECDSA_SIG_get0(sig, &r, &s);
/* concatenate BNs r/s to a signature chunk */
built = openssl_bn_cat(EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)),
- sig->r, sig->s, signature);
+ r, s, signature);
ECDSA_SIG_free(sig);
}
return built;
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index 21dcb01..a1e56fc 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -27,6 +27,10 @@
#include <openssl/ecdsa.h>
#include <openssl/x509.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
+#endif
+
typedef struct private_openssl_ec_public_key_t private_openssl_ec_public_key_t;
/**
@@ -55,14 +59,23 @@ struct private_openssl_ec_public_key_t {
static bool verify_signature(private_openssl_ec_public_key_t *this,
chunk_t hash, chunk_t signature)
{
- bool valid = FALSE;
+ BIGNUM *r, *s;
ECDSA_SIG *sig;
+ bool valid = FALSE;
sig = ECDSA_SIG_new();
if (sig)
{
- /* split the signature chunk in r and s */
- if (openssl_bn_split(signature, sig->r, sig->s))
+ r = BN_new();
+ s = BN_new();
+ if (!openssl_bn_split(signature, r, s))
+ {
+ BN_free(r);
+ BN_free(s);
+ ECDSA_SIG_free(sig);
+ return FALSE;
+ }
+ if (ECDSA_SIG_set0(sig, r, s))
{
valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1);
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c
index 147e4af..6bbe4af 100644
--- a/src/libstrongswan/plugins/openssl/openssl_gcm.c
+++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c
@@ -71,7 +71,7 @@ struct private_aead_t {
static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv,
u_char *out, int enc)
{
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
u_char nonce[NONCE_LEN];
bool success = FALSE;
int len;
@@ -79,29 +79,29 @@ static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv,
memcpy(nonce, this->salt, SALT_LEN);
memcpy(nonce + SALT_LEN, iv.ptr, IV_LEN);
- EVP_CIPHER_CTX_init(&ctx);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
- if (!EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc) ||
- !EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, NONCE_LEN, NULL) ||
- !EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, nonce, enc))
+ ctx = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+ if (!EVP_CipherInit_ex(ctx, this->cipher, NULL, NULL, NULL, enc) ||
+ !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, NONCE_LEN, NULL) ||
+ !EVP_CipherInit_ex(ctx, NULL, NULL, this->key.ptr, nonce, enc))
{
goto done;
}
- if (!enc && !EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, this->icv_size,
+ if (!enc && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, this->icv_size,
data.ptr + data.len))
{ /* set ICV for verification on decryption */
goto done;
}
- if (assoc.len && !EVP_CipherUpdate(&ctx, NULL, &len, assoc.ptr, assoc.len))
+ if (assoc.len && !EVP_CipherUpdate(ctx, NULL, &len, assoc.ptr, assoc.len))
{ /* set AAD if specified */
goto done;
}
- if (!EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len) ||
- !EVP_CipherFinal_ex(&ctx, out + len, &len))
+ if (!EVP_CipherUpdate(ctx, out, &len, data.ptr, data.len) ||
+ !EVP_CipherFinal_ex(ctx, out + len, &len))
{ /* EVP_CipherFinal_ex fails if ICV is incorrect on decryption */
goto done;
}
- if (enc && !EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, this->icv_size,
+ if (enc && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, this->icv_size,
out + data.len))
{ /* copy back the ICV when encrypting */
goto done;
@@ -109,7 +109,7 @@ static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv,
success = TRUE;
done:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return success;
}
@@ -152,7 +152,7 @@ METHOD(aead_t, decrypt, bool,
METHOD(aead_t, get_block_size, size_t,
private_aead_t *this)
{
- return this->cipher->block_size;
+ return EVP_CIPHER_block_size(this->cipher);
}
METHOD(aead_t, get_icv_size, size_t,
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c
index 50b1469..96ee230 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.c
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c
@@ -43,7 +43,7 @@ struct private_openssl_hasher_t {
METHOD(hasher_t, get_hash_size, size_t,
private_openssl_hasher_t *this)
{
- return this->hasher->md_size;
+ return EVP_MD_size(this->hasher);
}
METHOD(hasher_t, reset, bool,
@@ -53,7 +53,7 @@ METHOD(hasher_t, reset, bool,
}
METHOD(hasher_t, get_hash, bool,
- private_openssl_hasher_t *this, chunk_t chunk, u_int8_t *hash)
+ private_openssl_hasher_t *this, chunk_t chunk, uint8_t *hash)
{
if (EVP_DigestUpdate(this->ctx, chunk.ptr, chunk.len) != 1)
{
diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.c b/src/libstrongswan/plugins/openssl/openssl_hmac.c
index 065187a..16e7071 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hmac.c
+++ b/src/libstrongswan/plugins/openssl/openssl_hmac.c
@@ -68,7 +68,14 @@ struct private_mac_t {
/**
* Current HMAC context
*/
- HMAC_CTX hmac;
+ HMAC_CTX *hmac;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ /**
+ * Static context for OpenSSL < 1.1.0
+ */
+ HMAC_CTX hmac_ctx;
+#endif
/**
* Key set on HMAC_CTX?
@@ -80,28 +87,28 @@ METHOD(mac_t, set_key, bool,
private_mac_t *this, chunk_t key)
{
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
- if (HMAC_Init_ex(&this->hmac, key.ptr, key.len, this->hasher, NULL))
+ if (HMAC_Init_ex(this->hmac, key.ptr, key.len, this->hasher, NULL))
{
this->key_set = TRUE;
return TRUE;
}
return FALSE;
#else /* OPENSSL_VERSION_NUMBER < 1.0 */
- HMAC_Init_ex(&this->hmac, key.ptr, key.len, this->hasher, NULL);
+ HMAC_Init_ex(this->hmac, key.ptr, key.len, this->hasher, NULL);
this->key_set = TRUE;
return TRUE;
#endif
}
METHOD(mac_t, get_mac, bool,
- private_mac_t *this, chunk_t data, u_int8_t *out)
+ private_mac_t *this, chunk_t data, uint8_t *out)
{
if (!this->key_set)
{
return FALSE;
}
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
- if (!HMAC_Update(&this->hmac, data.ptr, data.len))
+ if (!HMAC_Update(this->hmac, data.ptr, data.len))
{
return FALSE;
}
@@ -109,17 +116,17 @@ METHOD(mac_t, get_mac, bool,
{
return TRUE;
}
- if (!HMAC_Final(&this->hmac, out, NULL))
+ if (!HMAC_Final(this->hmac, out, NULL))
{
return FALSE;
}
#else /* OPENSSL_VERSION_NUMBER < 1.0 */
- HMAC_Update(&this->hmac, data.ptr, data.len);
+ HMAC_Update(this->hmac, data.ptr, data.len);
if (out == NULL)
{
return TRUE;
}
- HMAC_Final(&this->hmac, out, NULL);
+ HMAC_Final(this->hmac, out, NULL);
#endif
return set_key(this, chunk_empty);
}
@@ -133,7 +140,11 @@ METHOD(mac_t, get_mac_size, size_t,
METHOD(mac_t, destroy, void,
private_mac_t *this)
{
- HMAC_CTX_cleanup(&this->hmac);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ HMAC_CTX_free(this->hmac);
+#else
+ HMAC_CTX_cleanup(&this->hmac_ctx);
+#endif
free(this);
}
@@ -167,7 +178,12 @@ static mac_t *hmac_create(hash_algorithm_t algo)
return NULL;
}
- HMAC_CTX_init(&this->hmac);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ this->hmac = HMAC_CTX_new();
+#else
+ HMAC_CTX_init(&this->hmac_ctx);
+ this->hmac = &this->hmac_ctx;
+#endif
return &this->public;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
index d16b2cc..705e96c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
@@ -23,6 +23,10 @@
#include <library.h>
#include <credentials/sets/mem_cred.h>
+#ifdef OPENSSL_IS_BORINGSSL
+#define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type)
+#endif
+
typedef struct private_pkcs12_t private_pkcs12_t;
/**
@@ -110,7 +114,7 @@ static bool add_key(private_pkcs12_t *this, EVP_PKEY *private)
{ /* no private key is ok */
return TRUE;
}
- switch (EVP_PKEY_type(private->type))
+ switch (EVP_PKEY_base_id(private))
{
case EVP_PKEY_RSA:
type = KEY_RSA;
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
index 891e829..5752d96 100644
--- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
@@ -29,6 +29,10 @@
#include <openssl/cms.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_ATTRIBUTE_get0_object(attr) ({ (attr)->object; })
+#endif
+
typedef struct private_openssl_pkcs7_t private_openssl_pkcs7_t;
/**
@@ -432,11 +436,11 @@ METHOD(pkcs7_t, get_attribute, bool,
for (i = 0; i < CMS_signed_get_attr_count(si); i++)
{
attr = CMS_signed_get_attr(si, i);
- if (!attr->single && sk_ASN1_TYPE_num(attr->value.set) == 1 &&
- openssl_asn1_known_oid(attr->object) == oid)
+ if (X509_ATTRIBUTE_count(attr) == 1 &&
+ openssl_asn1_known_oid(X509_ATTRIBUTE_get0_object(attr)) == oid)
{
/* get first value in SET */
- type = sk_ASN1_TYPE_value(attr->value.set, 0);
+ type = X509_ATTRIBUTE_get0_type(attr, 0);
chunk = wrapped = openssl_i2chunk(ASN1_TYPE, type);
if (asn1_unwrap(&chunk, &chunk) != 0x100 /* ASN1_INVALID */)
{
@@ -503,7 +507,7 @@ static bool decrypt_symmetric(private_openssl_pkcs7_t *this, chunk_t key,
chunk_t iv;
size_t key_size;
- /* read encryption algorithm from interal structures; TODO fixup */
+ /* read encryption algorithm from internal structures; TODO fixup */
alg = this->cms->envelopedData->encryptedContentInfo->
contentEncryptionAlgorithm;
encr = encryption_algorithm_from_oid(openssl_asn1_known_oid(alg->algorithm),
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index aeb9be4..3e3b986 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -66,6 +66,11 @@ struct private_openssl_plugin_t {
};
/**
+ * OpenSSL is thread-safe since 1.1.0
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+/**
* Array of static mutexs, with CRYPTO_num_locks() mutex
*/
static mutex_t **mutex = NULL;
@@ -227,6 +232,14 @@ static void threading_cleanup()
cleanup->destroy(cleanup);
}
+#else /* OPENSSL_VERSION_NUMBER */
+
+#define threading_init()
+
+#define threading_cleanup()
+
+#endif
+
/**
* Seed the OpenSSL RNG, if required
*/
@@ -502,8 +515,14 @@ METHOD(plugin_t, get_features, int,
METHOD(plugin_t, destroy, void,
private_openssl_plugin_t *this)
{
+/* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
+ * can't call it as we couldn't re-initialize the library (as required by the
+ * unit tests and the Android app) */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifndef OPENSSL_IS_BORINGSSL
CONF_modules_free();
OBJ_cleanup();
+#endif
EVP_cleanup();
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
@@ -511,6 +530,7 @@ METHOD(plugin_t, destroy, void,
CRYPTO_cleanup_all_ex_data();
threading_cleanup();
ERR_free_strings();
+#endif /* OPENSSL_VERSION_NUMBER */
free(this);
}
@@ -553,10 +573,23 @@ plugin_t *openssl_plugin_create()
},
);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ /* note that we can't call OPENSSL_cleanup() when the plugin is destroyed
+ * as we couldn't initialize the library again afterwards */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG |
+ OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+#else /* OPENSSL_VERSION_NUMBER */
threading_init();
-
+#ifndef OPENSSL_IS_BORINGSSL
OPENSSL_config(NULL);
+#endif
OpenSSL_add_all_algorithms();
+#ifndef OPENSSL_NO_ENGINE
+ /* activate support for hardware accelerators */
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+#endif /* OPENSSL_NO_ENGINE */
+#endif /* OPENSSL_VERSION_NUMBER */
#ifdef OPENSSL_FIPS
/* we do this here as it may have been enabled via openssl.conf */
@@ -565,12 +598,6 @@ plugin_t *openssl_plugin_create()
"openssl FIPS mode(%d) - %sabled ", fips_mode, fips_mode ? "en" : "dis");
#endif /* OPENSSL_FIPS */
-#ifndef OPENSSL_NO_ENGINE
- /* activate support for hardware accelerators */
- ENGINE_load_builtin_engines();
- ENGINE_register_all_complete();
-#endif /* OPENSSL_NO_ENGINE */
-
if (!seed_rng())
{
DBG1(DBG_CFG, "no RNG found to seed OpenSSL");
diff --git a/src/libstrongswan/plugins/openssl/openssl_rng.c b/src/libstrongswan/plugins/openssl/openssl_rng.c
index c807bb6..a25b6b4 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rng.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rng.c
@@ -47,15 +47,8 @@ struct private_openssl_rng_t {
};
METHOD(rng_t, get_bytes, bool,
- private_openssl_rng_t *this, size_t bytes, u_int8_t *buffer)
+ private_openssl_rng_t *this, size_t bytes, uint8_t *buffer)
{
- if (this->quality == RNG_WEAK)
- {
- /* RAND_pseudo_bytes() returns 1 if returned bytes are strong,
- * 0 if of not. Both is acceptable for RNG_WEAK. */
- return RAND_pseudo_bytes((char*)buffer, bytes) != -1;
- }
- /* A 0 return value is a failure for RAND_bytes() */
return RAND_bytes((char*)buffer, bytes) == 1;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index de02f30..485e0bb 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -20,6 +20,7 @@
#include "openssl_rsa_private_key.h"
#include "openssl_rsa_public_key.h"
+#include "openssl_util.h"
#include <utils/debug.h>
@@ -35,6 +36,12 @@
*/
#define PUBLIC_EXPONENT 0x10001
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
+OPENSSL_KEY_FALLBACK(RSA, factors, p, q)
+OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp)
+#endif
+
typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
/**
@@ -436,22 +443,38 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
}
else if (n.ptr && e.ptr && d.ptr && p.ptr && q.ptr && coeff.ptr)
{
+ BIGNUM *bn_n, *bn_e, *bn_d, *bn_p, *bn_q;
+ BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
+
this->rsa = RSA_new();
- this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
- this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
- this->rsa->d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL);
- this->rsa->p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL);
- this->rsa->q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL);
+
+ bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
+ bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
+ bn_d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL);
+ if (!RSA_set0_key(this->rsa, bn_n, bn_e, bn_d))
+ {
+ destroy(this);
+ return NULL;
+
+ }
+ bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL);
+ bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL);
+ if (!RSA_set0_factors(this->rsa, bn_p, bn_q))
+ {
+ destroy(this);
+ return NULL;
+ }
if (exp1.ptr)
{
- this->rsa->dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL);
+ dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL);
}
if (exp2.ptr)
{
- this->rsa->dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL);
+ dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL);
}
- this->rsa->iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL);
- if (RSA_check_key(this->rsa) == 1)
+ iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL);
+ if (RSA_set0_crt_params(this->rsa, dmp1, dmq1, iqmp) &&
+ RSA_check_key(this->rsa) == 1)
{
return &this->public;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index db92856..d66d501 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -28,6 +28,10 @@
#include <openssl/rsa.h>
#include <openssl/x509.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
+#endif
+
typedef struct private_openssl_rsa_public_key_t private_openssl_rsa_public_key_t;
/**
@@ -224,11 +228,13 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp)
break;
default:
{
+ const BIGNUM *bn_n, *bn_e;
chunk_t n = chunk_empty, e = chunk_empty;
bool success = FALSE;
- if (openssl_bn2chunk(rsa->n, &n) &&
- openssl_bn2chunk(rsa->e, &e))
+ RSA_get0_key(rsa, &bn_n, &bn_e, NULL);
+ if (openssl_bn2chunk(bn_n, &n) &&
+ openssl_bn2chunk(bn_e, &e))
{
success = lib->encoding->encode(lib->encoding, type, rsa, fp,
CRED_PART_RSA_MODULUS, n,
@@ -297,10 +303,12 @@ METHOD(public_key_t, get_encoding, bool,
}
default:
{
+ const BIGNUM *bn_n, *bn_e;
chunk_t n = chunk_empty, e = chunk_empty;
- if (openssl_bn2chunk(this->rsa->n, &n) &&
- openssl_bn2chunk(this->rsa->e, &e))
+ RSA_get0_key(this->rsa, &bn_n, &bn_e, NULL);
+ if (openssl_bn2chunk(bn_n, &n) &&
+ openssl_bn2chunk(bn_e, &e))
{
success = lib->encoding->encode(lib->encoding, type, NULL,
encoding, CRED_PART_RSA_MODULUS, n,
@@ -416,10 +424,15 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type,
}
else if (n.ptr && e.ptr && type == KEY_RSA)
{
+ BIGNUM *bn_n, *bn_e;
+
this->rsa = RSA_new();
- this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
- this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
- return &this->public;
+ bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
+ bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
+ if (RSA_set0_key(this->rsa, bn_n, bn_e, NULL))
+ {
+ return &this->public;
+ }
}
destroy(this);
return NULL;
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
index 446c93e..f6df03f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
@@ -40,7 +40,7 @@ struct private_openssl_sha1_prf_t {
};
METHOD(prf_t, get_bytes, bool,
- private_openssl_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes)
+ private_openssl_sha1_prf_t *this, chunk_t seed, uint8_t *bytes)
{
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
if (!SHA1_Update(&this->ctx, seed.ptr, seed.len))
@@ -53,7 +53,7 @@ METHOD(prf_t, get_bytes, bool,
if (bytes)
{
- u_int32_t *hash = (u_int32_t*)bytes;
+ uint32_t *hash = (uint32_t*)bytes;
hash[0] = htonl(this->ctx.h0);
hash[1] = htonl(this->ctx.h1);
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
index 2f98137..6580e1c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -22,6 +22,12 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
+/* these were added with 1.1.0 when ASN1_OBJECT was made opaque */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define OBJ_get0_data(o) ((o)->data)
+#define OBJ_length(o) ((o)->length)
+#endif
+
/**
* Described in header.
*/
@@ -51,7 +57,7 @@ bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash)
goto error;
}
- *hash = chunk_alloc(hasher->md_size);
+ *hash = chunk_alloc(EVP_MD_size(hasher));
if (!EVP_DigestFinal_ex(ctx, hash->ptr, NULL))
{
chunk_free(hash);
@@ -70,7 +76,8 @@ error:
/**
* Described in header.
*/
-bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk)
+bool openssl_bn_cat(const int len, const BIGNUM *a, const BIGNUM *b,
+ chunk_t *chunk)
{
int offset;
@@ -127,7 +134,7 @@ bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b)
/**
* Described in header.
*/
-bool openssl_bn2chunk(BIGNUM *bn, chunk_t *chunk)
+bool openssl_bn2chunk(const BIGNUM *bn, chunk_t *chunk)
{
*chunk = chunk_alloc(BN_num_bytes(bn));
if (BN_bn2bin(bn, chunk->ptr) == chunk->len)
@@ -149,7 +156,7 @@ chunk_t openssl_asn1_obj2chunk(ASN1_OBJECT *asn1)
{
if (asn1)
{
- return chunk_create((u_char*)asn1->data, asn1->length);
+ return chunk_create((u_char*)OBJ_get0_data(asn1), OBJ_length(asn1));
}
return chunk_empty;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h
index 2db0731..f4186e8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.h
+++ b/src/libstrongswan/plugins/openssl/openssl_util.h
@@ -60,7 +60,8 @@ bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash);
* @param chunk resulting chunk
* @return TRUE on success, FALSE otherwise
*/
-bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk);
+bool openssl_bn_cat(const int len, const BIGNUM *a, const BIGNUM *b,
+ chunk_t *chunk);
/**
* Splits a chunk into two bignums of equal binary length.
@@ -80,7 +81,7 @@ bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b);
* @param chunk the chunk (data gets allocated)
* @return TRUE on success, FALSE otherwise
*/
-bool openssl_bn2chunk(BIGNUM *bn, chunk_t *chunk);
+bool openssl_bn2chunk(const BIGNUM *bn, chunk_t *chunk);
/**
* Allocate a chunk using the i2d function of a given object
@@ -134,4 +135,42 @@ int openssl_asn1_known_oid(ASN1_OBJECT *obj);
*/
time_t openssl_asn1_to_time(ASN1_TIME *time);
+/**
+ * Macros to define fallback getters/setters to access keys (BIGNUM*) for types
+ * that were made opaque with OpenSSL 1.1.0.
+ */
+#define OPENSSL_KEY_FALLBACK(...) VA_ARGS_DISPATCH(OPENSSL_KEY_FALLBACK, __VA_ARGS__)(__VA_ARGS__)
+#define OPENSSL_KEY_FALLBACK3(type, k1, k2) \
+__attribute__((unused)) \
+static inline void type##_get0(const type *o, const BIGNUM **k1, const BIGNUM **k2) { \
+ if (k1) *k1 = o->k1; \
+ if (k2) *k2 = o->k2; } \
+__attribute__((unused)) \
+static inline int type##_set0(type *o, BIGNUM *k1, BIGNUM *k2) { \
+ if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \
+ if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \
+ return 1; }
+#define OPENSSL_KEY_FALLBACK4(type, name, k1, k2) \
+__attribute__((unused)) \
+static inline void type##_get0_##name(const type *o, const BIGNUM **k1, const BIGNUM **k2) { \
+ if (k1) *k1 = o->k1; \
+ if (k2) *k2 = o->k2; } \
+__attribute__((unused)) \
+static inline int type##_set0_##name(type *o, BIGNUM *k1, BIGNUM *k2) { \
+ if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \
+ if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \
+ return 1; }
+#define OPENSSL_KEY_FALLBACK5(type, name, k1, k2, k3) \
+__attribute__((unused)) \
+static inline void type##_get0_##name(const type *o, const BIGNUM **k1, const BIGNUM **k2, const BIGNUM **k3) { \
+ if (k1) *k1 = o->k1; \
+ if (k2) *k2 = o->k2; \
+ if (k3) *k3 = o->k3; } \
+__attribute__((unused)) \
+static inline int type##_set0_##name(type *o, BIGNUM *k1, BIGNUM *k2, BIGNUM *k3) { \
+ if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \
+ if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \
+ if (k3) { BN_clear_free(o->k3); o->k3 = k3; } \
+ return 1; }
+
#endif /** OPENSSL_UTIL_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 7a5b206..e95eb72 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -60,6 +60,25 @@
#define OPENSSL_NO_RFC3779
#endif
+/* added with 1.0.2 */
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x) {
+ if (psig) { *psig = x->signature; }
+ if (palg) { *palg = x->sig_alg; }
+}
+#endif
+
+/* added with 1.1.0 when X509 etc. was made opaque */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_get0_extensions(x509) ({ (x509)->cert_info->extensions; })
+#define X509_get0_tbs_sigalg(x509) ({ (x509)->cert_info->signature; })
+#define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; })
+#define X509_PUBKEY_get0_param(oid, pk, len, pa, pub) X509_ALGOR_get0(oid, NULL, NULL, (pub)->algor)
+#define X509v3_addr_get_afi v3_addr_get_afi
+#define X509v3_addr_get_range v3_addr_get_range
+#define X509v3_addr_is_canonical v3_addr_is_canonical
+#endif
+
typedef struct private_openssl_x509_t private_openssl_x509_t;
/**
@@ -380,6 +399,7 @@ METHOD(certificate_t, issued_by, bool,
public_key_t *key;
bool valid;
x509_t *x509 = (x509_t*)issuer;
+ ASN1_BIT_STRING *sig;
chunk_t tbs;
if (&this->public.x509.interface == issuer)
@@ -413,9 +433,14 @@ METHOD(certificate_t, issued_by, bool,
{
return FALSE;
}
+ /* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ tbs = openssl_i2chunk(re_X509_tbs, this->x509);
+#else
tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info);
- valid = key->verify(key, this->scheme, tbs,
- openssl_asn1_str2chunk(this->x509->signature));
+#endif
+ X509_get0_signature(&sig, NULL, this->x509);
+ valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig));
free(tbs.ptr);
key->destroy(key);
if (valid && scheme)
@@ -850,7 +875,7 @@ static void parse_ipAddrBlock_ext_fam(private_openssl_x509_t *this,
return;
}
- afi = v3_addr_get_afi(fam);
+ afi = X509v3_addr_get_afi(fam);
switch (afi)
{
case IANA_AFI_IPV4:
@@ -871,7 +896,7 @@ static void parse_ipAddrBlock_ext_fam(private_openssl_x509_t *this,
for (i = 0; i < sk_IPAddressOrRange_num(list); i++)
{
aor = sk_IPAddressOrRange_value(list, i);
- if (v3_addr_get_range(aor, afi, from.ptr, to.ptr, from.len) > 0)
+ if (X509v3_addr_get_range(aor, afi, from.ptr, to.ptr, from.len) > 0)
{
ts = traffic_selector_create_from_bytes(0, type, from, 0, to, 65535);
if (ts)
@@ -897,7 +922,7 @@ static bool parse_ipAddrBlock_ext(private_openssl_x509_t *this,
return FALSE;
}
- if (!v3_addr_is_canonical(blocks))
+ if (!X509v3_addr_is_canonical(blocks))
{
sk_IPAddressFamily_free(blocks);
return FALSE;
@@ -964,7 +989,7 @@ static bool parse_extensions(private_openssl_x509_t *this)
STACK_OF(X509_EXTENSION) *extensions;
int i, num;
- extensions = this->x509->cert_info->extensions;
+ extensions = X509_get0_extensions(this->x509);
if (extensions)
{
num = sk_X509_EXTENSION_num(extensions);
@@ -1041,6 +1066,8 @@ static bool parse_certificate(private_openssl_x509_t *this)
const unsigned char *ptr = this->encoding.ptr;
hasher_t *hasher;
chunk_t chunk;
+ ASN1_OBJECT *oid, *oid_tbs;
+ X509_ALGOR *alg;
this->x509 = d2i_X509(NULL, &ptr, this->encoding.len);
if (!this->x509)
@@ -1057,7 +1084,12 @@ static bool parse_certificate(private_openssl_x509_t *this)
this->subject = openssl_x509_name2id(X509_get_subject_name(this->x509));
this->issuer = openssl_x509_name2id(X509_get_issuer_name(this->x509));
- switch (openssl_asn1_known_oid(this->x509->cert_info->key->algor->algorithm))
+ if (!X509_PUBKEY_get0_param(&oid, NULL, NULL, NULL,
+ X509_get_X509_PUBKEY(this->x509)))
+ {
+ return FALSE;
+ }
+ switch (openssl_asn1_known_oid(oid))
{
case OID_RSA_ENCRYPTION:
this->pubkey = lib->creds->create(lib->creds,
@@ -1086,14 +1118,18 @@ static bool parse_certificate(private_openssl_x509_t *this)
this->notBefore = openssl_asn1_to_time(X509_get_notBefore(this->x509));
this->notAfter = openssl_asn1_to_time(X509_get_notAfter(this->x509));
- if (!chunk_equals(
- openssl_asn1_obj2chunk(this->x509->cert_info->signature->algorithm),
- openssl_asn1_obj2chunk(this->x509->sig_alg->algorithm)))
+ /* while X509_ALGOR_cmp() is declared in the headers of older OpenSSL
+ * versions, at least on Ubuntu 14.04 it is not actually defined */
+ X509_get0_signature(NULL, &alg, this->x509);
+ X509_ALGOR_get0(&oid, NULL, NULL, alg);
+ alg = X509_get0_tbs_sigalg(this->x509);
+ X509_ALGOR_get0(&oid_tbs, NULL, NULL, alg);
+ if (!chunk_equals(openssl_asn1_obj2chunk(oid),
+ openssl_asn1_obj2chunk(oid_tbs)))
{
return FALSE;
}
- this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(
- this->x509->sig_alg->algorithm));
+ this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(oid));
if (!parse_extensions(this))
{
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 2d6006b..e1cf497 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/padlock
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.c b/src/libstrongswan/plugins/padlock/padlock_rng.c
index 517914a..6b337d8 100644
--- a/src/libstrongswan/plugins/padlock/padlock_rng.c
+++ b/src/libstrongswan/plugins/padlock/padlock_rng.c
@@ -81,7 +81,7 @@ METHOD(rng_t, allocate_bytes, bool,
}
METHOD(rng_t, get_bytes, bool,
- private_padlock_rng_t *this, size_t bytes, u_int8_t *buffer)
+ private_padlock_rng_t *this, size_t bytes, uint8_t *buffer)
{
chunk_t chunk;
diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
index 4489b90..107ade0 100644
--- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
+++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
@@ -54,9 +54,9 @@ static void padlock_sha1(int len, u_char *in, u_char *out)
/**
* sha1() a buffer of data into digest
*/
-static void sha1(chunk_t data, u_int32_t *digest)
+static void sha1(chunk_t data, uint32_t *digest)
{
- u_int32_t hash[128] PADLOCK_ALIGN;
+ uint32_t hash[128] PADLOCK_ALIGN;
hash[0] = 0x67452301;
hash[1] = 0xefcdab89;
@@ -91,18 +91,18 @@ METHOD(hasher_t, reset, bool,
}
METHOD(hasher_t, get_hash, bool,
- private_padlock_sha1_hasher_t *this, chunk_t chunk, u_int8_t *hash)
+ private_padlock_sha1_hasher_t *this, chunk_t chunk, uint8_t *hash)
{
if (hash)
{
if (this->data.len)
{
append_data(this, chunk);
- sha1(this->data, (u_int32_t*)hash);
+ sha1(this->data, (uint32_t*)hash);
}
else
{ /* hash directly if no previous data found */
- sha1(chunk, (u_int32_t*)hash);
+ sha1(chunk, (uint32_t*)hash);
}
reset(this);
}
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index 16dfbed..3e6b8d0 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/pem
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pem/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/pem/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index f0e508a..719a2a6 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -93,7 +93,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
chunk_t hash;
chunk_t decrypted;
chunk_t key = {alloca(key_size), key_size};
- u_int8_t padding, *last_padding_pos, *first_padding_pos;
+ uint8_t padding, *last_padding_pos, *first_padding_pos;
/* build key from passphrase and IV */
hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index a558779..e9c85e5 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/pgp
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pgp/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/pgp/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c
index 152e83a..fe0be45 100644
--- a/src/libstrongswan/plugins/pgp/pgp_builder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_builder.c
@@ -26,7 +26,7 @@
*/
static public_key_t *parse_public_key(chunk_t blob)
{
- u_int32_t alg;
+ uint32_t alg;
public_key_t *key;
if (!pgp_read_scalar(&blob, 1, &alg))
@@ -74,7 +74,7 @@ static public_key_t *parse_rsa_public_key(chunk_t blob)
static private_key_t *parse_rsa_private_key(chunk_t blob)
{
chunk_t mpi[6];
- u_int32_t s2k;
+ uint32_t s2k;
int i;
for (i = 0; i < 2; i++)
@@ -143,7 +143,7 @@ static private_key_t *parse_private_key(chunk_t blob)
{
chunk_t packet;
pgp_packet_tag_t tag;
- u_int32_t version, created, days, alg;
+ uint32_t version, created, days, alg;
private_key_t *key;
if (!pgp_read_packet(&blob, &packet, &tag))
diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c
index 89d7094..0ffce4c 100644
--- a/src/libstrongswan/plugins/pgp/pgp_cert.c
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.c
@@ -40,17 +40,17 @@ struct private_pgp_cert_t {
/**
* version of the public key
*/
- u_int32_t version;
+ uint32_t version;
/**
* creation time
*/
- u_int32_t created;
+ uint32_t created;
/**
* days the certificate is valid
*/
- u_int32_t valid;
+ uint32_t valid;
/**
* userid of the certificate
@@ -349,7 +349,7 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
*/
static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
{
- u_int32_t version, len, type, created;
+ uint32_t version, len, type, created;
if (!pgp_read_scalar(&packet, 1, &version))
{
diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c
index bb15627..283bf8c 100644
--- a/src/libstrongswan/plugins/pgp/pgp_utils.c
+++ b/src/libstrongswan/plugins/pgp/pgp_utils.c
@@ -73,9 +73,9 @@ ENUM_END(pgp_packet_tag_names, PGP_PKT_MOD_DETECT_CODE);
/**
* Read a PGP scalar of bytes length, advance blob
*/
-bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar)
+bool pgp_read_scalar(chunk_t *blob, size_t bytes, uint32_t *scalar)
{
- u_int32_t res = 0;
+ uint32_t res = 0;
if (bytes > blob->len)
{
@@ -96,7 +96,7 @@ bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar)
*/
bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi)
{
- u_int32_t bits, bytes;
+ uint32_t bits, bytes;
if (!pgp_read_scalar(blob, 2, &bits))
{
@@ -117,7 +117,7 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi)
/**
* Read length of an PGP old packet length encoding
*/
-static bool pgp_old_packet_length(chunk_t *blob, u_int32_t *length)
+static bool pgp_old_packet_length(chunk_t *blob, uint32_t *length)
{
/* bits 0 and 1 define the packet length type */
u_char type;
@@ -141,7 +141,7 @@ static bool pgp_old_packet_length(chunk_t *blob, u_int32_t *length)
*/
bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag)
{
- u_int32_t len;
+ uint32_t len;
u_char t;
if (!blob->len)
diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.h b/src/libstrongswan/plugins/pgp/pgp_utils.h
index 203a0a8..180292a 100644
--- a/src/libstrongswan/plugins/pgp/pgp_utils.h
+++ b/src/libstrongswan/plugins/pgp/pgp_utils.h
@@ -115,7 +115,7 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi);
* @param scalar resultin scalar
* @return TRUE if scalar parsed successfully
*/
-bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar);
+bool pgp_read_scalar(chunk_t *blob, size_t bytes, uint32_t *scalar);
/**
* Parse a PGP packet.
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index a265818..a61eb1a 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/pkcs1
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs1/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs1/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index f4bded4..61919e3 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/pkcs11
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -790,6 +803,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
index 80079b9..847f031 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
@@ -146,7 +146,7 @@ METHOD(hasher_t, reset, bool,
}
METHOD(hasher_t, get_hash, bool,
- private_pkcs11_hasher_t *this, chunk_t chunk, u_int8_t *hash)
+ private_pkcs11_hasher_t *this, chunk_t chunk, uint8_t *hash)
{
CK_RV rv;
CK_ULONG len;
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index bfc5459..aec4550 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -295,13 +295,19 @@ METHOD(private_key_t, sign, bool,
case SIGN_ECDSA_WITH_SHA256_DER:
case SIGN_ECDSA_WITH_SHA384_DER:
case SIGN_ECDSA_WITH_SHA512_DER:
- /* return an ASN.1 encoded sequence of integers r and s */
+ {
+ chunk_t r, s;
+
+ /* return an ASN.1 encoded sequence of integers r and s, removing
+ * any zero-padding */
len /= 2;
+ r = chunk_skip_zero(chunk_create(buf, len));
+ s = chunk_skip_zero(chunk_create(buf+len, len));
*signature = asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_integer("c", chunk_create(buf, len)),
- asn1_integer("c", chunk_create(buf+len, len)));
+ asn1_integer("c", r), asn1_integer("c", s));
free(buf);
break;
+ }
default:
*signature = chunk_create(buf, len);
break;
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c
index d18028b..7538351 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c
@@ -44,7 +44,7 @@ struct private_pkcs11_rng_t {
};
METHOD(rng_t, get_bytes, bool,
- private_pkcs11_rng_t *this, size_t bytes, u_int8_t *buffer)
+ private_pkcs11_rng_t *this, size_t bytes, uint8_t *buffer)
{
CK_RV rv;
rv = this->lib->f->C_GenerateRandom(this->session, buffer, bytes);
diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in
index 7fd3158..02b7d29 100644
--- a/src/libstrongswan/plugins/pkcs12/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs12/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/pkcs12
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs12/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs12/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c
index 4441b27..82fc0c0 100644
--- a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c
+++ b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c
@@ -324,7 +324,7 @@ end:
* Verify the given MAC with available passwords.
*/
static bool verify_mac(hash_algorithm_t hash, chunk_t salt,
- u_int64_t iterations, chunk_t data, chunk_t mac)
+ uint64_t iterations, chunk_t data, chunk_t mac)
{
integrity_algorithm_t integ;
enumerator_t *enumerator;
@@ -450,7 +450,7 @@ static bool parse_PFX(private_pkcs12_t *this, chunk_t blob)
data = chunk_empty;
hash_algorithm_t hash = HASH_UNKNOWN;
container_t *container = NULL;
- u_int64_t iterations = 0;
+ uint64_t iterations = 0;
bool success = FALSE;
parser = asn1_parser_create(PFXObjects, blob);
diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in
index 5fc439b..5a758aa 100644
--- a/src/libstrongswan/plugins/pkcs7/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/pkcs7
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -404,6 +417,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs7/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs7/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -785,6 +798,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index 162868a..92f751a 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/pkcs8
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs8/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs8/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/plugin_feature.c b/src/libstrongswan/plugins/plugin_feature.c
index 0ea5eea..4c92c41 100644
--- a/src/libstrongswan/plugins/plugin_feature.c
+++ b/src/libstrongswan/plugins/plugin_feature.c
@@ -57,7 +57,7 @@ ENUM(plugin_feature_names, FEATURE_NONE, FEATURE_CUSTOM,
/**
* See header.
*/
-u_int32_t plugin_feature_hash(plugin_feature_t *feature)
+uint32_t plugin_feature_hash(plugin_feature_t *feature)
{
chunk_t data = chunk_empty;
diff --git a/src/libstrongswan/plugins/plugin_feature.h b/src/libstrongswan/plugins/plugin_feature.h
index 03f1ba8..ee7808a 100644
--- a/src/libstrongswan/plugins/plugin_feature.h
+++ b/src/libstrongswan/plugins/plugin_feature.h
@@ -362,7 +362,7 @@ static inline void plugin_features_add(plugin_feature_t *features,
* @param feature feature to hash
* @return hash value of the feature
*/
-u_int32_t plugin_feature_hash(plugin_feature_t *feature);
+uint32_t plugin_feature_hash(plugin_feature_t *feature);
/**
* Check if feature a matches to feature b.
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index 01d0495..5787eac 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -1024,6 +1024,15 @@ static int plugin_priority_cmp(const plugin_priority_t *a,
return diff;
}
+/**
+ * Convert enumerated plugin_priority_t to a plugin name
+ */
+static bool plugin_priority_filter(void *null, plugin_priority_t **prio,
+ char **name)
+{
+ *name = (*prio)->name;
+ return TRUE;
+}
/**
* Determine the list of plugins to load via load option in each plugin's
@@ -1036,12 +1045,7 @@ static char *modular_pluginlist(char *list)
plugin_priority_t item, *current, found;
char *plugin, *plugins = NULL;
int i = 0, max_prio;
-
- if (!lib->settings->get_bool(lib->settings, "%s.load_modular", FALSE,
- lib->ns))
- {
- return list;
- }
+ bool load_def = FALSE;
given = array_create(sizeof(plugin_priority_t), 0);
final = array_create(sizeof(plugin_priority_t), 0);
@@ -1058,16 +1062,26 @@ static char *modular_pluginlist(char *list)
/* the maximum priority used for plugins not found in this list */
max_prio = i + 1;
- enumerator = lib->settings->create_section_enumerator(lib->settings,
+ if (lib->settings->get_bool(lib->settings, "%s.load_modular", FALSE,
+ lib->ns))
+ {
+ enumerator = lib->settings->create_section_enumerator(lib->settings,
"%s.plugins", lib->ns);
+ }
+ else
+ {
+ enumerator = enumerator_create_filter(array_create_enumerator(given),
+ (void*)plugin_priority_filter, NULL, NULL);
+ load_def = TRUE;
+ }
while (enumerator->enumerate(enumerator, &plugin))
{
item.prio = lib->settings->get_int(lib->settings,
- "%s.plugins.%s.load", 0, lib->ns, plugin);
+ "%s.plugins.%s.load", 0, lib->ns, plugin);
if (!item.prio)
{
if (!lib->settings->get_bool(lib->settings,
- "%s.plugins.%s.load", FALSE, lib->ns, plugin))
+ "%s.plugins.%s.load", load_def, lib->ns, plugin))
{
continue;
}
@@ -1083,7 +1097,6 @@ static char *modular_pluginlist(char *list)
array_insert(final, ARRAY_TAIL, &item);
}
enumerator->destroy(enumerator);
- array_destroy_function(given, (void*)plugin_priority_free, NULL);
array_sort(final, (void*)plugin_priority_cmp, NULL);
@@ -1100,6 +1113,7 @@ static char *modular_pluginlist(char *list)
free(prev);
}
enumerator->destroy(enumerator);
+ array_destroy_function(given, (void*)plugin_priority_free, NULL);
array_destroy(final);
return plugins;
}
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index 007bdbd..c5decc3 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/pubkey
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index f6dc73e..b78e627 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/random
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c
index 177b3c2..3760630 100644
--- a/src/libstrongswan/plugins/random/random_rng.c
+++ b/src/libstrongswan/plugins/random/random_rng.c
@@ -41,7 +41,7 @@ struct private_random_rng_t {
};
METHOD(rng_t, get_bytes, bool,
- private_random_rng_t *this, size_t bytes, u_int8_t *buffer)
+ private_random_rng_t *this, size_t bytes, uint8_t *buffer)
{
size_t done;
ssize_t got;
diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in
index b9fc8bd..51f6a17 100644
--- a/src/libstrongswan/plugins/rc2/Makefile.in
+++ b/src/libstrongswan/plugins/rc2/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/rc2
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/rc2/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/rc2/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/rc2/rc2_crypter.c b/src/libstrongswan/plugins/rc2/rc2_crypter.c
index 256acf8..d9681e8 100644
--- a/src/libstrongswan/plugins/rc2/rc2_crypter.c
+++ b/src/libstrongswan/plugins/rc2/rc2_crypter.c
@@ -19,11 +19,11 @@ typedef struct private_rc2_crypter_t private_rc2_crypter_t;
#define RC2_BLOCK_SIZE 8
-#define ROL16(x, k) ({ u_int16_t _x = (x); (_x << (k)) | (_x >> (16 - (k))); })
-#define ROR16(x, k) ({ u_int16_t _x = (x); (_x >> (k)) | (_x << (16 - (k))); })
+#define ROL16(x, k) ({ uint16_t _x = (x); (_x << (k)) | (_x >> (16 - (k))); })
+#define ROR16(x, k) ({ uint16_t _x = (x); (_x >> (k)) | (_x << (16 - (k))); })
-#define GET16(x) ({ u_char *_x = (x); (u_int16_t)_x[0] | ((u_int16_t)_x[1] << 8); })
-#define PUT16(x, v) ({ u_char *_x = (x); u_int16_t _v = (v); _x[0] = _v, _x[1] = _v >> 8; })
+#define GET16(x) ({ u_char *_x = (x); (uint16_t)_x[0] | ((uint16_t)_x[1] << 8); })
+#define PUT16(x, v) ({ u_char *_x = (x); uint16_t _v = (v); _x[0] = _v, _x[1] = _v >> 8; })
/**
* Private data of rc2_crypter_t
@@ -38,7 +38,7 @@ struct private_rc2_crypter_t {
/**
* The expanded key in 16-bit words
*/
- u_int16_t K[64];
+ uint16_t K[64];
/**
* Key size in bytes
@@ -95,7 +95,7 @@ static const u_char PITABLE[256] =
*/
static void encrypt_block(private_rc2_crypter_t *this, u_char R[])
{
- register u_int16_t R0, R1, R2, R3, *Kj;
+ register uint16_t R0, R1, R2, R3, *Kj;
int rounds = 3, mix = 5;
R0 = GET16(R);
@@ -139,7 +139,7 @@ static void encrypt_block(private_rc2_crypter_t *this, u_char R[])
*/
static void decrypt_block(private_rc2_crypter_t *this, u_char R[])
{
- register u_int16_t R0, R1, R2, R3, *Kj;
+ register uint16_t R0, R1, R2, R3, *Kj;
int rounds = 3, mix = 5;
R0 = GET16(R);
@@ -185,7 +185,7 @@ static void decrypt_block(private_rc2_crypter_t *this, u_char R[])
METHOD(crypter_t, decrypt, bool,
private_rc2_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
- u_int8_t *in, *out, *prev;
+ uint8_t *in, *out, *prev;
if (data.len % RC2_BLOCK_SIZE || iv.len != RC2_BLOCK_SIZE)
{
@@ -222,7 +222,7 @@ METHOD(crypter_t, decrypt, bool,
METHOD(crypter_t, encrypt, bool,
private_rc2_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
- u_int8_t *in, *out, *end, *prev;
+ uint8_t *in, *out, *end, *prev;
if (data.len % RC2_BLOCK_SIZE || iv.len != RC2_BLOCK_SIZE)
{
@@ -273,7 +273,7 @@ METHOD(crypter_t, get_key_size, size_t,
METHOD(crypter_t, set_key, bool,
private_rc2_crypter_t *this, chunk_t key)
{
- u_int8_t L[128], T8, TM, idx;
+ uint8_t L[128], T8, TM, idx;
int i;
if (key.len != this->T)
diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in
index f6bdf9c..ff853b6 100644
--- a/src/libstrongswan/plugins/rdrand/Makefile.in
+++ b/src/libstrongswan/plugins/rdrand/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/rdrand
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/rdrand/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/rdrand/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/rdrand/rdrand_rng.c b/src/libstrongswan/plugins/rdrand/rdrand_rng.c
index fa66f3a..b7225b6 100644
--- a/src/libstrongswan/plugins/rdrand/rdrand_rng.c
+++ b/src/libstrongswan/plugins/rdrand/rdrand_rng.c
@@ -54,7 +54,7 @@ struct private_rdrand_rng_t {
/**
* Get a two byte word using RDRAND
*/
-static bool rdrand16(u_int16_t *out)
+static bool rdrand16(uint16_t *out)
{
u_char res;
int i;
@@ -76,7 +76,7 @@ static bool rdrand16(u_int16_t *out)
/**
* Get a four byte word using RDRAND
*/
-static bool rdrand32(u_int32_t *out)
+static bool rdrand32(uint32_t *out)
{
u_char res;
int i;
@@ -99,7 +99,7 @@ static bool rdrand32(u_int32_t *out)
/**
* Get a eight byte word using RDRAND
*/
-static bool rdrand64(u_int64_t *out)
+static bool rdrand64(uint64_t *out)
{
u_char res;
int i;
@@ -122,9 +122,9 @@ static bool rdrand64(u_int64_t *out)
/**
* Get a one byte word using RDRAND
*/
-static bool rdrand8(u_int8_t *out)
+static bool rdrand8(uint8_t *out)
{
- u_int16_t u16;
+ uint16_t u16;
if (!rdrand16(&u16))
{
@@ -141,15 +141,15 @@ static bool rdrand128(void *out)
{
#ifdef __x86_64__
if (!rdrand64(out) ||
- !rdrand64(out + sizeof(u_int64_t)))
+ !rdrand64(out + sizeof(uint64_t)))
{
return FALSE;
}
#else /* __i386__ */
if (!rdrand32(out) ||
- !rdrand32(out + 1 * sizeof(u_int32_t)) ||
- !rdrand32(out + 2 * sizeof(u_int32_t)) ||
- !rdrand32(out + 3 * sizeof(u_int32_t)))
+ !rdrand32(out + 1 * sizeof(uint32_t)) ||
+ !rdrand32(out + 2 * sizeof(uint32_t)) ||
+ !rdrand32(out + 3 * sizeof(uint32_t)))
{
return FALSE;
}
@@ -165,9 +165,9 @@ static bool reseed()
int i;
#ifdef __x86_64__
- u_int64_t tmp;
+ uint64_t tmp;
- for (i = 0; i < 511 * 16 / sizeof(u_int64_t); i++)
+ for (i = 0; i < 511 * 16 / sizeof(uint64_t); i++)
{
if (!rdrand64(&tmp))
{
@@ -175,9 +175,9 @@ static bool reseed()
}
}
#else /* __i386__ */
- u_int32_t tmp;
+ uint32_t tmp;
- for (i = 0; i < 511 * 16 / sizeof(u_int32_t); i++)
+ for (i = 0; i < 511 * 16 / sizeof(uint32_t); i++)
{
if (!rdrand32(&tmp))
{
@@ -202,48 +202,48 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk)
}
/* align to 2 byte */
- if (chunk.len >= sizeof(u_int8_t))
+ if (chunk.len >= sizeof(uint8_t))
{
if ((uintptr_t)chunk.ptr % 2)
{
- if (!rdrand8((u_int8_t*)chunk.ptr))
+ if (!rdrand8((uint8_t*)chunk.ptr))
{
return FALSE;
}
- chunk = chunk_skip(chunk, sizeof(u_int8_t));
+ chunk = chunk_skip(chunk, sizeof(uint8_t));
}
}
/* align to 4 byte */
- if (chunk.len >= sizeof(u_int16_t))
+ if (chunk.len >= sizeof(uint16_t))
{
if ((uintptr_t)chunk.ptr % 4)
{
- if (!rdrand16((u_int16_t*)chunk.ptr))
+ if (!rdrand16((uint16_t*)chunk.ptr))
{
return FALSE;
}
- chunk = chunk_skip(chunk, sizeof(u_int16_t));
+ chunk = chunk_skip(chunk, sizeof(uint16_t));
}
}
#ifdef __x86_64__
/* align to 8 byte */
- if (chunk.len >= sizeof(u_int32_t))
+ if (chunk.len >= sizeof(uint32_t))
{
if ((uintptr_t)chunk.ptr % 8)
{
- if (!rdrand32((u_int32_t*)chunk.ptr))
+ if (!rdrand32((uint32_t*)chunk.ptr))
{
return FALSE;
}
- chunk = chunk_skip(chunk, sizeof(u_int32_t));
+ chunk = chunk_skip(chunk, sizeof(uint32_t));
}
}
/* fill with 8 byte words */
- while (chunk.len >= sizeof(u_int64_t))
+ while (chunk.len >= sizeof(uint64_t))
{
if (this->quality == RNG_STRONG && chunk.len % FORCE_RESEED == 0)
{
@@ -252,27 +252,27 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk)
return FALSE;
}
}
- if (!rdrand64((u_int64_t*)chunk.ptr))
+ if (!rdrand64((uint64_t*)chunk.ptr))
{
return FALSE;
}
- chunk = chunk_skip(chunk, sizeof(u_int64_t));
+ chunk = chunk_skip(chunk, sizeof(uint64_t));
}
/* append 4 byte word */
- if (chunk.len >= sizeof(u_int32_t))
+ if (chunk.len >= sizeof(uint32_t))
{
- if (!rdrand32((u_int32_t*)chunk.ptr))
+ if (!rdrand32((uint32_t*)chunk.ptr))
{
return FALSE;
}
- chunk = chunk_skip(chunk, sizeof(u_int32_t));
+ chunk = chunk_skip(chunk, sizeof(uint32_t));
}
#else /* __i386__ */
/* fill with 4 byte words */
- while (chunk.len >= sizeof(u_int32_t))
+ while (chunk.len >= sizeof(uint32_t))
{
if (this->quality == RNG_STRONG && chunk.len % FORCE_RESEED == 0)
{
@@ -281,11 +281,11 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk)
return FALSE;
}
}
- if (!rdrand32((u_int32_t*)chunk.ptr))
+ if (!rdrand32((uint32_t*)chunk.ptr))
{
return FALSE;
}
- chunk = chunk_skip(chunk, sizeof(u_int32_t));
+ chunk = chunk_skip(chunk, sizeof(uint32_t));
}
#endif /* __x86_64__ / __i386__ */
@@ -299,23 +299,23 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk)
}
/* append 2 byte word */
- if (chunk.len >= sizeof(u_int16_t))
+ if (chunk.len >= sizeof(uint16_t))
{
- if (!rdrand16((u_int16_t*)chunk.ptr))
+ if (!rdrand16((uint16_t*)chunk.ptr))
{
return FALSE;
}
- chunk = chunk_skip(chunk, sizeof(u_int16_t));
+ chunk = chunk_skip(chunk, sizeof(uint16_t));
}
/* append 1 byte word */
- if (chunk.len >= sizeof(u_int8_t))
+ if (chunk.len >= sizeof(uint8_t))
{
- if (!rdrand8((u_int8_t*)chunk.ptr))
+ if (!rdrand8((uint8_t*)chunk.ptr))
{
return FALSE;
}
- chunk = chunk_skip(chunk, sizeof(u_int8_t));
+ chunk = chunk_skip(chunk, sizeof(uint8_t));
}
return TRUE;
@@ -378,7 +378,7 @@ static bool rdrand_mixed(private_rdrand_rng_t *this, chunk_t chunk)
}
METHOD(rng_t, get_bytes, bool,
- private_rdrand_rng_t *this, size_t bytes, u_int8_t *buffer)
+ private_rdrand_rng_t *this, size_t bytes, uint8_t *buffer)
{
switch (this->quality)
{
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index 4c7f272..e6ce519 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/revocation
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/revocation/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/revocation/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index 1de07d7..14d3430 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/sha1
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c
index b51a261..fca65df 100644
--- a/src/libstrongswan/plugins/sha1/sha1_hasher.c
+++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c
@@ -59,20 +59,20 @@ struct private_sha1_hasher_t {
/*
* State of the hasher. Shared with sha1_prf.c, do not change it!!!
*/
- u_int32_t state[5];
- u_int32_t count[2];
- u_int8_t buffer[64];
+ uint32_t state[5];
+ uint32_t count[2];
+ uint8_t buffer[64];
};
/*
* Hash a single 512-bit block. This is the core of the algorithm. *
*/
-static void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64])
+static void SHA1Transform(uint32_t state[5], const unsigned char buffer[64])
{
- u_int32_t a, b, c, d, e;
+ uint32_t a, b, c, d, e;
typedef union {
- u_int8_t c[64];
- u_int32_t l[16];
+ uint8_t c[64];
+ uint32_t l[16];
} CHAR64LONG16;
CHAR64LONG16 block[1]; /* use array to appear as a pointer */
memcpy(block, buffer, 64);
@@ -118,10 +118,10 @@ static void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64])
/**
* Run your data through this. Also used in sha1_prf.
*/
-void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len)
+void SHA1Update(private_sha1_hasher_t* this, uint8_t *data, uint32_t len)
{
- u_int32_t i;
- u_int32_t j;
+ uint32_t i;
+ uint32_t j;
j = this->count[0];
if ((this->count[0] += len << 3) < j)
@@ -151,15 +151,15 @@ void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len)
/*
* Add padding and return the message digest.
*/
-static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest)
+static void SHA1Final(private_sha1_hasher_t *this, uint8_t *digest)
{
- u_int32_t i;
- u_int8_t finalcount[8];
- u_int8_t c;
+ uint32_t i;
+ uint8_t finalcount[8];
+ uint8_t c;
for (i = 0; i < 8; i++)
{
- finalcount[i] = (u_int8_t)((this->count[(i >= 4 ? 0 : 1)]
+ finalcount[i] = (uint8_t)((this->count[(i >= 4 ? 0 : 1)]
>> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
}
c = 0200;
@@ -172,7 +172,7 @@ static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest)
SHA1Update(this, finalcount, 8); /* Should cause a SHA1Transform() */
for (i = 0; i < 20; i++)
{
- digest[i] = (u_int8_t)((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
+ digest[i] = (uint8_t)((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
}
}
@@ -191,7 +191,7 @@ METHOD(hasher_t, reset, bool,
}
METHOD(hasher_t, get_hash, bool,
- private_sha1_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
+ private_sha1_hasher_t *this, chunk_t chunk, uint8_t *buffer)
{
SHA1Update(this, chunk.ptr, chunk.len);
if (buffer != NULL)
diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c
index cc4924a..464f4c9 100644
--- a/src/libstrongswan/plugins/sha1/sha1_prf.c
+++ b/src/libstrongswan/plugins/sha1/sha1_prf.c
@@ -33,9 +33,9 @@ struct private_sha1_hasher_t {
/*
* State of the hasher. From sha1_hasher.c, do not change it!
*/
- u_int32_t state[5];
- u_int32_t count[2];
- u_int8_t buffer[64];
+ uint32_t state[5];
+ uint32_t count[2];
+ uint8_t buffer[64];
};
/**
@@ -57,12 +57,12 @@ struct private_sha1_prf_t {
/**
* From sha1_hasher.c
*/
-extern void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len);
+extern void SHA1Update(private_sha1_hasher_t* this, uint8_t *data, uint32_t len);
METHOD(prf_t, get_bytes, bool,
- private_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes)
+ private_sha1_prf_t *this, chunk_t seed, uint8_t *bytes)
{
- u_int32_t *hash = (u_int32_t*)bytes;
+ uint32_t *hash = (uint32_t*)bytes;
SHA1Update(this->hasher, seed.ptr, seed.len);
@@ -98,14 +98,14 @@ METHOD(prf_t, set_key, bool,
private_sha1_prf_t *this, chunk_t key)
{
int i, rounds;
- u_int32_t *iv = (u_int32_t*)key.ptr;
+ uint32_t *iv = (uint32_t*)key.ptr;
if (!this->hasher->public.hasher_interface.reset(
&this->hasher->public.hasher_interface))
{
return FALSE;
}
- rounds = min(key.len/sizeof(u_int32_t), sizeof(this->hasher->state));
+ rounds = min(key.len/sizeof(uint32_t), sizeof(this->hasher->state));
for (i = 0; i < rounds; i++)
{
this->hasher->state[i] ^= htonl(iv[i]);
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index d4af8fb..de34150 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/sha2
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c
index 1c6dd25..89e7675 100644
--- a/src/libstrongswan/plugins/sha2/sha2_hasher.c
+++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c
@@ -33,9 +33,9 @@ struct private_sha512_hasher_t {
sha2_hasher_t public;
unsigned char sha_out[128]; /* results are here, bytes 0..47/0..63 */
- u_int64_t sha_H[8];
- u_int64_t sha_blocks;
- u_int64_t sha_blocksMSB;
+ uint64_t sha_H[8];
+ uint64_t sha_blocks;
+ uint64_t sha_blocksMSB;
int sha_bufCnt;
};
@@ -52,23 +52,23 @@ struct private_sha256_hasher_t {
sha2_hasher_t public;
unsigned char sha_out[64]; /* results are here, bytes 0...31 */
- u_int32_t sha_H[8];
- u_int64_t sha_blocks;
+ uint32_t sha_H[8];
+ uint64_t sha_blocks;
int sha_bufCnt;
};
-static const u_int32_t sha224_hashInit[8] = {
+static const uint32_t sha224_hashInit[8] = {
0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511,
0x64f98fa7, 0xbefa4fa4
};
-static const u_int32_t sha256_hashInit[8] = {
+static const uint32_t sha256_hashInit[8] = {
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c,
0x1f83d9ab, 0x5be0cd19
};
-static const u_int32_t sha256_K[64] = {
+static const uint32_t sha256_K[64] = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
@@ -82,19 +82,19 @@ static const u_int32_t sha256_K[64] = {
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
-static const u_int64_t sha512_hashInit[8] = {
+static const uint64_t sha512_hashInit[8] = {
0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL,
0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
};
-static const u_int64_t sha384_hashInit[8] = {
+static const uint64_t sha384_hashInit[8] = {
0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL,
0x152fecd8f70e5939ULL, 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL,
0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL
};
-static const u_int64_t sha512_K[80] = {
+static const uint64_t sha512_K[80] = {
0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
@@ -143,14 +143,14 @@ static void sha256_transform(private_sha256_hasher_t *ctx,
const unsigned char *datap)
{
register int j;
- u_int32_t a, b, c, d, e, f, g, h;
- u_int32_t T1, T2, W[64], Wm2, Wm15;
+ uint32_t a, b, c, d, e, f, g, h;
+ uint32_t T1, T2, W[64], Wm2, Wm15;
/* read the data, big endian byte order */
j = 0;
do {
- W[j] = (((u_int32_t)(datap[0]))<<24) | (((u_int32_t)(datap[1]))<<16) |
- (((u_int32_t)(datap[2]))<<8 ) | ((u_int32_t)(datap[3]));
+ W[j] = (((uint32_t)(datap[0]))<<24) | (((uint32_t)(datap[1]))<<16) |
+ (((uint32_t)(datap[2]))<<8 ) | ((uint32_t)(datap[3]));
datap += 4;
} while(++j < 16);
@@ -229,8 +229,8 @@ static void sha256_write(private_sha256_hasher_t *ctx,
static void sha256_final(private_sha256_hasher_t *ctx)
{
register int j;
- u_int64_t bitLength;
- u_int32_t i;
+ uint64_t bitLength;
+ uint32_t i;
unsigned char padByte, *datap;
bitLength = (ctx->sha_blocks << 9) | (ctx->sha_bufCnt << 3);
@@ -287,16 +287,16 @@ static void sha512_transform(private_sha512_hasher_t *ctx,
const unsigned char *datap)
{
register int j;
- u_int64_t a, b, c, d, e, f, g, h;
- u_int64_t T1, T2, W[80], Wm2, Wm15;
+ uint64_t a, b, c, d, e, f, g, h;
+ uint64_t T1, T2, W[80], Wm2, Wm15;
/* read the data, big endian byte order */
j = 0;
do {
- W[j] = (((u_int64_t)(datap[0]))<<56) | (((u_int64_t)(datap[1]))<<48) |
- (((u_int64_t)(datap[2]))<<40) | (((u_int64_t)(datap[3]))<<32) |
- (((u_int64_t)(datap[4]))<<24) | (((u_int64_t)(datap[5]))<<16) |
- (((u_int64_t)(datap[6]))<<8 ) | ((u_int64_t)(datap[7]));
+ W[j] = (((uint64_t)(datap[0]))<<56) | (((uint64_t)(datap[1]))<<48) |
+ (((uint64_t)(datap[2]))<<40) | (((uint64_t)(datap[3]))<<32) |
+ (((uint64_t)(datap[4]))<<24) | (((uint64_t)(datap[5]))<<16) |
+ (((uint64_t)(datap[6]))<<8 ) | ((uint64_t)(datap[7]));
datap += 8;
} while(++j < 16);
@@ -374,8 +374,8 @@ static void sha512_write(private_sha512_hasher_t *ctx,
static void sha512_final(private_sha512_hasher_t *ctx)
{
register int j;
- u_int64_t bitLength, bitLengthMSB;
- u_int64_t i;
+ uint64_t bitLength, bitLengthMSB;
+ uint64_t i;
unsigned char padByte, *datap;
bitLength = (ctx->sha_blocks << 10) | (ctx->sha_bufCnt << 3);
@@ -469,7 +469,7 @@ METHOD(hasher_t, reset512, bool,
}
METHOD(hasher_t, get_hash224, bool,
- private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
+ private_sha256_hasher_t *this, chunk_t chunk, uint8_t *buffer)
{
sha256_write(this, chunk.ptr, chunk.len);
if (buffer != NULL)
@@ -482,7 +482,7 @@ METHOD(hasher_t, get_hash224, bool,
}
METHOD(hasher_t, get_hash256, bool,
- private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
+ private_sha256_hasher_t *this, chunk_t chunk, uint8_t *buffer)
{
sha256_write(this, chunk.ptr, chunk.len);
if (buffer != NULL)
@@ -495,7 +495,7 @@ METHOD(hasher_t, get_hash256, bool,
}
METHOD(hasher_t, get_hash384, bool,
- private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
+ private_sha512_hasher_t *this, chunk_t chunk, uint8_t *buffer)
{
sha512_write(this, chunk.ptr, chunk.len);
if (buffer != NULL)
@@ -508,7 +508,7 @@ METHOD(hasher_t, get_hash384, bool,
}
METHOD(hasher_t, get_hash512, bool,
- private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
+ private_sha512_hasher_t *this, chunk_t chunk, uint8_t *buffer)
{
sha512_write(this, chunk.ptr, chunk.len);
if (buffer != NULL)
diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in
index 9aa58e2..0d29fcb 100644
--- a/src/libstrongswan/plugins/sha3/Makefile.in
+++ b/src/libstrongswan/plugins/sha3/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/sha3
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha3/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/sha3/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index acb05d5..6563f83 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/soup
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -401,6 +414,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/soup/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/soup/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index ca59bb7..268730e 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/sqlite
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in
index feb9313..d50b295 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.in
+++ b/src/libstrongswan/plugins/sshkey/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/sshkey
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sshkey/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/sshkey/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index 431b607..6721909 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/test_vectors
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -219,12 +228,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -274,6 +285,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -308,6 +320,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -419,6 +432,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -510,7 +524,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -939,6 +952,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in
index 59590d1..ea27fd3 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/unbound/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/unbound
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -464,7 +478,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/unbound/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/unbound/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -780,6 +793,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in
index acfc57b..0bf311c 100644
--- a/src/libstrongswan/plugins/winhttp/Makefile.in
+++ b/src/libstrongswan/plugins/winhttp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/winhttp
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -403,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/winhttp/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/winhttp/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c b/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c
index 5f0b584..da56954 100644
--- a/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c
+++ b/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c
@@ -120,7 +120,7 @@ static bool read_result(private_winhttp_fetcher_t *this, HINTERNET request,
{
DWORD received;
char buf[1024];
- u_int32_t code;
+ uint32_t code;
DWORD codelen = sizeof(code);
if (!WinHttpReceiveResponse(request, NULL))
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index c58dfe2..6288e0f 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/x509
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +415,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -464,7 +478,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -783,6 +796,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index bfc2004..aea8eb5 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -706,6 +706,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this)
if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &keyIdentifier))
{
this->authKeyIdentifier = chunk_clone(keyIdentifier);
+ keyIdentifier = asn1_simple_object(ASN1_CONTEXT_S_0, keyIdentifier);
}
public->destroy(public);
}
@@ -716,7 +717,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this)
return asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_build_known_oid(OID_AUTHORITY_KEY_ID),
asn1_wrap(ASN1_OCTET_STRING, "m",
- asn1_wrap(ASN1_SEQUENCE, "cmm",
+ asn1_wrap(ASN1_SEQUENCE, "mmm",
keyIdentifier,
authorityCertIssuer,
authorityCertSerialNumber
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 6f69fb1..98fad6f 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libstrongswan/plugins/xcbc
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -400,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c
index d852a29..820298e 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@@ -40,7 +40,7 @@ struct private_mac_t {
/**
* Block size, in bytes
*/
- u_int8_t b;
+ uint8_t b;
/**
* crypter using k1
@@ -50,22 +50,22 @@ struct private_mac_t {
/**
* k2
*/
- u_int8_t *k2;
+ uint8_t *k2;
/**
* k3
*/
- u_int8_t *k3;
+ uint8_t *k3;
/**
* E
*/
- u_int8_t *e;
+ uint8_t *e;
/**
* remaining, unprocessed bytes in append mode
*/
- u_int8_t *remaining;
+ uint8_t *remaining;
/**
* number of bytes in remaining
@@ -138,7 +138,7 @@ static bool update(private_mac_t *this, chunk_t data)
/**
* run last round, data is in this->e
*/
-static bool final(private_mac_t *this, u_int8_t *out)
+static bool final(private_mac_t *this, uint8_t *out)
{
chunk_t iv;
@@ -193,7 +193,7 @@ static bool final(private_mac_t *this, u_int8_t *out)
}
METHOD(mac_t, get_mac, bool,
- private_mac_t *this, chunk_t data, u_int8_t *out)
+ private_mac_t *this, chunk_t data, uint8_t *out)
{
/* update E, do not process last block */
if (!update(this, data))
@@ -294,7 +294,7 @@ static mac_t *xcbc_create(encryption_algorithm_t algo, size_t key_size)
{
private_mac_t *this;
crypter_t *crypter;
- u_int8_t b;
+ uint8_t b;
crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size);
if (!crypter)
diff --git a/src/libstrongswan/processing/jobs/job.h b/src/libstrongswan/processing/jobs/job.h
index 6445471..5b3a8a3 100644
--- a/src/libstrongswan/processing/jobs/job.h
+++ b/src/libstrongswan/processing/jobs/job.h
@@ -96,7 +96,7 @@ struct job_requeue_t {
} schedule;
/** Time to reschedule the job */
union {
- u_int32_t rel;
+ uint32_t rel;
timeval_t abs;
} time;
};
diff --git a/src/libstrongswan/processing/scheduler.c b/src/libstrongswan/processing/scheduler.c
index d908525..3747429 100644
--- a/src/libstrongswan/processing/scheduler.c
+++ b/src/libstrongswan/processing/scheduler.c
@@ -276,7 +276,7 @@ METHOD(scheduler_t, schedule_job_tv, void,
}
METHOD(scheduler_t, schedule_job, void,
- private_scheduler_t *this, job_t *job, u_int32_t s)
+ private_scheduler_t *this, job_t *job, uint32_t s)
{
timeval_t tv;
@@ -287,7 +287,7 @@ METHOD(scheduler_t, schedule_job, void,
}
METHOD(scheduler_t, schedule_job_ms, void,
- private_scheduler_t *this, job_t *job, u_int32_t ms)
+ private_scheduler_t *this, job_t *job, uint32_t ms)
{
timeval_t tv, add;
diff --git a/src/libstrongswan/processing/scheduler.h b/src/libstrongswan/processing/scheduler.h
index 7f91fcc..1cd96d9 100644
--- a/src/libstrongswan/processing/scheduler.h
+++ b/src/libstrongswan/processing/scheduler.h
@@ -86,7 +86,7 @@ struct scheduler_t {
* @param job job to schedule
* @param time relative time to schedule job, in s
*/
- void (*schedule_job) (scheduler_t *this, job_t *job, u_int32_t s);
+ void (*schedule_job) (scheduler_t *this, job_t *job, uint32_t s);
/**
* Adds a event to the queue, using a relative time offset in ms.
@@ -94,7 +94,7 @@ struct scheduler_t {
* @param job job to schedule
* @param time relative time to schedule job, in ms
*/
- void (*schedule_job_ms) (scheduler_t *this, job_t *job, u_int32_t ms);
+ void (*schedule_job_ms) (scheduler_t *this, job_t *job, uint32_t ms);
/**
* Adds a event to the queue, using an absolut time.
diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c
index a6298b3..da3ba97 100644
--- a/src/libstrongswan/selectors/traffic_selector.c
+++ b/src/libstrongswan/selectors/traffic_selector.c
@@ -52,7 +52,7 @@ struct private_traffic_selector_t {
/**
* IP protocol (UDP, TCP, ICMP, ...)
*/
- u_int8_t protocol;
+ uint8_t protocol;
/**
* narrow this traffic selector to hosts external ip
@@ -63,7 +63,7 @@ struct private_traffic_selector_t {
/**
* subnet size in CIDR notation, 255 means a non-subnet address range
*/
- u_int8_t netbits;
+ uint8_t netbits;
/**
* begin of address range, network order
@@ -72,9 +72,9 @@ struct private_traffic_selector_t {
/** dummy char for common address manipulation */
char from[0];
/** IPv4 address */
- u_int32_t from4[1];
+ uint32_t from4[1];
/** IPv6 address */
- u_int32_t from6[4];
+ uint32_t from6[4];
};
/**
@@ -84,30 +84,30 @@ struct private_traffic_selector_t {
/** dummy char for common address manipulation */
char to[0];
/** IPv4 address */
- u_int32_t to4[1];
+ uint32_t to4[1];
/** IPv6 address */
- u_int32_t to6[4];
+ uint32_t to6[4];
};
/**
* begin of port range
*/
- u_int16_t from_port;
+ uint16_t from_port;
/**
* end of port range
*/
- u_int16_t to_port;
+ uint16_t to_port;
};
/**
* calculate the "to"-address for the "from" address and a subnet size
*/
-static void calc_range(private_traffic_selector_t *this, u_int8_t netbits)
+static void calc_range(private_traffic_selector_t *this, uint8_t netbits)
{
size_t len;
int bytes, bits;
- u_int8_t mask;
+ uint8_t mask;
this->netbits = netbits;
@@ -126,10 +126,10 @@ static void calc_range(private_traffic_selector_t *this, u_int8_t netbits)
/**
* calculate the subnet size from the "to" and "from" addresses
*/
-static u_int8_t calc_netbits(private_traffic_selector_t *this)
+static uint8_t calc_netbits(private_traffic_selector_t *this)
{
int byte, bit;
- u_int8_t netbits;
+ uint8_t netbits;
size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
bool prefix = TRUE;
@@ -144,7 +144,7 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this)
{
for (bit = 7; bit >= 0; bit--)
{
- u_int8_t bitmask = 1 << bit;
+ uint8_t bitmask = 1 << bit;
if (prefix)
{
@@ -173,8 +173,8 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this)
/**
* internal generic constructor
*/
-static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol,
- ts_type_t type, u_int16_t from_port, u_int16_t to_port);
+static private_traffic_selector_t *traffic_selector_create(uint8_t protocol,
+ ts_type_t type, uint16_t from_port, uint16_t to_port);
/**
* Check if TS contains "opaque" ports
@@ -195,9 +195,9 @@ static bool is_any(private_traffic_selector_t *this)
/**
* Print ICMP/ICMPv6 type and code
*/
-static int print_icmp(printf_hook_data_t *data, u_int16_t port)
+static int print_icmp(printf_hook_data_t *data, uint16_t port)
{
- u_int8_t type, code;
+ uint8_t type, code;
type = traffic_selector_icmp_type(port);
code = traffic_selector_icmp_code(port);
@@ -222,7 +222,7 @@ int traffic_selector_printf_hook(printf_hook_data_t *data,
char *serv_proto = NULL, *sep = "";
bool has_proto, has_ports;
size_t written = 0;
- u_int32_t from[4], to[4];
+ uint32_t from[4], to[4];
if (this == NULL)
{
@@ -361,9 +361,9 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*,
private_traffic_selector_t *this, traffic_selector_t *other_public)
{
private_traffic_selector_t *other, *subset;
- u_int16_t from_port, to_port;
+ uint16_t from_port, to_port;
u_char *from, *to;
- u_int8_t protocol;
+ uint8_t protocol;
size_t size;
other = (private_traffic_selector_t*)other_public;
@@ -481,13 +481,13 @@ METHOD(traffic_selector_t, get_to_address, chunk_t,
}
}
-METHOD(traffic_selector_t, get_from_port, u_int16_t,
+METHOD(traffic_selector_t, get_from_port, uint16_t,
private_traffic_selector_t *this)
{
return this->from_port;
}
-METHOD(traffic_selector_t, get_to_port, u_int16_t,
+METHOD(traffic_selector_t, get_to_port, uint16_t,
private_traffic_selector_t *this)
{
return this->to_port;
@@ -499,7 +499,7 @@ METHOD(traffic_selector_t, get_type, ts_type_t,
return this->type;
}
-METHOD(traffic_selector_t, get_protocol, u_int8_t,
+METHOD(traffic_selector_t, get_protocol, uint8_t,
private_traffic_selector_t *this)
{
return this->protocol;
@@ -610,14 +610,14 @@ METHOD(traffic_selector_t, includes, bool,
}
METHOD(traffic_selector_t, to_subnet, bool,
- private_traffic_selector_t *this, host_t **net, u_int8_t *mask)
+ private_traffic_selector_t *this, host_t **net, uint8_t *mask)
{
/* there is no way to do this cleanly, as the address range may
* be anything else but a subnet. We use from_addr as subnet
* and try to calculate a usable subnet mask.
*/
int family, non_zero_bytes;
- u_int16_t port = 0;
+ uint16_t port = 0;
chunk_t net_chunk;
*mask = (this->netbits == NON_SUBNET_ADDRESS_RANGE) ? calc_netbits(this)
@@ -777,10 +777,10 @@ int traffic_selector_cmp(traffic_selector_t *a_pub, traffic_selector_t *b_pub,
/*
* see header
*/
-traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol,
+traffic_selector_t *traffic_selector_create_from_bytes(uint8_t protocol,
ts_type_t type,
- chunk_t from, u_int16_t from_port,
- chunk_t to, u_int16_t to_port)
+ chunk_t from, uint16_t from_port,
+ chunk_t to, uint16_t to_port)
{
private_traffic_selector_t *this = traffic_selector_create(protocol, type,
from_port, to_port);
@@ -843,7 +843,7 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type,
}
if (to.len > 1)
{
- u_int8_t mask = to.ptr[0] ? (1 << to.ptr[0]) - 1 : 0;
+ uint8_t mask = to.ptr[0] ? (1 << to.ptr[0]) - 1 : 0;
memcpy(this->to, to.ptr+1, to.len-1);
this->to[to.len-2] |= mask;
@@ -856,8 +856,8 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type,
* see header
*/
traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
- u_int8_t netbits, u_int8_t protocol,
- u_int16_t from_port, u_int16_t to_port)
+ uint8_t netbits, uint8_t protocol,
+ uint16_t from_port, uint16_t to_port)
{
private_traffic_selector_t *this;
chunk_t from;
@@ -890,9 +890,9 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
* see header
*/
traffic_selector_t *traffic_selector_create_from_string(
- u_int8_t protocol, ts_type_t type,
- char *from_addr, u_int16_t from_port,
- char *to_addr, u_int16_t to_port)
+ uint8_t protocol, ts_type_t type,
+ char *from_addr, uint16_t from_port,
+ char *to_addr, uint16_t to_port)
{
private_traffic_selector_t *this;
int family;
@@ -926,8 +926,8 @@ traffic_selector_t *traffic_selector_create_from_string(
* see header
*/
traffic_selector_t *traffic_selector_create_from_cidr(
- char *string, u_int8_t protocol,
- u_int16_t from_port, u_int16_t to_port)
+ char *string, uint8_t protocol,
+ uint16_t from_port, uint16_t to_port)
{
host_t *net;
int bits;
@@ -944,8 +944,8 @@ traffic_selector_t *traffic_selector_create_from_cidr(
/*
* see header
*/
-traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
- u_int16_t from_port, u_int16_t to_port)
+traffic_selector_t *traffic_selector_create_dynamic(uint8_t protocol,
+ uint16_t from_port, uint16_t to_port)
{
private_traffic_selector_t *this = traffic_selector_create(
protocol, TS_IPV4_ADDR_RANGE, from_port, to_port);
@@ -961,8 +961,8 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
/*
* see declaration
*/
-static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol,
- ts_type_t type, u_int16_t from_port, u_int16_t to_port)
+static private_traffic_selector_t *traffic_selector_create(uint8_t protocol,
+ ts_type_t type, uint16_t from_port, uint16_t to_port)
{
private_traffic_selector_t *this;
diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h
index cf9a286..cc66c34 100644
--- a/src/libstrongswan/selectors/traffic_selector.h
+++ b/src/libstrongswan/selectors/traffic_selector.h
@@ -122,7 +122,7 @@ struct traffic_selector_t {
*
* @return port
*/
- u_int16_t (*get_from_port) (traffic_selector_t *this);
+ uint16_t (*get_from_port) (traffic_selector_t *this);
/**
* Get ending port of this ts.
@@ -136,7 +136,7 @@ struct traffic_selector_t {
*
* @return port
*/
- u_int16_t (*get_to_port) (traffic_selector_t *this);
+ uint16_t (*get_to_port) (traffic_selector_t *this);
/**
* Get the type of the traffic selector.
@@ -150,7 +150,7 @@ struct traffic_selector_t {
*
* @return protocol id
*/
- u_int8_t (*get_protocol) (traffic_selector_t *this);
+ uint8_t (*get_protocol) (traffic_selector_t *this);
/**
* Check if the traffic selector is for a single host.
@@ -218,7 +218,7 @@ struct traffic_selector_t {
* @param mask converted net mask
* @return TRUE if traffic selector matches exactly to the subnet
*/
- bool (*to_subnet) (traffic_selector_t *this, host_t **net, u_int8_t *mask);
+ bool (*to_subnet) (traffic_selector_t *this, host_t **net, uint8_t *mask);
/**
* Create a hash value for the traffic selector.
@@ -240,7 +240,7 @@ struct traffic_selector_t {
* @param port port number in host order
* @return ICMP/ICMPv6 message type
*/
-static inline u_int8_t traffic_selector_icmp_type(u_int16_t port)
+static inline uint8_t traffic_selector_icmp_type(uint16_t port)
{
return port >> 8;
}
@@ -251,7 +251,7 @@ static inline u_int8_t traffic_selector_icmp_type(u_int16_t port)
* @param port port number in host order
* @return ICMP/ICMPv6 message code
*/
-static inline u_int8_t traffic_selector_icmp_code(u_int16_t port)
+static inline uint8_t traffic_selector_icmp_code(uint16_t port)
{
return port & 0xff;
}
@@ -286,9 +286,9 @@ int traffic_selector_cmp(traffic_selector_t *a, traffic_selector_t *b,
* - NULL if invalid address strings/protocol
*/
traffic_selector_t *traffic_selector_create_from_string(
- u_int8_t protocol, ts_type_t type,
- char *from_addr, u_int16_t from_port,
- char *to_addr, u_int16_t to_port);
+ uint8_t protocol, ts_type_t type,
+ char *from_addr, uint16_t from_port,
+ char *to_addr, uint16_t to_port);
@@ -307,8 +307,8 @@ traffic_selector_t *traffic_selector_create_from_string(
* @return traffic selector, NULL if string invalid
*/
traffic_selector_t *traffic_selector_create_from_cidr(
- char *string, u_int8_t protocol,
- u_int16_t from_port, u_int16_t to_port);
+ char *string, uint8_t protocol,
+ uint16_t from_port, uint16_t to_port);
/**
* Create a new traffic selector using data read from the net.
@@ -331,9 +331,9 @@ traffic_selector_t *traffic_selector_create_from_cidr(
* @return traffic_selector_t object
*/
traffic_selector_t *traffic_selector_create_from_bytes(
- u_int8_t protocol, ts_type_t type,
- chunk_t from_address, u_int16_t from_port,
- chunk_t to_address, u_int16_t to_port);
+ uint8_t protocol, ts_type_t type,
+ chunk_t from_address, uint16_t from_port,
+ chunk_t to_address, uint16_t to_port);
/**
* Create a new traffic selector using the RFC 3779 ASN.1 min/max address format
@@ -370,8 +370,8 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type,
* - NULL if address family of net not supported
*/
traffic_selector_t *traffic_selector_create_from_subnet(
- host_t *net, u_int8_t netbits, u_int8_t protocol,
- u_int16_t from_port, u_int16_t to_port);
+ host_t *net, uint8_t netbits, uint8_t protocol,
+ uint16_t from_port, uint16_t to_port);
/**
* Create a traffic selector for host-to-host cases.
@@ -392,8 +392,8 @@ traffic_selector_t *traffic_selector_create_from_subnet(
* - traffic_selector_t object
* - NULL if type not supported
*/
-traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
- u_int16_t from_port, u_int16_t to_port);
+traffic_selector_t *traffic_selector_create_dynamic(uint8_t protocol,
+ uint16_t from_port, uint16_t to_port);
/**
* printf hook function for traffic_selector_t.
diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c
index 56cc2f1..829e784 100644
--- a/src/libstrongswan/settings/settings.c
+++ b/src/libstrongswan/settings/settings.c
@@ -540,9 +540,9 @@ METHOD(settings_t, get_int, int,
/**
* Described in header
*/
-inline u_int64_t settings_value_as_uint64(char *value, u_int64_t def)
+inline uint64_t settings_value_as_uint64(char *value, uint64_t def)
{
- u_int64_t intval;
+ uint64_t intval;
char *end;
int base = 10;
@@ -597,10 +597,10 @@ METHOD(settings_t, get_double, double,
/**
* Described in header
*/
-inline u_int32_t settings_value_as_time(char *value, u_int32_t def)
+inline uint32_t settings_value_as_time(char *value, uint32_t def)
{
char *endptr;
- u_int32_t timeval;
+ uint32_t timeval;
if (value)
{
errno = 0;
@@ -638,8 +638,8 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def)
return def;
}
-METHOD(settings_t, get_time, u_int32_t,
- private_settings_t *this, char *key, u_int32_t def, ...)
+METHOD(settings_t, get_time, uint32_t,
+ private_settings_t *this, char *key, uint32_t def, ...)
{
char *value;
va_list args;
@@ -695,7 +695,7 @@ METHOD(settings_t, set_double, void,
}
METHOD(settings_t, set_time, void,
- private_settings_t *this, char *key, u_int32_t value, ...)
+ private_settings_t *this, char *key, uint32_t value, ...)
{
char val[16];
va_list args;
diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h
index a133a36..eec5ece 100644
--- a/src/libstrongswan/settings/settings.h
+++ b/src/libstrongswan/settings/settings.h
@@ -51,13 +51,13 @@ bool settings_value_as_bool(char *value, bool def);
int settings_value_as_int(char *value, int def);
/**
- * Convert a string value returned by a key/value enumerator to an u_int64_t.
+ * Convert a string value returned by a key/value enumerator to an uint64_t.
*
* @see settings_t.create_key_value_enumerator()
* @param value the string value
* @param def the default value, if value is NULL or invalid
*/
-u_int64_t settings_value_as_uint64(char *value, u_int64_t def);
+uint64_t settings_value_as_uint64(char *value, uint64_t def);
/**
* Convert a string value returned by a key/value enumerator to a double.
@@ -77,7 +77,7 @@ double settings_value_as_double(char *value, double def);
* @param value the string value
* @param def the default value, if value is NULL or invalid
*/
-u_int32_t settings_value_as_time(char *value, u_int32_t def);
+uint32_t settings_value_as_time(char *value, uint32_t def);
/**
* Generic configuration options read from a config file.
@@ -203,7 +203,7 @@ struct settings_t {
* @param ... argument list for key
* @return value of the key (in seconds)
*/
- u_int32_t (*get_time)(settings_t *this, char *key, u_int32_t def, ...);
+ uint32_t (*get_time)(settings_t *this, char *key, uint32_t def, ...);
/**
* Set a string value.
@@ -248,7 +248,7 @@ struct settings_t {
* @param def value to set
* @param ... argument list for key
*/
- void (*set_time)(settings_t *this, char *key, u_int32_t value, ...);
+ void (*set_time)(settings_t *this, char *key, uint32_t value, ...);
/**
* Set a default for string value.
diff --git a/src/libstrongswan/settings/settings_lexer.c b/src/libstrongswan/settings/settings_lexer.c
index 6e64e15..2151e93 100644
--- a/src/libstrongswan/settings/settings_lexer.c
+++ b/src/libstrongswan/settings/settings_lexer.c
@@ -16,8 +16,8 @@
#define FLEX_SCANNER
#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 35
+#define YY_FLEX_MINOR_VERSION 6
+#define YY_FLEX_SUBMINOR_VERSION 0
#if YY_FLEX_SUBMINOR_VERSION > 0
#define FLEX_BETA
#endif
@@ -221,6 +221,11 @@ typedef void* yyscan_t;
typedef struct yy_buffer_state *YY_BUFFER_STATE;
#endif
+#ifndef YY_TYPEDEF_YY_SIZE_T
+#define YY_TYPEDEF_YY_SIZE_T
+typedef size_t yy_size_t;
+#endif
+
/* %if-not-reentrant */
/* %endif */
@@ -247,6 +252,13 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE;
if ( yytext[yyl] == '\n' )\
--yylineno;\
}while(0)
+ #define YY_LINENO_REWIND_TO(dst) \
+ do {\
+ const char *p;\
+ for ( p = yy_cp-1; p >= (dst); --p)\
+ if ( *p == '\n' )\
+ --yylineno;\
+ }while(0)
/* Return all but the first "n" matched characters back to the input stream. */
#define yyless(n) \
@@ -264,11 +276,6 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE;
#define unput(c) yyunput( c, yyg->yytext_ptr , yyscanner )
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef size_t yy_size_t;
-#endif
-
#ifndef YY_STRUCT_YY_BUFFER_STATE
#define YY_STRUCT_YY_BUFFER_STATE
struct yy_buffer_state
@@ -388,7 +395,7 @@ static void settings_parser__init_buffer (YY_BUFFER_STATE b,FILE *file ,yyscan_t
YY_BUFFER_STATE settings_parser__scan_buffer (char *base,yy_size_t size ,yyscan_t yyscanner );
YY_BUFFER_STATE settings_parser__scan_string (yyconst char *yy_str ,yyscan_t yyscanner );
-YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char *bytes,int len ,yyscan_t yyscanner );
+YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char *bytes,yy_size_t len ,yyscan_t yyscanner );
/* %endif */
@@ -423,7 +430,7 @@ void settings_parser_free (void * ,yyscan_t yyscanner );
/* %% [1.0] yytext/yyin/yyout/yy_state_type/yylineno etc. def's & init go here */
/* Begin user sect3 */
-#define settings_parser_wrap(n) 1
+#define settings_parser_wrap(yyscanner) (/*CONSTCOND*/1)
#define YY_SKIP_YYWRAP
#define FLEX_DEBUG
@@ -434,11 +441,16 @@ typedef int yy_state_type;
#define yytext_ptr yytext_r
+/* %% [1.5] DFA */
+
/* %if-c-only Standard (non-C++) definition */
static yy_state_type yy_get_previous_state (yyscan_t yyscanner );
static yy_state_type yy_try_NUL_trans (yy_state_type current_state ,yyscan_t yyscanner);
static int yy_get_next_buffer (yyscan_t yyscanner );
+#if defined(__GNUC__) && __GNUC__ >= 3
+__attribute__((__noreturn__))
+#endif
static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner );
/* %endif */
@@ -474,7 +486,7 @@ static yyconst flex_int16_t yy_accept[49] =
9, 9, 9, 9, 0, 7, 7, 0
} ;
-static yyconst flex_int32_t yy_ec[256] =
+static yyconst YY_CHAR yy_ec[256] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
1, 1, 4, 1, 1, 1, 1, 1, 1, 1,
@@ -506,13 +518,13 @@ static yyconst flex_int32_t yy_ec[256] =
1, 1, 1, 1, 1
} ;
-static yyconst flex_int32_t yy_meta[21] =
+static yyconst YY_CHAR yy_meta[21] =
{ 0,
1, 2, 3, 1, 4, 5, 4, 6, 7, 1,
1, 1, 1, 1, 1, 1, 1, 1, 8, 9
} ;
-static yyconst flex_int16_t yy_base[60] =
+static yyconst flex_uint16_t yy_base[60] =
{ 0,
0, 0, 19, 38, 21, 23, 55, 0, 47, 161,
161, 50, 161, 37, 161, 161, 0, 161, 161, 0,
@@ -532,7 +544,7 @@ static yyconst flex_int16_t yy_def[60] =
48, 48, 48, 48, 48, 48, 48, 48, 48
} ;
-static yyconst flex_int16_t yy_nxt[182] =
+static yyconst flex_uint16_t yy_nxt[182] =
{ 0,
8, 9, 10, 8, 9, 11, 12, 13, 8, 8,
8, 8, 14, 8, 8, 8, 8, 8, 15, 16,
@@ -638,7 +650,7 @@ static void include_files(parser_helper_t *ctx);
/* state used to scan quoted strings */
-#line 642 "settings/settings_lexer.c"
+#line 654 "settings/settings_lexer.c"
#define INITIAL 0
#define inc 1
@@ -675,7 +687,7 @@ struct yyguts_t
YY_BUFFER_STATE * yy_buffer_stack; /**< Stack as an array. */
char yy_hold_char;
int yy_n_chars;
- int yyleng_r;
+ yy_size_t yyleng_r;
char *yy_c_buf_p;
int yy_init;
int yy_start;
@@ -732,19 +744,23 @@ void settings_parser_set_extra (YY_EXTRA_TYPE user_defined ,yyscan_t yyscanner )
FILE *settings_parser_get_in (yyscan_t yyscanner );
-void settings_parser_set_in (FILE * in_str ,yyscan_t yyscanner );
+void settings_parser_set_in (FILE * _in_str ,yyscan_t yyscanner );
FILE *settings_parser_get_out (yyscan_t yyscanner );
-void settings_parser_set_out (FILE * out_str ,yyscan_t yyscanner );
+void settings_parser_set_out (FILE * _out_str ,yyscan_t yyscanner );
-int settings_parser_get_leng (yyscan_t yyscanner );
+yy_size_t settings_parser_get_leng (yyscan_t yyscanner );
char *settings_parser_get_text (yyscan_t yyscanner );
int settings_parser_get_lineno (yyscan_t yyscanner );
-void settings_parser_set_lineno (int line_number ,yyscan_t yyscanner );
+void settings_parser_set_lineno (int _line_number ,yyscan_t yyscanner );
+
+int settings_parser_get_column (yyscan_t yyscanner );
+
+void settings_parser_set_column (int _column_no ,yyscan_t yyscanner );
/* %if-bison-bridge */
@@ -768,8 +784,11 @@ extern int settings_parser_wrap (yyscan_t yyscanner );
/* %not-for-header */
+#ifndef YY_NO_UNPUT
+
static void yyunput (int c,char *buf_ptr ,yyscan_t yyscanner);
+#endif
/* %ok-for-header */
/* %endif */
@@ -798,7 +817,7 @@ static int input (yyscan_t yyscanner );
/* %if-c-only */
- static void yy_push_state (int new_state ,yyscan_t yyscanner);
+ static void yy_push_state (int _new_state ,yyscan_t yyscanner);
static void yy_pop_state (yyscan_t yyscanner );
@@ -928,7 +947,7 @@ extern int settings_parser_lex \
/* Code executed at the end of each rule. */
#ifndef YY_BREAK
-#define YY_BREAK break;
+#define YY_BREAK /*LINTED*/break;
#endif
/* %% [6.0] YY_RULE_SETUP definition goes here */
@@ -941,17 +960,11 @@ extern int settings_parser_lex \
*/
YY_DECL
{
- register yy_state_type yy_current_state;
- register char *yy_cp, *yy_bp;
- register int yy_act;
+ yy_state_type yy_current_state;
+ char *yy_cp, *yy_bp;
+ int yy_act;
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
-/* %% [7.0] user's declarations go here */
-#line 57 "settings/settings_lexer.l"
-
-
-#line 954 "settings/settings_lexer.c"
-
yylval = yylval_param;
if ( !yyg->yy_init )
@@ -988,7 +1001,14 @@ YY_DECL
settings_parser__load_buffer_state(yyscanner );
}
- while ( 1 ) /* loops until end-of-file is reached */
+ {
+/* %% [7.0] user's declarations go here */
+#line 57 "settings/settings_lexer.l"
+
+
+#line 1010 "settings/settings_lexer.c"
+
+ while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
{
/* %% [8.0] yymore()-related code goes here */
yy_cp = yyg->yy_c_buf_p;
@@ -1006,7 +1026,7 @@ YY_DECL
yy_match:
do
{
- register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+ YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ;
if ( yy_accept[yy_current_state] )
{
yyg->yy_last_accepting_state = yy_current_state;
@@ -1039,7 +1059,7 @@ yy_find_action:
if ( yy_act != YY_END_OF_BUFFER && yy_rule_can_match_eol[yy_act] )
{
- int yyl;
+ yy_size_t yyl;
for ( yyl = 0; yyl < yyleng; ++yyl )
if ( yytext[yyl] == '\n' )
@@ -1106,6 +1126,7 @@ return yytext[0];
case 7:
/* rule 7 can match eol */
*yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */
+YY_LINENO_REWIND_TO(yy_cp - 1);
yyg->yy_c_buf_p = yy_cp -= 1;
YY_DO_BEFORE_ACTION; /* set up yytext again */
YY_RULE_SETUP
@@ -1192,6 +1213,7 @@ YY_RULE_SETUP
case 15:
#line 121 "settings/settings_lexer.l"
+YY_RULE_SETUP
case YY_STATE_EOF(str):
#line 121 "settings/settings_lexer.l"
case 16:
@@ -1267,7 +1289,7 @@ YY_RULE_SETUP
#line 159 "settings/settings_lexer.l"
YY_FATAL_ERROR( "flex scanner jammed" );
YY_BREAK
-#line 1271 "settings/settings_lexer.c"
+#line 1293 "settings/settings_lexer.c"
case YY_END_OF_BUFFER:
{
@@ -1290,7 +1312,11 @@ YY_FATAL_ERROR( "flex scanner jammed" );
* back-up) that will match for the new input source.
*/
yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+/* %if-c-only */
YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
+/* %endif */
+/* %if-c++-only */
+/* %endif */
YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
}
@@ -1397,6 +1423,7 @@ YY_FATAL_ERROR( "flex scanner jammed" );
"fatal flex scanner internal error--no action found" );
} /* end of action switch */
} /* end of scanning one token */
+ } /* end of user's declarations */
} /* end of settings_parser_lex */
/* %ok-for-header */
@@ -1421,9 +1448,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* %endif */
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
- register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
- register char *source = yyg->yytext_ptr;
- register int number_to_move, i;
+ char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+ char *source = yyg->yytext_ptr;
+ yy_size_t number_to_move, i;
int ret_val;
if ( yyg->yy_c_buf_p > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] )
@@ -1452,7 +1479,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* Try to read more data. */
/* First move last chars to start of buffer. */
- number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1;
+ number_to_move = (yy_size_t) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1;
for ( i = 0; i < number_to_move; ++i )
*(dest++) = *(source++);
@@ -1465,21 +1492,21 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
else
{
- int num_to_read =
+ yy_size_t num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )
{ /* Not enough room in the buffer - grow it. */
/* just a shorter name for the current buffer */
- YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
+ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
int yy_c_buf_p_offset =
(int) (yyg->yy_c_buf_p - b->yy_ch_buf);
if ( b->yy_is_our_buffer )
{
- int new_size = b->yy_buf_size * 2;
+ yy_size_t new_size = b->yy_buf_size * 2;
if ( new_size <= 0 )
b->yy_buf_size += b->yy_buf_size / 8;
@@ -1510,7 +1537,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* Read in more data. */
YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
- yyg->yy_n_chars, (size_t) num_to_read );
+ yyg->yy_n_chars, num_to_read );
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars;
}
@@ -1534,9 +1561,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
else
ret_val = EOB_ACT_CONTINUE_SCAN;
- if ((yy_size_t) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
+ if ((int) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
/* Extend the array by 50%, plus the number we really need. */
- yy_size_t new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1);
+ int new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1);
YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) settings_parser_realloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ,yyscanner );
if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" );
@@ -1561,8 +1588,8 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* %if-c++-only */
/* %endif */
{
- register yy_state_type yy_current_state;
- register char *yy_cp;
+ yy_state_type yy_current_state;
+ char *yy_cp;
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
/* %% [15.0] code to get the start state into yy_current_state goes here */
@@ -1571,7 +1598,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
for ( yy_cp = yyg->yytext_ptr + YY_MORE_ADJ; yy_cp < yyg->yy_c_buf_p; ++yy_cp )
{
/* %% [16.0] code to find the next state goes here */
- register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
if ( yy_accept[yy_current_state] )
{
yyg->yy_last_accepting_state = yy_current_state;
@@ -1600,12 +1627,12 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* %if-c++-only */
/* %endif */
{
- register int yy_is_jam;
+ int yy_is_jam;
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */
/* %% [17.0] code to find the next state, and perhaps do backing up, goes here */
- register char *yy_cp = yyg->yy_c_buf_p;
+ char *yy_cp = yyg->yy_c_buf_p;
- register YY_CHAR yy_c = 1;
+ YY_CHAR yy_c = 1;
if ( yy_accept[yy_current_state] )
{
yyg->yy_last_accepting_state = yy_current_state;
@@ -1620,17 +1647,19 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
yy_is_jam = (yy_current_state == 48);
+ (void)yyg;
return yy_is_jam ? 0 : yy_current_state;
}
+#ifndef YY_NO_UNPUT
/* %if-c-only */
- static void yyunput (int c, register char * yy_bp , yyscan_t yyscanner)
+ static void yyunput (int c, char * yy_bp , yyscan_t yyscanner)
/* %endif */
/* %if-c++-only */
/* %endif */
{
- register char *yy_cp;
+ char *yy_cp;
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
yy_cp = yyg->yy_c_buf_p;
@@ -1641,10 +1670,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
{ /* need to shift things up to make room */
/* +2 for EOB chars. */
- register int number_to_move = yyg->yy_n_chars + 2;
- register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+ yy_size_t number_to_move = yyg->yy_n_chars + 2;
+ char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
- register char *source =
+ char *source =
&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
@@ -1674,6 +1703,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* %if-c-only */
/* %endif */
+#endif
/* %if-c-only */
#ifndef YY_NO_INPUT
@@ -1704,7 +1734,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
else
{ /* need more input */
- int offset = yyg->yy_c_buf_p - yyg->yytext_ptr;
+ yy_size_t offset = yyg->yy_c_buf_p - yyg->yytext_ptr;
++yyg->yy_c_buf_p;
switch ( yy_get_next_buffer( yyscanner ) )
@@ -1787,6 +1817,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
settings_parser__load_buffer_state(yyscanner );
}
+/* %if-c++-only */
+/* %endif */
+
/** Switch to a different input buffer.
* @param new_buffer The new input buffer.
* @param yyscanner The scanner object.
@@ -1836,7 +1869,11 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner)
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
yyg->yytext_ptr = yyg->yy_c_buf_p = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
+/* %if-c-only */
yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
+/* %endif */
+/* %if-c++-only */
+/* %endif */
yyg->yy_hold_char = *yyg->yy_c_buf_p;
}
@@ -1858,7 +1895,7 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner)
if ( ! b )
YY_FATAL_ERROR( "out of dynamic memory in settings_parser__create_buffer()" );
- b->yy_buf_size = size;
+ b->yy_buf_size = (yy_size_t)size;
/* yy_ch_buf has to be 2 characters longer than the size given because
* we need to put in 2 end-of-buffer characters.
@@ -1874,6 +1911,9 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner)
return b;
}
+/* %if-c++-only */
+/* %endif */
+
/** Destroy the buffer.
* @param b a buffer created with settings_parser__create_buffer()
* @param yyscanner The scanner object.
@@ -1898,17 +1938,6 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner)
settings_parser_free((void *) b ,yyscanner );
}
-/* %if-c-only */
-
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-
-/* %endif */
-
-/* %if-c++-only */
-/* %endif */
-
/* Initializes or reinitializes a buffer.
* This function is sometimes called more than once on the same buffer,
* such as during a settings_parser_restart() or at EOF.
@@ -1925,7 +1954,11 @@ extern int isatty (int );
settings_parser__flush_buffer(b ,yyscanner);
+/* %if-c-only */
b->yy_input_file = file;
+/* %endif */
+/* %if-c++-only */
+/* %endif */
b->yy_fill_buffer = 1;
/* If b is the current buffer, then settings_parser__init_buffer was _probably_
@@ -2055,7 +2088,7 @@ static void settings_parser_ensure_buffer_stack (yyscan_t yyscanner)
/* %if-c++-only */
/* %endif */
{
- int num_to_alloc;
+ yy_size_t num_to_alloc;
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
if (!yyg->yy_buffer_stack) {
@@ -2064,7 +2097,7 @@ static void settings_parser_ensure_buffer_stack (yyscan_t yyscanner)
* scanner will even need a stack. We use 2 instead of 1 to avoid an
* immediate realloc on the next call.
*/
- num_to_alloc = 1;
+ num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */
yyg->yy_buffer_stack = (struct yy_buffer_state**)settings_parser_alloc
(num_to_alloc * sizeof(struct yy_buffer_state*)
, yyscanner);
@@ -2081,7 +2114,7 @@ static void settings_parser_ensure_buffer_stack (yyscan_t yyscanner)
if (yyg->yy_buffer_stack_top >= (yyg->yy_buffer_stack_max) - 1){
/* Increase the buffer to prepare for a possible push. */
- int grow_size = 8 /* arbitrary grow size */;
+ yy_size_t grow_size = 8 /* arbitrary grow size */;
num_to_alloc = yyg->yy_buffer_stack_max + grow_size;
yyg->yy_buffer_stack = (struct yy_buffer_state**)settings_parser_realloc
@@ -2159,12 +2192,12 @@ YY_BUFFER_STATE settings_parser__scan_string (yyconst char * yystr , yyscan_t yy
* @param yyscanner The scanner object.
* @return the newly allocated buffer state object.
*/
-YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yybytes_len , yyscan_t yyscanner)
+YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len , yyscan_t yyscanner)
{
YY_BUFFER_STATE b;
char *buf;
yy_size_t n;
- int i;
+ yy_size_t i;
/* Get memory for full buffer, including space for trailing EOB's. */
n = _yybytes_len + 2;
@@ -2191,7 +2224,7 @@ YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yyby
/* %endif */
/* %if-c-only */
- static void yy_push_state (int new_state , yyscan_t yyscanner)
+ static void yy_push_state (int _new_state , yyscan_t yyscanner)
/* %endif */
/* %if-c++-only */
/* %endif */
@@ -2216,7 +2249,7 @@ YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yyby
yyg->yy_start_stack[yyg->yy_start_stack_ptr++] = YY_START;
- BEGIN(new_state);
+ BEGIN(_new_state);
}
/* %if-c-only */
@@ -2249,7 +2282,9 @@ YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yyby
/* %if-c-only */
static void yy_fatal_error (yyconst char* msg , yyscan_t yyscanner)
{
- (void) fprintf( stderr, "%s\n", msg );
+ struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
+ (void)yyg;
+ (void) fprintf( stderr, "%s\n", msg );
exit( YY_EXIT_FAILURE );
}
/* %endif */
@@ -2336,7 +2371,7 @@ FILE *settings_parser_get_out (yyscan_t yyscanner)
/** Get the length of the current token.
* @param yyscanner The scanner object.
*/
-int settings_parser_get_leng (yyscan_t yyscanner)
+yy_size_t settings_parser_get_leng (yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
return yyleng;
@@ -2367,51 +2402,51 @@ void settings_parser_set_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner
/* %endif */
/** Set the current line number.
- * @param line_number
+ * @param _line_number line number
* @param yyscanner The scanner object.
*/
-void settings_parser_set_lineno (int line_number , yyscan_t yyscanner)
+void settings_parser_set_lineno (int _line_number , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
/* lineno is only valid if an input buffer exists. */
if (! YY_CURRENT_BUFFER )
- yy_fatal_error( "settings_parser_set_lineno called with no buffer" , yyscanner);
+ YY_FATAL_ERROR( "settings_parser_set_lineno called with no buffer" );
- yylineno = line_number;
+ yylineno = _line_number;
}
/** Set the current column.
- * @param line_number
+ * @param _column_no column number
* @param yyscanner The scanner object.
*/
-void settings_parser_set_column (int column_no , yyscan_t yyscanner)
+void settings_parser_set_column (int _column_no , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
/* column is only valid if an input buffer exists. */
if (! YY_CURRENT_BUFFER )
- yy_fatal_error( "settings_parser_set_column called with no buffer" , yyscanner);
+ YY_FATAL_ERROR( "settings_parser_set_column called with no buffer" );
- yycolumn = column_no;
+ yycolumn = _column_no;
}
/** Set the input stream. This does not discard the current
* input buffer.
- * @param in_str A readable stream.
+ * @param _in_str A readable stream.
* @param yyscanner The scanner object.
* @see settings_parser__switch_to_buffer
*/
-void settings_parser_set_in (FILE * in_str , yyscan_t yyscanner)
+void settings_parser_set_in (FILE * _in_str , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
- yyin = in_str ;
+ yyin = _in_str ;
}
-void settings_parser_set_out (FILE * out_str , yyscan_t yyscanner)
+void settings_parser_set_out (FILE * _out_str , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
- yyout = out_str ;
+ yyout = _out_str ;
}
int settings_parser_get_debug (yyscan_t yyscanner)
@@ -2420,10 +2455,10 @@ int settings_parser_get_debug (yyscan_t yyscanner)
return yy_flex_debug;
}
-void settings_parser_set_debug (int bdebug , yyscan_t yyscanner)
+void settings_parser_set_debug (int _bdebug , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
- yy_flex_debug = bdebug ;
+ yy_flex_debug = _bdebug ;
}
/* %endif */
@@ -2589,7 +2624,10 @@ int settings_parser_lex_destroy (yyscan_t yyscanner)
#ifndef yytext_ptr
static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yyscanner)
{
- register int i;
+ struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
+ (void)yyg;
+
+ int i;
for ( i = 0; i < n; ++i )
s1[i] = s2[i];
}
@@ -2598,7 +2636,7 @@ static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yysca
#ifdef YY_NEED_STRLEN
static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner)
{
- register int n;
+ int n;
for ( n = 0; s[n]; ++n )
;
@@ -2608,11 +2646,16 @@ static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner)
void *settings_parser_alloc (yy_size_t size , yyscan_t yyscanner)
{
+ struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
+ (void)yyg;
return (void *) malloc( size );
}
void *settings_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner)
{
+ struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
+ (void)yyg;
+
/* The cast to (char *) in the following accommodates both
* implementations that use char* generic pointers, and those
* that use void* generic pointers. It works with the latter
@@ -2625,6 +2668,8 @@ void *settings_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner
void settings_parser_free (void * ptr , yyscan_t yyscanner)
{
+ struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
+ (void)yyg;
free( (char *) ptr ); /* see settings_parser_realloc() for (char *) cast */
}
diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c
index 6cd3b17..47cf8eb 100644
--- a/src/libstrongswan/settings/settings_parser.c
+++ b/src/libstrongswan/settings/settings_parser.c
@@ -1,8 +1,8 @@
-/* A Bison parser, made by GNU Bison 3.0.2. */
+/* A Bison parser, made by GNU Bison 3.0.4. */
/* Bison implementation for Yacc-like parsers in C
- Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
+ Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -44,7 +44,7 @@
#define YYBISON 1
/* Bison version. */
-#define YYBISON_VERSION "3.0.2"
+#define YYBISON_VERSION "3.0.4"
/* Skeleton name. */
#define YYSKELETON_NAME "yacc.c"
@@ -180,7 +180,7 @@ extern int settings_parser_debug;
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE YYSTYPE;
+
union YYSTYPE
{
#line 77 "settings/settings_parser.y" /* yacc.c:355 */
@@ -191,6 +191,8 @@ union YYSTYPE
#line 193 "settings/settings_parser.c" /* yacc.c:355 */
};
+
+typedef union YYSTYPE YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define YYSTYPE_IS_DECLARED 1
#endif
@@ -203,7 +205,7 @@ int settings_parser_parse (parser_helper_t *ctx);
/* Copy the second part of user declarations. */
-#line 207 "settings/settings_parser.c" /* yacc.c:358 */
+#line 209 "settings/settings_parser.c" /* yacc.c:358 */
#ifdef short
# undef short
@@ -1027,43 +1029,43 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, parser_helper_t *c
case 3: /* NAME */
#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1031 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1033 "settings/settings_parser.c" /* yacc.c:1257 */
break;
case 4: /* STRING */
#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1037 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1039 "settings/settings_parser.c" /* yacc.c:1257 */
break;
case 13: /* section */
#line 93 "settings/settings_parser.y" /* yacc.c:1257 */
{ pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); }
-#line 1043 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1045 "settings/settings_parser.c" /* yacc.c:1257 */
break;
case 14: /* section_start */
#line 93 "settings/settings_parser.y" /* yacc.c:1257 */
{ pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); }
-#line 1049 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1051 "settings/settings_parser.c" /* yacc.c:1257 */
break;
case 15: /* setting */
#line 94 "settings/settings_parser.y" /* yacc.c:1257 */
{ settings_kv_destroy(((*yyvaluep).kv), NULL); }
-#line 1055 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1057 "settings/settings_parser.c" /* yacc.c:1257 */
break;
case 16: /* value */
#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1061 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1063 "settings/settings_parser.c" /* yacc.c:1257 */
break;
case 17: /* valuepart */
#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1067 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1069 "settings/settings_parser.c" /* yacc.c:1257 */
break;
@@ -1333,7 +1335,7 @@ yyreduce:
{
add_section(ctx, (yyvsp[0].sec));
}
-#line 1337 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1339 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 6:
@@ -1341,7 +1343,7 @@ yyreduce:
{
add_setting(ctx, (yyvsp[0].kv));
}
-#line 1345 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1347 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 7:
@@ -1350,7 +1352,7 @@ yyreduce:
pop_section(ctx);
(yyval.sec) = (yyvsp[-2].sec);
}
-#line 1354 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1356 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 8:
@@ -1358,7 +1360,7 @@ yyreduce:
{
(yyval.sec) = push_section(ctx, (yyvsp[-1].s));
}
-#line 1362 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1364 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 9:
@@ -1366,7 +1368,7 @@ yyreduce:
{
(yyval.sec) = push_section(ctx, (yyvsp[-2].s));
}
-#line 1370 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1372 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 10:
@@ -1374,7 +1376,7 @@ yyreduce:
{
(yyval.kv) = settings_kv_create((yyvsp[-2].s), (yyvsp[0].s));
}
-#line 1378 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1380 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 11:
@@ -1382,7 +1384,7 @@ yyreduce:
{
(yyval.kv) = settings_kv_create((yyvsp[-1].s), NULL);
}
-#line 1386 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1388 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 13:
@@ -1397,11 +1399,11 @@ yyreduce:
free((yyvsp[-1].s));
free((yyvsp[0].s));
}
-#line 1401 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1403 "settings/settings_parser.c" /* yacc.c:1646 */
break;
-#line 1405 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1407 "settings/settings_parser.c" /* yacc.c:1646 */
default: break;
}
/* User semantic actions sometimes alter yychar, and that requires
diff --git a/src/libstrongswan/settings/settings_parser.h b/src/libstrongswan/settings/settings_parser.h
index d887777..b41e0d5 100644
--- a/src/libstrongswan/settings/settings_parser.h
+++ b/src/libstrongswan/settings/settings_parser.h
@@ -1,8 +1,8 @@
-/* A Bison parser, made by GNU Bison 3.0.2. */
+/* A Bison parser, made by GNU Bison 3.0.4. */
/* Bison interface for Yacc-like parsers in C
- Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
+ Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -59,7 +59,7 @@ extern int settings_parser_debug;
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE YYSTYPE;
+
union YYSTYPE
{
#line 77 "settings/settings_parser.y" /* yacc.c:1909 */
@@ -70,6 +70,8 @@ union YYSTYPE
#line 72 "settings/settings_parser.h" /* yacc.c:1909 */
};
+
+typedef union YYSTYPE YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define YYSTYPE_IS_DECLARED 1
#endif
diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am
index b2d4560..caa9d3a 100644
--- a/src/libstrongswan/tests/Makefile.am
+++ b/src/libstrongswan/tests/Makefile.am
@@ -12,7 +12,7 @@ libtest_la_CFLAGS = \
libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@
libtest_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(PTHREADLIB)
+ $(PTHREADLIB) $(ATOMICLIB)
TESTS = tests
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index 0a0f589..4e53217 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ host_triplet = @host@
TESTS = tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libstrongswan/tests
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -102,7 +111,7 @@ CONFIG_CLEAN_VPATH_FILES =
am__DEPENDENCIES_1 =
libtest_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
am__dirstamp = $(am__leading_dot)dirstamp
am_libtest_la_OBJECTS = libtest_la-test_suite.lo \
libtest_la-test_runner.lo utils/libtest_la-test_rng.lo
@@ -240,12 +249,14 @@ am__tty_colors = { \
std='�[m'; \
fi; \
}
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -295,6 +306,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -329,6 +341,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -440,6 +453,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -481,7 +495,7 @@ libtest_la_CFLAGS = \
libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@
libtest_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(PTHREADLIB)
+ $(PTHREADLIB) $(ATOMICLIB)
tests_SOURCES = tests.h tests.c \
suites/test_linked_list.c \
@@ -549,7 +563,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/tests/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libstrongswan/tests/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -1603,6 +1616,8 @@ uninstall-am:
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/tests/suites/test_array.c b/src/libstrongswan/tests/suites/test_array.c
index eda72e1..eed8fba 100644
--- a/src/libstrongswan/tests/suites/test_array.c
+++ b/src/libstrongswan/tests/suites/test_array.c
@@ -512,7 +512,7 @@ END_TEST
START_TEST(test_insert_create_value)
{
array_t *array = NULL;
- u_int16_t v;
+ uint16_t v;
v = 1;
array_insert_create_value(&array, sizeof(v), ARRAY_TAIL, &v);
diff --git a/src/libstrongswan/tests/suites/test_asn1.c b/src/libstrongswan/tests/suites/test_asn1.c
index ac7c551..fa02df9 100644
--- a/src/libstrongswan/tests/suites/test_asn1.c
+++ b/src/libstrongswan/tests/suites/test_asn1.c
@@ -462,7 +462,7 @@ START_TEST(test_asn1_to_time)
{
typedef struct {
time_t time;
- u_int8_t type;
+ uint8_t type;
char *string;
} testdata_t;
@@ -525,7 +525,7 @@ START_TEST(test_asn1_from_time)
{
typedef struct {
time_t time;
- u_int8_t type;
+ uint8_t type;
chunk_t chunk;
} testdata_t;
@@ -759,7 +759,7 @@ END_TEST
START_TEST(test_asn1_parse_integer_uint64)
{
typedef struct {
- u_int64_t n;
+ uint64_t n;
chunk_t chunk;
} testdata_t;
diff --git a/src/libstrongswan/tests/suites/test_bio_reader.c b/src/libstrongswan/tests/suites/test_bio_reader.c
index 6a9743d..d3b4b43 100644
--- a/src/libstrongswan/tests/suites/test_bio_reader.c
+++ b/src/libstrongswan/tests/suites/test_bio_reader.c
@@ -65,7 +65,7 @@
START_TEST(test_read_uint8)
{
chunk_t data = chunk_from_chars(0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07);
- u_int8_t val;
+ uint8_t val;
assert_integer_read(data, 8, val);
assert_basic_read(8, val);
@@ -76,7 +76,7 @@ END_TEST
START_TEST(test_read_uint16)
{
chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03);
- u_int16_t val;
+ uint16_t val;
assert_integer_read(data, 16, val);
assert_basic_read(16, val);
@@ -87,7 +87,7 @@ END_TEST
START_TEST(test_read_uint24)
{
chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x03);
- u_int32_t val;
+ uint32_t val;
assert_integer_read(data, 24, val);
assert_basic_read(24, val);
@@ -99,7 +99,7 @@ START_TEST(test_read_uint32)
{
chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03);
- u_int32_t val;
+ uint32_t val;
assert_integer_read(data, 32, val);
assert_basic_read(32, val);
@@ -113,7 +113,7 @@ START_TEST(test_read_uint64)
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03);
- u_int64_t val;
+ uint64_t val;
assert_integer_read(data, 64, val);
assert_basic_read(64, val);
@@ -170,7 +170,7 @@ END_TEST
START_TEST(test_read_uint8_end)
{
chunk_t data = chunk_from_chars(0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00);
- u_int8_t val;
+ uint8_t val;
assert_integer_read_end(data, 8, val);
assert_basic_read_end(8, val);
@@ -181,7 +181,7 @@ END_TEST
START_TEST(test_read_uint16_end)
{
chunk_t data = chunk_from_chars(0x00, 0x03, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00);
- u_int16_t val;
+ uint16_t val;
assert_integer_read_end(data, 16, val);
assert_basic_read_end(16, val);
@@ -192,7 +192,7 @@ END_TEST
START_TEST(test_read_uint24_end)
{
chunk_t data = chunk_from_chars(0x00, 0x00, 0x03, 0x00, 0x00, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00);
- u_int32_t val;
+ uint32_t val;
assert_integer_read_end(data, 24, val);
assert_basic_read_end(24, val);
@@ -204,7 +204,7 @@ START_TEST(test_read_uint32_end)
{
chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x02,
0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00);
- u_int32_t val;
+ uint32_t val;
assert_integer_read_end(data, 32, val);
assert_basic_read_end(32, val);
@@ -218,7 +218,7 @@ START_TEST(test_read_uint64_end)
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
- u_int64_t val;
+ uint64_t val;
assert_integer_read_end(data, 64, val);
assert_basic_read_end(64, val);
diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c
index 6272ca7..b82b143 100644
--- a/src/libstrongswan/tests/suites/test_chunk.c
+++ b/src/libstrongswan/tests/suites/test_chunk.c
@@ -316,11 +316,11 @@ START_TEST(test_chunk_skip)
foobar = chunk_from_str("foobar");
a = foobar;
a = chunk_skip(a, 0);
- ck_assert(chunk_equals(a, foobar));
+ ck_assert_chunk_eq(a, foobar);
a = chunk_skip(a, 1);
- ck_assert(chunk_equals(a, chunk_from_str("oobar")));
+ ck_assert_chunk_eq(a, chunk_from_str("oobar"));
a = chunk_skip(a, 2);
- ck_assert(chunk_equals(a, chunk_from_str("bar")));
+ ck_assert_chunk_eq(a, chunk_from_str("bar"));
a = chunk_skip(a, 3);
assert_chunk_empty(a);
@@ -338,20 +338,24 @@ START_TEST(test_chunk_skip_zero)
{
chunk_t foobar, a;
- a = chunk_empty;
- a = chunk_skip_zero(a);
+ a = chunk_skip_zero(chunk_empty);
assert_chunk_empty(a);
foobar = chunk_from_str("foobar");
- a = foobar;
- a = chunk_skip_zero(a);
- ck_assert(chunk_equals(a, foobar));
+ a = chunk_skip_zero(foobar);
+ ck_assert_chunk_eq(a, foobar);
- a = chunk_from_chars(0x00, 0xaa, 0xbb, 0xcc);
- a = chunk_skip_zero(a);
- ck_assert(chunk_equals(a, chunk_from_chars(0xaa, 0xbb, 0xcc)));
+ foobar = chunk_from_chars(0x00);
+ a = chunk_skip_zero(foobar);
+ ck_assert_chunk_eq(a, foobar);
+
+ a = chunk_skip_zero(chunk_from_chars(0x00, 0xaa, 0xbb, 0xcc));
+ ck_assert_chunk_eq(a, chunk_from_chars(0xaa, 0xbb, 0xcc));
a = chunk_skip_zero(a);
- ck_assert(chunk_equals(a, chunk_from_chars(0xaa, 0xbb, 0xcc)));
+ ck_assert_chunk_eq(a, chunk_from_chars(0xaa, 0xbb, 0xcc));
+
+ a = chunk_skip_zero(chunk_from_chars(0x00, 0x00, 0xaa, 0xbb, 0xcc));
+ ck_assert_chunk_eq(a, chunk_from_chars(0xaa, 0xbb, 0xcc));
}
END_TEST
@@ -736,7 +740,7 @@ START_TEST(test_chunk_mac)
{
chunk_t in;
u_char key[16];
- u_int64_t out;
+ uint64_t out;
int i, count;
count = countof(sip_vectors);
@@ -765,7 +769,7 @@ END_TEST
START_TEST(test_chunk_hash)
{
chunk_t chunk;
- u_int32_t hash_a, hash_b, hash_c;
+ uint32_t hash_a, hash_b, hash_c;
chunk = chunk_from_str("asdf");
@@ -787,7 +791,7 @@ END_TEST
START_TEST(test_chunk_hash_static)
{
chunk_t in;
- u_int32_t out, hash_a, hash_b, hash_inc = 0x7b891a95;
+ uint32_t out, hash_a, hash_b, hash_inc = 0x7b891a95;
int i, count;
count = countof(sip_vectors);
@@ -813,7 +817,7 @@ END_TEST
* test for chunk_internet_checksum[_inc]()
*/
-static inline u_int16_t compensate_alignment(u_int16_t val)
+static inline uint16_t compensate_alignment(uint16_t val)
{
return ((val & 0xff) << 8) | (val >> 8);
}
@@ -821,7 +825,7 @@ static inline u_int16_t compensate_alignment(u_int16_t val)
START_TEST(test_chunk_internet_checksum)
{
chunk_t chunk;
- u_int16_t sum;
+ uint16_t sum;
chunk = chunk_from_chars(0x45,0x00,0x00,0x30,0x44,0x22,0x40,0x00,0x80,0x06,
0x00,0x00,0x8c,0x7c,0x19,0xac,0xae,0x24,0x1e,0x2b);
diff --git a/src/libstrongswan/tests/suites/test_host.c b/src/libstrongswan/tests/suites/test_host.c
index 5cb8013..5d05457 100644
--- a/src/libstrongswan/tests/suites/test_host.c
+++ b/src/libstrongswan/tests/suites/test_host.c
@@ -46,7 +46,7 @@ static void verify_netmask(chunk_t addr, int mask)
* host_create_any
*/
-static void verify_any(host_t *host, int family, u_int16_t port)
+static void verify_any(host_t *host, int family, uint16_t port)
{
verify_netmask(host->get_address(host), 0);
ck_assert(host->is_anyaddr(host));
@@ -88,7 +88,7 @@ END_TEST
* host_create_from_string
*/
-static void verify_address(host_t *host, chunk_t addr, int family, u_int16_t port)
+static void verify_address(host_t *host, chunk_t addr, int family, uint16_t port)
{
ck_assert(chunk_equals(host->get_address(host), addr));
ck_assert(!host->is_anyaddr(host));
@@ -656,7 +656,7 @@ END_TEST
static struct {
char *addr;
- u_int16_t port;
+ uint16_t port;
/* results for %H, %+H, %#H (falls back to [0]) */
char *result[3];
} printf_data[] = {
diff --git a/src/libstrongswan/tests/suites/test_iv_gen.c b/src/libstrongswan/tests/suites/test_iv_gen.c
index 4e45c85..8b0a14b 100644
--- a/src/libstrongswan/tests/suites/test_iv_gen.c
+++ b/src/libstrongswan/tests/suites/test_iv_gen.c
@@ -21,17 +21,17 @@
START_TEST(test_iv_gen_seq)
{
iv_gen_t *iv_gen;
- u_int64_t iv0, iv1_1, iv1_2;
+ uint64_t iv0, iv1_1, iv1_2;
iv_gen = iv_gen_seq_create();
- ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (u_int8_t*)&iv0));
- ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_1));
+ ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (uint8_t*)&iv0));
+ ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (uint8_t*)&iv1_1));
ck_assert(iv0 != iv1_1);
/* every sequence number may be used twice, but results in a different IV */
- ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_2));
+ ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (uint8_t*)&iv1_2));
ck_assert(iv0 != iv1_2);
ck_assert(iv1_1 != iv1_2);
- ck_assert(!iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_2));
+ ck_assert(!iv_gen->get_iv(iv_gen, 1, 8, (uint8_t*)&iv1_2));
iv_gen->destroy(iv_gen);
}
END_TEST
@@ -39,19 +39,19 @@ END_TEST
START_TEST(test_iv_gen_seq_len)
{
iv_gen_t *iv_gen;
- u_int64_t iv;
- u_int8_t buf[9];
+ uint64_t iv;
+ uint8_t buf[9];
iv_gen = iv_gen_seq_create();
- ck_assert(!iv_gen->get_iv(iv_gen, 0, 0, (u_int8_t*)&iv));
- ck_assert(!iv_gen->get_iv(iv_gen, 0, 1, (u_int8_t*)&iv));
- ck_assert(!iv_gen->get_iv(iv_gen, 0, 2, (u_int8_t*)&iv));
- ck_assert(!iv_gen->get_iv(iv_gen, 0, 3, (u_int8_t*)&iv));
- ck_assert(!iv_gen->get_iv(iv_gen, 0, 4, (u_int8_t*)&iv));
- ck_assert(!iv_gen->get_iv(iv_gen, 0, 5, (u_int8_t*)&iv));
- ck_assert(!iv_gen->get_iv(iv_gen, 0, 6, (u_int8_t*)&iv));
- ck_assert(!iv_gen->get_iv(iv_gen, 0, 7, (u_int8_t*)&iv));
- ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (u_int8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 0, (uint8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 1, (uint8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 2, (uint8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 3, (uint8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 4, (uint8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 5, (uint8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 6, (uint8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 7, (uint8_t*)&iv));
+ ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (uint8_t*)&iv));
ck_assert(iv_gen->get_iv(iv_gen, 0, 9, buf));
iv_gen->destroy(iv_gen);
}
diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c
index d209fa2..0a6d24d 100644
--- a/src/libstrongswan/tests/suites/test_ntru.c
+++ b/src/libstrongswan/tests/suites/test_ntru.c
@@ -25,7 +25,7 @@
#include <plugins/ntru/ntru_private_key.h>
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
- u_int32_t strength, chunk_t pers_str, rng_t *entropy)
+ uint32_t strength, chunk_t pers_str, rng_t *entropy)
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
size_t len, hash_algorithm_t alg, chunk_t seed)
@@ -36,7 +36,7 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
uint32_t indices_len_m, bool is_product_form)
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data, ntru_poly_t*,
- u_int16_t *data, uint16_t N, uint16_t q,
+ uint16_t *data, uint16_t N, uint16_t q,
uint32_t indices_len_p, uint32_t indices_len_m,
bool is_product_form)
@@ -73,8 +73,8 @@ char *parameter_sets[] = {
};
typedef struct {
- u_int32_t requested;
- u_int32_t standard;
+ uint32_t requested;
+ uint32_t standard;
}strength_t;
strength_t strengths[] = {
diff --git a/src/libstrongswan/tests/suites/test_printf.c b/src/libstrongswan/tests/suites/test_printf.c
index 9e40d1f..377f2a7 100644
--- a/src/libstrongswan/tests/suites/test_printf.c
+++ b/src/libstrongswan/tests/suites/test_printf.c
@@ -75,7 +75,7 @@ END_TEST
START_TEST(test_printf_unsigned)
{
- verify("1 23 456", "%u %lu %llu", 1, (u_long)23, (u_int64_t)456);
+ verify("1 23 456", "%u %lu %llu", 1, (u_long)23, (uint64_t)456);
verify("65535 255", "%hu %hhu", 0x1ffff, 0x1ff);
verify("123456789", "%zu", (size_t)123456789);
verify(" 12", "%5u", 12);
@@ -99,7 +99,7 @@ END_TEST
START_TEST(test_printf_hex)
{
- verify("1 23 456", "%x %lx %llx", 1, (u_long)0x23, (u_int64_t)0x456);
+ verify("1 23 456", "%x %lx %llx", 1, (u_long)0x23, (uint64_t)0x456);
verify("12abcdef 12ABCDEF", "%x %X", 0x12ABCDEF, 0x12ABCDEF);
verify("ffff ff", "%hx %hhx", 0x1ffff, 0x1ff);
verify("23456789", "%zx", (size_t)0x23456789);
@@ -170,10 +170,10 @@ END_TEST
START_TEST(test_printf_pri)
{
- verify("255", "%" PRIu8, (u_int8_t)0xFF);
- verify("65535", "%" PRIu16, (u_int16_t)0xFFFF);
- verify("4294967295", "%" PRIu32, (u_int32_t)0x1FFFFFFFFll);
- verify("18446744073709551615", "%" PRIu64, (u_int64_t)0xFFFFFFFFFFFFFFFFll);
+ verify("255", "%" PRIu8, (uint8_t)0xFF);
+ verify("65535", "%" PRIu16, (uint16_t)0xFFFF);
+ verify("4294967295", "%" PRIu32, (uint32_t)0x1FFFFFFFFll);
+ verify("18446744073709551615", "%" PRIu64, (uint64_t)0xFFFFFFFFFFFFFFFFll);
verify("-1", "%" PRId8, (int8_t)-1);
verify("-1", "%" PRId16, (int16_t)-1);
diff --git a/src/libstrongswan/tests/suites/test_traffic_selector.c b/src/libstrongswan/tests/suites/test_traffic_selector.c
index 5c0fb75..0d5d877 100644
--- a/src/libstrongswan/tests/suites/test_traffic_selector.c
+++ b/src/libstrongswan/tests/suites/test_traffic_selector.c
@@ -198,7 +198,7 @@ struct {
char *from;
char *to;
char *net;
- u_int8_t mask;
+ uint8_t mask;
bool exact;
} to_subnet_tests[] = {
{ TS_IPV4_ADDR_RANGE, "10.0.0.1", "10.0.0.1", "10.0.0.1", 32, TRUE },
@@ -218,7 +218,7 @@ START_TEST(test_to_subnet)
{
traffic_selector_t *ts;
host_t *net, *exp_net;
- u_int8_t mask;
+ uint8_t mask;
ts = traffic_selector_create_from_string(0, to_subnet_tests[_i].type,
to_subnet_tests[_i].from, 0, to_subnet_tests[_i].to, 0);
@@ -234,9 +234,9 @@ END_TEST
struct {
char *cidr;
- u_int16_t from_port;
- u_int16_t to_port;
- u_int16_t port;
+ uint16_t from_port;
+ uint16_t to_port;
+ uint16_t port;
} to_subnet_port_tests[] = {
{ "10.0.0.0/8", 0, 0, 0 },
{ "10.0.0.1/32", 80, 80, 80 },
@@ -252,7 +252,7 @@ START_TEST(test_to_subnet_port)
{
traffic_selector_t *ts;
host_t *net, *exp_net;
- u_int8_t mask;
+ uint8_t mask;
int exp_mask;
ts = traffic_selector_create_from_cidr(to_subnet_port_tests[_i].cidr, 0,
@@ -431,9 +431,9 @@ struct {
bool contained;
struct {
char *net;
- u_int8_t proto;
- u_int16_t from_port;
- u_int16_t to_port;
+ uint8_t proto;
+ uint16_t from_port;
+ uint16_t to_port;
} a, b;
} is_contained_in_tests[] = {
{ TRUE, { "10.0.0.0/16", 0, 0, 65535 }, { "10.0.0.0/16", 0, 0, 65535 }, },
@@ -555,9 +555,9 @@ struct {
int res;
struct {
char *net;
- u_int8_t proto;
- u_int16_t from_port;
- u_int16_t to_port;
+ uint8_t proto;
+ uint16_t from_port;
+ uint16_t to_port;
} a, b;
} cmp_tests[] = {
{ 0, { "10.0.0.0/8", 0, 0, 65535 }, { "10.0.0.0/8", 0, 0, 65535 }, },
@@ -706,13 +706,13 @@ START_TEST(test_hash)
END_TEST
struct {
- u_int8_t proto;
- u_int16_t from_port;
- u_int16_t to_port;
- u_int8_t from_type;
- u_int8_t from_code;
- u_int8_t to_type;
- u_int8_t to_code;
+ uint8_t proto;
+ uint16_t from_port;
+ uint16_t to_port;
+ uint8_t from_type;
+ uint8_t from_code;
+ uint8_t to_type;
+ uint8_t to_code;
char *str;
char *str_alt;
} icmp_tests[] = {
@@ -731,7 +731,7 @@ struct {
START_TEST(test_icmp)
{
traffic_selector_t *ts;
- u_int16_t from, to;
+ uint16_t from, to;
ts = traffic_selector_create_dynamic(icmp_tests[_i].proto,
icmp_tests[_i].from_port, icmp_tests[_i].to_port);
diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index 104b0b2..1eb3c8b 100644
--- a/src/libstrongswan/tests/suites/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -121,9 +121,9 @@ END_TEST
START_TEST(test_htoun)
{
chunk_t net64, expected;
- u_int16_t host16 = 513;
- u_int32_t net16 = 0, host32 = 67305985;
- u_int64_t net32 = 0, host64 = 578437695752307201ULL;
+ uint16_t host16 = 513;
+ uint32_t net16 = 0, host32 = 67305985;
+ uint64_t net32 = 0, host64 = 578437695752307201ULL;
net64 = chunk_alloca(16);
memset(net64.ptr, 0, net64.len);
@@ -133,14 +133,14 @@ START_TEST(test_htoun)
ck_assert(chunk_equals(expected, chunk_from_thing(net16)));
expected = chunk_from_chars(0x00, 0x00, 0x04, 0x03, 0x02, 0x01, 0x00, 0x00);
- htoun32((u_int16_t*)&net32 + 1, host32);
+ htoun32((uint16_t*)&net32 + 1, host32);
ck_assert(chunk_equals(expected, chunk_from_thing(net32)));
expected = chunk_from_chars(0x00, 0x00, 0x00, 0x00,
0x08, 0x07, 0x06, 0x05,
0x04, 0x03, 0x02, 0x01,
0x00, 0x00, 0x00, 0x00);
- htoun64((u_int32_t*)net64.ptr + 1, host64);
+ htoun64((uint32_t*)net64.ptr + 1, host64);
ck_assert(chunk_equals(expected, net64));
}
END_TEST
@@ -148,9 +148,9 @@ END_TEST
START_TEST(test_untoh)
{
chunk_t net;
- u_int16_t host16;
- u_int32_t host32;
- u_int64_t host64;
+ uint16_t host16;
+ uint32_t host32;
+ uint64_t host64;
net = chunk_from_chars(0x00, 0x02, 0x01, 0x00);
host16 = untoh16(net.ptr + 1);
@@ -197,6 +197,82 @@ START_TEST(test_round)
END_TEST
/*******************************************************************************
+ * streq
+ */
+
+static struct {
+ char *a;
+ char *b;
+ bool eq;
+ bool case_eq;
+} streq_data[] = {
+ {NULL, NULL, TRUE, TRUE},
+ {NULL, "", FALSE, FALSE},
+ {"", NULL, FALSE, FALSE},
+ {"abc", "", FALSE, FALSE},
+ {"abc", "abc", TRUE, TRUE},
+ {"abc", "ABC", FALSE, TRUE},
+};
+
+START_TEST(test_streq)
+{
+ bool eq;
+
+ ck_assert(streq(streq_data[_i].a, streq_data[_i].a));
+ ck_assert(streq(streq_data[_i].b, streq_data[_i].b));
+ eq = streq(streq_data[_i].a, streq_data[_i].b);
+ ck_assert(eq == streq_data[_i].eq);
+
+ ck_assert(strcaseeq(streq_data[_i].a, streq_data[_i].a));
+ ck_assert(strcaseeq(streq_data[_i].b, streq_data[_i].b));
+ eq = strcaseeq(streq_data[_i].a, streq_data[_i].b);
+ ck_assert(eq == streq_data[_i].case_eq);
+}
+END_TEST
+
+/*******************************************************************************
+ * strneq
+ */
+
+static struct {
+ char *a;
+ char *b;
+ size_t n;
+ bool eq;
+ bool case_eq;
+} strneq_data[] = {
+ {NULL, NULL, 0, TRUE, TRUE},
+ {NULL, NULL, 10, TRUE, TRUE},
+ {NULL, "", 0, FALSE, FALSE},
+ {"", NULL, 0, FALSE, FALSE},
+ {"abc", "", 0, TRUE, TRUE},
+ {"abc", "", 1, FALSE, FALSE},
+ {"abc", "ab", 1, TRUE, TRUE},
+ {"abc", "ab", 2, TRUE, TRUE},
+ {"abc", "ab", 3, FALSE, FALSE},
+ {"abc", "abc", 3, TRUE, TRUE},
+ {"abc", "abc", 4, TRUE, TRUE},
+ {"abc", "abC", 2, TRUE, TRUE},
+ {"abc", "abC", 3, FALSE, TRUE},
+};
+
+START_TEST(test_strneq)
+{
+ bool eq;
+
+ ck_assert(strneq(strneq_data[_i].a, strneq_data[_i].a, strneq_data[_i].n));
+ ck_assert(strneq(strneq_data[_i].b, strneq_data[_i].b, strneq_data[_i].n));
+ eq = strneq(strneq_data[_i].a, strneq_data[_i].b, strneq_data[_i].n);
+ ck_assert(eq == strneq_data[_i].eq);
+
+ ck_assert(strncaseeq(strneq_data[_i].a, strneq_data[_i].a, strneq_data[_i].n));
+ ck_assert(strncaseeq(strneq_data[_i].b, strneq_data[_i].b, strneq_data[_i].n));
+ eq = strncaseeq(strneq_data[_i].a, strneq_data[_i].b, strneq_data[_i].n);
+ ck_assert(eq == strneq_data[_i].case_eq);
+}
+END_TEST
+
+/*******************************************************************************
* strpfx
*/
@@ -308,7 +384,7 @@ END_TEST
START_TEST(test_memxor_aligned)
{
- u_int64_t a = 0, b = 0;
+ uint64_t a = 0, b = 0;
chunk_t ca, cb;
int i;
@@ -848,6 +924,8 @@ Suite *utils_suite_create()
suite_add_tcase(s, tc);
tc = tcase_create("string helper");
+ tcase_add_loop_test(tc, test_streq, 0, countof(streq_data));
+ tcase_add_loop_test(tc, test_strneq, 0, countof(strneq_data));
tcase_add_loop_test(tc, test_strpfx, 0, countof(strpfx_data));
suite_add_tcase(s, tc);
diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c
index 66d0e61..ed77b3c 100644
--- a/src/libstrongswan/tests/test_runner.c
+++ b/src/libstrongswan/tests/test_runner.c
@@ -90,6 +90,28 @@ static void apply_filter(array_t *loaded, char *filter, bool exclude)
}
/**
+ * Check if the given string is contained in the filter string.
+ */
+static bool is_in_filter(const char *find, char *filter)
+{
+ enumerator_t *names;
+ bool found = FALSE;
+ char *name;
+
+ names = enumerator_create_token(filter, ",", " ");
+ while (names->enumerate(names, &name))
+ {
+ if (streq(name, find))
+ {
+ found = TRUE;
+ break;
+ }
+ }
+ names->destroy(names);
+ return found;
+}
+
+/**
* Removes and destroys test suites that are not selected or
* explicitly excluded.
*/
@@ -524,11 +546,17 @@ int test_runner_run(const char *name, test_configuration_t configs[],
enumerator_t *enumerator;
int passed = 0, result;
level_t level = LEVEL_SILENT;
- char *cfg, *verbosity;
+ char *cfg, *runners, *verbosity;
/* redirect all output to stderr (to redirect make's stdout to /dev/null) */
dup2(2, 1);
+ runners = getenv("TESTS_RUNNERS");
+ if (runners && !is_in_filter(name, runners))
+ {
+ return EXIT_SUCCESS;
+ }
+
cfg = getenv("TESTS_STRONGSWAN_CONF");
suites = load_suites(configs, init, cfg);
diff --git a/src/libstrongswan/tests/test_runner.h b/src/libstrongswan/tests/test_runner.h
index 5c30570..e0fe767 100644
--- a/src/libstrongswan/tests/test_runner.h
+++ b/src/libstrongswan/tests/test_runner.h
@@ -70,6 +70,7 @@ struct test_configuration_t {
* - TESTS_VERBOSITY: Numerical loglevel for debug log
* - TESTS_STRONGSWAN_CONF: Specify a path to a custom strongswan.conf
* - TESTS_PLUGINS: Specify an explicit list of plugins to load
+ * - TESTS_RUNNERS: Run specific test runners only
* - TESTS_SUITES: Run specific test suites only
* - TESTS_SUITES_EXCLUDE: Don't run specific test suites
* - TESTS_REDUCED_KEYLENGTHS: Test minimal keylengths for public key tests only
@@ -77,6 +78,9 @@ struct test_configuration_t {
* Please note that TESTS_PLUGINS actually must be implemented by the init
* callback function, as plugin loading is delegated.
*
+ * EXIT_SUCCESS is returned right away if TESTS_RUNNERS is defined but the name
+ * passed to this function is not contained in it.
+ *
* @param name name of test runner
* @param config test suite constructors with dependencies
* @param init_cb init/deinit callback
diff --git a/src/libstrongswan/tests/utils/test_rng.c b/src/libstrongswan/tests/utils/test_rng.c
index 0156950..2985a56 100644
--- a/src/libstrongswan/tests/utils/test_rng.c
+++ b/src/libstrongswan/tests/utils/test_rng.c
@@ -34,7 +34,7 @@ struct private_rng_t {
};
METHOD(rng_t, get_bytes, bool,
- private_rng_t *this, size_t bytes, u_int8_t *buffer)
+ private_rng_t *this, size_t bytes, uint8_t *buffer)
{
if (bytes > this->entropy.len)
{
diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c
index 3d87e7f..de5cbaa 100644
--- a/src/libstrongswan/threading/thread.c
+++ b/src/libstrongswan/threading/thread.c
@@ -278,18 +278,27 @@ static private_thread_t *thread_create_internal()
}
/**
- * Main cleanup function for threads.
+ * Remove and run all cleanup handlers in reverse order.
*/
-static void thread_cleanup(private_thread_t *this)
+static void thread_cleanup_popall_internal(private_thread_t *this)
{
cleanup_handler_t *handler;
- this->mutex->lock(this->mutex);
+
while (this->cleanup_handlers->remove_last(this->cleanup_handlers,
- (void**)&handler) == SUCCESS)
+ (void**)&handler) == SUCCESS)
{
handler->cleanup(handler->arg);
free(handler);
}
+}
+
+/**
+ * Main cleanup function for threads.
+ */
+static void thread_cleanup(private_thread_t *this)
+{
+ thread_cleanup_popall_internal(this);
+ this->mutex->lock(this->mutex);
this->terminated = TRUE;
thread_destroy(this);
}
@@ -417,15 +426,8 @@ void thread_cleanup_pop(bool execute)
void thread_cleanup_popall()
{
private_thread_t *this = (private_thread_t*)thread_current();
- cleanup_handler_t *handler;
- while (this->cleanup_handlers->get_count(this->cleanup_handlers))
- {
- this->cleanup_handlers->remove_last(this->cleanup_handlers,
- (void**)&handler);
- handler->cleanup(handler->arg);
- free(handler);
- }
+ thread_cleanup_popall_internal(this);
}
/**
diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c
index c4471be..2f824a2 100644
--- a/src/libstrongswan/utils/chunk.c
+++ b/src/libstrongswan/utils/chunk.c
@@ -775,25 +775,25 @@ bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace)
/**
* Helper functions for chunk_mac()
*/
-static inline u_int64_t sipget(u_char *in)
+static inline uint64_t sipget(u_char *in)
{
- u_int64_t v = 0;
+ uint64_t v = 0;
int i;
for (i = 0; i < 64; i += 8, ++in)
{
- v |= ((u_int64_t)*in) << i;
+ v |= ((uint64_t)*in) << i;
}
return v;
}
-static inline u_int64_t siprotate(u_int64_t v, int shift)
+static inline uint64_t siprotate(uint64_t v, int shift)
{
return (v << shift) | (v >> (64 - shift));
}
-static inline void sipround(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2,
- u_int64_t *v3)
+static inline void sipround(uint64_t *v0, uint64_t *v1, uint64_t *v2,
+ uint64_t *v3)
{
*v0 += *v1;
*v1 = siprotate(*v1, 13);
@@ -814,8 +814,8 @@ static inline void sipround(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2,
*v3 ^= *v0;
}
-static inline void sipcompress(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2,
- u_int64_t *v3, u_int64_t m)
+static inline void sipcompress(uint64_t *v0, uint64_t *v1, uint64_t *v2,
+ uint64_t *v3, uint64_t m)
{
*v3 ^= m;
sipround(v0, v1, v2, v3);
@@ -823,28 +823,28 @@ static inline void sipcompress(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2,
*v0 ^= m;
}
-static inline u_int64_t siplast(size_t len, u_char *pos)
+static inline uint64_t siplast(size_t len, u_char *pos)
{
- u_int64_t b;
+ uint64_t b;
int rem = len & 7;
- b = ((u_int64_t)len) << 56;
+ b = ((uint64_t)len) << 56;
switch (rem)
{
case 7:
- b |= ((u_int64_t)pos[6]) << 48;
+ b |= ((uint64_t)pos[6]) << 48;
case 6:
- b |= ((u_int64_t)pos[5]) << 40;
+ b |= ((uint64_t)pos[5]) << 40;
case 5:
- b |= ((u_int64_t)pos[4]) << 32;
+ b |= ((uint64_t)pos[4]) << 32;
case 4:
- b |= ((u_int64_t)pos[3]) << 24;
+ b |= ((uint64_t)pos[3]) << 24;
case 3:
- b |= ((u_int64_t)pos[2]) << 16;
+ b |= ((uint64_t)pos[2]) << 16;
case 2:
- b |= ((u_int64_t)pos[1]) << 8;
+ b |= ((uint64_t)pos[1]) << 8;
case 1:
- b |= ((u_int64_t)pos[0]);
+ b |= ((uint64_t)pos[0]);
break;
case 0:
break;
@@ -855,9 +855,9 @@ static inline u_int64_t siplast(size_t len, u_char *pos)
/**
* Caculate SipHash-2-4 with an optional first block given as argument.
*/
-static u_int64_t chunk_mac_inc(chunk_t chunk, u_char *key, u_int64_t m)
+static uint64_t chunk_mac_inc(chunk_t chunk, u_char *key, uint64_t m)
{
- u_int64_t v0, v1, v2, v3, k0, k1;
+ uint64_t v0, v1, v2, v3, k0, k1;
size_t len = chunk.len;
u_char *pos = chunk.ptr, *end;
@@ -896,7 +896,7 @@ static u_int64_t chunk_mac_inc(chunk_t chunk, u_char *key, u_int64_t m)
/**
* Described in header.
*/
-u_int64_t chunk_mac(chunk_t chunk, u_char *key)
+uint64_t chunk_mac(chunk_t chunk, u_char *key)
{
return chunk_mac_inc(chunk, key, 0);
}
@@ -957,16 +957,16 @@ void chunk_hash_seed()
/**
* Described in header.
*/
-u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash)
+uint32_t chunk_hash_inc(chunk_t chunk, uint32_t hash)
{
/* we could use a mac of the previous hash, but this is faster */
- return chunk_mac_inc(chunk, key, ((u_int64_t)hash) << 32 | hash);
+ return chunk_mac_inc(chunk, key, ((uint64_t)hash) << 32 | hash);
}
/**
* Described in header.
*/
-u_int32_t chunk_hash(chunk_t chunk)
+uint32_t chunk_hash(chunk_t chunk)
{
return chunk_mac(chunk, key);
}
@@ -974,15 +974,15 @@ u_int32_t chunk_hash(chunk_t chunk)
/**
* Described in header.
*/
-u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash)
+uint32_t chunk_hash_static_inc(chunk_t chunk, uint32_t hash)
{ /* we could use a mac of the previous hash, but this is faster */
- return chunk_mac_inc(chunk, static_key, ((u_int64_t)hash) << 32 | hash);
+ return chunk_mac_inc(chunk, static_key, ((uint64_t)hash) << 32 | hash);
}
/**
* Described in header.
*/
-u_int32_t chunk_hash_static(chunk_t chunk)
+uint32_t chunk_hash_static(chunk_t chunk)
{
return chunk_mac(chunk, static_key);
}
@@ -990,9 +990,9 @@ u_int32_t chunk_hash_static(chunk_t chunk)
/**
* Described in header.
*/
-u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum)
+uint16_t chunk_internet_checksum_inc(chunk_t data, uint16_t checksum)
{
- u_int32_t sum = ntohs((u_int16_t)~checksum);
+ uint32_t sum = ntohs((uint16_t)~checksum);
while (data.len > 1)
{
@@ -1001,7 +1001,7 @@ u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum)
}
if (data.len)
{
- sum += (u_int16_t)*data.ptr << 8;
+ sum += (uint16_t)*data.ptr << 8;
}
while (sum >> 16)
{
@@ -1013,7 +1013,7 @@ u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum)
/**
* Described in header.
*/
-u_int16_t chunk_internet_checksum(chunk_t data)
+uint16_t chunk_internet_checksum(chunk_t data)
{
return chunk_internet_checksum_inc(data, 0xffff);
}
diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h
index 2ec7f75..160d099 100644
--- a/src/libstrongswan/utils/chunk.h
+++ b/src/libstrongswan/utils/chunk.h
@@ -280,11 +280,11 @@ static inline chunk_t chunk_skip(chunk_t chunk, size_t bytes)
}
/**
- * Skip a leading zero-valued byte
+ * Skip any leading zero-valued bytes
*/
static inline chunk_t chunk_skip_zero(chunk_t chunk)
{
- if (chunk.len > 1 && *chunk.ptr == 0x00)
+ while (chunk.len > 1 && *chunk.ptr == 0x00)
{
chunk.ptr++;
chunk.len--;
@@ -375,7 +375,7 @@ void chunk_hash_seed();
* @param chunk data to hash
* @return hash value
*/
-u_int32_t chunk_hash(chunk_t chunk);
+uint32_t chunk_hash(chunk_t chunk);
/**
* Incremental version of chunk_hash. Use this to hash two or more chunks.
@@ -384,7 +384,7 @@ u_int32_t chunk_hash(chunk_t chunk);
* @param hash previous hash value
* @return hash value
*/
-u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash);
+uint32_t chunk_hash_inc(chunk_t chunk, uint32_t hash);
/**
* Computes a 32 bit hash of the given chunk.
@@ -398,7 +398,7 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash);
* @param chunk data to hash
* @return hash value
*/
-u_int32_t chunk_hash_static(chunk_t chunk);
+uint32_t chunk_hash_static(chunk_t chunk);
/**
* Incremental version of chunk_hash_static(). Use this to hash two or more
@@ -408,7 +408,7 @@ u_int32_t chunk_hash_static(chunk_t chunk);
* @param hash previous hash value
* @return hash value
*/
-u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash);
+uint32_t chunk_hash_static_inc(chunk_t chunk, uint32_t hash);
/**
* Computes a quick MAC from the given chunk and key using SipHash.
@@ -422,7 +422,7 @@ u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash);
* @param key key to use
* @return MAC for given input and key
*/
-u_int64_t chunk_mac(chunk_t chunk, u_char *key);
+uint64_t chunk_mac(chunk_t chunk, u_char *key);
/**
* Calculate the Internet Checksum according to RFC 1071 for the given chunk.
@@ -434,7 +434,7 @@ u_int64_t chunk_mac(chunk_t chunk, u_char *key);
* @param data data to process
* @return checksum (one's complement, network order)
*/
-u_int16_t chunk_internet_checksum(chunk_t data);
+uint16_t chunk_internet_checksum(chunk_t data);
/**
* Extend the given Internet Checksum (one's complement, in network byte order)
@@ -447,7 +447,7 @@ u_int16_t chunk_internet_checksum(chunk_t data);
* @param checksum previous checksum (one's complement, network order)
* @return checksum (one's complement, network order)
*/
-u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum);
+uint16_t chunk_internet_checksum_inc(chunk_t data, uint16_t checksum);
/**
* printf hook function for chunk_t.
diff --git a/src/libstrongswan/utils/compat/android.h b/src/libstrongswan/utils/compat/android.h
index b3ea9c4..6edd3ef 100644
--- a/src/libstrongswan/utils/compat/android.h
+++ b/src/libstrongswan/utils/compat/android.h
@@ -21,6 +21,8 @@
#ifndef ANDROID_H_
#define ANDROID_H_
+#include <android/api-level.h>
+
/* stuff defined in AndroidConfig.h, which is included using the -include
* command-line option, thus cannot be undefined using -U CFLAGS options.
* the reason we have to undefine these flags in the first place, is that
@@ -28,4 +30,19 @@
* actually defined. */
#undef HAVE_BACKTRACE
+/* API level 21 changed quite a few things, we define some stuff here and not
+ * via CFLAGS in Android.mk files as it is easier to compare versions */
+#if __ANDROID_API__ >= 21
+
+#define HAVE_PTHREAD_CONDATTR_INIT 1
+#define HAVE_CONDATTR_CLOCK_MONOTONIC 1
+
+#define HAVE_SYS_CAPABILITY_H 1
+
+#else /* __ANDROID_API__ */
+
+#define HAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC 1
+
+#endif /* __ANDROID_API__ */
+
#endif /** ANDROID_H_ @}*/
diff --git a/src/libstrongswan/utils/cpu_feature.c b/src/libstrongswan/utils/cpu_feature.c
index d86ca6b..0529701 100644
--- a/src/libstrongswan/utils/cpu_feature.c
+++ b/src/libstrongswan/utils/cpu_feature.c
@@ -102,7 +102,7 @@ static cpu_feature_t get_via_features()
*/
cpu_feature_t cpu_feature_get_all()
{
- char vendor[3 * sizeof(u_int32_t) + 1];
+ char vendor[3 * sizeof(uint32_t) + 1];
cpu_feature_t f = 0;
u_int a, b, c, d;
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 2b2e907..384bd6c 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -80,6 +80,7 @@ static const x501rdn_t x501rdns[] = {
{"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING},
{"I", OID_INITIALS, ASN1_PRINTABLESTRING},
{"dnQualifier", OID_DN_QUALIFIER, ASN1_PRINTABLESTRING},
+ {"dmdName", OID_DMD_NAME, ASN1_PRINTABLESTRING},
{"pseudonym", OID_PSEUDONYM, ASN1_PRINTABLESTRING},
{"ID", OID_UNIQUE_IDENTIFIER, ASN1_PRINTABLESTRING},
{"EN", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING},
@@ -220,6 +221,7 @@ METHOD(enumerator_t, rdn_part_enumerate, bool,
{OID_GIVEN_NAME, ID_PART_RDN_G},
{OID_INITIALS, ID_PART_RDN_I},
{OID_DN_QUALIFIER, ID_PART_RDN_DNQ},
+ {OID_DMD_NAME, ID_PART_RDN_DMDN},
{OID_PSEUDONYM, ID_PART_RDN_PN},
{OID_UNIQUE_IDENTIFIER, ID_PART_RDN_ID},
{OID_EMAIL_ADDRESS, ID_PART_RDN_E},
@@ -727,7 +729,8 @@ METHOD(identification_t, equals_strcasecmp, bool,
/* we do some extra sanity checks to check for invalid IDs with a
* terminating null in it. */
- if (this->encoded.len == encoded.len &&
+ if (this->type == other->get_type(other) &&
+ this->encoded.len == encoded.len &&
memchr(this->encoded.ptr, 0, this->encoded.len) == NULL &&
memchr(encoded.ptr, 0, encoded.len) == NULL &&
strncasecmp(this->encoded.ptr, encoded.ptr, this->encoded.len) == 0)
@@ -1152,15 +1155,15 @@ static private_identification_t *identification_create(id_type_t type)
{
case ID_ANY:
this->public.hash = _hash_binary;
- this->public.matches = _matches_any;
this->public.equals = _equals_binary;
+ this->public.matches = _matches_any;
this->public.contains_wildcards = return_true;
break;
case ID_FQDN:
case ID_RFC822_ADDR:
this->public.hash = _hash_binary;
- this->public.matches = _matches_string;
this->public.equals = _equals_strcasecmp;
+ this->public.matches = _matches_string;
this->public.contains_wildcards = _contains_wildcards_memchr;
break;
case ID_DER_ASN1_DN:
diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h
index 51d1324..206f7c3 100644
--- a/src/libstrongswan/utils/identification.h
+++ b/src/libstrongswan/utils/identification.h
@@ -168,6 +168,8 @@ enum id_part_t {
ID_PART_RDN_I,
/** DN Qualifier RDN of a DN */
ID_PART_RDN_DNQ,
+ /** dmdName RDN of a DN */
+ ID_PART_RDN_DMDN,
/** Pseudonym RDN of a DN */
ID_PART_RDN_PN,
/** UniqueIdentifier RDN of a DN */
diff --git a/src/libstrongswan/utils/integrity_checker.c b/src/libstrongswan/utils/integrity_checker.c
index b66df02..6f9510b 100644
--- a/src/libstrongswan/utils/integrity_checker.c
+++ b/src/libstrongswan/utils/integrity_checker.c
@@ -56,10 +56,10 @@ struct private_integrity_checker_t {
int checksum_count;
};
-METHOD(integrity_checker_t, build_file, u_int32_t,
+METHOD(integrity_checker_t, build_file, uint32_t,
private_integrity_checker_t *this, char *file, size_t *len)
{
- u_int32_t checksum;
+ uint32_t checksum;
chunk_t *contents;
contents = chunk_map(file, FALSE);
@@ -109,7 +109,7 @@ static int callback(struct dl_phdr_info *dlpi, size_t size, Dl_info *dli)
return 0;
}
-METHOD(integrity_checker_t, build_segment, u_int32_t,
+METHOD(integrity_checker_t, build_segment, uint32_t,
private_integrity_checker_t *this, void *sym, size_t *len)
{
chunk_t segment;
@@ -154,7 +154,7 @@ METHOD(integrity_checker_t, check_file, bool,
private_integrity_checker_t *this, char *name, char *file)
{
integrity_checksum_t *cs;
- u_int32_t sum;
+ uint32_t sum;
size_t len = 0;
cs = find_checksum(this, name);
@@ -188,7 +188,7 @@ METHOD(integrity_checker_t, check_segment, bool,
private_integrity_checker_t *this, char *name, void *sym)
{
integrity_checksum_t *cs;
- u_int32_t sum;
+ uint32_t sum;
size_t len = 0;
cs = find_checksum(this, name);
diff --git a/src/libstrongswan/utils/integrity_checker.h b/src/libstrongswan/utils/integrity_checker.h
index afaa114..2ac21c6 100644
--- a/src/libstrongswan/utils/integrity_checker.h
+++ b/src/libstrongswan/utils/integrity_checker.h
@@ -35,11 +35,11 @@ struct integrity_checksum_t {
/* size in bytes of the file on disk */
size_t file_len;
/* checksum of the file on disk */
- u_int32_t file;
+ uint32_t file;
/* size in bytes of executable segment in memory */
size_t segment_len;
/* checksum of the executable segment in memory */
- u_int32_t segment;
+ uint32_t segment;
};
/**
@@ -66,7 +66,7 @@ struct integrity_checker_t {
* @param len return length in bytes of file
* @return checksum, 0 on error
*/
- u_int32_t (*build_file)(integrity_checker_t *this, char *file, size_t *len);
+ uint32_t (*build_file)(integrity_checker_t *this, char *file, size_t *len);
/**
* Check the integrity of the code segment in memory.
@@ -83,7 +83,7 @@ struct integrity_checker_t {
* @param len return length in bytes of code segment in memory
* @return checksum, 0 on error
*/
- u_int32_t (*build_segment)(integrity_checker_t *this, void *sym, size_t *len);
+ uint32_t (*build_segment)(integrity_checker_t *this, void *sym, size_t *len);
/**
* Check both, on disk file integrity and loaded segment.
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index 99f4843..d0f646c 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -120,17 +120,17 @@ struct memory_header_t {
/**
* Padding to make sizeof(memory_header_t) == 32
*/
- u_int32_t padding[sizeof(void*) == sizeof(u_int32_t) ? 3 : 0];
+ uint32_t padding[sizeof(void*) == sizeof(uint32_t) ? 3 : 0];
/**
* Number of bytes following after the header
*/
- u_int32_t bytes;
+ uint32_t bytes;
/**
* magic bytes to detect bad free or heap underflow, MEMORY_HEADER_MAGIC
*/
- u_int32_t magic;
+ uint32_t magic;
}__attribute__((__packed__));
@@ -142,7 +142,7 @@ struct memory_tail_t {
/**
* Magic bytes to detect heap overflow, MEMORY_TAIL_MAGIC
*/
- u_int32_t magic;
+ uint32_t magic;
}__attribute__((__packed__));
@@ -522,6 +522,7 @@ char *whitelist[] = {
"vsyslog",
"__syslog_chk",
"__vsyslog_chk",
+ "__fprintf_chk",
"getaddrinfo",
"setlocale",
"getpass",
@@ -532,6 +533,7 @@ char *whitelist[] = {
"getpwuid_r",
"initgroups",
"tzset",
+ "_IO_file_doallocate",
/* ignore dlopen, as we do not dlclose to get proper leak reports */
"dlopen",
"dlerror",
@@ -562,6 +564,10 @@ char *whitelist[] = {
"ECDSA_do_sign_ex",
"ECDSA_verify",
"RSA_new_method",
+ /* OpenSSL 1.1.0 does not cleanup anymore until the library is unloaded */
+ "OPENSSL_init_crypto",
+ "CRYPTO_THREAD_lock_new",
+ "ERR_add_error_data",
/* OpenSSL libssl */
"SSL_COMP_get_compression_methods",
/* NSPR */
@@ -808,10 +814,11 @@ HOOK(void*, malloc, size_t bytes)
HOOK(void*, calloc, size_t nmemb, size_t size)
{
void *ptr;
+ volatile size_t total;
- size *= nmemb;
- ptr = malloc(size);
- memset(ptr, 0, size);
+ total = nmemb * size;
+ ptr = malloc(total);
+ memset(ptr, 0, total);
return ptr;
}
@@ -837,6 +844,18 @@ HOOK(void, free, void *ptr)
if (!enabled || thread_disabled->get(thread_disabled))
{
+ /* after deinitialization we might have to free stuff we allocated
+ * while we were enabled */
+ if (!first_header.magic && ptr)
+ {
+ hdr = ptr - sizeof(memory_header_t);
+ tail = ptr + hdr->bytes;
+ if (hdr->magic == MEMORY_HEADER_MAGIC &&
+ tail->magic == MEMORY_TAIL_MAGIC)
+ {
+ ptr = hdr;
+ }
+ }
real_free(ptr);
return;
}
@@ -953,6 +972,7 @@ METHOD(leak_detective_t, destroy, void,
lock->destroy(lock);
thread_disabled->destroy(thread_disabled);
free(this);
+ first_header.magic = 0;
first_header.next = NULL;
}
diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c
index 40cb43d..4deba0f 100644
--- a/src/libstrongswan/utils/utils.c
+++ b/src/libstrongswan/utils/utils.c
@@ -33,7 +33,7 @@
/* This is from the kernel sources. We limit the length of directory names to
* 256 as we only use it to enumerate FDs. */
struct linux_dirent64 {
- u_int64_t d_ino;
+ uint64_t d_ino;
int64_t d_off;
unsigned short d_reclen;
unsigned char d_type;
diff --git a/src/libstrongswan/utils/utils/align.c b/src/libstrongswan/utils/utils/align.c
index 29f110f..ffdb1b5 100644
--- a/src/libstrongswan/utils/utils/align.c
+++ b/src/libstrongswan/utils/utils/align.c
@@ -20,9 +20,9 @@
/**
* Described in header.
*/
-void* malloc_align(size_t size, u_int8_t align)
+void* malloc_align(size_t size, uint8_t align)
{
- u_int8_t pad;
+ uint8_t pad;
void *ptr;
if (align == 0)
@@ -46,7 +46,7 @@ void* malloc_align(size_t size, u_int8_t align)
*/
void free_align(void *ptr)
{
- u_int8_t pad, *pos;
+ uint8_t pad, *pos;
pos = ptr - 1;
/* verify padding to check any corruption */
diff --git a/src/libstrongswan/utils/utils/align.h b/src/libstrongswan/utils/utils/align.h
index 39cde10..a28dc36 100644
--- a/src/libstrongswan/utils/utils/align.h
+++ b/src/libstrongswan/utils/utils/align.h
@@ -74,7 +74,7 @@ static inline size_t round_down(size_t size, size_t alignment)
* @param align alignment, up to 255 bytes, usually a power of 2
* @return allocated hunk, aligned to align bytes
*/
-void* malloc_align(size_t size, u_int8_t align);
+void* malloc_align(size_t size, uint8_t align);
/**
* Free a hunk allocated by malloc_align().
diff --git a/src/libstrongswan/utils/utils/byteorder.h b/src/libstrongswan/utils/utils/byteorder.h
index 3ccbad5..7c7e534 100644
--- a/src/libstrongswan/utils/utils/byteorder.h
+++ b/src/libstrongswan/utils/utils/byteorder.h
@@ -26,7 +26,7 @@
* Architecture independent bitfield definition helpers (at least with GCC).
*
* Defines a bitfield with a type t and a fixed size of bitfield members, e.g.:
- * BITFIELD2(u_int8_t,
+ * BITFIELD2(uint8_t,
* low: 4,
* high: 4,
* ) flags;
@@ -47,9 +47,14 @@
#ifndef le32toh
# if BYTE_ORDER == BIG_ENDIAN
# define le32toh(x) __builtin_bswap32(x)
-# define htole32(x) __builtin_bswap32(x)
# else
# define le32toh(x) (x)
+# endif
+#endif
+#ifndef htole32
+# if BYTE_ORDER == BIG_ENDIAN
+# define htole32(x) __builtin_bswap32(x)
+# else
# define htole32(x) (x)
# endif
#endif
@@ -57,9 +62,14 @@
#ifndef le64toh
# if BYTE_ORDER == BIG_ENDIAN
# define le64toh(x) __builtin_bswap64(x)
-# define htole64(x) __builtin_bswap64(x)
# else
# define le64toh(x) (x)
+# endif
+#endif
+#ifndef htole64
+# if BYTE_ORDER == BIG_ENDIAN
+# define htole64(x) __builtin_bswap64(x)
+# else
# define htole64(x) (x)
# endif
#endif
@@ -67,9 +77,14 @@
#ifndef be64toh
# if BYTE_ORDER == BIG_ENDIAN
# define be64toh(x) (x)
-# define htobe64(x) (x)
# else
# define be64toh(x) __builtin_bswap64(x)
+# endif
+#endif
+#ifndef htobe64
+# if BYTE_ORDER == BIG_ENDIAN
+# define htobe64(x) (x)
+# else
# define htobe64(x) __builtin_bswap64(x)
# endif
#endif
@@ -80,7 +95,7 @@
* @param host host order 16-bit value
* @param network unaligned address to write network order value to
*/
-static inline void htoun16(void *network, u_int16_t host)
+static inline void htoun16(void *network, uint16_t host)
{
char *unaligned = (char*)network;
@@ -94,7 +109,7 @@ static inline void htoun16(void *network, u_int16_t host)
* @param host host order 32-bit value
* @param network unaligned address to write network order value to
*/
-static inline void htoun32(void *network, u_int32_t host)
+static inline void htoun32(void *network, uint32_t host)
{
char *unaligned = (char*)network;
@@ -108,7 +123,7 @@ static inline void htoun32(void *network, u_int32_t host)
* @param host host order 64-bit value
* @param network unaligned address to write network order value to
*/
-static inline void htoun64(void *network, u_int64_t host)
+static inline void htoun64(void *network, uint64_t host)
{
char *unaligned = (char*)network;
@@ -122,10 +137,10 @@ static inline void htoun64(void *network, u_int64_t host)
* @param network unaligned address to read network order value from
* @return host order value
*/
-static inline u_int16_t untoh16(void *network)
+static inline uint16_t untoh16(void *network)
{
char *unaligned = (char*)network;
- u_int16_t tmp;
+ uint16_t tmp;
memcpy(&tmp, unaligned, sizeof(tmp));
return ntohs(tmp);
@@ -137,10 +152,10 @@ static inline u_int16_t untoh16(void *network)
* @param network unaligned address to read network order value from
* @return host order value
*/
-static inline u_int32_t untoh32(void *network)
+static inline uint32_t untoh32(void *network)
{
char *unaligned = (char*)network;
- u_int32_t tmp;
+ uint32_t tmp;
memcpy(&tmp, unaligned, sizeof(tmp));
return ntohl(tmp);
@@ -152,10 +167,10 @@ static inline u_int32_t untoh32(void *network)
* @param network unaligned address to read network order value from
* @return host order value
*/
-static inline u_int64_t untoh64(void *network)
+static inline uint64_t untoh64(void *network)
{
char *unaligned = (char*)network;
- u_int64_t tmp;
+ uint64_t tmp;
memcpy(&tmp, unaligned, sizeof(tmp));
return be64toh(tmp);
@@ -167,9 +182,9 @@ static inline u_int64_t untoh64(void *network)
* @param p unaligned address to read little endian value from
* @return host order value
*/
-static inline u_int32_t uletoh32(void *p)
+static inline uint32_t uletoh32(void *p)
{
- u_int32_t ret;
+ uint32_t ret;
memcpy(&ret, p, sizeof(ret));
ret = le32toh(ret);
@@ -182,7 +197,7 @@ static inline u_int32_t uletoh32(void *p)
* @param p host order 32-bit value
* @param v unaligned address to write little endian value to
*/
-static inline void htoule32(void *p, u_int32_t v)
+static inline void htoule32(void *p, uint32_t v)
{
v = htole32(v);
memcpy(p, &v, sizeof(v));
diff --git a/src/libstrongswan/utils/utils/memory.c b/src/libstrongswan/utils/utils/memory.c
index a153715..30c6f54 100644
--- a/src/libstrongswan/utils/utils/memory.c
+++ b/src/libstrongswan/utils/utils/memory.c
@@ -20,7 +20,7 @@
/**
* Described in header.
*/
-void memxor(u_int8_t dst[], u_int8_t src[], size_t n)
+void memxor(uint8_t dst[], uint8_t src[], size_t n)
{
int m, i;
diff --git a/src/libstrongswan/utils/utils/memory.h b/src/libstrongswan/utils/utils/memory.h
index aef318f..b978e7c 100644
--- a/src/libstrongswan/utils/utils/memory.h
+++ b/src/libstrongswan/utils/utils/memory.h
@@ -80,7 +80,7 @@ static inline void *memset_noop(void *s, int c, size_t n)
/**
* Same as memcpy, but XORs src into dst instead of copy
*/
-void memxor(u_int8_t dest[], u_int8_t src[], size_t n);
+void memxor(uint8_t dest[], uint8_t src[], size_t n);
/**
* Safely overwrite n bytes of memory at ptr with zero, non-inlining variant.
diff --git a/src/libstrongswan/utils/utils/string.h b/src/libstrongswan/utils/utils/string.h
index 60eaaae..562516b 100644
--- a/src/libstrongswan/utils/utils/string.h
+++ b/src/libstrongswan/utils/utils/string.h
@@ -27,7 +27,7 @@
*/
static inline bool streq(const char *x, const char *y)
{
- return strcmp(x, y) == 0;
+ return (x == y) || (x && y && strcmp(x, y) == 0);
}
/**
@@ -35,7 +35,7 @@ static inline bool streq(const char *x, const char *y)
*/
static inline bool strneq(const char *x, const char *y, size_t len)
{
- return strncmp(x, y, len) == 0;
+ return (x == y) || (x && y && strncmp(x, y, len) == 0);
}
/**
@@ -51,7 +51,7 @@ static inline bool strpfx(const char *x, const char *prefix)
*/
static inline bool strcaseeq(const char *x, const char *y)
{
- return strcasecmp(x, y) == 0;
+ return (x == y) || (x && y && strcasecmp(x, y) == 0);
}
/**
@@ -59,7 +59,7 @@ static inline bool strcaseeq(const char *x, const char *y)
*/
static inline bool strncaseeq(const char *x, const char *y, size_t len)
{
- return strncasecmp(x, y, len) == 0;
+ return (x == y) || (x && y && strncasecmp(x, y, len) == 0);
}
/**
diff --git a/src/libstrongswan/utils/utils/time.c b/src/libstrongswan/utils/utils/time.c
index c67ae93..48e5151 100644
--- a/src/libstrongswan/utils/utils/time.c
+++ b/src/libstrongswan/utils/utils/time.c
@@ -121,7 +121,7 @@ int time_delta_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
char* unit = "second";
time_t *arg1 = *((time_t**)(args[0]));
time_t *arg2 = *((time_t**)(args[1]));
- u_int64_t delta = llabs(*arg1 - *arg2);
+ uint64_t delta = llabs(*arg1 - *arg2);
if (delta > 2 * 60 * 60 * 24)
{
diff --git a/src/libstrongswan/utils/utils/types.h b/src/libstrongswan/utils/utils/types.h
index 056c2e0..45b5043 100644
--- a/src/libstrongswan/utils/utils/types.h
+++ b/src/libstrongswan/utils/utils/types.h
@@ -43,19 +43,6 @@
# define TRUE true
#endif /* TRUE */
-/**
- * define some missing fixed width int types on OpenSolaris.
- * TODO: since the uintXX_t types are defined by the C99 standard we should
- * probably use those anyway
- */
-#if defined __sun || defined WIN32
-#include <stdint.h>
-typedef uint8_t u_int8_t;
-typedef uint16_t u_int16_t;
-typedef uint32_t u_int32_t;
-typedef uint64_t u_int64_t;
-#endif
-
#ifdef HAVE_INT128
/**
* 128 bit wide signed integer, if supported
@@ -70,7 +57,7 @@ typedef unsigned __int128 u_int128_t;
# define MAX_UINT_TYPE u_int128_t
#else
# define MAX_INT_TYPE int64_t
-# define MAX_UINT_TYPE u_int64_t
+# define MAX_UINT_TYPE uint64_t
#endif
/**
diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in
index 8d16059..0bd5f74 100644
--- a/src/libtls/Makefile.in
+++ b/src/libtls/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
@USE_WINDOWS_TRUE at am__append_1 = -lws2_32
subdir = src/libtls
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp $(am__nobase_tls_include_HEADERS_DIST)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am \
+ $(am__nobase_tls_include_HEADERS_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -227,6 +237,7 @@ am__define_uniq_tagged_files = \
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -258,6 +269,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -307,6 +319,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -341,6 +354,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -452,6 +466,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -518,7 +533,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtls/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libtls/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -937,6 +951,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \
uninstall-ipseclibLTLIBRARIES \
uninstall-nobase_tls_includeHEADERS
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in
index e57a95f..e00de3f 100644
--- a/src/libtls/tests/Makefile.in
+++ b/src/libtls/tests/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ host_triplet = @host@
TESTS = tls_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libtls/tests
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -197,12 +206,14 @@ am__tty_colors = { \
std='�[m'; \
fi; \
}
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -252,6 +263,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -286,6 +298,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -397,6 +410,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtls/tests/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libtls/tests/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -885,6 +898,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libtls/tests/suites/test_socket.c b/src/libtls/tests/suites/test_socket.c
index 42a4607..d105dd3 100644
--- a/src/libtls/tests/suites/test_socket.c
+++ b/src/libtls/tests/suites/test_socket.c
@@ -267,7 +267,7 @@ END_TEARDOWN
*/
typedef struct {
tls_version_t version;
- u_int16_t port;
+ uint16_t port;
char *addr;
chunk_t data;
int fd;
@@ -411,7 +411,7 @@ static void run_echo_client(echo_server_config_t *config)
/**
* Common test wrapper function for different test variants
*/
-static void test_tls(tls_version_t version, u_int16_t port, bool cauth, u_int i)
+static void test_tls(tls_version_t version, uint16_t port, bool cauth, u_int i)
{
echo_server_config_t *config;
tls_cipher_suite_t *suites;
diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index 08a06f5..ea39f7f 100644
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -83,9 +83,9 @@ ENUM_END(tls_extension_names, TLS_EXT_RENEGOTIATION_INFO);
* TLS record
*/
typedef struct __attribute__((packed)) {
- u_int8_t type;
- u_int16_t version;
- u_int16_t length;
+ uint8_t type;
+ uint16_t version;
+ uint16_t length;
char data[];
} tls_record_t;
diff --git a/src/libtls/tls_aead.c b/src/libtls/tls_aead.c
index 67cfd3a..f1daa6f 100644
--- a/src/libtls/tls_aead.c
+++ b/src/libtls/tls_aead.c
@@ -44,18 +44,18 @@ struct private_tls_aead_t {
* Associated header data to create signature over
*/
typedef struct __attribute__((__packed__)) {
- u_int64_t seq;
- u_int8_t type;
- u_int16_t version;
- u_int16_t length;
+ uint64_t seq;
+ uint8_t type;
+ uint16_t version;
+ uint16_t length;
} sigheader_t;
METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type,
- u_int64_t seq, chunk_t *data)
+ uint64_t seq, chunk_t *data)
{
chunk_t assoc, encrypted, iv, plain;
- u_int8_t icvlen;
+ uint8_t icvlen;
sigheader_t hdr;
iv_gen_t *gen;
@@ -92,10 +92,10 @@ METHOD(tls_aead_t, encrypt, bool,
METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type,
- u_int64_t seq, chunk_t *data)
+ uint64_t seq, chunk_t *data)
{
chunk_t assoc, iv;
- u_int8_t icvlen;
+ uint8_t icvlen;
sigheader_t hdr;
iv.len = this->aead->get_iv_size(this->aead);
diff --git a/src/libtls/tls_aead.h b/src/libtls/tls_aead.h
index 1d5ba92..8b5cda5 100644
--- a/src/libtls/tls_aead.h
+++ b/src/libtls/tls_aead.h
@@ -50,7 +50,7 @@ struct tls_aead_t {
* @return TRUE if successfully encrypted
*/
bool (*encrypt)(tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, u_int64_t seq, chunk_t *data);
+ tls_content_type_t type, uint64_t seq, chunk_t *data);
/**
* Decrypt and verify a TLS record.
@@ -65,7 +65,7 @@ struct tls_aead_t {
* @return TRUE if successfully decrypted
*/
bool (*decrypt)(tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, u_int64_t seq, chunk_t *data);
+ tls_content_type_t type, uint64_t seq, chunk_t *data);
/**
* Get the authentication key size.
diff --git a/src/libtls/tls_aead_expl.c b/src/libtls/tls_aead_expl.c
index 80b0db3..201c9bc 100644
--- a/src/libtls/tls_aead_expl.c
+++ b/src/libtls/tls_aead_expl.c
@@ -49,18 +49,18 @@ struct private_tls_aead_t {
* Associated header data to create signature over
*/
typedef struct __attribute__((__packed__)) {
- u_int64_t seq;
- u_int8_t type;
- u_int16_t version;
- u_int16_t length;
+ uint64_t seq;
+ uint8_t type;
+ uint16_t version;
+ uint16_t length;
} sigheader_t;
METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type,
- u_int64_t seq, chunk_t *data)
+ uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac, padding, iv;
- u_int8_t bs, padlen;
+ uint8_t bs, padlen;
sigheader_t hdr;
hdr.type = type;
@@ -100,10 +100,10 @@ METHOD(tls_aead_t, encrypt, bool,
METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type,
- u_int64_t seq, chunk_t *data)
+ uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac, iv;
- u_int8_t bs, padlen;
+ uint8_t bs, padlen;
sigheader_t hdr;
size_t i;
diff --git a/src/libtls/tls_aead_impl.c b/src/libtls/tls_aead_impl.c
index d529ceb..8f83cb4 100644
--- a/src/libtls/tls_aead_impl.c
+++ b/src/libtls/tls_aead_impl.c
@@ -47,18 +47,18 @@ struct private_tls_aead_t {
* Associated header data to create signature over
*/
typedef struct __attribute__((__packed__)) {
- u_int64_t seq;
- u_int8_t type;
- u_int16_t version;
- u_int16_t length;
+ uint64_t seq;
+ uint8_t type;
+ uint16_t version;
+ uint16_t length;
} sigheader_t;
METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, u_int64_t seq, chunk_t *data)
+ tls_content_type_t type, uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac, padding;
- u_int8_t bs, padlen;
+ uint8_t bs, padlen;
sigheader_t hdr;
hdr.type = type;
@@ -95,10 +95,10 @@ METHOD(tls_aead_t, encrypt, bool,
METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, u_int64_t seq, chunk_t *data)
+ tls_content_type_t type, uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac, iv;
- u_int8_t bs, padlen;
+ uint8_t bs, padlen;
sigheader_t hdr;
size_t i;
diff --git a/src/libtls/tls_aead_null.c b/src/libtls/tls_aead_null.c
index 595b640..cb4c106 100644
--- a/src/libtls/tls_aead_null.c
+++ b/src/libtls/tls_aead_null.c
@@ -37,15 +37,15 @@ struct private_tls_aead_t {
* Associated header data to create signature over
*/
typedef struct __attribute__((__packed__)) {
- u_int64_t seq;
- u_int8_t type;
- u_int16_t version;
- u_int16_t length;
+ uint64_t seq;
+ uint8_t type;
+ uint16_t version;
+ uint16_t length;
} sigheader_t;
METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, u_int64_t seq, chunk_t *data)
+ tls_content_type_t type, uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac;
sigheader_t hdr;
@@ -67,7 +67,7 @@ METHOD(tls_aead_t, encrypt, bool,
METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, u_int64_t seq, chunk_t *data)
+ tls_content_type_t type, uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac;
sigheader_t hdr;
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 2cffeb8..6bbd958 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1340,7 +1340,7 @@ METHOD(tls_crypto_t, set_protection, void,
METHOD(tls_crypto_t, append_handshake, void,
private_tls_crypto_t *this, tls_handshake_type_t type, chunk_t data)
{
- u_int32_t header;
+ uint32_t header;
/* reconstruct handshake header */
header = htonl(data.len | (type << 24));
@@ -1407,7 +1407,7 @@ METHOD(tls_crypto_t, sign, bool,
{
signature_scheme_t scheme;
bio_reader_t *reader;
- u_int8_t hash, alg;
+ uint8_t hash, alg;
chunk_t sig;
bool done = FALSE;
@@ -1487,7 +1487,7 @@ METHOD(tls_crypto_t, verify, bool,
if (this->tls->get_version(this->tls) >= TLS_1_2)
{
signature_scheme_t scheme = SIGN_UNKNOWN;
- u_int8_t hash, alg;
+ uint8_t hash, alg;
chunk_t sig;
if (!reader->read_uint8(reader, &hash) ||
diff --git a/src/libtls/tls_fragmentation.c b/src/libtls/tls_fragmentation.c
index a97ca1e..3607aa3 100644
--- a/src/libtls/tls_fragmentation.c
+++ b/src/libtls/tls_fragmentation.c
@@ -127,7 +127,7 @@ static bool send_close_notify(private_tls_fragmentation_t *this)
static status_t process_alert(private_tls_fragmentation_t *this,
bio_reader_t *reader)
{
- u_int8_t level, description;
+ uint8_t level, description;
if (!reader->read_uint8(reader, &level) ||
!reader->read_uint8(reader, &description))
@@ -147,8 +147,8 @@ static status_t process_handshake(private_tls_fragmentation_t *this,
while (reader->remaining(reader))
{
bio_reader_t *msg;
- u_int8_t type;
- u_int32_t len;
+ uint8_t type;
+ uint32_t len;
status_t status;
chunk_t data;
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index 8087e2e..2ba6dd2 100644
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -141,8 +141,8 @@ struct private_tls_peer_t {
static status_t process_server_hello(private_tls_peer_t *this,
bio_reader_t *reader)
{
- u_int8_t compression;
- u_int16_t version, cipher;
+ uint8_t compression;
+ uint16_t version, cipher;
chunk_t random, session, ext = chunk_empty;
tls_cipher_suite_t suite = 0;
@@ -434,8 +434,8 @@ static status_t process_ec_key_exchange(private_tls_peer_t *this,
{
diffie_hellman_group_t group;
public_key_t *public;
- u_int8_t type;
- u_int16_t curve;
+ uint8_t type;
+ uint16_t curve;
chunk_t pub, chunk;
chunk = reader->peek(reader);
@@ -833,7 +833,7 @@ static private_key_t *find_private_key(private_tls_peer_t *this)
private_key_t *key = NULL;
bio_reader_t *reader;
key_type_t type;
- u_int8_t cert;
+ uint8_t cert;
if (!this->peer)
{
diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c
index e73fedc..cea3eca 100644
--- a/src/libtls/tls_protection.c
+++ b/src/libtls/tls_protection.c
@@ -47,12 +47,12 @@ struct private_tls_protection_t {
/**
* Sequence number of incoming records
*/
- u_int64_t seq_in;
+ uint64_t seq_in;
/**
* Sequence number for outgoing records
*/
- u_int64_t seq_out;
+ uint64_t seq_out;
/**
* AEAD transform for inbound traffic
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index cfbe020..422211a 100644
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -213,7 +213,7 @@ static bool select_suite_and_key(private_tls_server_t *this,
static status_t process_client_hello(private_tls_server_t *this,
bio_reader_t *reader)
{
- u_int16_t version, extension;
+ uint16_t version, extension;
chunk_t random, session, ciphers, compression, ext = chunk_empty;
bio_reader_t *extensions;
tls_cipher_suite_t *suites;
@@ -304,12 +304,12 @@ static status_t process_client_hello(private_tls_server_t *this,
}
else
{
- count = ciphers.len / sizeof(u_int16_t);
+ count = ciphers.len / sizeof(uint16_t);
suites = alloca(count * sizeof(tls_cipher_suite_t));
DBG2(DBG_TLS, "received %d TLS cipher suites:", count);
for (i = 0; i < count; i++)
{
- suites[i] = untoh16(&ciphers.ptr[i * sizeof(u_int16_t)]);
+ suites[i] = untoh16(&ciphers.ptr[i * sizeof(uint16_t)]);
DBG2(DBG_TLS, " %N", tls_cipher_suite_names, suites[i]);
}
if (!select_suite_and_key(this, suites, count))
@@ -831,7 +831,7 @@ static tls_named_curve_t ec_group_to_curve(private_tls_server_t *this,
bool peer_supports_curve(private_tls_server_t *this, tls_named_curve_t curve)
{
bio_reader_t *reader;
- u_int16_t current;
+ uint16_t current;
if (!this->curves_received)
{ /* none received, assume yes */
diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in
index 85d2581..af02b75 100644
--- a/src/libtnccs/Makefile.in
+++ b/src/libtnccs/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -92,8 +102,6 @@ host_triplet = @host@
@USE_TNCCS_DYNAMIC_TRUE at am__append_12 = plugins/tnccs_dynamic
@MONOLITHIC_TRUE@@USE_TNCCS_DYNAMIC_TRUE at am__append_13 = plugins/tnccs_dynamic/libstrongswan-tnccs-dynamic.la
subdir = src/libtnccs
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -107,6 +115,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -232,6 +241,7 @@ ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = . plugins/tnc_tnccs plugins/tnc_imc plugins/tnc_imv \
plugins/tnccs_11 plugins/tnccs_20 plugins/tnccs_dynamic
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -263,6 +273,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -312,6 +323,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -346,6 +358,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -457,6 +470,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -533,7 +547,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libtnccs/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -952,6 +965,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipseclibLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in
index 963e1f0..d93bded 100644
--- a/src/libtnccs/plugins/tnc_imc/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imc/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libtnccs/plugins/tnc_imc
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imc/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -785,6 +798,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in
index f77db91..3987e79 100644
--- a/src/libtnccs/plugins/tnc_imv/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imv/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libtnccs/plugins/tnc_imv
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -406,6 +419,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -471,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imv/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imv/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -788,6 +801,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
index 577f537..b4357b9 100644
--- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in
+++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libtnccs/plugins/tnc_tnccs
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_tnccs/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_tnccs/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -783,6 +796,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
index 67c33ee..5ac2c85 100644
--- a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
+++ b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
@@ -87,7 +87,7 @@ struct tnccs_connection_entry_t {
/**
* Maximum size of a PA-TNC message
*/
- u_int32_t max_msg_len;
+ uint32_t max_msg_len;
/**
* collection of IMV recommendations
@@ -199,7 +199,7 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*,
METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID,
private_tnc_tnccs_manager_t *this, tnccs_type_t type, tnccs_t *tnccs,
tnccs_send_message_t send_message, bool* request_handshake_retry,
- u_int32_t max_msg_len, recommendations_t **recs)
+ uint32_t max_msg_len, recommendations_t **recs)
{
tnccs_connection_entry_t *entry;
@@ -414,14 +414,14 @@ static TNC_Result bool_attribute(TNC_UInt32 buffer_len,
}
/**
- * Write the value of an u_int32_t attribute into the buffer
+ * Write the value of an uint32_t attribute into the buffer
*/
static TNC_Result uint_attribute(TNC_UInt32 buffer_len,
TNC_BufferReference buffer,
TNC_UInt32 *value_len,
- u_int32_t value)
+ uint32_t value)
{
- *value_len = sizeof(u_int32_t);
+ *value_len = sizeof(uint32_t);
if (buffer && buffer_len >= *value_len)
{
@@ -465,7 +465,7 @@ static TNC_Result identity_attribute(TNC_UInt32 buffer_len,
{
bio_writer_t *writer;
enumerator_t *enumerator;
- u_int32_t count;
+ uint32_t count;
chunk_t value;
tncif_identity_t *tnc_id;
TNC_Result result = TNC_RESULT_INVALID_PARAMETER;
@@ -721,7 +721,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
host_t *peer_ip;
tnccs_t *tnccs;
tncif_identity_t *tnc_id;
- u_int32_t id_type, subject_type;
+ uint32_t id_type, subject_type;
chunk_t id_value;
char *id_str;
TNC_Result result;
diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in
index ec5de0f..653e1f4 100644
--- a/src/libtnccs/plugins/tnccs_11/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_11/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -83,8 +93,6 @@ host_triplet = @host@
@MONOLITHIC_FALSE@ $(top_builddir)/src/libtnccs/libtnccs.la
subdir = src/libtnccs/plugins/tnccs_11
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -98,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -215,12 +224,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -270,6 +281,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -304,6 +316,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -415,6 +428,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -484,7 +498,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_11/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_11/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -844,6 +857,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libtnccs/plugins/tnccs_11/tnccs_11.c b/src/libtnccs/plugins/tnccs_11/tnccs_11.c
index 0918a2b..5c34d57 100644
--- a/src/libtnccs/plugins/tnccs_11/tnccs_11.c
+++ b/src/libtnccs/plugins/tnccs_11/tnccs_11.c
@@ -79,7 +79,7 @@ struct private_tnccs_11_t {
/**
* Type of TNC client authentication
*/
- u_int32_t auth_type;
+ uint32_t auth_type;
/**
* Connection ID assigned to this TNCCS connection
@@ -205,7 +205,7 @@ static void handle_message(private_tnccs_11_t *this, tnccs_msg_t *msg)
imc_imv_msg_t *imc_imv_msg;
TNC_MessageType msg_type;
chunk_t msg_body;
- u_int32_t msg_vid, msg_subtype;
+ uint32_t msg_vid, msg_subtype;
enum_name_t *pa_subtype_names;
imc_imv_msg = (imc_imv_msg_t*)msg;
@@ -622,20 +622,20 @@ METHOD(tnccs_t, set_transport, void,
this->transport = transport;
}
-METHOD(tnccs_t, get_auth_type, u_int32_t,
+METHOD(tnccs_t, get_auth_type, uint32_t,
private_tnccs_11_t *this)
{
return this->auth_type;
}
METHOD(tnccs_t, set_auth_type, void,
- private_tnccs_11_t *this, u_int32_t auth_type)
+ private_tnccs_11_t *this, uint32_t auth_type)
{
this->auth_type = auth_type;
}
METHOD(tnccs_t, get_pdp_server, chunk_t,
- private_tnccs_11_t *this, u_int16_t *port)
+ private_tnccs_11_t *this, uint16_t *port)
{
*port = 0;
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in
index 5037a95..1a50c7b 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libtnccs/plugins/tnccs_20
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -218,12 +227,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -273,6 +284,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -307,6 +319,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -418,6 +431,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -497,7 +511,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_20/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_20/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -926,6 +939,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c
index b239c20..2663e39 100644
--- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c
+++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c
@@ -122,7 +122,7 @@ struct private_pb_tnc_batch_t {
/**
* Offset into encoding (used for error reporting)
*/
- u_int32_t offset;
+ uint32_t offset;
};
METHOD(pb_tnc_batch_t, get_type, pb_tnc_batch_type_t,
@@ -179,8 +179,8 @@ METHOD(pb_tnc_batch_t, add_msg, bool,
METHOD(pb_tnc_batch_t, build, void,
private_pb_tnc_batch_t *this)
{
- u_int8_t version;
- u_int32_t msg_len;
+ uint8_t version;
+ uint32_t msg_len;
chunk_t msg_value;
enumerator_t *enumerator;
pen_type_t msg_type;
@@ -205,7 +205,7 @@ METHOD(pb_tnc_batch_t, build, void,
enumerator = this->messages->create_enumerator(this->messages);
while (enumerator->enumerate(enumerator, &msg))
{
- u_int8_t flags = PB_TNC_FLAG_NONE;
+ uint8_t flags = PB_TNC_FLAG_NONE;
/* build PB-TNC message */
msg_value = msg->get_encoding(msg);
@@ -247,8 +247,8 @@ METHOD(pb_tnc_batch_t, process_header, status_t,
bio_reader_t *reader;
pb_tnc_msg_t *msg;
pb_error_msg_t *err_msg;
- u_int8_t version, flags, reserved, type;
- u_int32_t batch_len;
+ uint8_t version, flags, reserved, type;
+ uint32_t batch_len;
if (this->encoding.len < PB_TNC_BATCH_HEADER_SIZE)
{
@@ -324,8 +324,8 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
bio_reader_t *reader;
pb_tnc_msg_t *pb_tnc_msg, *msg;
pb_tnc_msg_info_t *msg_infos;
- u_int8_t flags;
- u_int32_t vendor_id, msg_type, msg_len, offset;
+ uint8_t flags;
+ uint32_t vendor_id, msg_type, msg_len, offset;
chunk_t data, msg_value;
bool noskip_flag;
enum_name_t *msg_type_names;
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c
index 5c4b5ae..f306540 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c
@@ -57,7 +57,7 @@ struct private_pb_access_recommendation_msg_t {
/**
* Access recommendation code
*/
- u_int16_t recommendation;
+ uint16_t recommendation;
/**
* Encoded message
@@ -95,10 +95,10 @@ METHOD(pb_tnc_msg_t, build, void,
}
METHOD(pb_tnc_msg_t, process, status_t,
- private_pb_access_recommendation_msg_t *this, u_int32_t *offset)
+ private_pb_access_recommendation_msg_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int16_t reserved;
+ uint16_t reserved;
reader = bio_reader_create(this->encoding);
reader->read_uint16(reader, &reserved);
@@ -124,7 +124,7 @@ METHOD(pb_tnc_msg_t, destroy, void,
free(this);
}
-METHOD(pb_access_recommendation_msg_t, get_access_recommendation, u_int16_t,
+METHOD(pb_access_recommendation_msg_t, get_access_recommendation, uint16_t,
private_pb_access_recommendation_msg_t *this)
{
return this->recommendation;
@@ -158,7 +158,7 @@ pb_tnc_msg_t *pb_access_recommendation_msg_create_from_data(chunk_t data)
/**
* See header
*/
-pb_tnc_msg_t *pb_access_recommendation_msg_create(u_int16_t recommendation)
+pb_tnc_msg_t *pb_access_recommendation_msg_create(uint16_t recommendation)
{
private_pb_access_recommendation_msg_t *this;
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h
index d0dc635..84b8d1a 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h
@@ -56,7 +56,7 @@ struct pb_access_recommendation_msg_t {
*
* @return PB Access Recommendation
*/
- u_int16_t (*get_access_recommendation)(pb_access_recommendation_msg_t *this);
+ uint16_t (*get_access_recommendation)(pb_access_recommendation_msg_t *this);
};
/**
@@ -64,7 +64,7 @@ struct pb_access_recommendation_msg_t {
*
* @param recommendation Access Recommendation code
*/
-pb_tnc_msg_t* pb_access_recommendation_msg_create(u_int16_t recommendation);
+pb_tnc_msg_t* pb_access_recommendation_msg_create(uint16_t recommendation);
/**
* Create an unprocessed PB-Access-Recommendation message from raw data
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c
index e234935..a4cdb7e 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c
@@ -53,7 +53,7 @@ struct private_pb_assessment_result_msg_t {
/**
* Assessment result code
*/
- u_int32_t assessment_result;
+ uint32_t assessment_result;
/**
* Encoded message
@@ -90,7 +90,7 @@ METHOD(pb_tnc_msg_t, build, void,
}
METHOD(pb_tnc_msg_t, process, status_t,
- private_pb_assessment_result_msg_t *this, u_int32_t *offset)
+ private_pb_assessment_result_msg_t *this, uint32_t *offset)
{
bio_reader_t *reader;
@@ -117,7 +117,7 @@ METHOD(pb_tnc_msg_t, destroy, void,
free(this);
}
-METHOD(pb_assessment_result_msg_t, get_assessment_result, u_int32_t,
+METHOD(pb_assessment_result_msg_t, get_assessment_result, uint32_t,
private_pb_assessment_result_msg_t *this)
{
return this->assessment_result;
@@ -151,7 +151,7 @@ pb_tnc_msg_t *pb_assessment_result_msg_create_from_data(chunk_t data)
/**
* See header
*/
-pb_tnc_msg_t *pb_assessment_result_msg_create(u_int32_t assessment_result)
+pb_tnc_msg_t *pb_assessment_result_msg_create(uint32_t assessment_result)
{
private_pb_assessment_result_msg_t *this;
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h
index 11cfdbe..25f9f9f 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h
@@ -40,7 +40,7 @@ struct pb_assessment_result_msg_t {
*
* @return PB Assessment result
*/
- u_int32_t (*get_assessment_result)(pb_assessment_result_msg_t *this);
+ uint32_t (*get_assessment_result)(pb_assessment_result_msg_t *this);
};
/**
@@ -48,7 +48,7 @@ struct pb_assessment_result_msg_t {
*
* @param assessment_result Assessment result code
*/
-pb_tnc_msg_t* pb_assessment_result_msg_create(u_int32_t assessment_result);
+pb_tnc_msg_t* pb_assessment_result_msg_create(uint32_t assessment_result);
/**
* Create an unprocessed PB-Assessment-Result message from raw data
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c
index d9910f6..05621b7 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c
@@ -75,22 +75,22 @@ struct private_pb_error_msg_t {
/**
* PB Error Code Vendor ID
*/
- u_int32_t vendor_id;
+ uint32_t vendor_id;
/**
* PB Error Code
*/
- u_int16_t error_code;
+ uint16_t error_code;
/**
* PB Error Offset
*/
- u_int32_t error_offset;
+ uint32_t error_offset;
/**
* Bad PB-TNC version received
*/
- u_int8_t bad_version;
+ uint8_t bad_version;
/**
* Encoded message
@@ -153,10 +153,10 @@ METHOD(pb_tnc_msg_t, build, void,
}
METHOD(pb_tnc_msg_t, process, status_t,
- private_pb_error_msg_t *this, u_int32_t *offset)
+ private_pb_error_msg_t *this, uint32_t *offset)
{
- u_int8_t flags, max_version, min_version;
- u_int16_t reserved;
+ uint8_t flags, max_version, min_version;
+ uint16_t reserved;
bio_reader_t *reader;
if (this->encoding.len < ERROR_HEADER_SIZE)
@@ -216,32 +216,32 @@ METHOD(pb_error_msg_t, get_fatal_flag, bool,
return this->fatal;
}
-METHOD(pb_error_msg_t, get_vendor_id, u_int32_t,
+METHOD(pb_error_msg_t, get_vendor_id, uint32_t,
private_pb_error_msg_t *this)
{
return this->vendor_id;
}
-METHOD(pb_error_msg_t, get_error_code, u_int16_t,
+METHOD(pb_error_msg_t, get_error_code, uint16_t,
private_pb_error_msg_t *this)
{
return this->error_code;
}
-METHOD(pb_error_msg_t, get_offset, u_int32_t,
+METHOD(pb_error_msg_t, get_offset, uint32_t,
private_pb_error_msg_t *this)
{
return this->error_offset;
}
-METHOD(pb_error_msg_t, get_bad_version, u_int8_t,
+METHOD(pb_error_msg_t, get_bad_version, uint8_t,
private_pb_error_msg_t *this)
{
return this->bad_version;
}
METHOD(pb_error_msg_t, set_bad_version, void,
- private_pb_error_msg_t *this, u_int8_t version)
+ private_pb_error_msg_t *this, uint8_t version)
{
this->bad_version = version;
}
@@ -249,7 +249,7 @@ METHOD(pb_error_msg_t, set_bad_version, void,
/**
* See header
*/
-pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id,
+pb_tnc_msg_t* pb_error_msg_create(bool fatal, uint32_t vendor_id,
pb_tnc_error_code_t error_code)
{
private_pb_error_msg_t *this;
@@ -284,9 +284,9 @@ pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id,
/**
* See header
*/
-pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, u_int32_t vendor_id,
+pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, uint32_t vendor_id,
pb_tnc_error_code_t error_code,
- u_int32_t error_offset)
+ uint32_t error_offset)
{
private_pb_error_msg_t *this;
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h
index 9c0ad82..34fc208 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h
@@ -64,35 +64,35 @@ struct pb_error_msg_t {
*
* @return PB Error Code Vendor ID
*/
- u_int32_t (*get_vendor_id)(pb_error_msg_t *this);
+ uint32_t (*get_vendor_id)(pb_error_msg_t *this);
/**
* Get PB Error Code
*
* @return PB Error Code
*/
- u_int16_t (*get_error_code)(pb_error_msg_t *this);
+ uint16_t (*get_error_code)(pb_error_msg_t *this);
/**
* Get the PB Error Offset
*
* @return PB Error Offset
*/
- u_int32_t (*get_offset)(pb_error_msg_t *this);
+ uint32_t (*get_offset)(pb_error_msg_t *this);
/**
* Get the PB Bad Version
*
* @return PB Bad Version
*/
- u_int8_t (*get_bad_version)(pb_error_msg_t *this);
+ uint8_t (*get_bad_version)(pb_error_msg_t *this);
/**
* Set the PB Bad Version
*
* @param version PB Bad Version
*/
- void (*set_bad_version)(pb_error_msg_t *this, u_int8_t version);
+ void (*set_bad_version)(pb_error_msg_t *this, uint8_t version);
};
/**
@@ -102,7 +102,7 @@ struct pb_error_msg_t {
* @param vendor_id Error Code Vendor ID
* @param error_code Error Code
*/
-pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id,
+pb_tnc_msg_t* pb_error_msg_create(bool fatal, uint32_t vendor_id,
pb_tnc_error_code_t error_code);
/**
@@ -113,9 +113,9 @@ pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id,
* @param error_code Error Code
* @param error_offset Error Offset
*/
-pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, u_int32_t vendor_id,
+pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, uint32_t vendor_id,
pb_tnc_error_code_t error_code,
- u_int32_t error_offset);
+ uint32_t error_offset);
/**
* Create an unprocessed PB-Error message from raw data
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c
index c629088..da834ab 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c
@@ -57,7 +57,7 @@ METHOD(pb_tnc_msg_t, build, void,
}
METHOD(pb_tnc_msg_t, process, status_t,
- private_pb_experimental_msg_t *this, u_int32_t *offset)
+ private_pb_experimental_msg_t *this, uint32_t *offset)
{
return SUCCESS;
}
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c
index f14f289..1a288ab 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c
@@ -85,7 +85,7 @@ METHOD(pb_tnc_msg_t, build, void,
}
METHOD(pb_tnc_msg_t, process, status_t,
- private_pb_language_preference_msg_t *this, u_int32_t *offset)
+ private_pb_language_preference_msg_t *this, uint32_t *offset)
{
chunk_t lang;
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c
index 263af32..2c7aa89 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c
@@ -75,12 +75,12 @@ struct private_pb_pa_msg_t {
/**
* Posture Validator Identifier
*/
- u_int16_t collector_id;
+ uint16_t collector_id;
/**
* Posture Validator Identifier
*/
- u_int16_t validator_id;
+ uint16_t validator_id;
/**
* PA Message Body
@@ -131,9 +131,9 @@ METHOD(pb_tnc_msg_t, build, void,
}
METHOD(pb_tnc_msg_t, process, status_t,
- private_pb_pa_msg_t *this, u_int32_t *offset)
+ private_pb_pa_msg_t *this, uint32_t *offset)
{
- u_int8_t flags;
+ uint8_t flags;
size_t msg_body_len;
bio_reader_t *reader;
@@ -186,13 +186,13 @@ METHOD(pb_pa_msg_t, get_subtype, pen_type_t,
return this->subtype;
}
-METHOD(pb_pa_msg_t, get_collector_id, u_int16_t,
+METHOD(pb_pa_msg_t, get_collector_id, uint16_t,
private_pb_pa_msg_t *this)
{
return this->collector_id;
}
-METHOD(pb_pa_msg_t, get_validator_id, u_int16_t,
+METHOD(pb_pa_msg_t, get_validator_id, uint16_t,
private_pb_pa_msg_t *this)
{
return this->validator_id;
@@ -241,8 +241,8 @@ pb_tnc_msg_t *pb_pa_msg_create_from_data(chunk_t data)
/**
* See header
*/
-pb_tnc_msg_t *pb_pa_msg_create(u_int32_t vendor_id, u_int32_t subtype,
- u_int16_t collector_id, u_int16_t validator_id,
+pb_tnc_msg_t *pb_pa_msg_create(uint32_t vendor_id, uint32_t subtype,
+ uint16_t collector_id, uint16_t validator_id,
bool excl, chunk_t msg_body)
{
private_pb_pa_msg_t *this;
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h
index f3b6b15..f73f116 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h
@@ -51,14 +51,14 @@ struct pb_pa_msg_t {
*
* @return Posture Collector ID
*/
- u_int16_t (*get_collector_id)(pb_pa_msg_t *this);
+ uint16_t (*get_collector_id)(pb_pa_msg_t *this);
/**
* Get Posture Validator ID
*
* @return Posture Validator ID
*/
- u_int16_t (*get_validator_id)(pb_pa_msg_t *this);
+ uint16_t (*get_validator_id)(pb_pa_msg_t *this);
/**
* Get the PA Message Body
@@ -86,8 +86,8 @@ struct pb_pa_msg_t {
* @param excl Exclusive Flag
* @param msg_body PA Message Body
*/
-pb_tnc_msg_t *pb_pa_msg_create(u_int32_t vendor_id, u_int32_t subtype,
- u_int16_t collector_id, u_int16_t validator_id,
+pb_tnc_msg_t *pb_pa_msg_create(uint32_t vendor_id, uint32_t subtype,
+ uint16_t collector_id, uint16_t validator_id,
bool excl, chunk_t msg_body);
/**
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c
index cafc4ec..25291d5 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c
@@ -97,7 +97,7 @@ METHOD(pb_tnc_msg_t, build, void,
}
METHOD(pb_tnc_msg_t, process, status_t,
- private_pb_reason_string_msg_t *this, u_int32_t *offset)
+ private_pb_reason_string_msg_t *this, uint32_t *offset)
{
bio_reader_t *reader;
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c
index 8dc5906..9eae707 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c
@@ -123,10 +123,10 @@ METHOD(pb_tnc_msg_t, build, void,
}
METHOD(pb_tnc_msg_t, process, status_t,
- private_pb_remediation_parameters_msg_t *this, u_int32_t *offset)
+ private_pb_remediation_parameters_msg_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int8_t reserved;
+ uint8_t reserved;
status_t status = SUCCESS;
u_char *pos;
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c
index 1f35cae..c317520 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c
@@ -95,7 +95,7 @@ METHOD(pb_tnc_msg_t, build, void,
}
METHOD(pb_tnc_msg_t, process, status_t,
- private_pb_mutual_capability_msg_t *this, u_int32_t *offset)
+ private_pb_mutual_capability_msg_t *this, uint32_t *offset)
{
bio_reader_t *reader;
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c
index c95222e..4e8be79 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c
@@ -57,7 +57,7 @@ METHOD(pb_tnc_msg_t, build, void,
}
METHOD(pb_tnc_msg_t, process, status_t,
- private_pb_noskip_test_msg_t *this, u_int32_t *offset)
+ private_pb_noskip_test_msg_t *this, uint32_t *offset)
{
return SUCCESS;
}
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h b/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h
index 3952843..cfa92aa 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h
@@ -82,7 +82,7 @@ extern enum_name_t *pb_tnc_ita_msg_type_names;
* Information entry describing a PB-TNC Message Type
*/
struct pb_tnc_msg_info_t {
- u_int32_t min_size;
+ uint32_t min_size;
bool exact_size;
bool in_result_batch;
signed char has_noskip_flag;
@@ -138,7 +138,7 @@ struct pb_tnc_msg_t {
* @param relative offset where an error occurred
* @return return processing status
*/
- status_t (*process)(pb_tnc_msg_t *this, u_int32_t *offset);
+ status_t (*process)(pb_tnc_msg_t *this, uint32_t *offset);
/**
* Get a new reference to the message.
diff --git a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c
index 1c8538e..7c518e8 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c
@@ -117,12 +117,12 @@ struct private_pb_pdp_referral_msg_t {
/**
* PT protocol the PDP is using
*/
- u_int8_t protocol;
+ uint8_t protocol;
/**
* PT port the PDP is using
*/
- u_int16_t port;
+ uint16_t port;
/**
* Encoded message
@@ -163,10 +163,10 @@ METHOD(pb_tnc_msg_t, build, void,
}
METHOD(pb_tnc_msg_t, process, status_t,
- private_pb_pdp_referral_msg_t *this, u_int32_t *offset)
+ private_pb_pdp_referral_msg_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int8_t reserved;
+ uint8_t reserved;
*offset = 0;
@@ -223,7 +223,7 @@ METHOD(pb_pdp_referral_msg_t, get_identifier, chunk_t,
}
METHOD(pb_pdp_referral_msg_t, get_fqdn, chunk_t,
- private_pb_pdp_referral_msg_t *this, u_int8_t *protocol, u_int16_t *port)
+ private_pb_pdp_referral_msg_t *this, uint8_t *protocol, uint16_t *port)
{
if (protocol)
{
@@ -267,7 +267,7 @@ pb_tnc_msg_t* pb_pdp_referral_msg_create(pen_type_t identifier_type,
/**
* See header
*/
-pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, u_int16_t port)
+pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, uint16_t port)
{
pb_tnc_msg_t *msg;
bio_writer_t *writer;
diff --git a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h
index b225f33..0923c8b 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h
@@ -74,8 +74,8 @@ struct pb_pdp_referral_msg_t {
* @param port PT port the PDP is listening on
* @return Fully Qualified Domain Name of PDP
*/
- chunk_t (*get_fqdn)(pb_pdp_referral_msg_t *this, u_int8_t *protocol,
- u_int16_t *port);
+ chunk_t (*get_fqdn)(pb_pdp_referral_msg_t *this, uint8_t *protocol,
+ uint16_t *port);
};
@@ -94,7 +94,7 @@ pb_tnc_msg_t* pb_pdp_referral_msg_create(pen_type_t identifier_type,
* @param fqdn Fully Qualified Domain Name of PDP
* @param port PT-TLS port the PDP is listening on
*/
-pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, u_int16_t port);
+pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, uint16_t port);
/**
* Create an unprocessed PB-PDP-Referral message from raw data
diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
index 35d2978..041faa3 100644
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
@@ -77,7 +77,7 @@ struct private_tnccs_20_t {
/**
* Type of TNC client authentication
*/
- u_int32_t auth_type;
+ uint32_t auth_type;
/**
* Mutual PB-TNC protocol enabled
@@ -423,20 +423,20 @@ METHOD(tnccs_t, set_transport, void,
this->transport = transport;
}
-METHOD(tnccs_t, get_auth_type, u_int32_t,
+METHOD(tnccs_t, get_auth_type, uint32_t,
private_tnccs_20_t *this)
{
return this->auth_type;
}
METHOD(tnccs_t, set_auth_type, void,
- private_tnccs_20_t *this, u_int32_t auth_type)
+ private_tnccs_20_t *this, uint32_t auth_type)
{
this->auth_type = auth_type;
}
METHOD(tnccs_t, get_pdp_server, chunk_t,
- private_tnccs_20_t *this, u_int16_t *port)
+ private_tnccs_20_t *this, uint16_t *port)
{
if (this->tnc_client)
{
diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c
index 4ba8221..04e4042 100644
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c
@@ -104,7 +104,7 @@ struct private_tnccs_20_client_t {
/**
* PDP server port
*/
- u_int16_t pdp_port;
+ uint16_t pdp_port;
/**
* Mutual PB-TNC protocol enabled
@@ -124,8 +124,8 @@ struct private_tnccs_20_client_t {
void tnccs_20_handle_ietf_error_msg(pb_tnc_msg_t *msg, bool *fatal_error)
{
pb_error_msg_t *err_msg;
- u_int32_t vendor_id;
- u_int16_t error_code;
+ uint32_t vendor_id;
+ uint16_t error_code;
bool fatal;
err_msg = (pb_error_msg_t*)msg;
@@ -238,7 +238,7 @@ static void handle_ietf_message(private_tnccs_20_client_t *this, pb_tnc_msg_t *m
{
pb_pa_msg_t *pa_msg;
pen_type_t msg_subtype;
- u_int16_t imc_id, imv_id;
+ uint16_t imc_id, imv_id;
chunk_t msg_body;
bool excl;
enum_name_t *pa_subtype_names;
@@ -274,7 +274,7 @@ static void handle_ietf_message(private_tnccs_20_client_t *this, pb_tnc_msg_t *m
case PB_MSG_ASSESSMENT_RESULT:
{
pb_assessment_result_msg_t *assess_msg;
- u_int32_t result;
+ uint32_t result;
assess_msg = (pb_assessment_result_msg_t*)msg;
result = assess_msg->get_assessment_result(assess_msg);
@@ -375,7 +375,7 @@ static void handle_tcg_message(private_tnccs_20_client_t *this, pb_tnc_msg_t *ms
{
pb_pdp_referral_msg_t *pdp_msg;
pen_type_t pdp_id_type;
- u_int8_t pdp_protocol;
+ uint8_t pdp_protocol;
pdp_msg = (pb_pdp_referral_msg_t*)msg;
pdp_id_type = pdp_msg->get_identifier_type(pdp_msg);
@@ -765,7 +765,7 @@ METHOD(tnccs_20_handler_t, destroy, void,
}
METHOD(tnccs_20_client_t, get_pdp_server, chunk_t,
- private_tnccs_20_client_t *this, u_int16_t *port)
+ private_tnccs_20_client_t *this, uint16_t *port)
{
*port = this->pdp_port;
diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h
index 7a5f33e..3b34638 100644
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h
@@ -45,7 +45,7 @@ struct tnccs_20_client_t {
* @param port PT-TLS port of the PDP server
* @return FQDN of PDP server
*/
- chunk_t (*get_pdp_server)(tnccs_20_client_t *this, u_int16_t *port);
+ chunk_t (*get_pdp_server)(tnccs_20_client_t *this, uint16_t *port);
};
diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
index 038fc17..86ae1c0 100644
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
@@ -166,7 +166,7 @@ static void handle_ietf_message(private_tnccs_20_server_t *this, pb_tnc_msg_t *m
{
pb_pa_msg_t *pa_msg;
pen_type_t msg_subtype;
- u_int16_t imc_id, imv_id;
+ uint16_t imc_id, imv_id;
chunk_t msg_body;
bool excl;
enum_name_t *pa_subtype_names;
@@ -531,14 +531,14 @@ METHOD(tnccs_20_handler_t, begin_handshake, void,
{
pb_tnc_msg_t *msg;
identification_t *pdp_server;
- u_int16_t *pdp_port;
+ uint16_t *pdp_port;
tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
TNC_CONNECTION_STATE_HANDSHAKE);
/* Send a PB-TNC TCG PDP Referral message if PDP is known */
pdp_server = (identification_t*)lib->get(lib, "pt-tls-server");
- pdp_port = (u_int16_t*)lib->get(lib, "pt-tls-port");
+ pdp_port = (uint16_t*)lib->get(lib, "pt-tls-port");
if (this->eap_transport && pdp_server && pdp_port)
{
diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
index 949532a..59efdbb 100644
--- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libtnccs/plugins/tnccs_dynamic
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -405,6 +418,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_dynamic/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_dynamic/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c b/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c
index 44b804f..c366e77 100644
--- a/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c
+++ b/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c
@@ -64,7 +64,7 @@ struct private_tnccs_dynamic_t {
/**
* Type of TNC client authentication
*/
- u_int32_t auth_type;
+ uint32_t auth_type;
/**
* Callback function to communicate recommendation (TNC Server only)
@@ -223,20 +223,20 @@ METHOD(tnccs_t, set_transport, void,
this->transport = transport;
}
-METHOD(tnccs_t, get_auth_type, u_int32_t,
+METHOD(tnccs_t, get_auth_type, uint32_t,
private_tnccs_dynamic_t *this)
{
return this->auth_type;
}
METHOD(tnccs_t, set_auth_type, void,
- private_tnccs_dynamic_t *this, u_int32_t auth_type)
+ private_tnccs_dynamic_t *this, uint32_t auth_type)
{
this->auth_type = auth_type;
}
METHOD(tnccs_t, get_pdp_server, chunk_t,
- private_tnccs_dynamic_t *this, u_int16_t *port)
+ private_tnccs_dynamic_t *this, uint16_t *port)
{
tnccs_t *tnccs = (tnccs_t*)this->tls;
diff --git a/src/libtnccs/tnc/tnccs/tnccs.h b/src/libtnccs/tnc/tnccs/tnccs.h
index 8ff295b..d367a15 100644
--- a/src/libtnccs/tnc/tnccs/tnccs.h
+++ b/src/libtnccs/tnc/tnccs/tnccs.h
@@ -119,14 +119,14 @@ struct tnccs_t {
*
* @return TNC Client authentication type
*/
- u_int32_t (*get_auth_type)(tnccs_t *this);
+ uint32_t (*get_auth_type)(tnccs_t *this);
/**
* Set type of TNC Client authentication
*
* @param auth_type TNC Client authentication type
*/
- void (*set_auth_type)(tnccs_t *this, u_int32_t auth_type);
+ void (*set_auth_type)(tnccs_t *this, uint32_t auth_type);
/**
* Get PDP server name and port number
@@ -134,7 +134,7 @@ struct tnccs_t {
* @param port PDP port number
* @return PDP server name
*/
- chunk_t (*get_pdp_server)(tnccs_t *this, u_int16_t *port);
+ chunk_t (*get_pdp_server)(tnccs_t *this, uint16_t *port);
/**
* Get a new reference to the TNCCS object.
diff --git a/src/libtnccs/tnc/tnccs/tnccs_manager.h b/src/libtnccs/tnc/tnccs/tnccs_manager.h
index b5c85f3..bd1573f 100644
--- a/src/libtnccs/tnc/tnccs/tnccs_manager.h
+++ b/src/libtnccs/tnc/tnccs/tnccs_manager.h
@@ -87,7 +87,7 @@ struct tnccs_manager_t {
tnccs_type_t type, tnccs_t *tnccs,
tnccs_send_message_t send_message,
bool *request_handshake_retry,
- u_int32_t max_msg_len,
+ uint32_t max_msg_len,
recommendations_t **recs);
/**
diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in
index 4be7ae1..9d7ba9a 100644
--- a/src/libtncif/Makefile.in
+++ b/src/libtncif/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -79,8 +89,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libtncif
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -167,12 +176,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -222,6 +233,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -256,6 +268,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -367,6 +380,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -422,7 +436,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtncif/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libtncif/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -699,6 +712,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libtncif/tncif_identity.c b/src/libtncif/tncif_identity.c
index 7ee215c..5eecb9c 100644
--- a/src/libtncif/tncif_identity.c
+++ b/src/libtncif/tncif_identity.c
@@ -121,8 +121,8 @@ METHOD(tncif_identity_t, build, void,
METHOD(tncif_identity_t, process, bool,
private_tncif_identity_t *this, bio_reader_t *reader)
{
- u_int8_t reserved;
- u_int32_t vendor_id, type;
+ uint8_t reserved;
+ uint32_t vendor_id, type;
chunk_t identity_value;
if (reader->remaining(reader) < TNCIF_IDENTITY_MIN_SIZE)
diff --git a/src/libtpmtss/Makefile.am b/src/libtpmtss/Makefile.am
new file mode 100644
index 0000000..8fcb44f
--- /dev/null
+++ b/src/libtpmtss/Makefile.am
@@ -0,0 +1,25 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_LDFLAGS = \
+ -no-undefined
+
+ipseclib_LTLIBRARIES = libtpmtss.la
+libtpmtss_la_SOURCES = \
+ tpm_tss.h tpm_tss.c \
+ tpm_tss_quote_info.h tpm_tss_quote_info.c \
+ tpm_tss_trousers.h tpm_tss_trousers.c \
+ tpm_tss_tss2.h tpm_tss_tss2.c \
+ tpm_tss_tss2_names.h tpm_tss_tss2_names.c
+
+libtpmtss_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+
+if USE_TSS2
+libtpmtss_la_LIBADD += -ltctisocket -ltss2
+endif
+
+if USE_TROUSERS
+libtpmtss_la_LIBADD += -ltspi
+endif
+
diff --git a/src/libsimaka/Makefile.in b/src/libtpmtss/Makefile.in
similarity index 91%
copy from src/libsimaka/Makefile.in
copy to src/libtpmtss/Makefile.in
index e813eb0..fcee04f 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libtpmtss/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,10 +88,9 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
- at USE_WINDOWS_TRUE@am__append_1 = -lws2_32
-subdir = src/libsimaka
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
+ at USE_TSS2_TRUE@am__append_1 = -ltctisocket -ltss2
+ at USE_TROUSERS_TRUE@am__append_2 = -ltspi
+subdir = src/libtpmtss
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -129,12 +139,12 @@ am__uninstall_files_from_dir = { \
am__installdirs = "$(DESTDIR)$(ipseclibdir)"
LTLIBRARIES = $(ipseclib_LTLIBRARIES)
am__DEPENDENCIES_1 =
-libsimaka_la_DEPENDENCIES = \
+libtpmtss_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__DEPENDENCIES_1)
-am_libsimaka_la_OBJECTS = simaka_message.lo simaka_crypto.lo \
- simaka_manager.lo
-libsimaka_la_OBJECTS = $(am_libsimaka_la_OBJECTS)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am_libtpmtss_la_OBJECTS = tpm_tss.lo tpm_tss_quote_info.lo \
+ tpm_tss_trousers.lo tpm_tss_tss2.lo tpm_tss_tss2_names.lo
+libtpmtss_la_OBJECTS = $(am_libtpmtss_la_OBJECTS)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -173,8 +183,8 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(libsimaka_la_SOURCES)
-DIST_SOURCES = $(libsimaka_la_SOURCES)
+SOURCES = $(libtpmtss_la_SOURCES)
+DIST_SOURCES = $(libtpmtss_la_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -199,12 +209,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -254,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -288,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -399,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -428,20 +443,22 @@ urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libcharon
+ -I$(top_srcdir)/src/libstrongswan
AM_LDFLAGS = \
-no-undefined
-ipseclib_LTLIBRARIES = libsimaka.la
-libsimaka_la_LIBADD = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__append_1)
-libsimaka_la_SOURCES = simaka_message.h simaka_message.c \
- simaka_crypto.h simaka_crypto.c simaka_manager.h simaka_manager.c \
- simaka_card.h simaka_provider.h simaka_hooks.h
+ipseclib_LTLIBRARIES = libtpmtss.la
+libtpmtss_la_SOURCES = \
+ tpm_tss.h tpm_tss.c \
+ tpm_tss_quote_info.h tpm_tss_quote_info.c \
+ tpm_tss_trousers.h tpm_tss_trousers.c \
+ tpm_tss_tss2.h tpm_tss_tss2.c \
+ tpm_tss_tss2_names.h tpm_tss_tss2_names.c
+libtpmtss_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(am__append_1) $(am__append_2)
all: all-am
.SUFFIXES:
@@ -455,10 +472,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libsimaka/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtpmtss/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libsimaka/Makefile
-.PRECIOUS: Makefile
+ $(AUTOMAKE) --gnu src/libtpmtss/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -512,8 +528,8 @@ clean-ipseclibLTLIBRARIES:
rm -f $${locs}; \
}
-libsimaka.la: $(libsimaka_la_OBJECTS) $(libsimaka_la_DEPENDENCIES) $(EXTRA_libsimaka_la_DEPENDENCIES)
- $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libsimaka_la_OBJECTS) $(libsimaka_la_LIBADD) $(LIBS)
+libtpmtss.la: $(libtpmtss_la_OBJECTS) $(libtpmtss_la_DEPENDENCIES) $(EXTRA_libtpmtss_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libtpmtss_la_OBJECTS) $(libtpmtss_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -521,9 +537,11 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/simaka_crypto.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/simaka_manager.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/simaka_message.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/tpm_tss.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/tpm_tss_quote_info.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/tpm_tss_trousers.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/tpm_tss_tss2.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/tpm_tss_tss2_names.Plo at am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -762,6 +780,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipseclibLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/pts/components/ita/ita_comp_tboot.h b/src/libtpmtss/tpm_tss.c
similarity index 51%
copy from src/libimcv/pts/components/ita/ita_comp_tboot.h
copy to src/libtpmtss/tpm_tss.c
index 1e1a148..b7b970c 100644
--- a/src/libimcv/pts/components/ita/ita_comp_tboot.h
+++ b/src/libtpmtss/tpm_tss.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -13,23 +13,42 @@
* for more details.
*/
+#include "tpm_tss.h"
+#include "tpm_tss_tss2.h"
+#include "tpm_tss_trousers.h"
+
/**
- * @defgroup pts_ita_comp_func_name pts_ita_comp_func_name
- * @{ @ingroup pts
+ * Described in header.
*/
+void libtpmtss_init(void)
+{
+ /* empty */
+}
-#ifndef PTS_ITA_COMP_TBOOT_H_
-#define PTS_ITA_COMP_TBOOT_H_
-
-#include "pts/components/pts_component.h"
+typedef tpm_tss_t*(*tpm_tss_create)();
/**
- * Create a PTS ITS Functional Component object
- *
- * @param depth Sub-component depth
- * @param pts_db PTS measurement database
+ * See header.
*/
-pts_component_t* pts_ita_comp_tboot_create(u_int32_t depth,
- pts_database_t *pts_db);
+tpm_tss_t *tpm_tss_probe(tpm_version_t version)
+{
+ tpm_tss_create stacks[] = {
+ tpm_tss_tss2_create,
+ tpm_tss_trousers_create,
+ };
+ tpm_tss_t *tpm;
+ int i;
-#endif /** PTS_ITA_COMP_TBOOT_H_ @}*/
+ for (i = 0; i < countof(stacks); i++)
+ {
+ tpm = stacks[i]();
+ if (tpm)
+ {
+ if (version == TPM_VERSION_ANY || version == tpm->get_version(tpm))
+ {
+ return tpm;
+ }
+ }
+ }
+ return NULL;
+}
diff --git a/src/libtpmtss/tpm_tss.h b/src/libtpmtss/tpm_tss.h
new file mode 100644
index 0000000..4f4b9e2
--- /dev/null
+++ b/src/libtpmtss/tpm_tss.h
@@ -0,0 +1,140 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup libtpmtss libtpmtss
+ *
+ * @addtogroup libtpmtss
+ * @{
+ */
+
+#ifndef TPM_TSS_H_
+#define TPM_TSS_H_
+
+#include "tpm_tss_quote_info.h"
+
+#include <library.h>
+#include <crypto/hashers/hasher.h>
+
+typedef enum tpm_version_t tpm_version_t;
+typedef struct tpm_tss_t tpm_tss_t;
+
+/**
+ * TPM Versions
+ */
+enum tpm_version_t {
+ TPM_VERSION_ANY,
+ TPM_VERSION_1_2,
+ TPM_VERSION_2_0,
+};
+
+/**
+ * TPM access via TSS public interface
+ */
+struct tpm_tss_t {
+
+ /**
+ * Get TPM version supported by TSS
+ *
+ * @return TPM version
+ */
+ tpm_version_t (*get_version)(tpm_tss_t *this);
+
+ /**
+ * Get TPM version info (TPM 1.2 only)
+ *
+ * @return TPM version info struct
+ */
+ chunk_t (*get_version_info)(tpm_tss_t *this);
+
+ /**
+ * Generate AIK key pair bound to TPM (TPM 1.2 only)
+ *
+ * @param ca_modulus RSA modulus of CA public key
+ * @param aik_blob AIK private key blob
+ * @param aik_pubkey AIK public key
+ * @return TRUE if AIK key generation succeeded
+ */
+ bool (*generate_aik)(tpm_tss_t *this, chunk_t ca_modulus,
+ chunk_t *aik_blob, chunk_t *aik_pubkey,
+ chunk_t *identity_req);
+
+ /**
+ * Get public key from TPM using its object handle (TPM 2.0 only)
+ *
+ * @param handle key object handle
+ * @return public key in PKCS#1 format
+ */
+ chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle);
+
+ /**
+ * Retrieve the current value of a PCR register in a given PCR bank
+ *
+ * @param pcr_num PCR number
+ * @param pcr_value PCR value returned
+ * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
+ * @return TRUE if PCR value retrieval succeeded
+ */
+ bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ hash_algorithm_t alg);
+
+ /**
+ * Extend a PCR register in a given PCR bank with a hash value
+ *
+ * @param pcr_num PCR number
+ * @param pcr_value extended PCR value returned
+ * @param hash data to be extended into the PCR
+ * @param alg hash algorithm, selects PCR bank (TPM 2.0 only)
+ * @return TRUE if PCR extension succeeded
+ */
+ bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ chunk_t data, hash_algorithm_t alg);
+
+ /**
+ * Do a quote signature over a selection of PCR registers
+ *
+ * @param aik_handle object handle of AIK to be used for quote signature
+ * @param pcr_sel selection of PCR registers
+ * @param alg hash algorithm to be used for quote signature
+ * @param data additional data to be hashed into the quote
+ * @param quote_mode define current and legacy TPM quote modes
+ * @param quote_info returns various info covered by quote signature
+ * @param quote_sig returns quote signature
+ * @return TRUE if quote signature succeeded
+ */
+ bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel,
+ hash_algorithm_t alg, chunk_t data,
+ tpm_quote_mode_t *quote_mode,
+ tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig);
+
+ /**
+ * Destroy a tpm_tss_t.
+ */
+ void (*destroy)(tpm_tss_t *this);
+};
+
+/**
+ * Create a tpm_tss instance.
+ *
+ * @param version TPM version that must be supported by TSS
+ */
+tpm_tss_t *tpm_tss_probe(tpm_version_t version);
+
+/**
+ * Dummy libtpmtss initialization function needed for integrity test
+ */
+void libtpmtss_init(void);
+
+#endif /** TPM_TSS_H_ @}*/
diff --git a/src/libtpmtss/tpm_tss_quote_info.c b/src/libtpmtss/tpm_tss_quote_info.c
new file mode 100644
index 0000000..0341738
--- /dev/null
+++ b/src/libtpmtss/tpm_tss_quote_info.c
@@ -0,0 +1,330 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <tpm_tss_quote_info.h>
+
+#include <bio/bio_writer.h>
+
+#ifndef TPM_TAG_QUOTE_INFO2
+#define TPM_TAG_QUOTE_INFO2 0x0036
+#endif
+#ifndef TPM_LOC_ZERO
+#define TPM_LOC_ZERO 0x01
+#endif
+
+typedef struct private_tpm_tss_quote_info_t private_tpm_tss_quote_info_t;
+
+/**
+ * Private data of an tpm_tss_quote_info_t object.
+ */
+struct private_tpm_tss_quote_info_t {
+
+ /**
+ * Public tpm_tss_quote_info_t interface.
+ */
+ tpm_tss_quote_info_t public;
+
+ /**
+ * TPM Quote Mode
+ */
+ tpm_quote_mode_t quote_mode;
+
+ /**
+ * TPM Qualified Signer
+ */
+ chunk_t qualified_signer;
+
+ /**
+ * TPM Clock Info
+ */
+ chunk_t clock_info;
+
+ /**
+ * TPM Version Info
+ */
+ chunk_t version_info;
+
+ /**
+ * TPM PCR Selection
+ */
+ chunk_t pcr_select;
+
+ /**
+ * TPM PCR Composite Hash
+ */
+ chunk_t pcr_digest;
+
+ /**
+ * TPM PCR Composite Hash algorithm
+ */
+ hash_algorithm_t pcr_digest_alg;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+
+};
+
+METHOD(tpm_tss_quote_info_t, get_quote_mode, tpm_quote_mode_t,
+ private_tpm_tss_quote_info_t *this)
+{
+ return this->quote_mode;
+}
+
+METHOD(tpm_tss_quote_info_t, get_pcr_digest_alg, hash_algorithm_t,
+ private_tpm_tss_quote_info_t *this)
+{
+ return this->pcr_digest_alg;
+}
+
+METHOD(tpm_tss_quote_info_t, get_pcr_digest, chunk_t,
+ private_tpm_tss_quote_info_t *this)
+{
+ return this->pcr_digest;
+}
+
+METHOD(tpm_tss_quote_info_t, get_quote, bool,
+ private_tpm_tss_quote_info_t *this, chunk_t nonce,
+ tpm_tss_pcr_composite_t *composite, chunk_t *quoted)
+{
+ chunk_t pcr_composite, pcr_digest;
+ bio_writer_t *writer;
+ hasher_t *hasher;
+ bool equal_digests;
+
+ /* Construct PCR Composite */
+ writer = bio_writer_create(32);
+
+ switch (this->quote_mode)
+ {
+ case TPM_QUOTE:
+ case TPM_QUOTE2:
+ case TPM_QUOTE2_VERSION_INFO:
+ writer->write_data16(writer, composite->pcr_select);
+ writer->write_data32(writer, composite->pcr_composite);
+
+ break;
+ case TPM_QUOTE_TPM2:
+ writer->write_data(writer, composite->pcr_composite);
+ break;
+ case TPM_QUOTE_NONE:
+ break;
+ }
+
+ pcr_composite = writer->extract_buf(writer);
+ writer->destroy(writer);
+
+ DBG2(DBG_PTS, "constructed PCR Composite: %B", &pcr_composite);
+
+ /* Compute PCR Composite Hash */
+ hasher = lib->crypto->create_hasher(lib->crypto, this->pcr_digest_alg);
+ if (!hasher || !hasher->allocate_hash(hasher, pcr_composite, &pcr_digest))
+ {
+ DESTROY_IF(hasher);
+ chunk_free(&pcr_composite);
+ return FALSE;
+ }
+ hasher->destroy(hasher);
+ chunk_free(&pcr_composite);
+
+ DBG2(DBG_PTS, "constructed PCR Composite digest: %B", &pcr_digest);
+
+ equal_digests = chunk_equals(pcr_digest, this->pcr_digest);
+
+ /* Construct Quote Info */
+ writer = bio_writer_create(32);
+
+ switch (this->quote_mode)
+ {
+ case TPM_QUOTE:
+ /* Version number */
+ writer->write_data(writer, chunk_from_chars(1, 1, 0, 0));
+
+ /* Magic QUOT value */
+ writer->write_data(writer, chunk_from_str("QUOT"));
+
+ /* PCR Composite Hash */
+ writer->write_data(writer, pcr_digest);
+
+ /* Secret assessment value 20 bytes (nonce) */
+ writer->write_data(writer, nonce);
+ break;
+ case TPM_QUOTE2:
+ case TPM_QUOTE2_VERSION_INFO:
+ /* TPM Structure Tag */
+ writer->write_uint16(writer, TPM_TAG_QUOTE_INFO2);
+
+ /* Magic QUT2 value */
+ writer->write_data(writer, chunk_from_str("QUT2"));
+
+ /* Secret assessment value 20 bytes (nonce) */
+ writer->write_data(writer, nonce);
+
+ /* PCR selection */
+ writer->write_data16(writer, composite->pcr_select);
+
+ /* TPM Locality Selection */
+ writer->write_uint8(writer, TPM_LOC_ZERO);
+
+ /* PCR Composite Hash */
+ writer->write_data(writer, pcr_digest);
+
+ if (this->quote_mode == TPM_QUOTE2_VERSION_INFO)
+ {
+ /* TPM version Info */
+ writer->write_data(writer, this->version_info);
+ }
+ break;
+ case TPM_QUOTE_TPM2:
+ /* Magic */
+ writer->write_data(writer, chunk_from_chars(0xff,0x54,0x43,0x47));
+
+ /* Type */
+ writer->write_uint16(writer, 0x8018);
+
+ /* Qualified Signer */
+ writer->write_data16(writer, this->qualified_signer);
+
+ /* Extra Data */
+ writer->write_data16(writer, nonce);
+
+ /* Clock Info */
+ writer->write_data(writer, this->clock_info);
+
+ /* Firmware Version */
+ writer->write_data(writer, this->version_info);
+
+ /* PCR Selection */
+ writer->write_data(writer, this->pcr_select);
+
+ /* PCR Composite Hash */
+ writer->write_data16(writer, pcr_digest);
+ break;
+ case TPM_QUOTE_NONE:
+ break;
+ }
+ chunk_free(&pcr_digest);
+ *quoted = writer->extract_buf(writer);
+ writer->destroy(writer);
+
+ DBG2(DBG_PTS, "constructed TPM Quote Info: %B", quoted);
+
+ if (!equal_digests)
+ {
+ DBG1(DBG_IMV, "received PCR Composite digest does not match "
+ "constructed one");
+ chunk_free(quoted);
+ }
+ return equal_digests;
+}
+
+METHOD(tpm_tss_quote_info_t, set_version_info, void,
+ private_tpm_tss_quote_info_t *this, chunk_t version_info)
+{
+ chunk_free(&this->version_info);
+ this->version_info = chunk_clone(version_info);
+}
+
+METHOD(tpm_tss_quote_info_t, get_version_info, chunk_t,
+ private_tpm_tss_quote_info_t *this)
+{
+ return this->version_info;
+}
+
+METHOD(tpm_tss_quote_info_t, set_tpm2_info, void,
+ private_tpm_tss_quote_info_t *this, chunk_t qualified_signer,
+ chunk_t clock_info, chunk_t pcr_select)
+{
+ chunk_free(&this->qualified_signer);
+ this->qualified_signer = chunk_clone(qualified_signer);
+
+ chunk_free(&this->clock_info);
+ this->clock_info = chunk_clone(clock_info);
+
+ chunk_free(&this->pcr_select);
+ this->pcr_select = chunk_clone(pcr_select);
+}
+
+METHOD(tpm_tss_quote_info_t, get_tpm2_info, void,
+ private_tpm_tss_quote_info_t *this, chunk_t *qualified_signer,
+ chunk_t *clock_info, chunk_t *pcr_select)
+{
+ if (qualified_signer)
+ {
+ *qualified_signer = this->qualified_signer;
+ }
+ if (clock_info)
+ {
+ *clock_info = this->clock_info;
+ }
+ if (pcr_select)
+ {
+ *pcr_select = this->pcr_select;
+ }
+}
+
+METHOD(tpm_tss_quote_info_t, get_ref, tpm_tss_quote_info_t*,
+ private_tpm_tss_quote_info_t *this)
+{
+ ref_get(&this->ref);
+
+ return &this->public;
+}
+
+METHOD(tpm_tss_quote_info_t, destroy, void,
+ private_tpm_tss_quote_info_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ chunk_free(&this->qualified_signer);
+ chunk_free(&this->clock_info);
+ chunk_free(&this->version_info);
+ chunk_free(&this->pcr_select);
+ chunk_free(&this->pcr_digest);
+ free(this);
+ }
+}
+
+/**
+ * See header
+ */
+tpm_tss_quote_info_t *tpm_tss_quote_info_create(tpm_quote_mode_t quote_mode,
+ hash_algorithm_t pcr_digest_alg, chunk_t pcr_digest)
+
+{
+ private_tpm_tss_quote_info_t *this;
+
+ INIT(this,
+ .public = {
+ .get_quote_mode = _get_quote_mode,
+ .get_pcr_digest_alg = _get_pcr_digest_alg,
+ .get_pcr_digest = _get_pcr_digest,
+ .get_quote = _get_quote,
+ .set_version_info = _set_version_info,
+ .get_version_info = _get_version_info,
+ .set_tpm2_info = _set_tpm2_info,
+ .get_tpm2_info = _get_tpm2_info,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .quote_mode = quote_mode,
+ .pcr_digest_alg = pcr_digest_alg,
+ .pcr_digest = chunk_clone(pcr_digest),
+ .ref = 1,
+ );
+
+ return &this->public;
+}
diff --git a/src/libtpmtss/tpm_tss_quote_info.h b/src/libtpmtss/tpm_tss_quote_info.h
new file mode 100644
index 0000000..5b1c457
--- /dev/null
+++ b/src/libtpmtss/tpm_tss_quote_info.h
@@ -0,0 +1,151 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tpm_tss_quote_info tpm_tss_quote_info
+ * @{ @ingroup libtpmtss
+ */
+
+#ifndef TPM_TSS_QUOTE_INFO_H_
+#define TPM_TSS_QUOTE_INFO_H_
+
+#include <library.h>
+
+#include <crypto/hashers/hasher.h>
+
+typedef enum tpm_quote_mode_t tpm_quote_mode_t;
+typedef struct tpm_tss_quote_info_t tpm_tss_quote_info_t;
+typedef struct tpm_tss_pcr_composite_t tpm_tss_pcr_composite_t;
+
+/**
+ * TPM Quote Modes
+ */
+enum tpm_quote_mode_t {
+ TPM_QUOTE_NONE,
+ TPM_QUOTE,
+ TPM_QUOTE2,
+ TPM_QUOTE2_VERSION_INFO,
+ TPM_QUOTE_TPM2
+};
+
+struct tpm_tss_pcr_composite_t {
+
+ /**
+ * Bit map of selected PCRs
+ */
+ chunk_t pcr_select;
+
+ /**
+ * Array of selected PCRs
+ */
+ chunk_t pcr_composite;
+
+};
+
+/**
+ * TPM Quote Information needed to verify the Quote Signature
+ */
+struct tpm_tss_quote_info_t {
+
+ /**
+ * Get TPM Quote Mode
+ *
+ * @return TPM Quote Mode
+ */
+ tpm_quote_mode_t (*get_quote_mode)(tpm_tss_quote_info_t *this);
+
+ /**
+ * Get PCR Composite digest algorithm
+ *
+ * @return PCR Composite digest algorithm
+ */
+ hash_algorithm_t (*get_pcr_digest_alg)(tpm_tss_quote_info_t *this);
+
+ /**
+ * Get PCR Composite digest
+ *
+ * @return PCR Composite digest
+ */
+ chunk_t (*get_pcr_digest)(tpm_tss_quote_info_t *this);
+
+ /**
+ * Get TPM Quote Info digest, the basis of the TPM Quote Singature
+ *
+ * @param nonce Derived from the Diffie-Hellman exchange
+ * @param composite PCR Composite as computed by IMV
+ * @param quoted Encoded TPM Quote
+ * @return TRUE if TPM Quote was successfully constructed
+ */
+ bool (*get_quote)(tpm_tss_quote_info_t *this, chunk_t nonce,
+ tpm_tss_pcr_composite_t *composite,
+ chunk_t *quoted);
+
+ /**
+ * Set TPM version info (needed for TPM 1.2)
+ *
+ * @param version_info TPM 1.2 version info
+ */
+ void (*set_version_info)(tpm_tss_quote_info_t *this, chunk_t version_info);
+
+ /**
+ * Get TPM 2.0 version info (needed for TPM 2.0)
+ *
+ * @return TPM 2.0 firmwareVersioin
+ */
+ chunk_t (*get_version_info)(tpm_tss_quote_info_t *this);
+
+ /**
+ * Set TPM 2.0 info parameters (needed for TPM 2.0)
+ *
+ * @param qualified_signer TPM 2.0 qualifiedSigner
+ * @param clock_info TPM 2.0 clockInfo
+ * @param pcr_select TPM 2.0 pcrSelect
+ */
+ void (*set_tpm2_info)(tpm_tss_quote_info_t *this, chunk_t qualified_signer,
+ chunk_t clock_info, chunk_t pcr_select);
+
+
+ /**
+ * Get TPM 2.0 info parameters (needed for TPM 2.0)
+ *
+ * @param qualified_signer TPM 2.0 qualifiedSigner
+ * @param clock_info TPM 2.0 clockInfo
+ * @param pcr_select TPM 2.0 pcrSelect
+ */
+ void (*get_tpm2_info)(tpm_tss_quote_info_t *this, chunk_t *qualified_signer,
+ chunk_t *clock_info, chunk_t *pcr_select);
+
+ /**
+ * Get reference to Quote Info object.
+ */
+ tpm_tss_quote_info_t* (*get_ref)(tpm_tss_quote_info_t *this);
+
+ /**
+ * Destroy a tpm_tss_quote_info_t.
+ */
+ void (*destroy)(tpm_tss_quote_info_t *this);
+};
+
+/**
+ * Create a tpm_tss_quote_info instance.
+ *
+ * @param quote_mode TPM Quote mode
+ * @param pcr_digest_alg PCR Composite digest algorithm
+ * @param pcr_digest PCR Composite digest
+ */
+tpm_tss_quote_info_t *tpm_tss_quote_info_create(tpm_quote_mode_t quote_mode,
+ hash_algorithm_t pcr_digest_alg, chunk_t pcr_digest);
+
+#endif /** TPM_TSS_QUOTE_INFO_H_ @}*/
diff --git a/src/libtpmtss/tpm_tss_trousers.c b/src/libtpmtss/tpm_tss_trousers.c
new file mode 100644
index 0000000..8be3ad8
--- /dev/null
+++ b/src/libtpmtss/tpm_tss_trousers.c
@@ -0,0 +1,655 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (c) 2008 Hal Finney
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "tpm_tss_trousers.h"
+
+#ifdef TSS_TROUSERS
+
+#ifdef _BASETSD_H_
+/* MinGW defines _BASETSD_H_, but TSS checks for _BASETSD_H */
+# define _BASETSD_H
+#endif
+
+#include <trousers/tss.h>
+#include <trousers/trousers.h>
+
+#define LABEL "TPM 1.2 -"
+
+/* size in bytes of a TSS AIK public key blob */
+#define AIK_PUBKEY_BLOB_SIZE 284
+
+/* maximum number of PCR registers */
+#define PCR_NUM_MAX 24
+
+typedef struct private_tpm_tss_trousers_t private_tpm_tss_trousers_t;
+typedef struct aik_t aik_t;
+
+/**
+ * Private data of an tpm_tss_trousers_t object.
+ */
+struct private_tpm_tss_trousers_t {
+
+ /**
+ * Public tpm_tss_trousers_t interface.
+ */
+ tpm_tss_trousers_t interface;
+
+ /**
+ * TSS context
+ */
+ TSS_HCONTEXT hContext;
+
+ /**
+ * TPM handle
+ */
+ TSS_HTPM hTPM;
+
+ /**
+ * TPM version info
+ */
+ chunk_t version_info;
+
+ /**
+ * List of AIKs retrievable by an object handle
+ */
+ linked_list_t *aik_list;
+
+};
+
+struct aik_t {
+ /** AIK object handle */
+ uint32_t handle;
+
+ /** AIK private key blob */
+ chunk_t blob;
+
+ /** AIK public key */
+ chunk_t pubkey;
+};
+
+static void free_aik(aik_t *this)
+{
+ free(this->blob.ptr);
+ free(this->pubkey.ptr);
+ free(this);
+}
+
+/**
+ * Initialize TSS context
+ *
+ * TPM 1.2 Specification, Part 2 TPM Structures, 21.6 TPM_CAP_VERSION_INFO
+ *
+ * typedef struct tdTPM_VERSION {
+ * TPM_VERSION_BYTE major;
+ * TPM_VERSION_BYTE minor;
+ * BYTE revMajor;
+ * BYTE revMinor;
+ * } TPM_VERSION;
+ *
+ * typedef struct tdTPM_CAP_VERSION_INFO {
+ * TPM_STRUCTURE_TAG tag;
+ * TPM_VERSION version;
+ * UINT16 specLevel;
+ * BYTE errataRev;
+ * BYTE tpmVendorID[4];
+ * UINT16 vendorSpecificSize;
+ * [size_is(vendorSpecificSize)] BYTE* vendorSpecific;
+ * } TPM_CAP_VERSION_INFO;
+ */
+static bool initialize_context(private_tpm_tss_trousers_t *this)
+{
+ uint8_t *version_ptr;
+ uint32_t version_len;
+
+ TSS_RESULT result;
+ TPM_CAP_VERSION_INFO *info;
+
+ result = Tspi_Context_Create(&this->hContext);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s could not created context: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+
+ result = Tspi_Context_Connect(this->hContext, NULL);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s could not connect with context: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+
+ result = Tspi_Context_GetTpmObject (this->hContext, &this->hTPM);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s could not get TPM object: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+
+ result = Tspi_TPM_GetCapability(this->hTPM, TSS_TPMCAP_VERSION_VAL, 0,
+ NULL, &version_len, &version_ptr);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_TPM_GetCapability failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+
+ info = (TPM_CAP_VERSION_INFO *)version_ptr;
+ DBG2(DBG_PTS, "TPM Version Info: Chip Version: %u.%u.%u.%u, "
+ "Spec Level: %u, Errata Rev: %u, Vendor ID: %.4s",
+ info->version.major, info->version.minor,
+ info->version.revMajor, info->version.revMinor,
+ untoh16(&info->specLevel), info->errataRev, info->tpmVendorID);
+
+ this->version_info = chunk_clone(chunk_create(version_ptr, version_len));
+
+ return TRUE;
+}
+
+/**
+ * Finalize TSS context
+ */
+static void finalize_context(private_tpm_tss_trousers_t *this)
+{
+ if (this->hContext)
+ {
+ Tspi_Context_FreeMemory(this->hContext, NULL);
+ Tspi_Context_Close(this->hContext);
+ }
+}
+
+METHOD(tpm_tss_t, get_version, tpm_version_t,
+ private_tpm_tss_trousers_t *this)
+{
+ return TPM_VERSION_1_2;
+}
+
+METHOD(tpm_tss_t, get_version_info, chunk_t,
+ private_tpm_tss_trousers_t *this)
+{
+ return this->version_info;
+}
+
+METHOD(tpm_tss_t, generate_aik, bool,
+ private_tpm_tss_trousers_t *this, chunk_t ca_modulus, chunk_t *aik_blob,
+ chunk_t *aik_pubkey, chunk_t *identity_req)
+{
+ chunk_t aik_pubkey_blob;
+ chunk_t aik_modulus;
+ chunk_t aik_exponent;
+
+ TSS_RESULT result;
+ TSS_HKEY hSRK;
+ TSS_HKEY hPCAKey;
+ TSS_HPOLICY hSrkPolicy;
+ TSS_HPOLICY hTPMPolicy;
+ TSS_HKEY hIdentKey;
+ TSS_UUID SRK_UUID = TSS_UUID_SRK;
+ BYTE secret[] = TSS_WELL_KNOWN_SECRET;
+ BYTE *IdentityReq;
+ UINT32 IdentityReqLen;
+ BYTE *blob;
+ UINT32 blobLen;
+
+ /* get SRK plus SRK policy and set SRK secret */
+ result = Tspi_Context_LoadKeyByUUID(this->hContext, TSS_PS_TYPE_SYSTEM,
+ SRK_UUID, &hSRK);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_Context_LoadKeyByUUID for SRK failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+ result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSrkPolicy);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_GetPolicyObject or SRK failed: 0x%x ",
+ LABEL, result);
+ return FALSE;
+ }
+ result = Tspi_Policy_SetSecret(hSrkPolicy, TSS_SECRET_MODE_SHA1, 20, secret);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_Policy_SetSecret for SRK failed: 0x%x ",
+ LABEL, result);
+ return FALSE;
+ }
+
+ /* get TPM plus TPM policy and set TPM secret */
+ result = Tspi_Context_GetTpmObject (this->hContext, &this->hTPM);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_Context_GetTpmObject failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+ result = Tspi_GetPolicyObject(this->hTPM, TSS_POLICY_USAGE, &hTPMPolicy);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_GetPolicyObject for TPM failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+ result = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_SHA1, 20, secret);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tspi_Policy_SetSecret for TPM failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+
+ /* create context for a 2048 bit AIK */
+ result = Tspi_Context_CreateObject(this->hContext, TSS_OBJECT_TYPE_RSAKEY,
+ TSS_KEY_TYPE_IDENTITY | TSS_KEY_SIZE_2048 |
+ TSS_KEY_VOLATILE | TSS_KEY_NOT_MIGRATABLE, &hIdentKey);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_Context_CreateObject for key failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+
+ /* create context for the Privacy CA public key and assign modulus */
+ result = Tspi_Context_CreateObject(this->hContext, TSS_OBJECT_TYPE_RSAKEY,
+ TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, &hPCAKey);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_Context_CreateObject for PCA failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+ result = Tspi_SetAttribData (hPCAKey, TSS_TSPATTRIB_RSAKEY_INFO,
+ TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, ca_modulus.len,
+ ca_modulus.ptr);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_SetAttribData for PCA modulus failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+ result = Tspi_SetAttribUint32(hPCAKey, TSS_TSPATTRIB_KEY_INFO,
+ TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TSS_ES_RSAESPKCSV15);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tspi_SetAttribUint32 for PCA encryption scheme "
+ "failed: 0x%x", LABEL, result);
+ return FALSE;
+ }
+
+ /* generate AIK */
+ DBG1(DBG_LIB, "Generating identity key...");
+ result = Tspi_TPM_CollateIdentityRequest(this->hTPM, hSRK, hPCAKey, 0, NULL,
+ hIdentKey, TSS_ALG_AES, &IdentityReqLen, &IdentityReq);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_TPM_CollateIdentityRequest failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+ *identity_req = chunk_create(IdentityReq, IdentityReqLen);
+ DBG3(DBG_LIB, "%s Identity Request: %B", LABEL, identity_req);
+
+ /* load identity key */
+ result = Tspi_Key_LoadKey (hIdentKey, hSRK);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_Key_LoadKey for AIK failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+
+ /* output AIK private key in TSS blob format */
+ result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB,
+ TSS_TSPATTRIB_KEYBLOB_BLOB, &blobLen, &blob);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_GetAttribData for private key blob failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+ *aik_blob = chunk_create(blob, blobLen);
+ DBG3(DBG_LIB, "%s AIK private key blob: %B", LABEL, aik_blob);
+
+ /* output AIK Public Key in TSS blob format */
+ result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB,
+ TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobLen, &blob);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_GetAttribData for public key blob failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+ aik_pubkey_blob = chunk_create(blob, blobLen);
+ DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_pubkey_blob);
+
+ /* create a trusted AIK public key */
+ if (aik_pubkey_blob.len != AIK_PUBKEY_BLOB_SIZE)
+ {
+ DBG1(DBG_PTS, "%s AIK public key is not in TSS blob format",
+ LABEL);
+ return FALSE;
+ }
+ aik_modulus = chunk_skip(aik_pubkey_blob, AIK_PUBKEY_BLOB_SIZE - 256);
+ aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
+
+ /* output subjectPublicKeyInfo encoding of AIK public key */
+ if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, NULL,
+ aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus,
+ CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END))
+ {
+ DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key failed",
+ LABEL);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, get_public, chunk_t,
+ private_tpm_tss_trousers_t *this, uint32_t handle)
+{
+ enumerator_t *enumerator;
+ chunk_t aik_pubkey = chunk_empty;
+ aik_t *aik;
+
+ enumerator = this->aik_list->create_enumerator(this->aik_list);
+ while (enumerator->enumerate(enumerator, &aik))
+ {
+ if (aik->handle == handle)
+ {
+ aik_pubkey = chunk_clone(aik->pubkey);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ return aik_pubkey;
+}
+
+METHOD(tpm_tss_t, read_pcr, bool,
+ private_tpm_tss_trousers_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ hash_algorithm_t alg)
+{
+ TSS_RESULT result;
+ uint8_t *value;
+ uint32_t len;
+
+ result = Tspi_TPM_PcrRead(this->hTPM, pcr_num, &len, &value);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_TPM_PcrRead failed: 0x%x", LABEL, result);
+ return FALSE;
+ }
+ *pcr_value = chunk_clone(chunk_create(value, len));
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, extend_pcr, bool,
+ private_tpm_tss_trousers_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ chunk_t data, hash_algorithm_t alg)
+{
+ TSS_RESULT result;
+ uint32_t pcr_len;
+ uint8_t *pcr_ptr;
+
+ result = Tspi_TPM_PcrExtend(this->hTPM, pcr_num, data.len, data.ptr,
+ NULL, &pcr_len, &pcr_ptr);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_TPM_PcrExtend failed: 0x%x", LABEL, result);
+ return FALSE;
+ }
+ *pcr_value = chunk_clone(chunk_create(pcr_ptr, pcr_len));
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, quote, bool,
+ private_tpm_tss_trousers_t *this, uint32_t aik_handle, uint32_t pcr_sel,
+ hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t *quote_mode,
+ tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig)
+{
+ TSS_HKEY hAIK;
+ TSS_HKEY hSRK;
+ TSS_HPOLICY srkUsagePolicy;
+ TSS_UUID SRK_UUID = TSS_UUID_SRK;
+ TSS_HPCRS hPcrComposite;
+ TSS_VALIDATION valData;
+ TSS_RESULT result;
+ uint8_t secret[] = TSS_WELL_KNOWN_SECRET;
+ uint8_t *version_info, *comp_hash;
+ uint32_t version_info_size, pcr;
+ aik_t *aik;
+ chunk_t aik_blob = chunk_empty;
+ chunk_t quote_chunk, pcr_digest;
+ enumerator_t *enumerator;
+ bool success = FALSE;
+
+ /* Retrieve SRK from TPM and set the authentication to well known secret*/
+ result = Tspi_Context_LoadKeyByUUID(this->hContext, TSS_PS_TYPE_SYSTEM,
+ SRK_UUID, &hSRK);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_Context_LoadKeyByUUID for SRK failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+ result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_GetPolicyObject for SRK failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+ result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1,
+ 20, secret);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_Policy_SetSecret for SRK failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+
+ /* Retrieve AIK using its handle and load private key into TPM 1.2 */
+ enumerator = this->aik_list->create_enumerator(this->aik_list);
+ while (enumerator->enumerate(enumerator, &aik))
+ {
+ if (aik->handle == aik_handle)
+ {
+ aik_blob = aik->blob;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (aik_blob.len == 0)
+ {
+ DBG1(DBG_PTS, "%s AIK private key for handle 0x%80x not found", LABEL);
+ return FALSE;
+ }
+ result = Tspi_Context_LoadKeyByBlob(this->hContext, hSRK, aik_blob.len,
+ aik_blob.ptr, &hAIK);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_Context_LoadKeyByBlob for AIK failed: 0x%x",
+ LABEL, result);
+ return FALSE;
+ }
+
+ /* Create PCR composite object */
+ result = Tspi_Context_CreateObject(this->hContext, TSS_OBJECT_TYPE_PCRS,
+ (*quote_mode == TPM_QUOTE) ? TSS_PCRS_STRUCT_INFO :
+ TSS_PCRS_STRUCT_INFO_SHORT,
+ &hPcrComposite);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_Context_CreateObject for pcrComposite failed: "
+ "0x%x", LABEL, result);
+ goto err1;
+ }
+
+ /* Select PCRs */
+ for (pcr = 0; pcr < PCR_NUM_MAX; pcr++)
+ {
+ if (pcr_sel & (1 << pcr))
+ {
+ result = (*quote_mode == TPM_QUOTE) ?
+ Tspi_PcrComposite_SelectPcrIndex(hPcrComposite, pcr) :
+ Tspi_PcrComposite_SelectPcrIndexEx(hPcrComposite, pcr,
+ TSS_PCRS_DIRECTION_RELEASE);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_PcrComposite_SelectPcrIndex failed: "
+ "0x%x", LABEL, result);
+ goto err2;
+ }
+ }
+ }
+
+ /* Set the Validation Data */
+ valData.ulExternalDataLength = data.len;
+ valData.rgbExternalData = data.ptr;
+
+ /* TPM Quote */
+ result = (*quote_mode == TPM_QUOTE) ?
+ Tspi_TPM_Quote (this->hTPM, hAIK, hPcrComposite, &valData) :
+ Tspi_TPM_Quote2(this->hTPM, hAIK,
+ *quote_mode == TPM_QUOTE2_VERSION_INFO,
+ hPcrComposite, &valData, &version_info_size,
+ &version_info);
+ if (result != TSS_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s Tspi_TPM_Quote%s failed: 0x%x", LABEL,
+ (*quote_mode == TPM_QUOTE) ? "" : "2", result);
+ goto err2;
+ }
+
+ if (*quote_mode == TPM_QUOTE)
+ {
+ /* TPM_Composite_Hash starts at byte 8 of TPM_Quote_Info structure */
+ comp_hash = valData.rgbData + 8;
+ }
+ else
+ {
+ /* TPM_Composite_Hash is last 20 bytes of TPM_Quote_Info2 structure */
+ comp_hash = valData.rgbData + valData.ulDataLength - version_info_size -
+ HASH_SIZE_SHA1;
+ }
+ pcr_digest = chunk_create(comp_hash, HASH_SIZE_SHA1);
+ DBG2(DBG_PTS, "PCR composite digest: %B", &pcr_digest);
+
+ quote_chunk = chunk_create(valData.rgbData, valData.ulDataLength);
+ DBG2(DBG_PTS, "TPM Quote Info: %B", "e_chunk);
+
+ *quote_info = tpm_tss_quote_info_create(*quote_mode, HASH_SHA1, pcr_digest);
+
+ *quote_sig = chunk_clone(chunk_create(valData.rgbValidationData,
+ valData.ulValidationDataLength));
+ DBG2(DBG_PTS, "TPM Quote Signature: %B", quote_sig);
+
+ success = TRUE;
+
+err2:
+ Tspi_Context_CloseObject(this->hContext, hPcrComposite);
+err1:
+ Tspi_Context_CloseObject(this->hContext, hAIK);
+
+ return success;
+}
+
+METHOD(tpm_tss_t, destroy, void,
+ private_tpm_tss_trousers_t *this)
+{
+ finalize_context(this);
+ this->aik_list->destroy_function(this->aik_list, (void*)free_aik);
+ free(this->version_info.ptr);
+ free(this);
+}
+
+METHOD(tpm_tss_trousers_t, load_aik, void,
+ private_tpm_tss_trousers_t *this, chunk_t blob, chunk_t pubkey,
+ uint32_t handle)
+{
+ aik_t *item;
+
+ INIT(item,
+ .handle = handle,
+ .blob = blob,
+ .pubkey = pubkey,
+ );
+
+ this->aik_list->insert_last(this->aik_list, item);
+}
+
+/**
+ * See header
+ */
+tpm_tss_t *tpm_tss_trousers_create()
+{
+ private_tpm_tss_trousers_t *this;
+ bool available;
+
+ INIT(this,
+ .interface = {
+ .public = {
+ .get_version = _get_version,
+ .get_version_info = _get_version_info,
+ .generate_aik = _generate_aik,
+ .get_public = _get_public,
+ .read_pcr = _read_pcr,
+ .quote = _quote,
+ .extend_pcr = _extend_pcr,
+ .destroy = _destroy,
+ },
+ .load_aik = _load_aik,
+ },
+ .aik_list = linked_list_create(),
+ );
+
+ available = initialize_context(this);
+ DBG1(DBG_PTS, "TPM 1.2 via TrouSerS %savailable", available ? "" : "not ");
+
+ if (!available)
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->interface.public;
+}
+
+#else /* TSS_TROUSERS */
+
+tpm_tss_t *tpm_tss_trousers_create()
+{
+ return NULL;
+}
+
+#endif /* TSS_TROUSERS */
+
+
+
diff --git a/src/libtpmtss/tpm_tss_trousers.h b/src/libtpmtss/tpm_tss_trousers.h
new file mode 100644
index 0000000..3afba0d
--- /dev/null
+++ b/src/libtpmtss/tpm_tss_trousers.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tpm_tss_trousers tpm_tss_trousers
+ * @{ @ingroup libtpmtss
+ */
+
+#ifndef TPM_TSS_TROUSERS_H_
+#define TPM_TSS_TROUSERS_H_
+
+#include "tpm_tss.h"
+
+typedef struct tpm_tss_trousers_t tpm_tss_trousers_t;
+
+/**
+ * TPM 1.2 access via TrouSerS public interface
+ */
+struct tpm_tss_trousers_t {
+
+ tpm_tss_t public;
+
+ /**
+ * Load AIK public and private key pair and save it under an object handle
+ *
+ * @param blob encrypted AIK private key
+ * @param pubkey AIK public key
+ * @param handle object handle under which the AIK key is stored
+ */
+ void (*load_aik)(tpm_tss_trousers_t *this, chunk_t blob, chunk_t pubkey,
+ uint32_t handle);
+
+};
+
+/**
+ * Create a tpm_tss_trousers instance.
+ */
+tpm_tss_t *tpm_tss_trousers_create();
+
+#endif /** TPM_TSS_TROUSERS_H_ @}*/
diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2.c
new file mode 100644
index 0000000..39d9f2e
--- /dev/null
+++ b/src/libtpmtss/tpm_tss_tss2.c
@@ -0,0 +1,696 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tpm_tss_tss2.h"
+#include "tpm_tss_tss2_names.h"
+
+#ifdef TSS_TSS2
+
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+#include <bio/bio_reader.h>
+
+#include <tss2/tpm20.h>
+#include <tcti/tcti_socket.h>
+
+#define LABEL "TPM 2.0 -"
+
+typedef struct private_tpm_tss_tss2_t private_tpm_tss_tss2_t;
+
+/**
+ * Private data of an tpm_tss_tss2_t object.
+ */
+struct private_tpm_tss_tss2_t {
+
+ /**
+ * Public tpm_tss_tss2_t interface.
+ */
+ tpm_tss_t public;
+
+ /**
+ * TCTI context
+ */
+ TSS2_TCTI_CONTEXT *tcti_context;
+
+ /**
+ * SYS context
+ */
+ TSS2_SYS_CONTEXT *sys_context;
+
+ /**
+ * Number of supported algorithms
+ */
+ size_t supported_algs_count;
+
+ /**
+ * List of supported algorithms
+ */
+ TPM_ALG_ID supported_algs[TPM_PT_ALGORITHM_SET];
+};
+
+/**
+ * Some symbols required by libtctisocket
+ */
+FILE *outFp;
+uint8_t simulator = 1;
+
+int TpmClientPrintf (uint8_t type, const char *format, ...)
+{
+ return 0;
+}
+
+/**
+ * Convert hash algorithm to TPM_ALG_ID
+ */
+static TPM_ALG_ID hash_alg_to_tpm_alg_id(hash_algorithm_t alg)
+{
+ switch (alg)
+ {
+ case HASH_SHA1:
+ return TPM_ALG_SHA1;
+ case HASH_SHA256:
+ return TPM_ALG_SHA256;
+ case HASH_SHA384:
+ return TPM_ALG_SHA384;
+ case HASH_SHA512:
+ return TPM_ALG_SHA512;
+ default:
+ return TPM_ALG_ERROR;
+ }
+}
+
+/**
+ * Convert TPM_ALG_ID to hash algorithm
+ */
+static hash_algorithm_t hash_alg_from_tpm_alg_id(TPM_ALG_ID alg)
+{
+ switch (alg)
+ {
+ case TPM_ALG_SHA1:
+ return HASH_SHA1;
+ case TPM_ALG_SHA256:
+ return HASH_SHA256;
+ case TPM_ALG_SHA384:
+ return HASH_SHA384;
+ case TPM_ALG_SHA512:
+ return HASH_SHA512;
+ default:
+ return HASH_UNKNOWN;
+ }
+}
+
+/**
+ * Check if an algorithm given by its TPM_ALG_ID is supported by the TPM
+ */
+static bool is_supported_alg(private_tpm_tss_tss2_t *this, TPM_ALG_ID alg_id)
+{
+ int i;
+
+ if (alg_id == TPM_ALG_ERROR)
+ {
+ return FALSE;
+ }
+
+ for (i = 0; i < this->supported_algs_count; i++)
+ {
+ if (this->supported_algs[i] == alg_id)
+ {
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+}
+
+/**
+ * Get a list of supported algorithms
+ */
+static bool get_algs_capability(private_tpm_tss_tss2_t *this)
+{
+ TPMS_CAPABILITY_DATA cap_data;
+ TPMI_YES_NO more_data;
+ TPM_ALG_ID alg;
+ uint32_t rval, i;
+ size_t len = BUF_LEN;
+ char buf[BUF_LEN];
+ char *pos = buf;
+ int written;
+
+ /* get supported algorithms */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_ALGS,
+ 0, TPM_PT_ALGORITHM_SET, &more_data, &cap_data, 0);
+ if (rval != TPM_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s GetCapability failed for TPM_CAP_ALGS: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ /* Number of supported algorithms */
+ this->supported_algs_count = cap_data.data.algorithms.count;
+
+ /* store and print supported algorithms */
+ for (i = 0; i < this->supported_algs_count; i++)
+ {
+ alg = cap_data.data.algorithms.algProperties[i].alg;
+ this->supported_algs[i] = alg;
+
+ written = snprintf(pos, len, " %N", tpm_alg_id_names, alg);
+ if (written < 0 || written >= len)
+ {
+ break;
+ }
+ pos += written;
+ len -= written;
+ }
+ DBG2(DBG_PTS, "%s algorithms:%s", LABEL, buf);
+
+ /* get supported ECC curves */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_ECC_CURVES,
+ 0, TPM_PT_LOADED_CURVES, &more_data, &cap_data, 0);
+ if (rval != TPM_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s GetCapability failed for TPM_ECC_CURVES: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ /* reset print buffer */
+ pos = buf;
+ len = BUF_LEN;
+
+ /* print supported ECC curves */
+ for (i = 0; i < cap_data.data.eccCurves.count; i++)
+ {
+ written = snprintf(pos, len, " %N", tpm_ecc_curve_names,
+ cap_data.data.eccCurves.eccCurves[i]);
+ if (written < 0 || written >= len)
+ {
+ break;
+ }
+ pos += written;
+ len -= written;
+ }
+ DBG2(DBG_PTS, "%s ECC curves:%s", LABEL, buf);
+
+ return TRUE;
+}
+
+/**
+ * Initialize TSS context
+ */
+static bool initialize_context(private_tpm_tss_tss2_t *this)
+{
+ size_t tcti_context_size;
+ uint32_t sys_context_size;
+ uint32_t rval;
+
+ TCTI_SOCKET_CONF rm_if_config = { DEFAULT_HOSTNAME,
+ DEFAULT_RESMGR_TPM_PORT
+ };
+
+ TSS2_ABI_VERSION abi_version = { TSSWG_INTEROP,
+ TSS_SAPI_FIRST_FAMILY,
+ TSS_SAPI_FIRST_LEVEL,
+ TSS_SAPI_FIRST_VERSION
+ };
+
+ /* determine size of tcti context */
+ rval = InitSocketTcti(NULL, &tcti_context_size, &rm_if_config, 0);
+ if (rval != TSS2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s could not get tcti_context size: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ /* allocate memory for tcti context */
+ this->tcti_context = (TSS2_TCTI_CONTEXT*)malloc(tcti_context_size);
+
+ /* initialize tcti context */
+ rval = InitSocketTcti(this->tcti_context, &tcti_context_size,
+ &rm_if_config, 0);
+ if (rval != TSS2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s could not get tcti_context: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ /* determine size of sys context */
+ sys_context_size = Tss2_Sys_GetContextSize(0);
+
+ /* allocate memory for sys context */
+ this->sys_context = malloc(sys_context_size);
+
+ /* initialize sys context */
+ rval = Tss2_Sys_Initialize(this->sys_context, sys_context_size,
+ this->tcti_context, &abi_version);
+ if (rval != TSS2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s could not get sys_context: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ /* get a list of supported algorithms and ECC curves */
+ return get_algs_capability(this);
+}
+
+/**
+ * Finalize TSS context
+ */
+static void finalize_context(private_tpm_tss_tss2_t *this)
+{
+ if (this->tcti_context)
+ {
+ TeardownSocketTcti(this->tcti_context);
+ }
+ if (this->sys_context)
+ {
+ Tss2_Sys_Finalize(this->sys_context);
+ free(this->sys_context);
+ }
+}
+
+METHOD(tpm_tss_t, get_version, tpm_version_t,
+ private_tpm_tss_tss2_t *this)
+{
+ return TPM_VERSION_2_0;
+}
+
+METHOD(tpm_tss_t, get_version_info, chunk_t,
+ private_tpm_tss_tss2_t *this)
+{
+ return chunk_empty;
+}
+
+/**
+ * read the public key portion of a TSS 2.0 AIK key from NVRAM
+ */
+bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle,
+ TPM2B_PUBLIC *public)
+{
+ uint32_t rval;
+
+ TPM2B_NAME name = { { sizeof(TPM2B_NAME)-2, } };
+ TPM2B_NAME qualified_name = { { sizeof(TPM2B_NAME)-2, } };
+
+ TPMS_AUTH_RESPONSE session_data;
+ TSS2_SYS_RSP_AUTHS sessions_data;
+ TPMS_AUTH_RESPONSE *session_data_array[1];
+
+ session_data_array[0] = &session_data;
+ sessions_data.rspAuths = &session_data_array[0];
+ sessions_data.rspAuthsCount = 1;
+
+ /* always send simulator platform command, ignored by true RM */
+ PlatformCommand(this->tcti_context ,MS_SIM_POWER_ON );
+ PlatformCommand(this->tcti_context, MS_SIM_NV_ON );
+
+ /* read public key for a given object handle from TPM 2.0 NVRAM */
+ rval = Tss2_Sys_ReadPublic(this->sys_context, handle, 0, public, &name,
+ &qualified_name, &sessions_data);
+
+ PlatformCommand(this->tcti_context, MS_SIM_POWER_OFF);
+
+ if (rval != TPM_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s could not read public key from handle 0x%08x: 0x%06x",
+ LABEL, handle, rval);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, generate_aik, bool,
+ private_tpm_tss_tss2_t *this, chunk_t ca_modulus, chunk_t *aik_blob,
+ chunk_t *aik_pubkey, chunk_t *identity_req)
+{
+ return FALSE;
+}
+
+METHOD(tpm_tss_t, get_public, chunk_t,
+ private_tpm_tss_tss2_t *this, uint32_t handle)
+{
+ TPM2B_PUBLIC public = { { 0, } };
+ TPM_ALG_ID sig_alg, digest_alg;
+ chunk_t aik_blob, aik_pubkey = chunk_empty;
+
+ if (!read_public(this, handle, &public))
+ {
+ return chunk_empty;
+ }
+
+ aik_blob = chunk_create((u_char*)&public, sizeof(public));
+ DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_blob);
+
+ /* convert TSS 2.0 AIK public key blot into PKCS#1 format */
+ switch (public.t.publicArea.type)
+ {
+ case TPM_ALG_RSA:
+ {
+ TPM2B_PUBLIC_KEY_RSA *rsa;
+ TPMT_RSA_SCHEME *scheme;
+ chunk_t aik_exponent, aik_modulus;
+
+ scheme = &public.t.publicArea.parameters.rsaDetail.scheme;
+ sig_alg = scheme->scheme;
+ digest_alg = scheme->details.anySig.hashAlg;
+
+ rsa = &public.t.publicArea.unique.rsa;
+ aik_modulus = chunk_create(rsa->t.buffer, rsa->t.size);
+ aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
+
+ /* subjectPublicKeyInfo encoding of AIK RSA key */
+ if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER,
+ NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus,
+ CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END))
+ {
+ DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key "
+ "failed", LABEL);
+ }
+ break;
+ }
+ case TPM_ALG_ECC:
+ {
+ TPMS_ECC_POINT *ecc;
+ TPMT_ECC_SCHEME *scheme;
+ chunk_t ecc_point;
+ uint8_t *pos;
+
+ scheme = &public.t.publicArea.parameters.eccDetail.scheme;
+ sig_alg = scheme->scheme;
+ digest_alg = scheme->details.anySig.hashAlg;
+
+ ecc = &public.t.publicArea.unique.ecc;
+
+ /* allocate space for bit string */
+ pos = asn1_build_object(&ecc_point, ASN1_BIT_STRING,
+ 2 + ecc->x.t.size + ecc->y.t.size);
+ /* bit string length is a multiple of octets */
+ *pos++ = 0x00;
+ /* uncompressed ECC point format */
+ *pos++ = 0x04;
+ /* copy x coordinate of ECC point */
+ memcpy(pos, ecc->x.t.buffer, ecc->x.t.size);
+ pos += ecc->x.t.size;
+ /* copy y coordinate of ECC point */
+ memcpy(pos, ecc->y.t.buffer, ecc->y.t.size);
+ /* subjectPublicKeyInfo encoding of AIK ECC key */
+ aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_build_known_oid(OID_EC_PUBLICKEY),
+ asn1_build_known_oid(ecc->x.t.size == 32 ?
+ OID_PRIME256V1 : OID_SECT384R1)),
+ ecc_point);
+ break;
+ }
+ default:
+ DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL);
+ return chunk_empty;
+ }
+ DBG1(DBG_PTS, "AIK signature algorithm is %N with %N hash",
+ tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg);
+ return aik_pubkey;
+}
+
+/**
+ * Configure a PCR Selection assuming a maximum of 24 registers
+ */
+static bool init_pcr_selection(private_tpm_tss_tss2_t *this, uint32_t pcrs,
+ hash_algorithm_t alg, TPML_PCR_SELECTION *pcr_sel)
+{
+ TPM_ALG_ID alg_id;
+ uint32_t pcr;
+
+ /* check if hash algorithm is supported by TPM */
+ alg_id = hash_alg_to_tpm_alg_id(alg);
+ if (!is_supported_alg(this, alg_id))
+ {
+ DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM",
+ LABEL, hash_algorithm_short_names, alg);
+ return FALSE;
+ }
+
+ /* initialize the PCR Selection structure,*/
+ pcr_sel->count = 1;
+ pcr_sel->pcrSelections[0].hash = alg_id;
+ pcr_sel->pcrSelections[0].sizeofSelect = 3;
+ pcr_sel->pcrSelections[0].pcrSelect[0] = 0;
+ pcr_sel->pcrSelections[0].pcrSelect[1] = 0;
+ pcr_sel->pcrSelections[0].pcrSelect[2] = 0;
+
+ /* set the selected PCRs */
+ for (pcr = 0; pcr < PLATFORM_PCR; pcr++)
+ {
+ if (pcrs & (1 << pcr))
+ {
+ pcr_sel->pcrSelections[0].pcrSelect[pcr / 8] |= ( 1 << (pcr % 8) );
+ }
+ }
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, read_pcr, bool,
+ private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ hash_algorithm_t alg)
+{
+ TPML_PCR_SELECTION pcr_selection;
+ TPML_DIGEST pcr_values;
+
+ uint32_t pcr_update_counter, rval;
+ uint8_t *pcr_value_ptr;
+ size_t pcr_value_len;
+
+ if (pcr_num >= PLATFORM_PCR)
+ {
+ DBG1(DBG_PTS, "%s maximum number of supported PCR is %d",
+ LABEL, PLATFORM_PCR);
+ return FALSE;
+ }
+
+ if (!init_pcr_selection(this, (1 << pcr_num), alg, &pcr_selection))
+ {
+ return FALSE;
+ }
+
+ /* initialize the PCR Digest structure */
+ memset(&pcr_values, 0, sizeof(TPML_DIGEST));
+
+ /* read the PCR value */
+ rval = Tss2_Sys_PCR_Read(this->sys_context, 0, &pcr_selection,
+ &pcr_update_counter, &pcr_selection, &pcr_values, 0);
+ if (rval != TPM_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s PCR bank could not be read: 0x%60x",
+ LABEL, rval);
+ return FALSE;
+ }
+ pcr_value_ptr = (uint8_t *)pcr_values.digests[0].t.buffer;
+ pcr_value_len = (size_t) pcr_values.digests[0].t.size;
+
+ *pcr_value = chunk_clone(chunk_create(pcr_value_ptr, pcr_value_len));
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, extend_pcr, bool,
+ private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ chunk_t data, hash_algorithm_t alg)
+{
+ /* TODO */
+ return FALSE;
+}
+
+METHOD(tpm_tss_t, quote, bool,
+ private_tpm_tss_tss2_t *this, uint32_t aik_handle, uint32_t pcr_sel,
+ hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t *quote_mode,
+ tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig)
+{
+ chunk_t quoted_chunk, qualified_signer, extra_data, clock_info,
+ firmware_version, pcr_select, pcr_digest;
+ hash_algorithm_t pcr_digest_alg;
+ bio_reader_t *reader;
+ uint32_t rval;
+
+ TPM2B_DATA qualifying_data;
+ TPML_PCR_SELECTION pcr_selection;
+ TPM2B_ATTEST quoted = { { sizeof(TPM2B_ATTEST)-2, } };
+ TPMT_SIG_SCHEME scheme;
+ TPMT_SIGNATURE sig;
+ TPMI_ALG_HASH hash_alg;
+ TPMS_AUTH_COMMAND session_data_cmd;
+ TPMS_AUTH_RESPONSE session_data_rsp;
+ TSS2_SYS_CMD_AUTHS sessions_data_cmd;
+ TSS2_SYS_RSP_AUTHS sessions_data_rsp;
+ TPMS_AUTH_COMMAND *session_data_cmd_array[1];
+ TPMS_AUTH_RESPONSE *session_data_rsp_array[1];
+
+ session_data_cmd_array[0] = &session_data_cmd;
+ session_data_rsp_array[0] = &session_data_rsp;
+
+ sessions_data_cmd.cmdAuths = &session_data_cmd_array[0];
+ sessions_data_rsp.rspAuths = &session_data_rsp_array[0];
+
+ sessions_data_cmd.cmdAuthsCount = 1;
+ sessions_data_rsp.rspAuthsCount = 1;
+
+ session_data_cmd.sessionHandle = TPM_RS_PW;
+ session_data_cmd.hmac.t.size = 0;
+ session_data_cmd.nonce.t.size = 0;
+
+ *( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0;
+
+ qualifying_data.t.size = data.len;
+ memcpy(qualifying_data.t.buffer, data.ptr, data.len);
+
+ scheme.scheme = TPM_ALG_NULL;
+ memset(&sig, 0x00, sizeof(sig));
+
+ /* set Quote mode */
+ *quote_mode = TPM_QUOTE_TPM2;
+
+ if (!init_pcr_selection(this, pcr_sel, alg, &pcr_selection))
+ {
+ return FALSE;
+ }
+
+ rval = Tss2_Sys_Quote(this->sys_context, aik_handle, &sessions_data_cmd,
+ &qualifying_data, &scheme, &pcr_selection, "ed,
+ &sig, &sessions_data_rsp);
+ if (rval != TPM_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_Quote failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ quoted_chunk = chunk_create(quoted.t.attestationData, quoted.t.size);
+
+ reader = bio_reader_create(chunk_skip(quoted_chunk, 6));
+ if (!reader->read_data16(reader, &qualified_signer) ||
+ !reader->read_data16(reader, &extra_data) ||
+ !reader->read_data (reader, 17, &clock_info) ||
+ !reader->read_data (reader, 8, &firmware_version) ||
+ !reader->read_data (reader, 10, &pcr_select) ||
+ !reader->read_data16(reader, &pcr_digest))
+ {
+ DBG1(DBG_PTS, "%s parsing of quoted struct failed", LABEL);
+ reader->destroy(reader);
+ return FALSE;
+ }
+ reader->destroy(reader);
+
+ DBG2(DBG_PTS, "PCR Composite digest: %B", &pcr_digest);
+ DBG2(DBG_PTS, "TPM Quote Info: %B", "ed_chunk);
+ DBG2(DBG_PTS, "qualifiedSigner: %B", &qualified_signer);
+ DBG2(DBG_PTS, "extraData: %B", &extra_data);
+ DBG2(DBG_PTS, "clockInfo: %B", &clock_info);
+ DBG2(DBG_PTS, "firmwareVersion: %B", &firmware_version);
+ DBG2(DBG_PTS, "pcrSelect: %B", &pcr_select);
+
+ /* extract signature */
+ switch (sig.sigAlg)
+ {
+ case TPM_ALG_RSASSA:
+ case TPM_ALG_RSAPSS:
+ *quote_sig = chunk_clone(
+ chunk_create(
+ sig.signature.rsassa.sig.t.buffer,
+ sig.signature.rsassa.sig.t.size));
+ hash_alg = sig.signature.rsassa.hash;
+ break;
+ case TPM_ALG_ECDSA:
+ case TPM_ALG_ECDAA:
+ case TPM_ALG_SM2:
+ case TPM_ALG_ECSCHNORR:
+ *quote_sig = chunk_cat("cc",
+ chunk_create(
+ sig.signature.ecdsa.signatureR.t.buffer,
+ sig.signature.ecdsa.signatureR.t.size),
+ chunk_create(
+ sig.signature.ecdsa.signatureS.t.buffer,
+ sig.signature.ecdsa.signatureS.t.size));
+ hash_alg = sig.signature.ecdsa.hash;
+ break;
+ default:
+ DBG1(DBG_PTS, "%s unsupported %N signature algorithm",
+ LABEL, tpm_alg_id_names, sig.sigAlg);
+ return FALSE;
+ };
+
+ DBG2(DBG_PTS, "PCR digest algorithm is %N", tpm_alg_id_names, hash_alg);
+ pcr_digest_alg = hash_alg_from_tpm_alg_id(hash_alg);
+
+ DBG2(DBG_PTS, "TPM Quote Signature: %B", quote_sig);
+
+ /* Create and initialize Quote Info object */
+ *quote_info = tpm_tss_quote_info_create(*quote_mode, pcr_digest_alg,
+ pcr_digest);
+ (*quote_info)->set_tpm2_info(*quote_info, qualified_signer, clock_info,
+ pcr_select);
+ (*quote_info)->set_version_info(*quote_info, firmware_version);
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, destroy, void,
+ private_tpm_tss_tss2_t *this)
+{
+ finalize_context(this);
+ free(this);
+}
+
+/**
+ * See header
+ */
+tpm_tss_t *tpm_tss_tss2_create()
+{
+ private_tpm_tss_tss2_t *this;
+ bool available;
+
+ INIT(this,
+ .public = {
+ .get_version = _get_version,
+ .get_version_info = _get_version_info,
+ .generate_aik = _generate_aik,
+ .get_public = _get_public,
+ .read_pcr = _read_pcr,
+ .extend_pcr = _extend_pcr,
+ .quote = _quote,
+ .destroy = _destroy,
+ },
+ );
+
+ available = initialize_context(this);
+ DBG1(DBG_PTS, "TPM 2.0 via TSS2 %savailable", available ? "" : "not ");
+
+ if (!available)
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+#else /* TSS_TSS2 */
+
+tpm_tss_t *tpm_tss_tss2_create()
+{
+ return NULL;
+}
+
+#endif /* TSS_TSS2 */
+
+
diff --git a/src/libcharon/tests/libcharon_tests.h b/src/libtpmtss/tpm_tss_tss2.h
similarity index 62%
copy from src/libcharon/tests/libcharon_tests.h
copy to src/libtpmtss/tpm_tss_tss2.h
index fb82bac..f3a11e5 100644
--- a/src/libcharon/tests/libcharon_tests.h
+++ b/src/libtpmtss/tpm_tss_tss2.h
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2014 Martin Willi
- * Copyright (C) 2014 revosec AG
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,6 +13,19 @@
* for more details.
*/
-TEST_SUITE(ike_cfg_suite_create)
-TEST_SUITE(mem_pool_suite_create)
-TEST_SUITE_DEPEND(message_chapoly_suite_create, AEAD, ENCR_CHACHA20_POLY1305, 32)
+/**
+ * @defgroup tpm_tss_tss2 tpm_tss_tss2
+ * @{ @ingroup libtpmtss
+ */
+
+#ifndef TPM_TSS_TSS2_H_
+#define TPM_TSS_TSS2_H_
+
+#include "tpm_tss.h"
+
+/**
+ * Create a tpm_tss_tss2 instance.
+ */
+tpm_tss_t *tpm_tss_tss2_create();
+
+#endif /** TPM_TSS_TSS2_H_ @}*/
diff --git a/src/libtpmtss/tpm_tss_tss2_names.c b/src/libtpmtss/tpm_tss_tss2_names.c
new file mode 100644
index 0000000..9185aa3
--- /dev/null
+++ b/src/libtpmtss/tpm_tss_tss2_names.c
@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tpm_tss_tss2_names.h"
+
+#ifdef TSS_TSS2
+
+#include <tss2/tpm20.h>
+
+#ifndef TPM_ALG_ECMQV
+#define TPM_ALG_ECMQV (TPM_ALG_ID)0x001D
+#endif
+
+#ifndef TPM_ALG_CAMELLIA
+#define TPM_ALG_CAMELLIA (TPM_ALG_ID)0x0026
+#endif
+
+/**
+ * TPM 2.0 algorithm ID names
+ */
+ENUM_BEGIN(tpm_alg_id_names, TPM_ALG_ERROR, TPM_ALG_RSA,
+ "ERROR",
+ "RSA"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM_ALG_SHA1, TPM_ALG_KEYEDHASH, TPM_ALG_RSA,
+ "SHA1",
+ "HMAC",
+ "AES",
+ "MGF1",
+ "KEYEDHASH"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM_ALG_XOR, TPM_ALG_SHA512, TPM_ALG_KEYEDHASH,
+ "XOR",
+ "SHA256",
+ "SHA384",
+ "SHA512"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM_ALG_NULL, TPM_ALG_NULL, TPM_ALG_SHA512,
+ "NULL"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM_ALG_SM3_256, TPM_ALG_ECMQV, TPM_ALG_NULL,
+ "SM3_256",
+ "SM4",
+ "RSASSA",
+ "RSAES",
+ "RSAPSS",
+ "OAEP",
+ "ECDSA",
+ "ECDH",
+ "SM2",
+ "ECSCHNORR",
+ "ECMQV"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM_ALG_KDF1_SP800_56A, TPM_ALG_ECC, TPM_ALG_ECMQV,
+ "KDF1_SP800_56A",
+ "KDF2",
+ "KDF1_SP800_108",
+ "ECC"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM_ALG_SYMCIPHER, TPM_ALG_CAMELLIA, TPM_ALG_ECC,
+ "SYMCIPHER",
+ "CAMELLIA"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM_ALG_CTR, TPM_ALG_ECB, TPM_ALG_CAMELLIA,
+ "CTR",
+ "OFB",
+ "CBC",
+ "CFB",
+ "ECB"
+);
+ENUM_END(tpm_alg_id_names, TPM_ALG_ECB);
+
+/**
+ * TPM 2.0 ECC curve names
+ */
+ENUM_BEGIN(tpm_ecc_curve_names, TPM_ECC_NONE, TPM_ECC_NIST_P521,
+ "NONE",
+ "NIST_P192",
+ "NIST_P224",
+ "NIST_P256",
+ "NIST_P384",
+ "NIST_P521"
+);
+ENUM_NEXT(tpm_ecc_curve_names, TPM_ECC_BN_P256, TPM_ECC_BN_P638, TPM_ECC_NIST_P521,
+ "BN_P256",
+ "BN_P638"
+);
+ENUM_NEXT(tpm_ecc_curve_names, TPM_ECC_SM2_P256, TPM_ECC_SM2_P256, TPM_ECC_BN_P638,
+ "SM2_P256"
+);
+ENUM_END(tpm_ecc_curve_names, TPM_ECC_SM2_P256);
+
+#else /* TSS_TSS2 */
+
+/**
+ * TPM 2.0 algorithm ID names
+ */
+ENUM(tpm_alg_id_names, 0, 0,
+ "ERROR"
+);
+
+/**
+ * TPM 2.0 ECC curve names
+ */
+ENUM(tpm_ecc_curve_names, 0, 0,
+ "NONE"
+);
+
+#endif /* TSS_TSS2 */
+
+
diff --git a/src/libcharon/tests/libcharon_tests.h b/src/libtpmtss/tpm_tss_tss2_names.h
similarity index 60%
copy from src/libcharon/tests/libcharon_tests.h
copy to src/libtpmtss/tpm_tss_tss2_names.h
index fb82bac..c2a8344 100644
--- a/src/libcharon/tests/libcharon_tests.h
+++ b/src/libtpmtss/tpm_tss_tss2_names.h
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2014 Martin Willi
- * Copyright (C) 2014 revosec AG
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,6 +13,18 @@
* for more details.
*/
-TEST_SUITE(ike_cfg_suite_create)
-TEST_SUITE(mem_pool_suite_create)
-TEST_SUITE_DEPEND(message_chapoly_suite_create, AEAD, ENCR_CHACHA20_POLY1305, 32)
+/**
+ * @defgroup tpm_tss_tss2_names tpm_tss_tss2_names
+ * @{ @ingroup libtpmtss
+ */
+
+#ifndef TPM_TSS_TSS2_NAMES_H_
+#define TPM_TSS_TSS2_NAMES_H_
+
+#include <library.h>
+
+extern enum_name_t *tpm_alg_id_names;
+
+extern enum_name_t *tpm_ecc_curve_names;
+
+#endif /** TPM_TSS_TSS2_NAMES_H_ @}*/
diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in
index 9beaab0..a1ad709 100644
--- a/src/manager/Makefile.in
+++ b/src/manager/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
manager_PROGRAMS = manager.fcgi$(EXEEXT)
subdir = src/manager
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -219,12 +228,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -274,6 +285,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -308,6 +320,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -419,6 +432,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -518,7 +532,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/manager/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/manager/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -1036,6 +1049,8 @@ uninstall-am: uninstall-managerPROGRAMS \
uninstall-manager_templates_ikesaDATA \
uninstall-manager_templates_staticDATA
+.PRECIOUS: Makefile
+
main.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/manager/controller/control_controller.c b/src/manager/controller/control_controller.c
index f275986..a8db2f2 100644
--- a/src/manager/controller/control_controller.c
+++ b/src/manager/controller/control_controller.c
@@ -109,7 +109,7 @@ static void initiate(private_control_controller_t *this, fast_request_t *r,
* terminate an IKE or CHILD SA
*/
static void terminate(private_control_controller_t *this, fast_request_t *r,
- bool ike, u_int32_t id)
+ bool ike, uint32_t id)
{
gateway_t *gateway;
enumerator_t *e;
@@ -140,7 +140,7 @@ METHOD(fast_controller_t, handle, void,
}
if (action)
{
- u_int32_t id;
+ uint32_t id;
if (streq(action, "terminateike"))
{
diff --git a/src/manager/gateway.c b/src/manager/gateway.c
index 8a8fbe8..58ee6ab 100644
--- a/src/manager/gateway.c
+++ b/src/manager/gateway.c
@@ -317,7 +317,7 @@ METHOD(gateway_t, initiate, enumerator_t*,
}
METHOD(gateway_t, terminate, enumerator_t*,
- private_gateway_t *this, bool ike, u_int32_t id)
+ private_gateway_t *this, bool ike, uint32_t id)
{
char *str, *kind;
diff --git a/src/manager/gateway.h b/src/manager/gateway.h
index 5792ebf..1f62d23 100644
--- a/src/manager/gateway.h
+++ b/src/manager/gateway.h
@@ -61,7 +61,7 @@ struct gateway_t {
* @param id ID of the SA to terminate
* @return enumerator over control response XML children
*/
- enumerator_t* (*terminate)(gateway_t *this, bool ike, u_int32_t id);
+ enumerator_t* (*terminate)(gateway_t *this, bool ike, uint32_t id);
/**
* Initiate an IKE or a CHILD SA.
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index c367841..44ed9f8 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
medsrv_PROGRAMS = medsrv.fcgi$(EXEEXT)
subdir = src/medsrv
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -208,12 +217,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -263,6 +274,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -297,6 +309,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -408,6 +421,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -493,7 +507,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/medsrv/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/medsrv/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -934,6 +947,8 @@ uninstall-am: uninstall-medsrvPROGRAMS uninstall-medsrv_templatesDATA \
uninstall-medsrv_templates_staticDATA \
uninstall-medsrv_templates_userDATA
+.PRECIOUS: Makefile
+
main.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am
index 261e41c..1153794 100644
--- a/src/pki/Makefile.am
+++ b/src/pki/Makefile.am
@@ -19,7 +19,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \
pki_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(PTHREADLIB) $(DLLIB)
+ $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
pki.o : $(top_builddir)/config.status
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 4b206c9..7b900f2 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
bin_PROGRAMS = pki$(EXEEXT)
subdir = src/pki
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -113,7 +122,8 @@ am_pki_OBJECTS = pki.$(OBJEXT) command.$(OBJEXT) \
pki_OBJECTS = $(am_pki_OBJECTS)
am__DEPENDENCIES_1 =
pki_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -195,6 +205,7 @@ am__define_uniq_tagged_files = \
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -226,6 +237,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -275,6 +287,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -309,6 +322,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -420,6 +434,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -466,7 +481,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \
pki_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(PTHREADLIB) $(DLLIB)
+ $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
@@ -488,7 +503,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pki/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/pki/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -926,6 +940,8 @@ uninstall-am: uninstall-binPROGRAMS
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-binPROGRAMS
+.PRECIOUS: Makefile
+
pki.o : $(top_builddir)/config.status
diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in
index e612309..982a117 100644
--- a/src/pki/man/Makefile.in
+++ b/src/pki/man/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,14 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/pki/man
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(srcdir)/pki.1.in $(srcdir)/pki---acert.1.in \
- $(srcdir)/pki---dn.1.in $(srcdir)/pki---gen.1.in \
- $(srcdir)/pki---issue.1.in $(srcdir)/pki---keyid.1.in \
- $(srcdir)/pki---pkcs12.1.in $(srcdir)/pki---pkcs7.1.in \
- $(srcdir)/pki---print.1.in $(srcdir)/pki---pub.1.in \
- $(srcdir)/pki---req.1.in $(srcdir)/pki---self.1.in \
- $(srcdir)/pki---signcrl.1.in $(srcdir)/pki---verify.1.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -99,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES = pki.1 pki---acert.1 pki---dn.1 pki---gen.1 \
@@ -157,12 +160,21 @@ am__installdirs = "$(DESTDIR)$(man1dir)"
NROFF = nroff
MANS = $(man1_MANS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/pki---acert.1.in \
+ $(srcdir)/pki---dn.1.in $(srcdir)/pki---gen.1.in \
+ $(srcdir)/pki---issue.1.in $(srcdir)/pki---keyid.1.in \
+ $(srcdir)/pki---pkcs12.1.in $(srcdir)/pki---pkcs7.1.in \
+ $(srcdir)/pki---print.1.in $(srcdir)/pki---pub.1.in \
+ $(srcdir)/pki---req.1.in $(srcdir)/pki---self.1.in \
+ $(srcdir)/pki---signcrl.1.in $(srcdir)/pki---verify.1.in \
+ $(srcdir)/pki.1.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -212,6 +224,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -246,6 +259,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -357,6 +371,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -416,7 +431,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pki/man/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/pki/man/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -667,6 +681,8 @@ uninstall-man: uninstall-man1
ps ps-am tags-am uninstall uninstall-am uninstall-man \
uninstall-man1
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in
index 3d9adb1..8b73403 100644
--- a/src/pool/Makefile.in
+++ b/src/pool/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,8 +91,6 @@ build_triplet = @build@
host_triplet = @host@
@USE_ATTR_SQL_TRUE at ipsec_PROGRAMS = pool$(EXEEXT)
subdir = src/pool
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp $(dist_templates_DATA)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +104,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_templates_DATA) \
+ $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -202,12 +212,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -257,6 +269,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -291,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -402,6 +416,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -461,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pool/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/pool/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -802,6 +816,8 @@ uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS
tags tags-am uninstall uninstall-am \
uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS
+.PRECIOUS: Makefile
+
@USE_ATTR_SQL_TRUE at pool.o : $(top_builddir)/config.status
diff --git a/src/pool/sqlite.sql b/src/pool/sqlite.sql
index 7801263..a350940 100644
--- a/src/pool/sqlite.sql
+++ b/src/pool/sqlite.sql
@@ -37,7 +37,7 @@ CREATE TABLE child_config_traffic_selector (
traffic_selector INTEGER NOT NULL,
kind INTEGER NOT NULL
);
-DROP INDEX IF EXISTS child_config_traffic_selector;
+DROP INDEX IF EXISTS child_config_traffic_selector_all;
CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector (
child_cfg, traffic_selector
);
diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in
index 2ab3cbf..b2c9c95 100644
--- a/src/pt-tls-client/Makefile.in
+++ b/src/pt-tls-client/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = pt-tls-client$(EXEEXT)
subdir = src/pt-tls-client
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -172,12 +181,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -227,6 +238,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -261,6 +273,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -372,6 +385,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -432,7 +446,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pt-tls-client/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/pt-tls-client/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -748,6 +761,8 @@ uninstall-am: uninstall-ipsecPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+.PRECIOUS: Makefile
+
pt-tls-client.o : $(top_builddir)/config.status
diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c
index 3a179af..b91997d 100644
--- a/src/pt-tls-client/pt-tls-client.c
+++ b/src/pt-tls-client/pt-tls-client.c
@@ -50,7 +50,7 @@ static void usage(FILE *out)
/**
* Client routine
*/
-static int client(char *address, u_int16_t port, char *identity)
+static int client(char *address, uint16_t port, char *identity)
{
pt_tls_client_t *assessment;
tls_t *tnccs;
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 141db69..1fdea8a 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = scepclient$(EXEEXT)
subdir = src/scepclient
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp $(dist_man_MANS)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -199,12 +208,15 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -254,6 +266,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -288,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -399,6 +413,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -456,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/scepclient/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/scepclient/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -819,6 +833,8 @@ uninstall-man: uninstall-man8
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-ipsecPROGRAMS uninstall-man uninstall-man8
+.PRECIOUS: Makefile
+
scepclient.o : $(top_builddir)/config.status
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 8341ca3..873c20a 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -28,13 +28,16 @@ AM_CPPFLAGS = \
-DPLUGINS=\""${starter_plugins}\"" \
-DDEBUG
+AM_CFLAGS = \
+ @COVERAGE_CFLAGS@
+
AM_YFLAGS = -v -d
starter_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
libstarter.la \
- $(SOCKLIB) $(PTHREADLIB)
+ $(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB)
EXTRA_DIST = keywords.txt ipsec.conf Android.mk
MAINTAINERCLEANFILES = keywords.c
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 31e0e9d..19753de 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -16,7 +16,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -83,9 +93,6 @@ ipsec_PROGRAMS = starter$(EXEEXT)
@USE_LOAD_WARNING_TRUE at am__append_1 = -DLOAD_WARNING
@USE_SCEPCLIENT_TRUE at am__append_2 = -DGENERATE_SELFCERT
subdir = src/starter
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- parser/parser.h parser/parser.c parser/lexer.c \
- $(top_srcdir)/depcomp $(top_srcdir)/ylwrap
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -99,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -124,7 +132,8 @@ am__DEPENDENCIES_1 =
starter_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la libstarter.la \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
AM_V_P = $(am__v_P_ at AM_V@)
am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
am__v_P_0 = false
@@ -219,6 +228,9 @@ am__define_uniq_tagged_files = \
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
+ $(top_srcdir)/ylwrap parser/lexer.c parser/parser.c \
+ parser/parser.h
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -250,6 +262,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -299,6 +312,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -333,6 +347,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -444,6 +459,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -495,12 +511,15 @@ AM_CPPFLAGS = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
-DDEV_URANDOM=\"${urandom_device}\" \
-DPLUGINS=\""${starter_plugins}\"" -DDEBUG $(am__append_1) \
$(am__append_2)
+AM_CFLAGS = \
+ @COVERAGE_CFLAGS@
+
AM_YFLAGS = -v -d
starter_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
libstarter.la \
- $(SOCKLIB) $(PTHREADLIB)
+ $(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB)
EXTRA_DIST = keywords.txt ipsec.conf Android.mk
MAINTAINERCLEANFILES = keywords.c
@@ -522,7 +541,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/starter/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/starter/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -971,6 +989,8 @@ uninstall-am: uninstall-ipsecPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+.PRECIOUS: Makefile
+
keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h
$(AM_V_GEN) \
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 897aa42..33924b0 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -331,7 +331,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
DBG1(DBG_APP, "# bad protocol: %s=%s", key, value);
goto err;
}
- end->protocol = (u_int8_t)p;
+ end->protocol = (uint8_t)p;
}
}
if (streq(port, "%any"))
diff --git a/src/starter/confread.h b/src/starter/confread.h
index 457327f..45f34ce 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -106,9 +106,9 @@ struct starter_end {
bool hostaccess;
bool allow_any;
char *updown;
- u_int16_t from_port;
- u_int16_t to_port;
- u_int8_t protocol;
+ uint16_t from_port;
+ uint16_t to_port;
+ uint8_t protocol;
char *sourceip;
char *dns;
};
@@ -133,17 +133,17 @@ struct starter_conn {
time_t sa_ike_life_seconds;
time_t sa_ipsec_life_seconds;
time_t sa_rekey_margin;
- u_int64_t sa_ipsec_life_bytes;
- u_int64_t sa_ipsec_margin_bytes;
- u_int64_t sa_ipsec_life_packets;
- u_int64_t sa_ipsec_margin_packets;
+ uint64_t sa_ipsec_life_bytes;
+ uint64_t sa_ipsec_margin_bytes;
+ uint64_t sa_ipsec_life_packets;
+ uint64_t sa_ipsec_margin_packets;
unsigned long sa_keying_tries;
unsigned long sa_rekey_fuzz;
- u_int32_t reqid;
+ uint32_t reqid;
mark_t mark_in;
mark_t mark_out;
- u_int32_t replay_window;
- u_int32_t tfc;
+ uint32_t replay_window;
+ uint32_t tfc;
bool install_policy;
bool aggressive;
starter_end_t left, right;
diff --git a/src/starter/parser/lexer.c b/src/starter/parser/lexer.c
index a093771..afca863 100644
--- a/src/starter/parser/lexer.c
+++ b/src/starter/parser/lexer.c
@@ -16,8 +16,8 @@
#define FLEX_SCANNER
#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 35
+#define YY_FLEX_MINOR_VERSION 6
+#define YY_FLEX_SUBMINOR_VERSION 0
#if YY_FLEX_SUBMINOR_VERSION > 0
#define FLEX_BETA
#endif
@@ -221,6 +221,11 @@ typedef void* yyscan_t;
typedef struct yy_buffer_state *YY_BUFFER_STATE;
#endif
+#ifndef YY_TYPEDEF_YY_SIZE_T
+#define YY_TYPEDEF_YY_SIZE_T
+typedef size_t yy_size_t;
+#endif
+
/* %if-not-reentrant */
/* %endif */
@@ -247,6 +252,13 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE;
if ( yytext[yyl] == '\n' )\
--yylineno;\
}while(0)
+ #define YY_LINENO_REWIND_TO(dst) \
+ do {\
+ const char *p;\
+ for ( p = yy_cp-1; p >= (dst); --p)\
+ if ( *p == '\n' )\
+ --yylineno;\
+ }while(0)
/* Return all but the first "n" matched characters back to the input stream. */
#define yyless(n) \
@@ -264,11 +276,6 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE;
#define unput(c) yyunput( c, yyg->yytext_ptr , yyscanner )
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef size_t yy_size_t;
-#endif
-
#ifndef YY_STRUCT_YY_BUFFER_STATE
#define YY_STRUCT_YY_BUFFER_STATE
struct yy_buffer_state
@@ -388,7 +395,7 @@ static void conf_parser__init_buffer (YY_BUFFER_STATE b,FILE *file ,yyscan_t yys
YY_BUFFER_STATE conf_parser__scan_buffer (char *base,yy_size_t size ,yyscan_t yyscanner );
YY_BUFFER_STATE conf_parser__scan_string (yyconst char *yy_str ,yyscan_t yyscanner );
-YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char *bytes,int len ,yyscan_t yyscanner );
+YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char *bytes,yy_size_t len ,yyscan_t yyscanner );
/* %endif */
@@ -423,7 +430,7 @@ void conf_parser_free (void * ,yyscan_t yyscanner );
/* %% [1.0] yytext/yyin/yyout/yy_state_type/yylineno etc. def's & init go here */
/* Begin user sect3 */
-#define conf_parser_wrap(n) 1
+#define conf_parser_wrap(yyscanner) (/*CONSTCOND*/1)
#define YY_SKIP_YYWRAP
#define FLEX_DEBUG
@@ -434,11 +441,16 @@ typedef int yy_state_type;
#define yytext_ptr yytext_r
+/* %% [1.5] DFA */
+
/* %if-c-only Standard (non-C++) definition */
static yy_state_type yy_get_previous_state (yyscan_t yyscanner );
static yy_state_type yy_try_NUL_trans (yy_state_type current_state ,yyscan_t yyscanner);
static int yy_get_next_buffer (yyscan_t yyscanner );
+#if defined(__GNUC__) && __GNUC__ >= 3
+__attribute__((__noreturn__))
+#endif
static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner );
/* %endif */
@@ -477,7 +489,7 @@ static yyconst flex_int16_t yy_accept[80] =
0, 1, 10, 10, 0, 0, 0, 7, 0
} ;
-static yyconst flex_int32_t yy_ec[256] =
+static yyconst YY_CHAR yy_ec[256] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
1, 1, 4, 1, 1, 1, 1, 1, 1, 1,
@@ -509,14 +521,14 @@ static yyconst flex_int32_t yy_ec[256] =
1, 1, 1, 1, 1
} ;
-static yyconst flex_int32_t yy_meta[28] =
+static yyconst YY_CHAR yy_meta[28] =
{ 0,
1, 2, 3, 1, 2, 4, 2, 5, 1, 6,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1
} ;
-static yyconst flex_int16_t yy_base[91] =
+static yyconst flex_uint16_t yy_base[91] =
{ 0,
0, 16, 41, 50, 4, 5, 101, 0, 24, 184,
184, 0, 184, 92, 79, 32, 16, 83, 0, 184,
@@ -542,7 +554,7 @@ static yyconst flex_int16_t yy_def[91] =
79, 79, 79, 79, 79, 79, 79, 79, 79, 79
} ;
-static yyconst flex_int16_t yy_nxt[212] =
+static yyconst flex_uint16_t yy_nxt[212] =
{ 0,
79, 9, 10, 79, 9, 11, 12, 13, 14, 24,
24, 79, 79, 25, 25, 52, 15, 16, 10, 53,
@@ -657,7 +669,7 @@ static void include_files(parser_helper_t *ctx);
/* state used to scan quoted strings */
-#line 661 "parser/lexer.c"
+#line 673 "parser/lexer.c"
#define INITIAL 0
#define inc 1
@@ -694,7 +706,7 @@ struct yyguts_t
YY_BUFFER_STATE * yy_buffer_stack; /**< Stack as an array. */
char yy_hold_char;
int yy_n_chars;
- int yyleng_r;
+ yy_size_t yyleng_r;
char *yy_c_buf_p;
int yy_init;
int yy_start;
@@ -751,19 +763,23 @@ void conf_parser_set_extra (YY_EXTRA_TYPE user_defined ,yyscan_t yyscanner );
FILE *conf_parser_get_in (yyscan_t yyscanner );
-void conf_parser_set_in (FILE * in_str ,yyscan_t yyscanner );
+void conf_parser_set_in (FILE * _in_str ,yyscan_t yyscanner );
FILE *conf_parser_get_out (yyscan_t yyscanner );
-void conf_parser_set_out (FILE * out_str ,yyscan_t yyscanner );
+void conf_parser_set_out (FILE * _out_str ,yyscan_t yyscanner );
-int conf_parser_get_leng (yyscan_t yyscanner );
+yy_size_t conf_parser_get_leng (yyscan_t yyscanner );
char *conf_parser_get_text (yyscan_t yyscanner );
int conf_parser_get_lineno (yyscan_t yyscanner );
-void conf_parser_set_lineno (int line_number ,yyscan_t yyscanner );
+void conf_parser_set_lineno (int _line_number ,yyscan_t yyscanner );
+
+int conf_parser_get_column (yyscan_t yyscanner );
+
+void conf_parser_set_column (int _column_no ,yyscan_t yyscanner );
/* %if-bison-bridge */
@@ -787,8 +803,11 @@ extern int conf_parser_wrap (yyscan_t yyscanner );
/* %not-for-header */
+#ifndef YY_NO_UNPUT
+
static void yyunput (int c,char *buf_ptr ,yyscan_t yyscanner);
+#endif
/* %ok-for-header */
/* %endif */
@@ -817,7 +836,7 @@ static int input (yyscan_t yyscanner );
/* %if-c-only */
- static void yy_push_state (int new_state ,yyscan_t yyscanner);
+ static void yy_push_state (int _new_state ,yyscan_t yyscanner);
static void yy_pop_state (yyscan_t yyscanner );
@@ -947,7 +966,7 @@ extern int conf_parser_lex \
/* Code executed at the end of each rule. */
#ifndef YY_BREAK
-#define YY_BREAK break;
+#define YY_BREAK /*LINTED*/break;
#endif
/* %% [6.0] YY_RULE_SETUP definition goes here */
@@ -963,17 +982,11 @@ extern int conf_parser_lex \
*/
YY_DECL
{
- register yy_state_type yy_current_state;
- register char *yy_cp, *yy_bp;
- register int yy_act;
+ yy_state_type yy_current_state;
+ char *yy_cp, *yy_bp;
+ int yy_act;
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
-/* %% [7.0] user's declarations go here */
-#line 58 "parser/lexer.l"
-
-
-#line 976 "parser/lexer.c"
-
yylval = yylval_param;
if ( !yyg->yy_init )
@@ -1010,7 +1023,14 @@ YY_DECL
conf_parser__load_buffer_state(yyscanner );
}
- while ( 1 ) /* loops until end-of-file is reached */
+ {
+/* %% [7.0] user's declarations go here */
+#line 58 "parser/lexer.l"
+
+
+#line 1032 "parser/lexer.c"
+
+ while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
{
/* %% [8.0] yymore()-related code goes here */
yy_cp = yyg->yy_c_buf_p;
@@ -1029,7 +1049,7 @@ YY_DECL
yy_match:
do
{
- register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+ YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ;
if ( yy_accept[yy_current_state] )
{
yyg->yy_last_accepting_state = yy_current_state;
@@ -1062,7 +1082,7 @@ yy_find_action:
if ( yy_act != YY_END_OF_BUFFER && yy_rule_can_match_eol[yy_act] )
{
- int yyl;
+ yy_size_t yyl;
for ( yyl = 0; yyl < yyleng; ++yyl )
if ( yytext[yyl] == '\n' )
@@ -1153,6 +1173,7 @@ return CA;
case 10:
/* rule 10 can match eol */
*yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */
+YY_LINENO_REWIND_TO(yy_cp - 1);
yyg->yy_c_buf_p = yy_cp -= 1;
YY_DO_BEFORE_ACTION; /* set up yytext again */
YY_RULE_SETUP
@@ -1238,6 +1259,7 @@ YY_RULE_SETUP
case 18:
#line 125 "parser/lexer.l"
+YY_RULE_SETUP
case YY_STATE_EOF(str):
#line 125 "parser/lexer.l"
case 19:
@@ -1313,7 +1335,7 @@ YY_RULE_SETUP
#line 163 "parser/lexer.l"
YY_FATAL_ERROR( "flex scanner jammed" );
YY_BREAK
-#line 1317 "parser/lexer.c"
+#line 1339 "parser/lexer.c"
case YY_END_OF_BUFFER:
{
@@ -1336,7 +1358,11 @@ YY_FATAL_ERROR( "flex scanner jammed" );
* back-up) that will match for the new input source.
*/
yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+/* %if-c-only */
YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
+/* %endif */
+/* %if-c++-only */
+/* %endif */
YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
}
@@ -1443,6 +1469,7 @@ YY_FATAL_ERROR( "flex scanner jammed" );
"fatal flex scanner internal error--no action found" );
} /* end of action switch */
} /* end of scanning one token */
+ } /* end of user's declarations */
} /* end of conf_parser_lex */
/* %ok-for-header */
@@ -1467,9 +1494,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* %endif */
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
- register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
- register char *source = yyg->yytext_ptr;
- register int number_to_move, i;
+ char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+ char *source = yyg->yytext_ptr;
+ yy_size_t number_to_move, i;
int ret_val;
if ( yyg->yy_c_buf_p > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] )
@@ -1498,7 +1525,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* Try to read more data. */
/* First move last chars to start of buffer. */
- number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1;
+ number_to_move = (yy_size_t) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1;
for ( i = 0; i < number_to_move; ++i )
*(dest++) = *(source++);
@@ -1511,21 +1538,21 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
else
{
- int num_to_read =
+ yy_size_t num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )
{ /* Not enough room in the buffer - grow it. */
/* just a shorter name for the current buffer */
- YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
+ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
int yy_c_buf_p_offset =
(int) (yyg->yy_c_buf_p - b->yy_ch_buf);
if ( b->yy_is_our_buffer )
{
- int new_size = b->yy_buf_size * 2;
+ yy_size_t new_size = b->yy_buf_size * 2;
if ( new_size <= 0 )
b->yy_buf_size += b->yy_buf_size / 8;
@@ -1556,7 +1583,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* Read in more data. */
YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
- yyg->yy_n_chars, (size_t) num_to_read );
+ yyg->yy_n_chars, num_to_read );
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars;
}
@@ -1580,9 +1607,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
else
ret_val = EOB_ACT_CONTINUE_SCAN;
- if ((yy_size_t) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
+ if ((int) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
/* Extend the array by 50%, plus the number we really need. */
- yy_size_t new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1);
+ int new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1);
YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) conf_parser_realloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ,yyscanner );
if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" );
@@ -1607,8 +1634,8 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* %if-c++-only */
/* %endif */
{
- register yy_state_type yy_current_state;
- register char *yy_cp;
+ yy_state_type yy_current_state;
+ char *yy_cp;
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
/* %% [15.0] code to get the start state into yy_current_state goes here */
@@ -1618,7 +1645,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
for ( yy_cp = yyg->yytext_ptr + YY_MORE_ADJ; yy_cp < yyg->yy_c_buf_p; ++yy_cp )
{
/* %% [16.0] code to find the next state goes here */
- register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
if ( yy_accept[yy_current_state] )
{
yyg->yy_last_accepting_state = yy_current_state;
@@ -1647,12 +1674,12 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* %if-c++-only */
/* %endif */
{
- register int yy_is_jam;
+ int yy_is_jam;
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */
/* %% [17.0] code to find the next state, and perhaps do backing up, goes here */
- register char *yy_cp = yyg->yy_c_buf_p;
+ char *yy_cp = yyg->yy_c_buf_p;
- register YY_CHAR yy_c = 1;
+ YY_CHAR yy_c = 1;
if ( yy_accept[yy_current_state] )
{
yyg->yy_last_accepting_state = yy_current_state;
@@ -1667,17 +1694,19 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
yy_is_jam = (yy_current_state == 79);
+ (void)yyg;
return yy_is_jam ? 0 : yy_current_state;
}
+#ifndef YY_NO_UNPUT
/* %if-c-only */
- static void yyunput (int c, register char * yy_bp , yyscan_t yyscanner)
+ static void yyunput (int c, char * yy_bp , yyscan_t yyscanner)
/* %endif */
/* %if-c++-only */
/* %endif */
{
- register char *yy_cp;
+ char *yy_cp;
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
yy_cp = yyg->yy_c_buf_p;
@@ -1688,10 +1717,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
{ /* need to shift things up to make room */
/* +2 for EOB chars. */
- register int number_to_move = yyg->yy_n_chars + 2;
- register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+ yy_size_t number_to_move = yyg->yy_n_chars + 2;
+ char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
- register char *source =
+ char *source =
&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
@@ -1721,6 +1750,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
/* %if-c-only */
/* %endif */
+#endif
/* %if-c-only */
#ifndef YY_NO_INPUT
@@ -1751,7 +1781,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
else
{ /* need more input */
- int offset = yyg->yy_c_buf_p - yyg->yytext_ptr;
+ yy_size_t offset = yyg->yy_c_buf_p - yyg->yytext_ptr;
++yyg->yy_c_buf_p;
switch ( yy_get_next_buffer( yyscanner ) )
@@ -1835,6 +1865,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
conf_parser__load_buffer_state(yyscanner );
}
+/* %if-c++-only */
+/* %endif */
+
/** Switch to a different input buffer.
* @param new_buffer The new input buffer.
* @param yyscanner The scanner object.
@@ -1884,7 +1917,11 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner)
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
yyg->yytext_ptr = yyg->yy_c_buf_p = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
+/* %if-c-only */
yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
+/* %endif */
+/* %if-c++-only */
+/* %endif */
yyg->yy_hold_char = *yyg->yy_c_buf_p;
}
@@ -1906,7 +1943,7 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner)
if ( ! b )
YY_FATAL_ERROR( "out of dynamic memory in conf_parser__create_buffer()" );
- b->yy_buf_size = size;
+ b->yy_buf_size = (yy_size_t)size;
/* yy_ch_buf has to be 2 characters longer than the size given because
* we need to put in 2 end-of-buffer characters.
@@ -1922,6 +1959,9 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner)
return b;
}
+/* %if-c++-only */
+/* %endif */
+
/** Destroy the buffer.
* @param b a buffer created with conf_parser__create_buffer()
* @param yyscanner The scanner object.
@@ -1946,17 +1986,6 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner)
conf_parser_free((void *) b ,yyscanner );
}
-/* %if-c-only */
-
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-
-/* %endif */
-
-/* %if-c++-only */
-/* %endif */
-
/* Initializes or reinitializes a buffer.
* This function is sometimes called more than once on the same buffer,
* such as during a conf_parser_restart() or at EOF.
@@ -1973,7 +2002,11 @@ extern int isatty (int );
conf_parser__flush_buffer(b ,yyscanner);
+/* %if-c-only */
b->yy_input_file = file;
+/* %endif */
+/* %if-c++-only */
+/* %endif */
b->yy_fill_buffer = 1;
/* If b is the current buffer, then conf_parser__init_buffer was _probably_
@@ -2103,7 +2136,7 @@ static void conf_parser_ensure_buffer_stack (yyscan_t yyscanner)
/* %if-c++-only */
/* %endif */
{
- int num_to_alloc;
+ yy_size_t num_to_alloc;
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
if (!yyg->yy_buffer_stack) {
@@ -2112,7 +2145,7 @@ static void conf_parser_ensure_buffer_stack (yyscan_t yyscanner)
* scanner will even need a stack. We use 2 instead of 1 to avoid an
* immediate realloc on the next call.
*/
- num_to_alloc = 1;
+ num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */
yyg->yy_buffer_stack = (struct yy_buffer_state**)conf_parser_alloc
(num_to_alloc * sizeof(struct yy_buffer_state*)
, yyscanner);
@@ -2129,7 +2162,7 @@ static void conf_parser_ensure_buffer_stack (yyscan_t yyscanner)
if (yyg->yy_buffer_stack_top >= (yyg->yy_buffer_stack_max) - 1){
/* Increase the buffer to prepare for a possible push. */
- int grow_size = 8 /* arbitrary grow size */;
+ yy_size_t grow_size = 8 /* arbitrary grow size */;
num_to_alloc = yyg->yy_buffer_stack_max + grow_size;
yyg->yy_buffer_stack = (struct yy_buffer_state**)conf_parser_realloc
@@ -2207,12 +2240,12 @@ YY_BUFFER_STATE conf_parser__scan_string (yyconst char * yystr , yyscan_t yyscan
* @param yyscanner The scanner object.
* @return the newly allocated buffer state object.
*/
-YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_len , yyscan_t yyscanner)
+YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len , yyscan_t yyscanner)
{
YY_BUFFER_STATE b;
char *buf;
yy_size_t n;
- int i;
+ yy_size_t i;
/* Get memory for full buffer, including space for trailing EOB's. */
n = _yybytes_len + 2;
@@ -2239,7 +2272,7 @@ YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_
/* %endif */
/* %if-c-only */
- static void yy_push_state (int new_state , yyscan_t yyscanner)
+ static void yy_push_state (int _new_state , yyscan_t yyscanner)
/* %endif */
/* %if-c++-only */
/* %endif */
@@ -2264,7 +2297,7 @@ YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_
yyg->yy_start_stack[yyg->yy_start_stack_ptr++] = YY_START;
- BEGIN(new_state);
+ BEGIN(_new_state);
}
/* %if-c-only */
@@ -2297,7 +2330,9 @@ YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_
/* %if-c-only */
static void yy_fatal_error (yyconst char* msg , yyscan_t yyscanner)
{
- (void) fprintf( stderr, "%s\n", msg );
+ struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
+ (void)yyg;
+ (void) fprintf( stderr, "%s\n", msg );
exit( YY_EXIT_FAILURE );
}
/* %endif */
@@ -2384,7 +2419,7 @@ FILE *conf_parser_get_out (yyscan_t yyscanner)
/** Get the length of the current token.
* @param yyscanner The scanner object.
*/
-int conf_parser_get_leng (yyscan_t yyscanner)
+yy_size_t conf_parser_get_leng (yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
return yyleng;
@@ -2415,51 +2450,51 @@ void conf_parser_set_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner)
/* %endif */
/** Set the current line number.
- * @param line_number
+ * @param _line_number line number
* @param yyscanner The scanner object.
*/
-void conf_parser_set_lineno (int line_number , yyscan_t yyscanner)
+void conf_parser_set_lineno (int _line_number , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
/* lineno is only valid if an input buffer exists. */
if (! YY_CURRENT_BUFFER )
- yy_fatal_error( "conf_parser_set_lineno called with no buffer" , yyscanner);
+ YY_FATAL_ERROR( "conf_parser_set_lineno called with no buffer" );
- yylineno = line_number;
+ yylineno = _line_number;
}
/** Set the current column.
- * @param line_number
+ * @param _column_no column number
* @param yyscanner The scanner object.
*/
-void conf_parser_set_column (int column_no , yyscan_t yyscanner)
+void conf_parser_set_column (int _column_no , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
/* column is only valid if an input buffer exists. */
if (! YY_CURRENT_BUFFER )
- yy_fatal_error( "conf_parser_set_column called with no buffer" , yyscanner);
+ YY_FATAL_ERROR( "conf_parser_set_column called with no buffer" );
- yycolumn = column_no;
+ yycolumn = _column_no;
}
/** Set the input stream. This does not discard the current
* input buffer.
- * @param in_str A readable stream.
+ * @param _in_str A readable stream.
* @param yyscanner The scanner object.
* @see conf_parser__switch_to_buffer
*/
-void conf_parser_set_in (FILE * in_str , yyscan_t yyscanner)
+void conf_parser_set_in (FILE * _in_str , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
- yyin = in_str ;
+ yyin = _in_str ;
}
-void conf_parser_set_out (FILE * out_str , yyscan_t yyscanner)
+void conf_parser_set_out (FILE * _out_str , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
- yyout = out_str ;
+ yyout = _out_str ;
}
int conf_parser_get_debug (yyscan_t yyscanner)
@@ -2468,10 +2503,10 @@ int conf_parser_get_debug (yyscan_t yyscanner)
return yy_flex_debug;
}
-void conf_parser_set_debug (int bdebug , yyscan_t yyscanner)
+void conf_parser_set_debug (int _bdebug , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
- yy_flex_debug = bdebug ;
+ yy_flex_debug = _bdebug ;
}
/* %endif */
@@ -2637,7 +2672,10 @@ int conf_parser_lex_destroy (yyscan_t yyscanner)
#ifndef yytext_ptr
static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yyscanner)
{
- register int i;
+ struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
+ (void)yyg;
+
+ int i;
for ( i = 0; i < n; ++i )
s1[i] = s2[i];
}
@@ -2646,7 +2684,7 @@ static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yysca
#ifdef YY_NEED_STRLEN
static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner)
{
- register int n;
+ int n;
for ( n = 0; s[n]; ++n )
;
@@ -2656,11 +2694,16 @@ static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner)
void *conf_parser_alloc (yy_size_t size , yyscan_t yyscanner)
{
+ struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
+ (void)yyg;
return (void *) malloc( size );
}
void *conf_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner)
{
+ struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
+ (void)yyg;
+
/* The cast to (char *) in the following accommodates both
* implementations that use char* generic pointers, and those
* that use void* generic pointers. It works with the latter
@@ -2673,6 +2716,8 @@ void *conf_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner)
void conf_parser_free (void * ptr , yyscan_t yyscanner)
{
+ struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
+ (void)yyg;
free( (char *) ptr ); /* see conf_parser_realloc() for (char *) cast */
}
diff --git a/src/starter/parser/parser.c b/src/starter/parser/parser.c
index 41ab515..7204cc6 100644
--- a/src/starter/parser/parser.c
+++ b/src/starter/parser/parser.c
@@ -1,8 +1,8 @@
-/* A Bison parser, made by GNU Bison 3.0.2. */
+/* A Bison parser, made by GNU Bison 3.0.4. */
/* Bison implementation for Yacc-like parsers in C
- Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
+ Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -44,7 +44,7 @@
#define YYBISON 1
/* Bison version. */
-#define YYBISON_VERSION "3.0.2"
+#define YYBISON_VERSION "3.0.4"
/* Skeleton name. */
#define YYSKELETON_NAME "yacc.c"
@@ -182,7 +182,7 @@ extern int conf_parser_debug;
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE YYSTYPE;
+
union YYSTYPE
{
#line 71 "parser/parser.y" /* yacc.c:355 */
@@ -192,6 +192,8 @@ union YYSTYPE
#line 194 "parser/parser.c" /* yacc.c:355 */
};
+
+typedef union YYSTYPE YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define YYSTYPE_IS_DECLARED 1
#endif
@@ -204,7 +206,7 @@ int conf_parser_parse (parser_helper_t *ctx);
/* Copy the second part of user declarations. */
-#line 208 "parser/parser.c" /* yacc.c:358 */
+#line 210 "parser/parser.c" /* yacc.c:358 */
#ifdef short
# undef short
@@ -1030,19 +1032,19 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, parser_helper_t *c
case 3: /* STRING */
#line 86 "parser/parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1034 "parser/parser.c" /* yacc.c:1257 */
+#line 1036 "parser/parser.c" /* yacc.c:1257 */
break;
case 16: /* section_name */
#line 86 "parser/parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1040 "parser/parser.c" /* yacc.c:1257 */
+#line 1042 "parser/parser.c" /* yacc.c:1257 */
break;
case 18: /* value */
#line 86 "parser/parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1046 "parser/parser.c" /* yacc.c:1257 */
+#line 1048 "parser/parser.c" /* yacc.c:1257 */
break;
@@ -1319,7 +1321,7 @@ yyreduce:
conf_parser_t *parser = (conf_parser_t*)ctx->context;
parser->add_section(parser, (yyvsp[-1].t), (yyvsp[0].s));
}
-#line 1323 "parser/parser.c" /* yacc.c:1646 */
+#line 1325 "parser/parser.c" /* yacc.c:1646 */
break;
case 8:
@@ -1327,7 +1329,7 @@ yyreduce:
{
(yyval.t) = CONF_PARSER_CONFIG_SETUP;
}
-#line 1331 "parser/parser.c" /* yacc.c:1646 */
+#line 1333 "parser/parser.c" /* yacc.c:1646 */
break;
case 9:
@@ -1335,7 +1337,7 @@ yyreduce:
{
(yyval.t) = CONF_PARSER_CONN;
}
-#line 1339 "parser/parser.c" /* yacc.c:1646 */
+#line 1341 "parser/parser.c" /* yacc.c:1646 */
break;
case 10:
@@ -1343,7 +1345,7 @@ yyreduce:
{
(yyval.t) = CONF_PARSER_CA;
}
-#line 1347 "parser/parser.c" /* yacc.c:1646 */
+#line 1349 "parser/parser.c" /* yacc.c:1646 */
break;
case 11:
@@ -1351,7 +1353,7 @@ yyreduce:
{
(yyval.s) = NULL;
}
-#line 1355 "parser/parser.c" /* yacc.c:1646 */
+#line 1357 "parser/parser.c" /* yacc.c:1646 */
break;
case 12:
@@ -1359,7 +1361,7 @@ yyreduce:
{
(yyval.s) = (yyvsp[0].s);
}
-#line 1363 "parser/parser.c" /* yacc.c:1646 */
+#line 1365 "parser/parser.c" /* yacc.c:1646 */
break;
case 14:
@@ -1375,7 +1377,7 @@ yyreduce:
conf_parser_t *parser = (conf_parser_t*)ctx->context;
parser->add_setting(parser, (yyvsp[-2].s), (yyvsp[0].s));
}
-#line 1379 "parser/parser.c" /* yacc.c:1646 */
+#line 1381 "parser/parser.c" /* yacc.c:1646 */
break;
case 15:
@@ -1390,7 +1392,7 @@ yyreduce:
conf_parser_t *parser = (conf_parser_t*)ctx->context;
parser->add_setting(parser, (yyvsp[-1].s), NULL);
}
-#line 1394 "parser/parser.c" /* yacc.c:1646 */
+#line 1396 "parser/parser.c" /* yacc.c:1646 */
break;
case 16:
@@ -1400,7 +1402,7 @@ yyreduce:
free((yyvsp[0].s));
YYERROR;
}
-#line 1404 "parser/parser.c" /* yacc.c:1646 */
+#line 1406 "parser/parser.c" /* yacc.c:1646 */
break;
case 18:
@@ -1415,11 +1417,11 @@ yyreduce:
free((yyvsp[-1].s));
free((yyvsp[0].s));
}
-#line 1419 "parser/parser.c" /* yacc.c:1646 */
+#line 1421 "parser/parser.c" /* yacc.c:1646 */
break;
-#line 1423 "parser/parser.c" /* yacc.c:1646 */
+#line 1425 "parser/parser.c" /* yacc.c:1646 */
default: break;
}
/* User semantic actions sometimes alter yychar, and that requires
diff --git a/src/starter/parser/parser.h b/src/starter/parser/parser.h
index ed6ed2b..05c965d 100644
--- a/src/starter/parser/parser.h
+++ b/src/starter/parser/parser.h
@@ -1,8 +1,8 @@
-/* A Bison parser, made by GNU Bison 3.0.2. */
+/* A Bison parser, made by GNU Bison 3.0.4. */
/* Bison interface for Yacc-like parsers in C
- Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
+ Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -67,7 +67,7 @@ extern int conf_parser_debug;
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE YYSTYPE;
+
union YYSTYPE
{
#line 71 "parser/parser.y" /* yacc.c:1909 */
@@ -77,6 +77,8 @@ union YYSTYPE
#line 79 "parser/parser.h" /* yacc.c:1909 */
};
+
+typedef union YYSTYPE YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define YYSTYPE_IS_DECLARED 1
#endif
diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in
index 58daacf..25e3e74 100644
--- a/src/starter/tests/Makefile.in
+++ b/src/starter/tests/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ host_triplet = @host@
TESTS = starter_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/starter/tests
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -197,12 +206,14 @@ am__tty_colors = { \
std='�[m'; \
fi; \
}
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -252,6 +263,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -286,6 +298,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -397,6 +410,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/starter/tests/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/starter/tests/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -865,6 +878,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index e7bfd9d..4673f59 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,8 +90,6 @@ build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = stroke$(EXEEXT)
subdir = src/stroke
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -171,12 +180,14 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -226,6 +237,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -260,6 +272,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -371,6 +384,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -427,7 +441,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/stroke/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/stroke/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -748,6 +761,8 @@ uninstall-am: uninstall-ipsecPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+.PRECIOUS: Makefile
+
stroke_keywords.c: $(srcdir)/stroke_keywords.txt $(srcdir)/stroke_keywords.h
$(AM_V_GEN) \
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index 17f8a43..a3b911d 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -157,7 +157,7 @@ struct stroke_end_t {
char *cert_policy;
char *updown;
char *address;
- u_int16_t ikeport;
+ uint16_t ikeport;
char *sourceip;
char *dns;
char *subnets;
@@ -165,9 +165,9 @@ struct stroke_end_t {
int hostaccess;
int tohost;
int allow_any;
- u_int8_t protocol;
- u_int16_t from_port;
- u_int16_t to_port;
+ uint8_t protocol;
+ uint16_t from_port;
+ uint16_t to_port;
};
typedef struct stroke_msg_t stroke_msg_t;
@@ -177,7 +177,7 @@ typedef struct stroke_msg_t stroke_msg_t;
*/
struct stroke_msg_t {
/* length of this message with all strings */
- u_int16_t length;
+ uint16_t length;
/* type of the message */
enum {
@@ -263,9 +263,9 @@ struct stroke_msg_t {
int proxy_mode;
int install_policy;
int close_action;
- u_int32_t reqid;
- u_int32_t tfc;
- u_int8_t ikedscp;
+ uint32_t reqid;
+ uint32_t tfc;
+ uint8_t ikedscp;
crl_policy_t crl_policy;
int unique;
@@ -279,10 +279,10 @@ struct stroke_msg_t {
time_t ipsec_lifetime;
time_t ike_lifetime;
time_t margin;
- u_int64_t life_bytes;
- u_int64_t margin_bytes;
- u_int64_t life_packets;
- u_int64_t margin_packets;
+ uint64_t life_bytes;
+ uint64_t margin_bytes;
+ uint64_t life_packets;
+ uint64_t margin_packets;
unsigned long tries;
unsigned long fuzz;
} rekey;
@@ -297,11 +297,11 @@ struct stroke_msg_t {
char *peerid;
} ikeme;
struct {
- u_int32_t value;
- u_int32_t mask;
+ uint32_t value;
+ uint32_t mask;
} mark_in, mark_out;
stroke_end_t me, other;
- u_int32_t replay_window;
+ uint32_t replay_window;
} add_conn;
/* data for STR_ADD_CA */
@@ -369,7 +369,7 @@ struct stroke_msg_t {
} counters;
};
/* length of the string buffer */
- u_int16_t buflen;
+ uint16_t buflen;
/* string buffer */
char buffer[];
};
diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
index fb02714..37a0224 100644
--- a/src/swanctl/Makefile.am
+++ b/src/swanctl/Makefile.am
@@ -27,7 +27,7 @@ swanctl_SOURCES = \
swanctl_LDADD = \
$(top_builddir)/src/libcharon/plugins/vici/libvici.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(PTHREADLIB) $(DLLIB)
+ $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
swanctl.o : $(top_builddir)/config.status
diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in
index 94921af..ebe1aba 100644
--- a/src/swanctl/Makefile.in
+++ b/src/swanctl/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -80,9 +90,6 @@ build_triplet = @build@
host_triplet = @host@
sbin_PROGRAMS = swanctl$(EXEEXT)
subdir = src/swanctl
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(srcdir)/swanctl.8.in $(srcdir)/swanctl.conf.5.head.in \
- $(srcdir)/swanctl.conf.5.tail.in $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -96,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES = swanctl.8 swanctl.conf.5.head swanctl.conf.5.tail
@@ -122,7 +130,8 @@ am__DEPENDENCIES_1 =
swanctl_DEPENDENCIES = \
$(top_builddir)/src/libcharon/plugins/vici/libvici.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -218,12 +227,16 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/swanctl.8.in \
+ $(srcdir)/swanctl.conf.5.head.in \
+ $(srcdir)/swanctl.conf.5.tail.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -273,6 +286,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -307,6 +321,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -418,6 +433,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -473,7 +489,7 @@ swanctl_SOURCES = \
swanctl_LDADD = \
$(top_builddir)/src/libcharon/plugins/vici/libvici.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(PTHREADLIB) $(DLLIB)
+ $(PTHREADLIB) $(ATOMICLIB) $(DLLIB)
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
@@ -505,7 +521,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/swanctl/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/swanctl/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -993,6 +1008,8 @@ uninstall-man: uninstall-man5 uninstall-man8
uninstall-man uninstall-man5 uninstall-man8 \
uninstall-sbinPROGRAMS
+.PRECIOUS: Makefile
+
swanctl.o : $(top_builddir)/config.status
diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c
index 019c888..19e7050 100644
--- a/src/swanctl/commands/list_conns.c
+++ b/src/swanctl/commands/list_conns.c
@@ -2,6 +2,9 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
@@ -80,15 +83,64 @@ CALLBACK(children_sn, int,
hashtable_t *ike, vici_res_t *res, char *name)
{
hashtable_t *child;
+ char *mode, *interface, *priority;
+ char *rekey_time, *rekey_bytes, *rekey_packets;
+ bool no_time, no_bytes, no_packets, or = FALSE;
int ret;
child = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
ret = vici_parse_cb(res, NULL, values, list, child);
if (ret == 0)
{
- printf(" %s: %s\n", name, child->get(child, "mode"));
+ mode = child->get(child, "mode");
+ printf(" %s: %s, ", name, mode);
+
+ rekey_time = child->get(child, "rekey_time");
+ rekey_bytes = child->get(child, "rekey_bytes");
+ rekey_packets = child->get(child, "rekey_packets");
+ no_time = streq(rekey_time, "0");
+ no_bytes = streq(rekey_bytes, "0");
+ no_packets = streq(rekey_packets, "0");
+
+ if (strcaseeq(mode, "PASS") || strcaseeq(mode, "DROP") ||
+ (no_time && no_bytes && no_packets))
+ {
+ printf("no rekeying\n");
+ }
+ else
+ {
+ printf("rekeying every");
+ if (!no_time)
+ {
+ printf(" %ss", rekey_time);
+ or = TRUE;
+ }
+ if (!no_bytes)
+ {
+ printf("%s %s bytes", or ? " or" : "", rekey_bytes);
+ or = TRUE;
+ }
+ if (!no_packets)
+ {
+ printf("%s %s packets", or ? " or" : "", rekey_packets);
+ }
+ printf("\n");
+ }
+
printf(" local: %s\n", child->get(child, "local-ts"));
printf(" remote: %s\n", child->get(child, "remote-ts"));
+
+ interface = child->get(child, "interface");
+ if (interface)
+ {
+ printf(" interface: %s\n", interface);
+ }
+
+ priority = child->get(child, "priority");
+ if (priority)
+ {
+ printf(" priority: %s\n", priority);
+ }
}
free_hashtable(child);
return ret;
@@ -106,18 +158,35 @@ CALLBACK(conn_sn, int,
if (strpfx(name, "local") || strpfx(name, "remote"))
{
hashtable_t *auth;
+ char *class;
auth = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
ret = vici_parse_cb(res, NULL, values, list, auth);
if (ret == 0)
{
+ class = auth->get(auth, "class") ?: "unspecified";
+ if (strcaseeq(class, "EAP"))
+ {
+ class = auth->get(auth, "eap-type") ?: class;
+ }
printf(" %s %s authentication:\n",
- strpfx(name, "local") ? "local" : "remote",
- auth->get(auth, "class") ?: "unspecified");
+ strpfx(name, "local") ? "local" : "remote", class);
if (auth->get(auth, "id"))
{
printf(" id: %s\n", auth->get(auth, "id"));
}
+ if (auth->get(auth, "eap_id"))
+ {
+ printf(" eap_id: %s\n", auth->get(auth, "eap_id"));
+ }
+ if (auth->get(auth, "xauth_id"))
+ {
+ printf(" xauth_id: %s\n", auth->get(auth, "xauth_id"));
+ }
+ if (auth->get(auth, "aaa_id"))
+ {
+ printf(" aaa_id: %s\n", auth->get(auth, "aaa_id"));
+ }
if (auth->get(auth, "groups"))
{
printf(" groups: %s\n", auth->get(auth, "groups"));
@@ -156,8 +225,43 @@ CALLBACK(conn_list, int,
CALLBACK(conns, int,
void *null, vici_res_t *res, char *name)
{
- printf("%s: %s\n", name, vici_find_str(res, "", "%s.version", name));
+ char *version, *reauth_time, *rekey_time;
+
+ version = vici_find_str(res, "", "%s.version", name);
+ reauth_time = vici_find_str(res, "", "%s.reauth_time", name);
+ rekey_time = vici_find_str(res, "", "%s.rekey_time", name);
+ printf("%s: %s, ", name, version);
+ if (streq(version, "IKEv1"))
+ {
+ if (streq(reauth_time, "0"))
+ {
+ reauth_time = rekey_time;
+ }
+ }
+ if (streq(reauth_time, "0"))
+ {
+ printf("no reauthentication");
+ }
+ else
+ {
+ printf("reauthentication every %ss", reauth_time);
+ }
+ if (streq(version, "IKEv1"))
+ {
+ printf("\n");
+ }
+ else
+ {
+ if (streq(rekey_time, "0"))
+ {
+ printf(", no rekeying\n");
+ }
+ else
+ {
+ printf(", rekeying every %ss\n", rekey_time);
+ }
+ }
return vici_parse_cb(res, conn_sn, NULL, conn_list, NULL);
}
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index fd08022..e5f251d 100644
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -196,10 +196,13 @@ CALLBACK(ike_sa, int,
{
if (streq(name, "child-sas"))
{
- printf("%s: #%s, %s, IKEv%s, %s:%s\n",
+ bool is_initiator = streq(ike->get(ike, "initiator"), "yes");
+
+ printf("%s: #%s, %s, IKEv%s, %s_i%s %s_r%s\n",
ike->get(ike, "name"), ike->get(ike, "uniqueid"),
ike->get(ike, "state"), ike->get(ike, "version"),
- ike->get(ike, "initiator-spi"), ike->get(ike, "responder-spi"));
+ ike->get(ike, "initiator-spi"), is_initiator ? "*" : "",
+ ike->get(ike, "responder-spi"), is_initiator ? "" : "*");
printf(" local '%s' @ %s[%s]",
ike->get(ike, "local-id"), ike->get(ike, "local-host"),
diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c
index 88dde6a..352a185 100644
--- a/src/swanctl/commands/load_authorities.c
+++ b/src/swanctl/commands/load_authorities.c
@@ -292,7 +292,7 @@ int load_authorities_cfg(vici_conn_t *conn, command_format_options_t format,
}
if (found == 0)
{
- printf("no authorities found, %u unloaded\n", unloaded);
+ fprintf(stderr, "no authorities found, %u unloaded\n", unloaded);
return 0;
}
if (loaded == found)
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index bbc700d..87526bc 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -396,7 +396,7 @@ int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
}
if (found == 0)
{
- printf("no connections found, %u unloaded\n", unloaded);
+ fprintf(stderr, "no connections found, %u unloaded\n", unloaded);
return 0;
}
if (loaded == found)
diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c
index d7fbd13..2b9fa2d 100644
--- a/src/swanctl/commands/load_pools.c
+++ b/src/swanctl/commands/load_pools.c
@@ -235,7 +235,7 @@ int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
}
if (found == 0)
{
- printf("no pools found, %u unloaded\n", unloaded);
+ fprintf(stderr, "no pools found, %u unloaded\n", unloaded);
return 0;
}
if (loaded == found)
diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf
index 428be91..6bc81be 100644
--- a/src/swanctl/swanctl.conf
+++ b/src/swanctl/swanctl.conf
@@ -213,6 +213,12 @@
# Fixed reqid to use for this CHILD_SA.
# reqid = 0
+ # Optional fixed priority for IPsec policies.
+ # priority = 0
+
+ # Optional interface name to restrict IPsec policies.
+ # interface =
+
# Netfilter mark and mask for input traffic.
# mark_in = 0/0x00000000
diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main
index a5b2a73..013e35f 100644
--- a/src/swanctl/swanctl.conf.5.main
+++ b/src/swanctl/swanctl.conf.5.main
@@ -519,7 +519,7 @@ an absolute path.
Comma separated list of raw public keys to accept for authentication. The public
keys may use a relative path from the
.RB "" "swanctl" ""
-.RI "" "x509" ""
+.RI "" "pubkey" ""
directory or an
absolute path.
@@ -856,6 +856,18 @@ once. The default of
uses dynamic reqids, allocated incrementally.
.TP
+.BR connections.<conn>.children.<child>.priority " [0]"
+Optional fixed priority for IPsec policies. This could be useful to install
+high\-priority drop policies. The default of
+.RI "" "0" ""
+uses dynamically calculated
+priorities based on the size of the traffic selectors.
+
+.TP
+.BR connections.<conn>.children.<child>.interface " []"
+Optional interface name to restrict IPsec policies.
+
+.TP
.BR connections.<conn>.children.<child>.mark_in " [0/0x00000000]"
Netfilter mark and mask for input traffic. On Linux Netfilter may require marks
on each packet to match an SA having that option set. This allows Netfilter
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index 145fab2..fe5b293 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -416,7 +416,7 @@ connections.<conn>.remote<suffix>.pubkeys =
Comma separated list of raw public keys to accept for authentication.
Comma separated list of raw public keys to accept for authentication.
- The public keys may use a relative path from the **swanctl** _x509_
+ The public keys may use a relative path from the **swanctl** _pubkey_
directory or an absolute path.
connections.<conn>.remote<suffix>.revocation = relaxed
@@ -684,6 +684,16 @@ connections.<conn>.children.<child>.reqid = 0
not more than once. The default of _0_ uses dynamic reqids, allocated
incrementally.
+connections.<conn>.children.<child>.priority = 0
+ Optional fixed priority for IPsec policies.
+
+ Optional fixed priority for IPsec policies. This could be useful to install
+ high-priority drop policies. The default of _0_ uses dynamically calculated
+ priorities based on the size of the traffic selectors.
+
+connections.<conn>.children.<child>.interface =
+ Optional interface name to restrict IPsec policies.
+
connections.<conn>.children.<child>.mark_in = 0/0x00000000
Netfilter mark and mask for input traffic.
diff --git a/testing/Makefile.in b/testing/Makefile.in
index f797f17..b6ad617 100644
--- a/testing/Makefile.in
+++ b/testing/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,7 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = testing
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -116,12 +126,14 @@ am__can_run_installinfo = \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in README
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -316,6 +330,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -363,7 +378,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu testing/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu testing/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -538,6 +552,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/testing/config/kernel/config-4.0 b/testing/config/kernel/config-4.0
index 33771a2..2d79ba6 100644
--- a/testing/config/kernel/config-4.0
+++ b/testing/config/kernel/config-4.0
@@ -131,7 +131,16 @@ CONFIG_LOG_BUF_SHIFT=14
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_SUPPORTS_INT128=y
-# CONFIG_CGROUPS is not set
+CONFIG_CGROUPS=y
+# CONFIG_CGROUP_DEBUG is not set
+# CONFIG_CGROUP_FREEZER is not set
+# CONFIG_CGROUP_DEVICE is not set
+# CONFIG_CPUSETS is not set
+# CONFIG_CGROUP_CPUACCT is not set
+# CONFIG_MEMCG is not set
+# CONFIG_CGROUP_PERF is not set
+# CONFIG_CGROUP_SCHED is not set
+# CONFIG_BLK_CGROUP is not set
# CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
@@ -663,6 +672,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
#
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
@@ -812,6 +822,8 @@ CONFIG_HAVE_NET_DSA=y
# CONFIG_NET_MPLS_GSO is not set
# CONFIG_HSR is not set
# CONFIG_NET_SWITCHDEV is not set
+# CONFIG_CGROUP_NET_PRIO is not set
+# CONFIG_CGROUP_NET_CLASSID is not set
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
@@ -851,7 +863,8 @@ CONFIG_HAVE_BPF_JIT=y
#
CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-# CONFIG_DEVTMPFS is not set
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
diff --git a/testing/config/kernel/config-4.1 b/testing/config/kernel/config-4.1
index 9cd28ca..0336409 100644
--- a/testing/config/kernel/config-4.1
+++ b/testing/config/kernel/config-4.1
@@ -132,7 +132,16 @@ CONFIG_LOG_BUF_SHIFT=14
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_SUPPORTS_INT128=y
-# CONFIG_CGROUPS is not set
+CONFIG_CGROUPS=y
+# CONFIG_CGROUP_DEBUG is not set
+# CONFIG_CGROUP_FREEZER is not set
+# CONFIG_CGROUP_DEVICE is not set
+# CONFIG_CPUSETS is not set
+# CONFIG_CGROUP_CPUACCT is not set
+# CONFIG_MEMCG is not set
+# CONFIG_CGROUP_PERF is not set
+# CONFIG_CGROUP_SCHED is not set
+# CONFIG_BLK_CGROUP is not set
# CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
@@ -664,6 +673,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
#
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
@@ -813,6 +823,8 @@ CONFIG_HAVE_NET_DSA=y
# CONFIG_MPLS is not set
# CONFIG_HSR is not set
# CONFIG_NET_SWITCHDEV is not set
+# CONFIG_CGROUP_NET_PRIO is not set
+# CONFIG_CGROUP_NET_CLASSID is not set
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
@@ -852,7 +864,8 @@ CONFIG_HAVE_BPF_JIT=y
#
CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-# CONFIG_DEVTMPFS is not set
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
diff --git a/testing/config/kernel/config-4.2 b/testing/config/kernel/config-4.2
index 72d5b93..c13a53d 100644
--- a/testing/config/kernel/config-4.2
+++ b/testing/config/kernel/config-4.2
@@ -133,7 +133,16 @@ CONFIG_LOG_BUF_SHIFT=14
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_SUPPORTS_INT128=y
-# CONFIG_CGROUPS is not set
+CONFIG_CGROUPS=y
+# CONFIG_CGROUP_DEBUG is not set
+# CONFIG_CGROUP_FREEZER is not set
+# CONFIG_CGROUP_DEVICE is not set
+# CONFIG_CPUSETS is not set
+# CONFIG_CGROUP_CPUACCT is not set
+# CONFIG_MEMCG is not set
+# CONFIG_CGROUP_PERF is not set
+# CONFIG_CGROUP_SCHED is not set
+# CONFIG_BLK_CGROUP is not set
# CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
@@ -677,6 +686,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
#
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
@@ -826,6 +836,8 @@ CONFIG_HAVE_NET_DSA=y
# CONFIG_MPLS is not set
# CONFIG_HSR is not set
# CONFIG_NET_SWITCHDEV is not set
+# CONFIG_CGROUP_NET_PRIO is not set
+# CONFIG_CGROUP_NET_CLASSID is not set
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
@@ -866,7 +878,8 @@ CONFIG_HAVE_BPF_JIT=y
#
CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-# CONFIG_DEVTMPFS is not set
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
@@ -2221,6 +2234,7 @@ CONFIG_GENERIC_FIND_FIRST_BIT=y
CONFIG_GENERIC_PCI_IOMAP=y
CONFIG_GENERIC_IOMAP=y
CONFIG_GENERIC_IO=y
+CONFIG_PERCPU_RWSEM=y
CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
CONFIG_CRC_CCITT=y
diff --git a/testing/config/kernel/config-4.2 b/testing/config/kernel/config-4.3
similarity index 96%
copy from testing/config/kernel/config-4.2
copy to testing/config/kernel/config-4.3
index 72d5b93..a7670c3 100644
--- a/testing/config/kernel/config-4.2
+++ b/testing/config/kernel/config-4.3
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.2.0 Kernel Configuration
+# Linux/x86 4.3.3 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -133,7 +133,27 @@ CONFIG_LOG_BUF_SHIFT=14
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_SUPPORTS_INT128=y
-# CONFIG_CGROUPS is not set
+CONFIG_CGROUPS=y
+# CONFIG_CGROUP_DEBUG is not set
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CPUSETS=y
+CONFIG_PROC_PID_CPUSET=y
+CONFIG_CGROUP_CPUACCT=y
+CONFIG_PAGE_COUNTER=y
+CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_MEMCG_SWAP_ENABLED=y
+CONFIG_MEMCG_KMEM=y
+CONFIG_CGROUP_PERF=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+# CONFIG_CFS_BANDWIDTH is not set
+# CONFIG_RT_GROUP_SCHED is not set
+CONFIG_BLK_CGROUP=y
+# CONFIG_DEBUG_BLK_CGROUP is not set
+CONFIG_CGROUP_WRITEBACK=y
# CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
@@ -172,7 +192,9 @@ CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_AIO=y
CONFIG_ADVISE_SYSCALLS=y
+# CONFIG_USERFAULTFD is not set
CONFIG_PCI_QUIRKS=y
+CONFIG_MEMBARRIER=y
# CONFIG_EMBEDDED is not set
CONFIG_HAVE_PERF_EVENTS=y
@@ -185,6 +207,7 @@ CONFIG_VM_EVENT_COUNTERS=y
CONFIG_COMPAT_BRK=y
CONFIG_SLAB=y
# CONFIG_SLUB is not set
+# CONFIG_SYSTEM_DATA_VERIFICATION is not set
# CONFIG_PROFILING is not set
CONFIG_HAVE_OPROFILE=y
CONFIG_OPROFILE_NMI_TIMER=y
@@ -247,6 +270,7 @@ CONFIG_BLOCK=y
# CONFIG_BLK_DEV_BSG is not set
# CONFIG_BLK_DEV_BSGLIB is not set
# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_DEV_THROTTLING is not set
# CONFIG_BLK_CMDLINE_PARSER is not set
#
@@ -262,6 +286,7 @@ CONFIG_EFI_PARTITION=y
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
+# CONFIG_CFQ_GROUP_IOSCHED is not set
# CONFIG_DEFAULT_DEADLINE is not set
CONFIG_DEFAULT_CFQ=y
# CONFIG_DEFAULT_NOOP is not set
@@ -324,6 +349,7 @@ CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
# CONFIG_X86_MCE is not set
+# CONFIG_VM86 is not set
CONFIG_X86_16BIT=y
CONFIG_X86_ESPFIX64=y
CONFIG_X86_VSYSCALL_EMULATION=y
@@ -379,6 +405,7 @@ CONFIG_NEED_PER_CPU_KM=y
CONFIG_GENERIC_EARLY_IOREMAP=y
CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
+# CONFIG_IDLE_PAGE_TRACKING is not set
# CONFIG_X86_PMEM_LEGACY is not set
# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
CONFIG_X86_RESERVE_LOW=64
@@ -400,12 +427,14 @@ CONFIG_HZ_250=y
CONFIG_HZ=250
CONFIG_SCHED_HRTICK=y
# CONFIG_KEXEC is not set
+# CONFIG_KEXEC_FILE is not set
# CONFIG_CRASH_DUMP is not set
CONFIG_PHYSICAL_START=0x1000000
CONFIG_RELOCATABLE=y
# CONFIG_RANDOMIZE_BASE is not set
CONFIG_PHYSICAL_ALIGN=0x1000000
# CONFIG_CMDLINE_BOOL is not set
+CONFIG_MODIFY_LDT_SYSCALL=y
CONFIG_HAVE_LIVEPATCH=y
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
@@ -435,6 +464,8 @@ CONFIG_ACPI_BATTERY=y
CONFIG_ACPI_BUTTON=y
CONFIG_ACPI_FAN=y
# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_CPU_FREQ_PSS=y
+CONFIG_ACPI_PROCESSOR_IDLE=y
CONFIG_ACPI_PROCESSOR=y
# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
CONFIG_ACPI_THERMAL=y
@@ -514,6 +545,7 @@ CONFIG_BINFMT_SCRIPT=y
# CONFIG_BINFMT_MISC is not set
CONFIG_COREDUMP=y
# CONFIG_IA32_EMULATION is not set
+# CONFIG_X86_X32 is not set
CONFIG_X86_DEV_DMA_OPS=y
CONFIG_PMC_ATOM=y
CONFIG_NET=y
@@ -551,7 +583,6 @@ CONFIG_NET_IP_TUNNEL=y
# CONFIG_NET_IPVTI is not set
CONFIG_NET_UDP_TUNNEL=y
# CONFIG_NET_FOU is not set
-# CONFIG_GENEVE_CORE is not set
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
@@ -575,6 +606,7 @@ CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
CONFIG_IPV6_MIP6=y
+# CONFIG_IPV6_ILA is not set
CONFIG_INET6_XFRM_TUNNEL=y
CONFIG_INET6_TUNNEL=y
CONFIG_INET6_XFRM_MODE_TRANSPORT=y
@@ -677,6 +709,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
#
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
@@ -743,6 +776,7 @@ CONFIG_IP_SET_LIST_SET=y
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
+# CONFIG_NF_DUP_IPV4 is not set
# CONFIG_NF_LOG_ARP is not set
CONFIG_NF_LOG_IPV4=y
CONFIG_NF_REJECT_IPV4=y
@@ -776,6 +810,7 @@ CONFIG_IP_NF_ARP_MANGLE=y
#
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_CONNTRACK_IPV6=y
+# CONFIG_NF_DUP_IPV6 is not set
CONFIG_NF_REJECT_IPV6=y
CONFIG_NF_LOG_IPV6=y
CONFIG_NF_NAT_IPV6=y
@@ -826,6 +861,8 @@ CONFIG_HAVE_NET_DSA=y
# CONFIG_MPLS is not set
# CONFIG_HSR is not set
# CONFIG_NET_SWITCHDEV is not set
+# CONFIG_CGROUP_NET_PRIO is not set
+# CONFIG_CGROUP_NET_CLASSID is not set
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
@@ -855,6 +892,7 @@ CONFIG_NET_9P_VIRTIO=y
# CONFIG_CAIF is not set
# CONFIG_CEPH_LIB is not set
# CONFIG_NFC is not set
+# CONFIG_LWTUNNEL is not set
CONFIG_HAVE_BPF_JIT=y
#
@@ -866,7 +904,8 @@ CONFIG_HAVE_BPF_JIT=y
#
CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-# CONFIG_DEVTMPFS is not set
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
@@ -974,6 +1013,7 @@ CONFIG_VIRTIO_BLK=y
# CONFIG_ECHO is not set
# CONFIG_CXL_BASE is not set
# CONFIG_CXL_KERNEL_API is not set
+# CONFIG_CXL_EEH is not set
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
@@ -1004,6 +1044,7 @@ CONFIG_DUMMY=y
# CONFIG_MACVLAN is not set
# CONFIG_IPVLAN is not set
# CONFIG_VXLAN is not set
+# CONFIG_GENEVE is not set
# CONFIG_NETCONSOLE is not set
# CONFIG_NETPOLL is not set
# CONFIG_NET_POLL_CONTROLLER is not set
@@ -1012,6 +1053,7 @@ CONFIG_TUN=y
# CONFIG_VETH is not set
CONFIG_VIRTIO_NET=y
# CONFIG_NLMON is not set
+# CONFIG_NET_VRF is not set
# CONFIG_ARCNET is not set
#
@@ -1107,6 +1149,7 @@ CONFIG_NET_VENDOR_MELLANOX=y
# CONFIG_MLX4_EN is not set
# CONFIG_MLX4_CORE is not set
# CONFIG_MLX5_CORE is not set
+# CONFIG_MLXSW_CORE is not set
CONFIG_NET_VENDOR_MICREL=y
# CONFIG_KS8851_MLL is not set
# CONFIG_KSZ884X_PCI is not set
@@ -1159,6 +1202,7 @@ CONFIG_NET_VENDOR_SUN=y
# CONFIG_SUNGEM is not set
# CONFIG_CASSINI is not set
# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_SYNOPSYS=y
CONFIG_NET_VENDOR_TEHUTI=y
# CONFIG_TEHUTI is not set
CONFIG_NET_VENDOR_TI=y
@@ -1191,6 +1235,7 @@ CONFIG_WLAN=y
#
# CONFIG_WAN is not set
# CONFIG_VMXNET3 is not set
+# CONFIG_FUJITSU_ES is not set
# CONFIG_ISDN is not set
#
@@ -1291,6 +1336,7 @@ CONFIG_DEVKMEM=y
#
# Non-8250 serial port support
#
+# CONFIG_SERIAL_UARTLITE is not set
# CONFIG_SERIAL_JSM is not set
# CONFIG_SERIAL_SCCNXP is not set
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
@@ -1410,10 +1456,7 @@ CONFIG_THERMAL_GOV_STEP_WISE=y
# CONFIG_INTEL_POWERCLAMP is not set
# CONFIG_INTEL_SOC_DTS_THERMAL is not set
# CONFIG_INT340X_THERMAL is not set
-
-#
-# Texas Instruments thermal drivers
-#
+# CONFIG_INTEL_PCH_THERMAL is not set
# CONFIG_WATCHDOG is not set
CONFIG_SSB_POSSIBLE=y
@@ -1436,6 +1479,8 @@ CONFIG_BCMA_POSSIBLE=y
# CONFIG_HTC_PASIC3 is not set
# CONFIG_LPC_ICH is not set
# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_INTEL_LPSS_ACPI is not set
+# CONFIG_MFD_INTEL_LPSS_PCI is not set
# CONFIG_MFD_JANZ_CMODIO is not set
# CONFIG_MFD_KEMPLD is not set
# CONFIG_MFD_MT6397 is not set
@@ -1457,10 +1502,6 @@ CONFIG_BCMA_POSSIBLE=y
CONFIG_VGA_ARB=y
CONFIG_VGA_ARB_MAX_GPUS=16
# CONFIG_VGA_SWITCHEROO is not set
-
-#
-# Direct Rendering Manager
-#
# CONFIG_DRM is not set
#
@@ -1507,6 +1548,7 @@ CONFIG_HID_CYPRESS=y
# CONFIG_HID_EMS_FF is not set
# CONFIG_HID_ELECOM is not set
CONFIG_HID_EZKEY=y
+# CONFIG_HID_GEMBIRD is not set
# CONFIG_HID_KEYTOUCH is not set
# CONFIG_HID_KYE is not set
# CONFIG_HID_WALTOP is not set
@@ -1614,6 +1656,7 @@ CONFIG_X86_PLATFORM_DEVICES=y
# CONFIG_INTEL_SMARTCONNECT is not set
# CONFIG_PVPANIC is not set
# CONFIG_INTEL_PMC_IPC is not set
+# CONFIG_SURFACE_PRO3_BUTTON is not set
# CONFIG_CHROME_PLATFORMS is not set
#
@@ -1675,6 +1718,11 @@ CONFIG_IOMMU_SUPPORT=y
# CONFIG_BCM_KONA_USB2_PHY is not set
# CONFIG_POWERCAP is not set
# CONFIG_MCB is not set
+
+#
+# Performance monitor support
+#
+# CONFIG_RAS is not set
# CONFIG_THUNDERBOLT is not set
#
@@ -1682,6 +1730,7 @@ CONFIG_IOMMU_SUPPORT=y
#
# CONFIG_ANDROID is not set
# CONFIG_LIBNVDIMM is not set
+# CONFIG_NVMEM is not set
#
# Firmware Drivers
@@ -1703,10 +1752,16 @@ CONFIG_DCACHE_WORD_ACCESS=y
CONFIG_EXT2_FS=y
# CONFIG_EXT2_FS_XATTR is not set
CONFIG_EXT3_FS=y
-# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
-# CONFIG_EXT3_FS_XATTR is not set
-# CONFIG_EXT4_FS is not set
-CONFIG_JBD=y
+# CONFIG_EXT3_FS_POSIX_ACL is not set
+# CONFIG_EXT3_FS_SECURITY is not set
+CONFIG_EXT4_FS=y
+# CONFIG_EXT4_FS_POSIX_ACL is not set
+# CONFIG_EXT4_FS_SECURITY is not set
+# CONFIG_EXT4_ENCRYPTION is not set
+# CONFIG_EXT4_DEBUG is not set
+CONFIG_JBD2=y
+# CONFIG_JBD2_DEBUG is not set
+CONFIG_FS_MBCACHE=y
CONFIG_REISERFS_FS=y
# CONFIG_REISERFS_CHECK is not set
# CONFIG_REISERFS_PROC_INFO is not set
@@ -2076,6 +2131,7 @@ CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
CONFIG_CRYPTO_GF128MUL=y
CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_NULL2=y
CONFIG_CRYPTO_WORKQUEUE=y
CONFIG_CRYPTO_CRYPTD=y
# CONFIG_CRYPTO_MCRYPTD is not set
@@ -2121,6 +2177,7 @@ CONFIG_CRYPTO_CRC32C=y
# CONFIG_CRYPTO_CRCT10DIF is not set
CONFIG_CRYPTO_GHASH=y
CONFIG_CRYPTO_POLY1305=y
+CONFIG_CRYPTO_POLY1305_X86_64=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=y
@@ -2166,6 +2223,7 @@ CONFIG_CRYPTO_KHAZAD=y
CONFIG_CRYPTO_SALSA20=y
CONFIG_CRYPTO_SALSA20_X86_64=y
CONFIG_CRYPTO_CHACHA20=y
+CONFIG_CRYPTO_CHACHA20_X86_64=y
CONFIG_CRYPTO_SEED=y
CONFIG_CRYPTO_SERPENT=y
CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
@@ -2204,6 +2262,10 @@ CONFIG_CRYPTO_USER_API_SKCIPHER=y
# CONFIG_CRYPTO_USER_API_RNG is not set
CONFIG_CRYPTO_USER_API_AEAD=y
# CONFIG_CRYPTO_HW is not set
+
+#
+# Certificates for signature checking
+#
CONFIG_HAVE_KVM=y
CONFIG_VIRTUALIZATION=y
# CONFIG_KVM is not set
@@ -2259,8 +2321,9 @@ CONFIG_HAS_DMA=y
CONFIG_DQL=y
CONFIG_NLATTR=y
CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
-CONFIG_AVERAGE=y
# CONFIG_CORDIC is not set
# CONFIG_DDR is not set
+# CONFIG_SG_SPLIT is not set
CONFIG_ARCH_HAS_SG_CHAIN=y
CONFIG_ARCH_HAS_PMEM_API=y
+CONFIG_ARCH_HAS_MMIO_FLUSH=y
diff --git a/testing/config/kernel/config-4.2 b/testing/config/kernel/config-4.4
similarity index 95%
copy from testing/config/kernel/config-4.2
copy to testing/config/kernel/config-4.4
index 72d5b93..b89dab5 100644
--- a/testing/config/kernel/config-4.2
+++ b/testing/config/kernel/config-4.4
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.2.0 Kernel Configuration
+# Linux/x86 4.4.3 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -133,7 +133,27 @@ CONFIG_LOG_BUF_SHIFT=14
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_SUPPORTS_INT128=y
-# CONFIG_CGROUPS is not set
+CONFIG_CGROUPS=y
+# CONFIG_CGROUP_DEBUG is not set
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CPUSETS=y
+CONFIG_PROC_PID_CPUSET=y
+CONFIG_CGROUP_CPUACCT=y
+CONFIG_PAGE_COUNTER=y
+CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_MEMCG_SWAP_ENABLED=y
+CONFIG_MEMCG_KMEM=y
+CONFIG_CGROUP_PERF=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+CONFIG_CFS_BANDWIDTH=y
+# CONFIG_RT_GROUP_SCHED is not set
+CONFIG_BLK_CGROUP=y
+# CONFIG_DEBUG_BLK_CGROUP is not set
+CONFIG_CGROUP_WRITEBACK=y
# CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
@@ -172,7 +192,9 @@ CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_AIO=y
CONFIG_ADVISE_SYSCALLS=y
+# CONFIG_USERFAULTFD is not set
CONFIG_PCI_QUIRKS=y
+CONFIG_MEMBARRIER=y
# CONFIG_EMBEDDED is not set
CONFIG_HAVE_PERF_EVENTS=y
@@ -185,6 +207,7 @@ CONFIG_VM_EVENT_COUNTERS=y
CONFIG_COMPAT_BRK=y
CONFIG_SLAB=y
# CONFIG_SLUB is not set
+# CONFIG_SYSTEM_DATA_VERIFICATION is not set
# CONFIG_PROFILING is not set
CONFIG_HAVE_OPROFILE=y
CONFIG_OPROFILE_NMI_TIMER=y
@@ -247,6 +270,7 @@ CONFIG_BLOCK=y
# CONFIG_BLK_DEV_BSG is not set
# CONFIG_BLK_DEV_BSGLIB is not set
# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_DEV_THROTTLING is not set
# CONFIG_BLK_CMDLINE_PARSER is not set
#
@@ -262,6 +286,7 @@ CONFIG_EFI_PARTITION=y
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
+# CONFIG_CFQ_GROUP_IOSCHED is not set
# CONFIG_DEFAULT_DEADLINE is not set
CONFIG_DEFAULT_CFQ=y
# CONFIG_DEFAULT_NOOP is not set
@@ -324,11 +349,11 @@ CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
# CONFIG_X86_MCE is not set
+# CONFIG_VM86 is not set
CONFIG_X86_16BIT=y
CONFIG_X86_ESPFIX64=y
CONFIG_X86_VSYSCALL_EMULATION=y
# CONFIG_I8K is not set
-# CONFIG_MICROCODE is not set
# CONFIG_X86_MSR is not set
# CONFIG_X86_CPUID is not set
CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
@@ -356,7 +381,6 @@ CONFIG_HAVE_BOOTMEM_INFO_NODE=y
CONFIG_MEMORY_HOTPLUG=y
CONFIG_MEMORY_HOTPLUG_SPARSE=y
CONFIG_MEMORY_HOTREMOVE=y
-CONFIG_PAGEFLAGS_EXTENDED=y
CONFIG_SPLIT_PTLOCK_CPUS=4
CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
CONFIG_MEMORY_BALLOON=y
@@ -379,6 +403,7 @@ CONFIG_NEED_PER_CPU_KM=y
CONFIG_GENERIC_EARLY_IOREMAP=y
CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
+# CONFIG_IDLE_PAGE_TRACKING is not set
# CONFIG_X86_PMEM_LEGACY is not set
# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
CONFIG_X86_RESERVE_LOW=64
@@ -400,12 +425,17 @@ CONFIG_HZ_250=y
CONFIG_HZ=250
CONFIG_SCHED_HRTICK=y
# CONFIG_KEXEC is not set
+# CONFIG_KEXEC_FILE is not set
# CONFIG_CRASH_DUMP is not set
CONFIG_PHYSICAL_START=0x1000000
CONFIG_RELOCATABLE=y
# CONFIG_RANDOMIZE_BASE is not set
CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_LEGACY_VSYSCALL_NATIVE is not set
+CONFIG_LEGACY_VSYSCALL_EMULATE=y
+# CONFIG_LEGACY_VSYSCALL_NONE is not set
# CONFIG_CMDLINE_BOOL is not set
+CONFIG_MODIFY_LDT_SYSCALL=y
CONFIG_HAVE_LIVEPATCH=y
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
@@ -426,6 +456,7 @@ CONFIG_ACPI=y
CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
+# CONFIG_ACPI_DEBUGGER is not set
CONFIG_ACPI_SLEEP=y
# CONFIG_ACPI_PROCFS_POWER is not set
CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y
@@ -435,6 +466,8 @@ CONFIG_ACPI_BATTERY=y
CONFIG_ACPI_BUTTON=y
CONFIG_ACPI_FAN=y
# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_CPU_FREQ_PSS=y
+CONFIG_ACPI_PROCESSOR_IDLE=y
CONFIG_ACPI_PROCESSOR=y
# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
CONFIG_ACPI_THERMAL=y
@@ -514,6 +547,7 @@ CONFIG_BINFMT_SCRIPT=y
# CONFIG_BINFMT_MISC is not set
CONFIG_COREDUMP=y
# CONFIG_IA32_EMULATION is not set
+# CONFIG_X86_X32 is not set
CONFIG_X86_DEV_DMA_OPS=y
CONFIG_PMC_ATOM=y
CONFIG_NET=y
@@ -551,7 +585,6 @@ CONFIG_NET_IP_TUNNEL=y
# CONFIG_NET_IPVTI is not set
CONFIG_NET_UDP_TUNNEL=y
# CONFIG_NET_FOU is not set
-# CONFIG_GENEVE_CORE is not set
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
@@ -575,6 +608,7 @@ CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
CONFIG_IPV6_MIP6=y
+# CONFIG_IPV6_ILA is not set
CONFIG_INET6_XFRM_TUNNEL=y
CONFIG_INET6_TUNNEL=y
CONFIG_INET6_XFRM_MODE_TRANSPORT=y
@@ -626,7 +660,7 @@ CONFIG_NF_CONNTRACK_SANE=y
# CONFIG_NF_CONNTRACK_TFTP is not set
CONFIG_NF_CT_NETLINK=y
# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
-# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
+# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_UDPLITE=y
@@ -677,6 +711,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
#
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
@@ -743,6 +778,7 @@ CONFIG_IP_SET_LIST_SET=y
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
+# CONFIG_NF_DUP_IPV4 is not set
# CONFIG_NF_LOG_ARP is not set
CONFIG_NF_LOG_IPV4=y
CONFIG_NF_REJECT_IPV4=y
@@ -776,6 +812,7 @@ CONFIG_IP_NF_ARP_MANGLE=y
#
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_CONNTRACK_IPV6=y
+# CONFIG_NF_DUP_IPV6 is not set
CONFIG_NF_REJECT_IPV6=y
CONFIG_NF_LOG_IPV6=y
CONFIG_NF_NAT_IPV6=y
@@ -826,6 +863,9 @@ CONFIG_HAVE_NET_DSA=y
# CONFIG_MPLS is not set
# CONFIG_HSR is not set
# CONFIG_NET_SWITCHDEV is not set
+# CONFIG_NET_L3_MASTER_DEV is not set
+CONFIG_CGROUP_NET_PRIO=y
+CONFIG_CGROUP_NET_CLASSID=y
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
@@ -855,6 +895,7 @@ CONFIG_NET_9P_VIRTIO=y
# CONFIG_CAIF is not set
# CONFIG_CEPH_LIB is not set
# CONFIG_NFC is not set
+# CONFIG_LWTUNNEL is not set
CONFIG_HAVE_BPF_JIT=y
#
@@ -866,7 +907,8 @@ CONFIG_HAVE_BPF_JIT=y
#
CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-# CONFIG_DEVTMPFS is not set
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
@@ -909,7 +951,6 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
# CONFIG_BLK_DEV_CRYPTOLOOP is not set
# CONFIG_BLK_DEV_DRBD is not set
CONFIG_BLK_DEV_NBD=y
-# CONFIG_BLK_DEV_NVME is not set
# CONFIG_BLK_DEV_SKD is not set
# CONFIG_BLK_DEV_SX8 is not set
# CONFIG_BLK_DEV_RAM is not set
@@ -919,6 +960,7 @@ CONFIG_VIRTIO_BLK=y
# CONFIG_BLK_DEV_HD is not set
# CONFIG_BLK_DEV_RBD is not set
# CONFIG_BLK_DEV_RSXX is not set
+# CONFIG_BLK_DEV_NVME is not set
#
# Misc devices
@@ -970,10 +1012,15 @@ CONFIG_VIRTIO_BLK=y
#
# SCIF Driver
#
+
+#
+# Intel MIC Coprocessor State Management (COSM) Drivers
+#
# CONFIG_GENWQE is not set
# CONFIG_ECHO is not set
# CONFIG_CXL_BASE is not set
# CONFIG_CXL_KERNEL_API is not set
+# CONFIG_CXL_EEH is not set
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
@@ -1004,6 +1051,7 @@ CONFIG_DUMMY=y
# CONFIG_MACVLAN is not set
# CONFIG_IPVLAN is not set
# CONFIG_VXLAN is not set
+# CONFIG_GENEVE is not set
# CONFIG_NETCONSOLE is not set
# CONFIG_NETPOLL is not set
# CONFIG_NET_POLL_CONTROLLER is not set
@@ -1046,6 +1094,7 @@ CONFIG_NET_VENDOR_ATHEROS=y
# CONFIG_ATL1E is not set
# CONFIG_ATL1C is not set
# CONFIG_ALX is not set
+# CONFIG_NET_VENDOR_AURORA is not set
CONFIG_NET_CADENCE=y
# CONFIG_MACB is not set
CONFIG_NET_VENDOR_BROADCOM=y
@@ -1055,6 +1104,7 @@ CONFIG_NET_VENDOR_BROADCOM=y
# CONFIG_CNIC is not set
# CONFIG_TIGON3 is not set
# CONFIG_BNX2X is not set
+# CONFIG_BNXT is not set
CONFIG_NET_VENDOR_BROCADE=y
# CONFIG_BNA is not set
CONFIG_NET_VENDOR_CAVIUM=y
@@ -1097,7 +1147,6 @@ CONFIG_NET_VENDOR_INTEL=y
# CONFIG_I40EVF is not set
# CONFIG_FM10K is not set
CONFIG_NET_VENDOR_I825XX=y
-# CONFIG_IP1000 is not set
# CONFIG_JME is not set
CONFIG_NET_VENDOR_MARVELL=y
# CONFIG_MVMDIO is not set
@@ -1107,6 +1156,7 @@ CONFIG_NET_VENDOR_MELLANOX=y
# CONFIG_MLX4_EN is not set
# CONFIG_MLX4_CORE is not set
# CONFIG_MLX5_CORE is not set
+# CONFIG_MLXSW_CORE is not set
CONFIG_NET_VENDOR_MICREL=y
# CONFIG_KS8851_MLL is not set
# CONFIG_KSZ884X_PCI is not set
@@ -1130,6 +1180,7 @@ CONFIG_NET_VENDOR_QLOGIC=y
# CONFIG_QLCNIC is not set
# CONFIG_QLGE is not set
# CONFIG_NETXEN_NIC is not set
+# CONFIG_QED is not set
CONFIG_NET_VENDOR_QUALCOMM=y
CONFIG_NET_VENDOR_REALTEK=y
# CONFIG_8139CP is not set
@@ -1159,6 +1210,7 @@ CONFIG_NET_VENDOR_SUN=y
# CONFIG_SUNGEM is not set
# CONFIG_CASSINI is not set
# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_SYNOPSYS=y
CONFIG_NET_VENDOR_TEHUTI=y
# CONFIG_TEHUTI is not set
CONFIG_NET_VENDOR_TI=y
@@ -1191,7 +1243,9 @@ CONFIG_WLAN=y
#
# CONFIG_WAN is not set
# CONFIG_VMXNET3 is not set
+# CONFIG_FUJITSU_ES is not set
# CONFIG_ISDN is not set
+# CONFIG_NVM is not set
#
# Input device support
@@ -1260,6 +1314,7 @@ CONFIG_SERIO_LIBPS2=y
# CONFIG_SERIO_ALTERA_PS2 is not set
# CONFIG_SERIO_PS2MULT is not set
# CONFIG_SERIO_ARC_PS2 is not set
+# CONFIG_USERIO is not set
# CONFIG_GAMEPORT is not set
#
@@ -1291,6 +1346,7 @@ CONFIG_DEVKMEM=y
#
# Non-8250 serial port support
#
+# CONFIG_SERIAL_UARTLITE is not set
# CONFIG_SERIAL_JSM is not set
# CONFIG_SERIAL_SCCNXP is not set
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
@@ -1348,7 +1404,7 @@ CONFIG_POWER_SUPPLY=y
# CONFIG_TEST_POWER is not set
# CONFIG_BATTERY_DS2780 is not set
# CONFIG_BATTERY_DS2781 is not set
-# CONFIG_BATTERY_BQ27x00 is not set
+# CONFIG_BATTERY_BQ27XXX is not set
# CONFIG_CHARGER_MAX8903 is not set
# CONFIG_POWER_RESET is not set
# CONFIG_POWER_AVS is not set
@@ -1410,10 +1466,7 @@ CONFIG_THERMAL_GOV_STEP_WISE=y
# CONFIG_INTEL_POWERCLAMP is not set
# CONFIG_INTEL_SOC_DTS_THERMAL is not set
# CONFIG_INT340X_THERMAL is not set
-
-#
-# Texas Instruments thermal drivers
-#
+# CONFIG_INTEL_PCH_THERMAL is not set
# CONFIG_WATCHDOG is not set
CONFIG_SSB_POSSIBLE=y
@@ -1436,6 +1489,8 @@ CONFIG_BCMA_POSSIBLE=y
# CONFIG_HTC_PASIC3 is not set
# CONFIG_LPC_ICH is not set
# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_INTEL_LPSS_ACPI is not set
+# CONFIG_MFD_INTEL_LPSS_PCI is not set
# CONFIG_MFD_JANZ_CMODIO is not set
# CONFIG_MFD_KEMPLD is not set
# CONFIG_MFD_MT6397 is not set
@@ -1457,10 +1512,6 @@ CONFIG_BCMA_POSSIBLE=y
CONFIG_VGA_ARB=y
CONFIG_VGA_ARB_MAX_GPUS=16
# CONFIG_VGA_SWITCHEROO is not set
-
-#
-# Direct Rendering Manager
-#
# CONFIG_DRM is not set
#
@@ -1507,6 +1558,8 @@ CONFIG_HID_CYPRESS=y
# CONFIG_HID_EMS_FF is not set
# CONFIG_HID_ELECOM is not set
CONFIG_HID_EZKEY=y
+# CONFIG_HID_GEMBIRD is not set
+# CONFIG_HID_GFRM is not set
# CONFIG_HID_KEYTOUCH is not set
# CONFIG_HID_KYE is not set
# CONFIG_HID_WALTOP is not set
@@ -1614,6 +1667,7 @@ CONFIG_X86_PLATFORM_DEVICES=y
# CONFIG_INTEL_SMARTCONNECT is not set
# CONFIG_PVPANIC is not set
# CONFIG_INTEL_PMC_IPC is not set
+# CONFIG_SURFACE_PRO3_BUTTON is not set
# CONFIG_CHROME_PLATFORMS is not set
#
@@ -1675,6 +1729,11 @@ CONFIG_IOMMU_SUPPORT=y
# CONFIG_BCM_KONA_USB2_PHY is not set
# CONFIG_POWERCAP is not set
# CONFIG_MCB is not set
+
+#
+# Performance monitor support
+#
+# CONFIG_RAS is not set
# CONFIG_THUNDERBOLT is not set
#
@@ -1682,6 +1741,16 @@ CONFIG_IOMMU_SUPPORT=y
#
# CONFIG_ANDROID is not set
# CONFIG_LIBNVDIMM is not set
+# CONFIG_NVMEM is not set
+# CONFIG_STM is not set
+# CONFIG_STM_DUMMY is not set
+# CONFIG_STM_SOURCE_CONSOLE is not set
+# CONFIG_INTEL_TH is not set
+
+#
+# FPGA Configuration Support
+#
+# CONFIG_FPGA is not set
#
# Firmware Drivers
@@ -1703,10 +1772,16 @@ CONFIG_DCACHE_WORD_ACCESS=y
CONFIG_EXT2_FS=y
# CONFIG_EXT2_FS_XATTR is not set
CONFIG_EXT3_FS=y
-# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
-# CONFIG_EXT3_FS_XATTR is not set
-# CONFIG_EXT4_FS is not set
-CONFIG_JBD=y
+# CONFIG_EXT3_FS_POSIX_ACL is not set
+# CONFIG_EXT3_FS_SECURITY is not set
+CONFIG_EXT4_FS=y
+# CONFIG_EXT4_FS_POSIX_ACL is not set
+# CONFIG_EXT4_FS_SECURITY is not set
+# CONFIG_EXT4_ENCRYPTION is not set
+# CONFIG_EXT4_DEBUG is not set
+CONFIG_JBD2=y
+# CONFIG_JBD2_DEBUG is not set
+CONFIG_FS_MBCACHE=y
CONFIG_REISERFS_FS=y
# CONFIG_REISERFS_CHECK is not set
# CONFIG_REISERFS_PROC_INFO is not set
@@ -1885,6 +1960,7 @@ CONFIG_FRAME_WARN=1024
# CONFIG_DEBUG_FS is not set
# CONFIG_HEADERS_CHECK is not set
# CONFIG_DEBUG_SECTION_MISMATCH is not set
+CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_ARCH_WANT_FRAME_POINTERS=y
CONFIG_FRAME_POINTER=y
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
@@ -2003,6 +2079,7 @@ CONFIG_BRANCH_PROFILE_NONE=y
# CONFIG_TEST_HEXDUMP is not set
# CONFIG_TEST_STRING_HELPERS is not set
# CONFIG_TEST_KSTRTOX is not set
+# CONFIG_TEST_PRINTF is not set
# CONFIG_TEST_RHASHTABLE is not set
# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
# CONFIG_DMA_API_DEBUG is not set
@@ -2016,9 +2093,11 @@ CONFIG_HAVE_ARCH_KGDB=y
CONFIG_X86_VERBOSE_BOOTUP=y
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_X86_PTDUMP_CORE is not set
# CONFIG_X86_PTDUMP is not set
CONFIG_DEBUG_RODATA=y
CONFIG_DEBUG_RODATA_TEST=y
+# CONFIG_DEBUG_WX is not set
CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_IOMMU_DEBUG is not set
@@ -2076,6 +2155,7 @@ CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
CONFIG_CRYPTO_GF128MUL=y
CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_NULL2=y
CONFIG_CRYPTO_WORKQUEUE=y
CONFIG_CRYPTO_CRYPTD=y
# CONFIG_CRYPTO_MCRYPTD is not set
@@ -2102,6 +2182,7 @@ CONFIG_CRYPTO_ECB=y
CONFIG_CRYPTO_LRW=y
CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_XTS=y
+# CONFIG_CRYPTO_KEYWRAP is not set
#
# Hash modes
@@ -2121,6 +2202,7 @@ CONFIG_CRYPTO_CRC32C=y
# CONFIG_CRYPTO_CRCT10DIF is not set
CONFIG_CRYPTO_GHASH=y
CONFIG_CRYPTO_POLY1305=y
+CONFIG_CRYPTO_POLY1305_X86_64=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=y
@@ -2166,6 +2248,7 @@ CONFIG_CRYPTO_KHAZAD=y
CONFIG_CRYPTO_SALSA20=y
CONFIG_CRYPTO_SALSA20_X86_64=y
CONFIG_CRYPTO_CHACHA20=y
+CONFIG_CRYPTO_CHACHA20_X86_64=y
CONFIG_CRYPTO_SEED=y
CONFIG_CRYPTO_SERPENT=y
CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
@@ -2204,6 +2287,10 @@ CONFIG_CRYPTO_USER_API_SKCIPHER=y
# CONFIG_CRYPTO_USER_API_RNG is not set
CONFIG_CRYPTO_USER_API_AEAD=y
# CONFIG_CRYPTO_HW is not set
+
+#
+# Certificates for signature checking
+#
CONFIG_HAVE_KVM=y
CONFIG_VIRTUALIZATION=y
# CONFIG_KVM is not set
@@ -2259,8 +2346,9 @@ CONFIG_HAS_DMA=y
CONFIG_DQL=y
CONFIG_NLATTR=y
CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
-CONFIG_AVERAGE=y
# CONFIG_CORDIC is not set
# CONFIG_DDR is not set
+# CONFIG_SG_SPLIT is not set
CONFIG_ARCH_HAS_SG_CHAIN=y
CONFIG_ARCH_HAS_PMEM_API=y
+CONFIG_ARCH_HAS_MMIO_FLUSH=y
diff --git a/testing/config/kernel/config-4.2 b/testing/config/kernel/config-4.5
similarity index 93%
copy from testing/config/kernel/config-4.2
copy to testing/config/kernel/config-4.5
index 72d5b93..541ffdc 100644
--- a/testing/config/kernel/config-4.2
+++ b/testing/config/kernel/config-4.5
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.2.0 Kernel Configuration
+# Linux/x86 4.5.0 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -11,8 +11,11 @@ CONFIG_OUTPUT_FORMAT="elf64-x86-64"
CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_STACKTRACE_SUPPORT=y
-CONFIG_HAVE_LATENCYTOP_SUPPORT=y
CONFIG_MMU=y
+CONFIG_ARCH_MMAP_RND_BITS_MIN=28
+CONFIG_ARCH_MMAP_RND_BITS_MAX=32
+CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
+CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16
CONFIG_NEED_DMA_MAP_STATE=y
CONFIG_NEED_SG_DMA_LENGTH=y
CONFIG_GENERIC_ISA_DMA=y
@@ -133,7 +136,26 @@ CONFIG_LOG_BUF_SHIFT=14
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_SUPPORTS_INT128=y
-# CONFIG_CGROUPS is not set
+CONFIG_CGROUPS=y
+CONFIG_PAGE_COUNTER=y
+CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_MEMCG_SWAP_ENABLED=y
+CONFIG_BLK_CGROUP=y
+# CONFIG_DEBUG_BLK_CGROUP is not set
+CONFIG_CGROUP_WRITEBACK=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+CONFIG_CFS_BANDWIDTH=y
+# CONFIG_RT_GROUP_SCHED is not set
+CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CPUSETS=y
+CONFIG_PROC_PID_CPUSET=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CGROUP_CPUACCT=y
+CONFIG_CGROUP_PERF=y
+# CONFIG_CGROUP_DEBUG is not set
# CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
@@ -172,7 +194,9 @@ CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_AIO=y
CONFIG_ADVISE_SYSCALLS=y
+# CONFIG_USERFAULTFD is not set
CONFIG_PCI_QUIRKS=y
+CONFIG_MEMBARRIER=y
# CONFIG_EMBEDDED is not set
CONFIG_HAVE_PERF_EVENTS=y
@@ -185,6 +209,7 @@ CONFIG_VM_EVENT_COUNTERS=y
CONFIG_COMPAT_BRK=y
CONFIG_SLAB=y
# CONFIG_SLUB is not set
+# CONFIG_SYSTEM_DATA_VERIFICATION is not set
# CONFIG_PROFILING is not set
CONFIG_HAVE_OPROFILE=y
CONFIG_OPROFILE_NMI_TIMER=y
@@ -199,7 +224,6 @@ CONFIG_HAVE_KRETPROBES=y
CONFIG_HAVE_OPTPROBES=y
CONFIG_HAVE_KPROBES_ON_FTRACE=y
CONFIG_HAVE_ARCH_TRACEHOOK=y
-CONFIG_HAVE_DMA_ATTRS=y
CONFIG_HAVE_DMA_CONTIGUOUS=y
CONFIG_GENERIC_SMP_IDLE_THREAD=y
CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
@@ -231,6 +255,8 @@ CONFIG_HAVE_ARCH_SOFT_DIRTY=y
CONFIG_MODULES_USE_ELF_RELA=y
CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
+CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
+CONFIG_ARCH_MMAP_RND_BITS=28
CONFIG_HAVE_COPY_THREAD_TLS=y
#
@@ -247,6 +273,7 @@ CONFIG_BLOCK=y
# CONFIG_BLK_DEV_BSG is not set
# CONFIG_BLK_DEV_BSGLIB is not set
# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_DEV_THROTTLING is not set
# CONFIG_BLK_CMDLINE_PARSER is not set
#
@@ -262,6 +289,7 @@ CONFIG_EFI_PARTITION=y
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
+# CONFIG_CFQ_GROUP_IOSCHED is not set
# CONFIG_DEFAULT_DEADLINE is not set
CONFIG_DEFAULT_CFQ=y
# CONFIG_DEFAULT_NOOP is not set
@@ -282,9 +310,11 @@ CONFIG_FREEZER=y
CONFIG_ZONE_DMA=y
# CONFIG_SMP is not set
CONFIG_X86_FEATURE_NAMES=y
+CONFIG_X86_FAST_FEATURE_TESTS=y
CONFIG_X86_MPPARSE=y
CONFIG_X86_EXTENDED_PLATFORM=y
# CONFIG_X86_GOLDFISH is not set
+# CONFIG_X86_INTEL_MID is not set
# CONFIG_X86_INTEL_LPSS is not set
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
CONFIG_IOSF_MBI=y
@@ -324,11 +354,11 @@ CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
# CONFIG_X86_MCE is not set
+# CONFIG_VM86 is not set
CONFIG_X86_16BIT=y
CONFIG_X86_ESPFIX64=y
CONFIG_X86_VSYSCALL_EMULATION=y
# CONFIG_I8K is not set
-# CONFIG_MICROCODE is not set
# CONFIG_X86_MSR is not set
# CONFIG_X86_CPUID is not set
CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
@@ -356,7 +386,6 @@ CONFIG_HAVE_BOOTMEM_INFO_NODE=y
CONFIG_MEMORY_HOTPLUG=y
CONFIG_MEMORY_HOTPLUG_SPARSE=y
CONFIG_MEMORY_HOTREMOVE=y
-CONFIG_PAGEFLAGS_EXTENDED=y
CONFIG_SPLIT_PTLOCK_CPUS=4
CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
CONFIG_MEMORY_BALLOON=y
@@ -379,6 +408,7 @@ CONFIG_NEED_PER_CPU_KM=y
CONFIG_GENERIC_EARLY_IOREMAP=y
CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
+# CONFIG_IDLE_PAGE_TRACKING is not set
# CONFIG_X86_PMEM_LEGACY is not set
# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
CONFIG_X86_RESERVE_LOW=64
@@ -400,12 +430,17 @@ CONFIG_HZ_250=y
CONFIG_HZ=250
CONFIG_SCHED_HRTICK=y
# CONFIG_KEXEC is not set
+# CONFIG_KEXEC_FILE is not set
# CONFIG_CRASH_DUMP is not set
CONFIG_PHYSICAL_START=0x1000000
CONFIG_RELOCATABLE=y
# CONFIG_RANDOMIZE_BASE is not set
CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_LEGACY_VSYSCALL_NATIVE is not set
+CONFIG_LEGACY_VSYSCALL_EMULATE=y
+# CONFIG_LEGACY_VSYSCALL_NONE is not set
# CONFIG_CMDLINE_BOOL is not set
+CONFIG_MODIFY_LDT_SYSCALL=y
CONFIG_HAVE_LIVEPATCH=y
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
@@ -426,6 +461,7 @@ CONFIG_ACPI=y
CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
+# CONFIG_ACPI_DEBUGGER is not set
CONFIG_ACPI_SLEEP=y
# CONFIG_ACPI_PROCFS_POWER is not set
CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y
@@ -435,6 +471,8 @@ CONFIG_ACPI_BATTERY=y
CONFIG_ACPI_BUTTON=y
CONFIG_ACPI_FAN=y
# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_CPU_FREQ_PSS=y
+CONFIG_ACPI_PROCESSOR_IDLE=y
CONFIG_ACPI_PROCESSOR=y
# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
CONFIG_ACPI_THERMAL=y
@@ -514,8 +552,10 @@ CONFIG_BINFMT_SCRIPT=y
# CONFIG_BINFMT_MISC is not set
CONFIG_COREDUMP=y
# CONFIG_IA32_EMULATION is not set
+# CONFIG_X86_X32 is not set
CONFIG_X86_DEV_DMA_OPS=y
CONFIG_PMC_ATOM=y
+# CONFIG_VMD is not set
CONFIG_NET=y
CONFIG_NET_INGRESS=y
@@ -551,7 +591,6 @@ CONFIG_NET_IP_TUNNEL=y
# CONFIG_NET_IPVTI is not set
CONFIG_NET_UDP_TUNNEL=y
# CONFIG_NET_FOU is not set
-# CONFIG_GENEVE_CORE is not set
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
@@ -564,6 +603,7 @@ CONFIG_INET_XFRM_MODE_BEET=y
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_INET_UDP_DIAG is not set
+# CONFIG_INET_DIAG_DESTROY is not set
# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_TCP_CONG_CUBIC=y
CONFIG_DEFAULT_TCP_CONG="cubic"
@@ -575,6 +615,7 @@ CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
CONFIG_IPV6_MIP6=y
+# CONFIG_IPV6_ILA is not set
CONFIG_INET6_XFRM_TUNNEL=y
CONFIG_INET6_TUNNEL=y
CONFIG_INET6_XFRM_MODE_TRANSPORT=y
@@ -626,7 +667,7 @@ CONFIG_NF_CONNTRACK_SANE=y
# CONFIG_NF_CONNTRACK_TFTP is not set
CONFIG_NF_CT_NETLINK=y
# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
-# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
+# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_UDPLITE=y
@@ -677,6 +718,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
#
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
@@ -743,6 +785,7 @@ CONFIG_IP_SET_LIST_SET=y
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
+# CONFIG_NF_DUP_IPV4 is not set
# CONFIG_NF_LOG_ARP is not set
CONFIG_NF_LOG_IPV4=y
CONFIG_NF_REJECT_IPV4=y
@@ -776,6 +819,7 @@ CONFIG_IP_NF_ARP_MANGLE=y
#
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_CONNTRACK_IPV6=y
+# CONFIG_NF_DUP_IPV6 is not set
CONFIG_NF_REJECT_IPV6=y
CONFIG_NF_LOG_IPV6=y
CONFIG_NF_NAT_IPV6=y
@@ -826,6 +870,10 @@ CONFIG_HAVE_NET_DSA=y
# CONFIG_MPLS is not set
# CONFIG_HSR is not set
# CONFIG_NET_SWITCHDEV is not set
+# CONFIG_NET_L3_MASTER_DEV is not set
+CONFIG_SOCK_CGROUP_DATA=y
+CONFIG_CGROUP_NET_PRIO=y
+CONFIG_CGROUP_NET_CLASSID=y
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
@@ -855,6 +903,7 @@ CONFIG_NET_9P_VIRTIO=y
# CONFIG_CAIF is not set
# CONFIG_CEPH_LIB is not set
# CONFIG_NFC is not set
+# CONFIG_LWTUNNEL is not set
CONFIG_HAVE_BPF_JIT=y
#
@@ -866,7 +915,8 @@ CONFIG_HAVE_BPF_JIT=y
#
CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-# CONFIG_DEVTMPFS is not set
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
@@ -909,7 +959,6 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
# CONFIG_BLK_DEV_CRYPTOLOOP is not set
# CONFIG_BLK_DEV_DRBD is not set
CONFIG_BLK_DEV_NBD=y
-# CONFIG_BLK_DEV_NVME is not set
# CONFIG_BLK_DEV_SKD is not set
# CONFIG_BLK_DEV_SX8 is not set
# CONFIG_BLK_DEV_RAM is not set
@@ -919,6 +968,7 @@ CONFIG_VIRTIO_BLK=y
# CONFIG_BLK_DEV_HD is not set
# CONFIG_BLK_DEV_RBD is not set
# CONFIG_BLK_DEV_RSXX is not set
+# CONFIG_BLK_DEV_NVME is not set
#
# Misc devices
@@ -970,10 +1020,15 @@ CONFIG_VIRTIO_BLK=y
#
# SCIF Driver
#
+
+#
+# Intel MIC Coprocessor State Management (COSM) Drivers
+#
# CONFIG_GENWQE is not set
# CONFIG_ECHO is not set
# CONFIG_CXL_BASE is not set
# CONFIG_CXL_KERNEL_API is not set
+# CONFIG_CXL_EEH is not set
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
@@ -1004,6 +1059,7 @@ CONFIG_DUMMY=y
# CONFIG_MACVLAN is not set
# CONFIG_IPVLAN is not set
# CONFIG_VXLAN is not set
+# CONFIG_GENEVE is not set
# CONFIG_NETCONSOLE is not set
# CONFIG_NETPOLL is not set
# CONFIG_NET_POLL_CONTROLLER is not set
@@ -1046,6 +1102,7 @@ CONFIG_NET_VENDOR_ATHEROS=y
# CONFIG_ATL1E is not set
# CONFIG_ATL1C is not set
# CONFIG_ALX is not set
+# CONFIG_NET_VENDOR_AURORA is not set
CONFIG_NET_CADENCE=y
# CONFIG_MACB is not set
CONFIG_NET_VENDOR_BROADCOM=y
@@ -1055,6 +1112,7 @@ CONFIG_NET_VENDOR_BROADCOM=y
# CONFIG_CNIC is not set
# CONFIG_TIGON3 is not set
# CONFIG_BNX2X is not set
+# CONFIG_BNXT is not set
CONFIG_NET_VENDOR_BROCADE=y
# CONFIG_BNA is not set
CONFIG_NET_VENDOR_CAVIUM=y
@@ -1097,7 +1155,6 @@ CONFIG_NET_VENDOR_INTEL=y
# CONFIG_I40EVF is not set
# CONFIG_FM10K is not set
CONFIG_NET_VENDOR_I825XX=y
-# CONFIG_IP1000 is not set
# CONFIG_JME is not set
CONFIG_NET_VENDOR_MARVELL=y
# CONFIG_MVMDIO is not set
@@ -1107,6 +1164,7 @@ CONFIG_NET_VENDOR_MELLANOX=y
# CONFIG_MLX4_EN is not set
# CONFIG_MLX4_CORE is not set
# CONFIG_MLX5_CORE is not set
+# CONFIG_MLXSW_CORE is not set
CONFIG_NET_VENDOR_MICREL=y
# CONFIG_KS8851_MLL is not set
# CONFIG_KSZ884X_PCI is not set
@@ -1116,6 +1174,8 @@ CONFIG_NET_VENDOR_MYRI=y
CONFIG_NET_VENDOR_NATSEMI=y
# CONFIG_NATSEMI is not set
# CONFIG_NS83820 is not set
+CONFIG_NET_VENDOR_NETRONOME=y
+# CONFIG_NFP_NETVF is not set
CONFIG_NET_VENDOR_8390=y
# CONFIG_NE2K_PCI is not set
CONFIG_NET_VENDOR_NVIDIA=y
@@ -1130,6 +1190,7 @@ CONFIG_NET_VENDOR_QLOGIC=y
# CONFIG_QLCNIC is not set
# CONFIG_QLGE is not set
# CONFIG_NETXEN_NIC is not set
+# CONFIG_QED is not set
CONFIG_NET_VENDOR_QUALCOMM=y
CONFIG_NET_VENDOR_REALTEK=y
# CONFIG_8139CP is not set
@@ -1159,6 +1220,7 @@ CONFIG_NET_VENDOR_SUN=y
# CONFIG_SUNGEM is not set
# CONFIG_CASSINI is not set
# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_SYNOPSYS=y
CONFIG_NET_VENDOR_TEHUTI=y
# CONFIG_TEHUTI is not set
CONFIG_NET_VENDOR_TI=y
@@ -1181,17 +1243,34 @@ CONFIG_NET_VENDOR_WIZNET=y
# Host-side USB support is needed for USB Network Adapter support
#
CONFIG_WLAN=y
-# CONFIG_PRISM54 is not set
+CONFIG_WLAN_VENDOR_ADMTEK=y
+CONFIG_WLAN_VENDOR_ATH=y
+# CONFIG_ATH_DEBUG is not set
+# CONFIG_ATH5K_PCI is not set
+CONFIG_WLAN_VENDOR_ATMEL=y
+CONFIG_WLAN_VENDOR_BROADCOM=y
+CONFIG_WLAN_VENDOR_CISCO=y
+CONFIG_WLAN_VENDOR_INTEL=y
+CONFIG_WLAN_VENDOR_INTERSIL=y
# CONFIG_HOSTAP is not set
-# CONFIG_WL_MEDIATEK is not set
-# CONFIG_WL_TI is not set
+# CONFIG_PRISM54 is not set
+CONFIG_WLAN_VENDOR_MARVELL=y
+CONFIG_WLAN_VENDOR_MEDIATEK=y
+CONFIG_WLAN_VENDOR_RALINK=y
+CONFIG_WLAN_VENDOR_REALTEK=y
+CONFIG_WLAN_VENDOR_RSI=y
+CONFIG_WLAN_VENDOR_ST=y
+CONFIG_WLAN_VENDOR_TI=y
+CONFIG_WLAN_VENDOR_ZYDAS=y
#
# Enable WiMAX (Networking options) to see the WiMAX drivers
#
# CONFIG_WAN is not set
# CONFIG_VMXNET3 is not set
+# CONFIG_FUJITSU_ES is not set
# CONFIG_ISDN is not set
+# CONFIG_NVM is not set
#
# Input device support
@@ -1260,6 +1339,7 @@ CONFIG_SERIO_LIBPS2=y
# CONFIG_SERIO_ALTERA_PS2 is not set
# CONFIG_SERIO_PS2MULT is not set
# CONFIG_SERIO_ARC_PS2 is not set
+# CONFIG_USERIO is not set
# CONFIG_GAMEPORT is not set
#
@@ -1291,6 +1371,7 @@ CONFIG_DEVKMEM=y
#
# Non-8250 serial port support
#
+# CONFIG_SERIAL_UARTLITE is not set
# CONFIG_SERIAL_JSM is not set
# CONFIG_SERIAL_SCCNXP is not set
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
@@ -1348,7 +1429,7 @@ CONFIG_POWER_SUPPLY=y
# CONFIG_TEST_POWER is not set
# CONFIG_BATTERY_DS2780 is not set
# CONFIG_BATTERY_DS2781 is not set
-# CONFIG_BATTERY_BQ27x00 is not set
+# CONFIG_BATTERY_BQ27XXX is not set
# CONFIG_CHARGER_MAX8903 is not set
# CONFIG_POWER_RESET is not set
# CONFIG_POWER_AVS is not set
@@ -1410,10 +1491,7 @@ CONFIG_THERMAL_GOV_STEP_WISE=y
# CONFIG_INTEL_POWERCLAMP is not set
# CONFIG_INTEL_SOC_DTS_THERMAL is not set
# CONFIG_INT340X_THERMAL is not set
-
-#
-# Texas Instruments thermal drivers
-#
+# CONFIG_INTEL_PCH_THERMAL is not set
# CONFIG_WATCHDOG is not set
CONFIG_SSB_POSSIBLE=y
@@ -1436,6 +1514,8 @@ CONFIG_BCMA_POSSIBLE=y
# CONFIG_HTC_PASIC3 is not set
# CONFIG_LPC_ICH is not set
# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_INTEL_LPSS_ACPI is not set
+# CONFIG_MFD_INTEL_LPSS_PCI is not set
# CONFIG_MFD_JANZ_CMODIO is not set
# CONFIG_MFD_KEMPLD is not set
# CONFIG_MFD_MT6397 is not set
@@ -1457,10 +1537,6 @@ CONFIG_BCMA_POSSIBLE=y
CONFIG_VGA_ARB=y
CONFIG_VGA_ARB_MAX_GPUS=16
# CONFIG_VGA_SWITCHEROO is not set
-
-#
-# Direct Rendering Manager
-#
# CONFIG_DRM is not set
#
@@ -1507,6 +1583,8 @@ CONFIG_HID_CYPRESS=y
# CONFIG_HID_EMS_FF is not set
# CONFIG_HID_ELECOM is not set
CONFIG_HID_EZKEY=y
+# CONFIG_HID_GEMBIRD is not set
+# CONFIG_HID_GFRM is not set
# CONFIG_HID_KEYTOUCH is not set
# CONFIG_HID_KYE is not set
# CONFIG_HID_WALTOP is not set
@@ -1602,11 +1680,13 @@ CONFIG_X86_PLATFORM_DEVICES=y
# CONFIG_HP_WIRELESS is not set
# CONFIG_SENSORS_HDAPS is not set
# CONFIG_INTEL_MENLOW is not set
+# CONFIG_ASUS_WIRELESS is not set
# CONFIG_ACPI_WMI is not set
# CONFIG_TOPSTAR_LAPTOP is not set
# CONFIG_TOSHIBA_BT_RFKILL is not set
# CONFIG_TOSHIBA_HAPS is not set
# CONFIG_ACPI_CMPC is not set
+# CONFIG_INTEL_HID_EVENT is not set
# CONFIG_INTEL_IPS is not set
# CONFIG_IBM_RTL is not set
# CONFIG_SAMSUNG_Q10 is not set
@@ -1614,6 +1694,8 @@ CONFIG_X86_PLATFORM_DEVICES=y
# CONFIG_INTEL_SMARTCONNECT is not set
# CONFIG_PVPANIC is not set
# CONFIG_INTEL_PMC_IPC is not set
+# CONFIG_SURFACE_PRO3_BUTTON is not set
+# CONFIG_INTEL_PUNIT_IPC is not set
# CONFIG_CHROME_PLATFORMS is not set
#
@@ -1662,6 +1744,8 @@ CONFIG_IOMMU_SUPPORT=y
# CONFIG_NTB is not set
# CONFIG_VME_BUS is not set
# CONFIG_PWM is not set
+CONFIG_ARM_GIC_MAX_NR=1
+# CONFIG_TS4800_IRQ is not set
# CONFIG_IPACK_BUS is not set
# CONFIG_RESET_CONTROLLER is not set
# CONFIG_FMC is not set
@@ -1675,6 +1759,11 @@ CONFIG_IOMMU_SUPPORT=y
# CONFIG_BCM_KONA_USB2_PHY is not set
# CONFIG_POWERCAP is not set
# CONFIG_MCB is not set
+
+#
+# Performance monitor support
+#
+# CONFIG_RAS is not set
# CONFIG_THUNDERBOLT is not set
#
@@ -1682,6 +1771,16 @@ CONFIG_IOMMU_SUPPORT=y
#
# CONFIG_ANDROID is not set
# CONFIG_LIBNVDIMM is not set
+# CONFIG_NVMEM is not set
+# CONFIG_STM is not set
+# CONFIG_STM_DUMMY is not set
+# CONFIG_STM_SOURCE_CONSOLE is not set
+# CONFIG_INTEL_TH is not set
+
+#
+# FPGA Configuration Support
+#
+# CONFIG_FPGA is not set
#
# Firmware Drivers
@@ -1703,10 +1802,16 @@ CONFIG_DCACHE_WORD_ACCESS=y
CONFIG_EXT2_FS=y
# CONFIG_EXT2_FS_XATTR is not set
CONFIG_EXT3_FS=y
-# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
-# CONFIG_EXT3_FS_XATTR is not set
-# CONFIG_EXT4_FS is not set
-CONFIG_JBD=y
+# CONFIG_EXT3_FS_POSIX_ACL is not set
+# CONFIG_EXT3_FS_SECURITY is not set
+CONFIG_EXT4_FS=y
+# CONFIG_EXT4_FS_POSIX_ACL is not set
+# CONFIG_EXT4_FS_SECURITY is not set
+# CONFIG_EXT4_ENCRYPTION is not set
+# CONFIG_EXT4_DEBUG is not set
+CONFIG_JBD2=y
+# CONFIG_JBD2_DEBUG is not set
+CONFIG_FS_MBCACHE=y
CONFIG_REISERFS_FS=y
# CONFIG_REISERFS_CHECK is not set
# CONFIG_REISERFS_PROC_INFO is not set
@@ -1720,6 +1825,7 @@ CONFIG_REISERFS_FS=y
# CONFIG_FS_DAX is not set
CONFIG_FS_POSIX_ACL=y
CONFIG_FILE_LOCKING=y
+CONFIG_MANDATORY_FILE_LOCKING=y
CONFIG_FSNOTIFY=y
CONFIG_DNOTIFY=y
CONFIG_INOTIFY_USER=y
@@ -1885,6 +1991,7 @@ CONFIG_FRAME_WARN=1024
# CONFIG_DEBUG_FS is not set
# CONFIG_HEADERS_CHECK is not set
# CONFIG_DEBUG_SECTION_MISMATCH is not set
+CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_ARCH_WANT_FRAME_POINTERS=y
CONFIG_FRAME_POINTER=y
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
@@ -1918,6 +2025,7 @@ CONFIG_DETECT_HUNG_TASK=y
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
+# CONFIG_WQ_WATCHDOG is not set
# CONFIG_PANIC_ON_OOPS is not set
CONFIG_PANIC_ON_OOPS_VALUE=0
CONFIG_PANIC_TIMEOUT=0
@@ -1959,6 +2067,7 @@ CONFIG_DEBUG_BUGVERBOSE=y
# CONFIG_RCU_TORTURE_TEST is not set
# CONFIG_RCU_TRACE is not set
# CONFIG_RCU_EQS_DEBUG is not set
+# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set
# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
# CONFIG_NOTIFIER_ERROR_INJECTION is not set
# CONFIG_FAULT_INJECTION is not set
@@ -2003,6 +2112,7 @@ CONFIG_BRANCH_PROFILE_NONE=y
# CONFIG_TEST_HEXDUMP is not set
# CONFIG_TEST_STRING_HELPERS is not set
# CONFIG_TEST_KSTRTOX is not set
+# CONFIG_TEST_PRINTF is not set
# CONFIG_TEST_RHASHTABLE is not set
# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
# CONFIG_DMA_API_DEBUG is not set
@@ -2012,13 +2122,18 @@ CONFIG_BRANCH_PROFILE_NONE=y
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
# CONFIG_KGDB is not set
+CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
+# CONFIG_UBSAN is not set
+CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
# CONFIG_STRICT_DEVMEM is not set
CONFIG_X86_VERBOSE_BOOTUP=y
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_X86_PTDUMP_CORE is not set
# CONFIG_X86_PTDUMP is not set
CONFIG_DEBUG_RODATA=y
CONFIG_DEBUG_RODATA_TEST=y
+# CONFIG_DEBUG_WX is not set
CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_IOMMU_DEBUG is not set
@@ -2076,6 +2191,7 @@ CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
CONFIG_CRYPTO_GF128MUL=y
CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_NULL2=y
CONFIG_CRYPTO_WORKQUEUE=y
CONFIG_CRYPTO_CRYPTD=y
# CONFIG_CRYPTO_MCRYPTD is not set
@@ -2102,6 +2218,7 @@ CONFIG_CRYPTO_ECB=y
CONFIG_CRYPTO_LRW=y
CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_XTS=y
+# CONFIG_CRYPTO_KEYWRAP is not set
#
# Hash modes
@@ -2121,6 +2238,7 @@ CONFIG_CRYPTO_CRC32C=y
# CONFIG_CRYPTO_CRCT10DIF is not set
CONFIG_CRYPTO_GHASH=y
CONFIG_CRYPTO_POLY1305=y
+CONFIG_CRYPTO_POLY1305_X86_64=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=y
@@ -2166,6 +2284,7 @@ CONFIG_CRYPTO_KHAZAD=y
CONFIG_CRYPTO_SALSA20=y
CONFIG_CRYPTO_SALSA20_X86_64=y
CONFIG_CRYPTO_CHACHA20=y
+CONFIG_CRYPTO_CHACHA20_X86_64=y
CONFIG_CRYPTO_SEED=y
CONFIG_CRYPTO_SERPENT=y
CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
@@ -2204,6 +2323,10 @@ CONFIG_CRYPTO_USER_API_SKCIPHER=y
# CONFIG_CRYPTO_USER_API_RNG is not set
CONFIG_CRYPTO_USER_API_AEAD=y
# CONFIG_CRYPTO_HW is not set
+
+#
+# Certificates for signature checking
+#
CONFIG_HAVE_KVM=y
CONFIG_VIRTUALIZATION=y
# CONFIG_KVM is not set
@@ -2259,8 +2382,10 @@ CONFIG_HAS_DMA=y
CONFIG_DQL=y
CONFIG_NLATTR=y
CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
-CONFIG_AVERAGE=y
# CONFIG_CORDIC is not set
# CONFIG_DDR is not set
+# CONFIG_IRQ_POLL is not set
+# CONFIG_SG_SPLIT is not set
CONFIG_ARCH_HAS_SG_CHAIN=y
CONFIG_ARCH_HAS_PMEM_API=y
+CONFIG_ARCH_HAS_MMIO_FLUSH=y
diff --git a/testing/config/kernel/config-4.2 b/testing/config/kernel/config-4.6
similarity index 91%
copy from testing/config/kernel/config-4.2
copy to testing/config/kernel/config-4.6
index 72d5b93..c6b6e91 100644
--- a/testing/config/kernel/config-4.2
+++ b/testing/config/kernel/config-4.6
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.2.0 Kernel Configuration
+# Linux/x86 4.6.3 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -11,8 +11,11 @@ CONFIG_OUTPUT_FORMAT="elf64-x86-64"
CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_STACKTRACE_SUPPORT=y
-CONFIG_HAVE_LATENCYTOP_SUPPORT=y
CONFIG_MMU=y
+CONFIG_ARCH_MMAP_RND_BITS_MIN=28
+CONFIG_ARCH_MMAP_RND_BITS_MAX=32
+CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
+CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16
CONFIG_NEED_DMA_MAP_STATE=y
CONFIG_NEED_SG_DMA_LENGTH=y
CONFIG_GENERIC_ISA_DMA=y
@@ -38,6 +41,7 @@ CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
CONFIG_ARCH_SUPPORTS_UPROBES=y
CONFIG_FIX_EARLYCON_MEM=y
+CONFIG_DEBUG_RODATA=y
CONFIG_PGTABLE_LEVELS=4
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
CONFIG_IRQ_WORK=y
@@ -71,7 +75,7 @@ CONFIG_SYSVIPC_SYSCTL=y
CONFIG_POSIX_MQUEUE=y
CONFIG_POSIX_MQUEUE_SYSCTL=y
CONFIG_CROSS_MEMORY_ATTACH=y
-# CONFIG_FHANDLE is not set
+CONFIG_FHANDLE=y
CONFIG_USELIB=y
# CONFIG_AUDIT is not set
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
@@ -133,7 +137,26 @@ CONFIG_LOG_BUF_SHIFT=14
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_SUPPORTS_INT128=y
-# CONFIG_CGROUPS is not set
+CONFIG_CGROUPS=y
+CONFIG_PAGE_COUNTER=y
+CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_MEMCG_SWAP_ENABLED=y
+CONFIG_BLK_CGROUP=y
+# CONFIG_DEBUG_BLK_CGROUP is not set
+CONFIG_CGROUP_WRITEBACK=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+CONFIG_CFS_BANDWIDTH=y
+# CONFIG_RT_GROUP_SCHED is not set
+CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CPUSETS=y
+CONFIG_PROC_PID_CPUSET=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CGROUP_CPUACCT=y
+CONFIG_CGROUP_PERF=y
+# CONFIG_CGROUP_DEBUG is not set
# CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
@@ -158,6 +181,8 @@ CONFIG_SYSFS_SYSCALL=y
# CONFIG_SYSCTL_SYSCALL is not set
CONFIG_KALLSYMS=y
# CONFIG_KALLSYMS_ALL is not set
+# CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set
+CONFIG_KALLSYMS_BASE_RELATIVE=y
CONFIG_PRINTK=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
@@ -172,7 +197,9 @@ CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_AIO=y
CONFIG_ADVISE_SYSCALLS=y
+# CONFIG_USERFAULTFD is not set
CONFIG_PCI_QUIRKS=y
+CONFIG_MEMBARRIER=y
# CONFIG_EMBEDDED is not set
CONFIG_HAVE_PERF_EVENTS=y
@@ -185,6 +212,7 @@ CONFIG_VM_EVENT_COUNTERS=y
CONFIG_COMPAT_BRK=y
CONFIG_SLAB=y
# CONFIG_SLUB is not set
+# CONFIG_SYSTEM_DATA_VERIFICATION is not set
# CONFIG_PROFILING is not set
CONFIG_HAVE_OPROFILE=y
CONFIG_OPROFILE_NMI_TIMER=y
@@ -199,7 +227,6 @@ CONFIG_HAVE_KRETPROBES=y
CONFIG_HAVE_OPTPROBES=y
CONFIG_HAVE_KPROBES_ON_FTRACE=y
CONFIG_HAVE_ARCH_TRACEHOOK=y
-CONFIG_HAVE_DMA_ATTRS=y
CONFIG_HAVE_DMA_CONTIGUOUS=y
CONFIG_GENERIC_SMP_IDLE_THREAD=y
CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
@@ -231,7 +258,10 @@ CONFIG_HAVE_ARCH_SOFT_DIRTY=y
CONFIG_MODULES_USE_ELF_RELA=y
CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
+CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
+CONFIG_ARCH_MMAP_RND_BITS=28
CONFIG_HAVE_COPY_THREAD_TLS=y
+CONFIG_HAVE_STACK_VALIDATION=y
#
# GCOV-based kernel profiling
@@ -247,6 +277,7 @@ CONFIG_BLOCK=y
# CONFIG_BLK_DEV_BSG is not set
# CONFIG_BLK_DEV_BSGLIB is not set
# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_DEV_THROTTLING is not set
# CONFIG_BLK_CMDLINE_PARSER is not set
#
@@ -262,6 +293,7 @@ CONFIG_EFI_PARTITION=y
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
+# CONFIG_CFQ_GROUP_IOSCHED is not set
# CONFIG_DEFAULT_DEADLINE is not set
CONFIG_DEFAULT_CFQ=y
# CONFIG_DEFAULT_NOOP is not set
@@ -282,9 +314,12 @@ CONFIG_FREEZER=y
CONFIG_ZONE_DMA=y
# CONFIG_SMP is not set
CONFIG_X86_FEATURE_NAMES=y
+CONFIG_X86_FAST_FEATURE_TESTS=y
CONFIG_X86_MPPARSE=y
+# CONFIG_GOLDFISH is not set
CONFIG_X86_EXTENDED_PLATFORM=y
# CONFIG_X86_GOLDFISH is not set
+# CONFIG_X86_INTEL_MID is not set
# CONFIG_X86_INTEL_LPSS is not set
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
CONFIG_IOSF_MBI=y
@@ -324,11 +359,16 @@ CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
# CONFIG_X86_MCE is not set
+# CONFIG_VM86 is not set
CONFIG_X86_16BIT=y
CONFIG_X86_ESPFIX64=y
CONFIG_X86_VSYSCALL_EMULATION=y
# CONFIG_I8K is not set
-# CONFIG_MICROCODE is not set
+CONFIG_MICROCODE=y
+CONFIG_MICROCODE_INTEL=y
+# CONFIG_MICROCODE_AMD is not set
+CONFIG_MICROCODE_OLD_INTERFACE=y
+# CONFIG_PERF_EVENTS_AMD_POWER is not set
# CONFIG_X86_MSR is not set
# CONFIG_X86_CPUID is not set
CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
@@ -356,7 +396,6 @@ CONFIG_HAVE_BOOTMEM_INFO_NODE=y
CONFIG_MEMORY_HOTPLUG=y
CONFIG_MEMORY_HOTPLUG_SPARSE=y
CONFIG_MEMORY_HOTREMOVE=y
-CONFIG_PAGEFLAGS_EXTENDED=y
CONFIG_SPLIT_PTLOCK_CPUS=4
CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
CONFIG_MEMORY_BALLOON=y
@@ -379,6 +418,9 @@ CONFIG_NEED_PER_CPU_KM=y
CONFIG_GENERIC_EARLY_IOREMAP=y
CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
+# CONFIG_IDLE_PAGE_TRACKING is not set
+CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y
+CONFIG_ARCH_HAS_PKEYS=y
# CONFIG_X86_PMEM_LEGACY is not set
# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
CONFIG_X86_RESERVE_LOW=64
@@ -391,6 +433,7 @@ CONFIG_ARCH_USES_PG_UNCACHED=y
CONFIG_ARCH_RANDOM=y
CONFIG_X86_SMAP=y
# CONFIG_X86_INTEL_MPX is not set
+CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
# CONFIG_EFI is not set
CONFIG_SECCOMP=y
# CONFIG_HZ_100 is not set
@@ -400,12 +443,17 @@ CONFIG_HZ_250=y
CONFIG_HZ=250
CONFIG_SCHED_HRTICK=y
# CONFIG_KEXEC is not set
+# CONFIG_KEXEC_FILE is not set
# CONFIG_CRASH_DUMP is not set
CONFIG_PHYSICAL_START=0x1000000
CONFIG_RELOCATABLE=y
# CONFIG_RANDOMIZE_BASE is not set
CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_LEGACY_VSYSCALL_NATIVE is not set
+CONFIG_LEGACY_VSYSCALL_EMULATE=y
+# CONFIG_LEGACY_VSYSCALL_NONE is not set
# CONFIG_CMDLINE_BOOL is not set
+CONFIG_MODIFY_LDT_SYSCALL=y
CONFIG_HAVE_LIVEPATCH=y
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
@@ -426,6 +474,7 @@ CONFIG_ACPI=y
CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
+# CONFIG_ACPI_DEBUGGER is not set
CONFIG_ACPI_SLEEP=y
# CONFIG_ACPI_PROCFS_POWER is not set
CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y
@@ -435,6 +484,8 @@ CONFIG_ACPI_BATTERY=y
CONFIG_ACPI_BUTTON=y
CONFIG_ACPI_FAN=y
# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_CPU_FREQ_PSS=y
+CONFIG_ACPI_PROCESSOR_IDLE=y
CONFIG_ACPI_PROCESSOR=y
# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
CONFIG_ACPI_THERMAL=y
@@ -493,14 +544,15 @@ CONFIG_HT_IRQ=y
# CONFIG_PCI_PRI is not set
# CONFIG_PCI_PASID is not set
CONFIG_PCI_LABEL=y
+# CONFIG_HOTPLUG_PCI is not set
#
# PCI host controller drivers
#
+# CONFIG_PCIE_DW_PLAT is not set
CONFIG_ISA_DMA_API=y
CONFIG_AMD_NB=y
# CONFIG_PCCARD is not set
-# CONFIG_HOTPLUG_PCI is not set
# CONFIG_RAPIDIO is not set
# CONFIG_X86_SYSFB is not set
@@ -514,8 +566,10 @@ CONFIG_BINFMT_SCRIPT=y
# CONFIG_BINFMT_MISC is not set
CONFIG_COREDUMP=y
# CONFIG_IA32_EMULATION is not set
+# CONFIG_X86_X32 is not set
CONFIG_X86_DEV_DMA_OPS=y
CONFIG_PMC_ATOM=y
+# CONFIG_VMD is not set
CONFIG_NET=y
CONFIG_NET_INGRESS=y
@@ -551,7 +605,6 @@ CONFIG_NET_IP_TUNNEL=y
# CONFIG_NET_IPVTI is not set
CONFIG_NET_UDP_TUNNEL=y
# CONFIG_NET_FOU is not set
-# CONFIG_GENEVE_CORE is not set
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
@@ -560,10 +613,10 @@ CONFIG_INET_TUNNEL=y
CONFIG_INET_XFRM_MODE_TRANSPORT=y
CONFIG_INET_XFRM_MODE_TUNNEL=y
CONFIG_INET_XFRM_MODE_BEET=y
-# CONFIG_INET_LRO is not set
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_INET_UDP_DIAG is not set
+# CONFIG_INET_DIAG_DESTROY is not set
# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_TCP_CONG_CUBIC=y
CONFIG_DEFAULT_TCP_CONG="cubic"
@@ -575,6 +628,7 @@ CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
CONFIG_IPV6_MIP6=y
+# CONFIG_IPV6_ILA is not set
CONFIG_INET6_XFRM_TUNNEL=y
CONFIG_INET6_TUNNEL=y
CONFIG_INET6_XFRM_MODE_TRANSPORT=y
@@ -626,7 +680,7 @@ CONFIG_NF_CONNTRACK_SANE=y
# CONFIG_NF_CONNTRACK_TFTP is not set
CONFIG_NF_CT_NETLINK=y
# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
-# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
+# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_UDPLITE=y
@@ -677,6 +731,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
#
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
@@ -743,6 +798,7 @@ CONFIG_IP_SET_LIST_SET=y
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
+# CONFIG_NF_DUP_IPV4 is not set
# CONFIG_NF_LOG_ARP is not set
CONFIG_NF_LOG_IPV4=y
CONFIG_NF_REJECT_IPV4=y
@@ -776,6 +832,7 @@ CONFIG_IP_NF_ARP_MANGLE=y
#
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_CONNTRACK_IPV6=y
+# CONFIG_NF_DUP_IPV6 is not set
CONFIG_NF_REJECT_IPV6=y
CONFIG_NF_LOG_IPV6=y
CONFIG_NF_NAT_IPV6=y
@@ -821,11 +878,14 @@ CONFIG_HAVE_NET_DSA=y
# CONFIG_BATMAN_ADV is not set
# CONFIG_OPENVSWITCH is not set
# CONFIG_VSOCKETS is not set
-# CONFIG_NETLINK_MMAP is not set
# CONFIG_NETLINK_DIAG is not set
# CONFIG_MPLS is not set
# CONFIG_HSR is not set
# CONFIG_NET_SWITCHDEV is not set
+# CONFIG_NET_L3_MASTER_DEV is not set
+CONFIG_SOCK_CGROUP_DATA=y
+CONFIG_CGROUP_NET_PRIO=y
+CONFIG_CGROUP_NET_CLASSID=y
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
@@ -838,6 +898,7 @@ CONFIG_BQL=y
# CONFIG_IRDA is not set
# CONFIG_BT is not set
# CONFIG_AF_RXRPC is not set
+# CONFIG_AF_KCM is not set
CONFIG_FIB_RULES=y
CONFIG_WIRELESS=y
# CONFIG_CFG80211 is not set
@@ -855,6 +916,10 @@ CONFIG_NET_9P_VIRTIO=y
# CONFIG_CAIF is not set
# CONFIG_CEPH_LIB is not set
# CONFIG_NFC is not set
+# CONFIG_LWTUNNEL is not set
+CONFIG_DST_CACHE=y
+# CONFIG_NET_DEVLINK is not set
+CONFIG_MAY_USE_DEVLINK=y
CONFIG_HAVE_BPF_JIT=y
#
@@ -866,7 +931,8 @@ CONFIG_HAVE_BPF_JIT=y
#
CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
-# CONFIG_DEVTMPFS is not set
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
@@ -909,7 +975,6 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
# CONFIG_BLK_DEV_CRYPTOLOOP is not set
# CONFIG_BLK_DEV_DRBD is not set
CONFIG_BLK_DEV_NBD=y
-# CONFIG_BLK_DEV_NVME is not set
# CONFIG_BLK_DEV_SKD is not set
# CONFIG_BLK_DEV_SX8 is not set
# CONFIG_BLK_DEV_RAM is not set
@@ -919,6 +984,7 @@ CONFIG_VIRTIO_BLK=y
# CONFIG_BLK_DEV_HD is not set
# CONFIG_BLK_DEV_RBD is not set
# CONFIG_BLK_DEV_RSXX is not set
+# CONFIG_BLK_DEV_NVME is not set
#
# Misc devices
@@ -947,6 +1013,9 @@ CONFIG_VIRTIO_BLK=y
#
# Altera FPGA firmware download module
#
+# CONFIG_INTEL_MEI is not set
+# CONFIG_INTEL_MEI_ME is not set
+# CONFIG_INTEL_MEI_TXE is not set
# CONFIG_VMWARE_VMCI is not set
#
@@ -960,6 +1029,11 @@ CONFIG_VIRTIO_BLK=y
# CONFIG_SCIF_BUS is not set
#
+# VOP Bus Driver
+#
+# CONFIG_VOP_BUS is not set
+
+#
# Intel MIC Host Driver
#
@@ -970,10 +1044,19 @@ CONFIG_VIRTIO_BLK=y
#
# SCIF Driver
#
+
+#
+# Intel MIC Coprocessor State Management (COSM) Drivers
+#
+
+#
+# VOP Driver
+#
# CONFIG_GENWQE is not set
# CONFIG_ECHO is not set
# CONFIG_CXL_BASE is not set
# CONFIG_CXL_KERNEL_API is not set
+# CONFIG_CXL_EEH is not set
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
@@ -1004,6 +1087,8 @@ CONFIG_DUMMY=y
# CONFIG_MACVLAN is not set
# CONFIG_IPVLAN is not set
# CONFIG_VXLAN is not set
+# CONFIG_GENEVE is not set
+# CONFIG_MACSEC is not set
# CONFIG_NETCONSOLE is not set
# CONFIG_NETPOLL is not set
# CONFIG_NET_POLL_CONTROLLER is not set
@@ -1046,6 +1131,7 @@ CONFIG_NET_VENDOR_ATHEROS=y
# CONFIG_ATL1E is not set
# CONFIG_ATL1C is not set
# CONFIG_ALX is not set
+# CONFIG_NET_VENDOR_AURORA is not set
CONFIG_NET_CADENCE=y
# CONFIG_MACB is not set
CONFIG_NET_VENDOR_BROADCOM=y
@@ -1055,6 +1141,7 @@ CONFIG_NET_VENDOR_BROADCOM=y
# CONFIG_CNIC is not set
# CONFIG_TIGON3 is not set
# CONFIG_BNX2X is not set
+# CONFIG_BNXT is not set
CONFIG_NET_VENDOR_BROCADE=y
# CONFIG_BNA is not set
CONFIG_NET_VENDOR_CAVIUM=y
@@ -1097,16 +1184,17 @@ CONFIG_NET_VENDOR_INTEL=y
# CONFIG_I40EVF is not set
# CONFIG_FM10K is not set
CONFIG_NET_VENDOR_I825XX=y
-# CONFIG_IP1000 is not set
# CONFIG_JME is not set
CONFIG_NET_VENDOR_MARVELL=y
# CONFIG_MVMDIO is not set
+# CONFIG_MVNETA_BM is not set
# CONFIG_SKGE is not set
# CONFIG_SKY2 is not set
CONFIG_NET_VENDOR_MELLANOX=y
# CONFIG_MLX4_EN is not set
# CONFIG_MLX4_CORE is not set
# CONFIG_MLX5_CORE is not set
+# CONFIG_MLXSW_CORE is not set
CONFIG_NET_VENDOR_MICREL=y
# CONFIG_KS8851_MLL is not set
# CONFIG_KSZ884X_PCI is not set
@@ -1116,6 +1204,8 @@ CONFIG_NET_VENDOR_MYRI=y
CONFIG_NET_VENDOR_NATSEMI=y
# CONFIG_NATSEMI is not set
# CONFIG_NS83820 is not set
+CONFIG_NET_VENDOR_NETRONOME=y
+# CONFIG_NFP_NETVF is not set
CONFIG_NET_VENDOR_8390=y
# CONFIG_NE2K_PCI is not set
CONFIG_NET_VENDOR_NVIDIA=y
@@ -1130,6 +1220,7 @@ CONFIG_NET_VENDOR_QLOGIC=y
# CONFIG_QLCNIC is not set
# CONFIG_QLGE is not set
# CONFIG_NETXEN_NIC is not set
+# CONFIG_QED is not set
CONFIG_NET_VENDOR_QUALCOMM=y
CONFIG_NET_VENDOR_REALTEK=y
# CONFIG_8139CP is not set
@@ -1159,6 +1250,7 @@ CONFIG_NET_VENDOR_SUN=y
# CONFIG_SUNGEM is not set
# CONFIG_CASSINI is not set
# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_SYNOPSYS=y
CONFIG_NET_VENDOR_TEHUTI=y
# CONFIG_TEHUTI is not set
CONFIG_NET_VENDOR_TI=y
@@ -1181,17 +1273,34 @@ CONFIG_NET_VENDOR_WIZNET=y
# Host-side USB support is needed for USB Network Adapter support
#
CONFIG_WLAN=y
-# CONFIG_PRISM54 is not set
+CONFIG_WLAN_VENDOR_ADMTEK=y
+CONFIG_WLAN_VENDOR_ATH=y
+# CONFIG_ATH_DEBUG is not set
+# CONFIG_ATH5K_PCI is not set
+CONFIG_WLAN_VENDOR_ATMEL=y
+CONFIG_WLAN_VENDOR_BROADCOM=y
+CONFIG_WLAN_VENDOR_CISCO=y
+CONFIG_WLAN_VENDOR_INTEL=y
+CONFIG_WLAN_VENDOR_INTERSIL=y
# CONFIG_HOSTAP is not set
-# CONFIG_WL_MEDIATEK is not set
-# CONFIG_WL_TI is not set
+# CONFIG_PRISM54 is not set
+CONFIG_WLAN_VENDOR_MARVELL=y
+CONFIG_WLAN_VENDOR_MEDIATEK=y
+CONFIG_WLAN_VENDOR_RALINK=y
+CONFIG_WLAN_VENDOR_REALTEK=y
+CONFIG_WLAN_VENDOR_RSI=y
+CONFIG_WLAN_VENDOR_ST=y
+CONFIG_WLAN_VENDOR_TI=y
+CONFIG_WLAN_VENDOR_ZYDAS=y
#
# Enable WiMAX (Networking options) to see the WiMAX drivers
#
# CONFIG_WAN is not set
# CONFIG_VMXNET3 is not set
+# CONFIG_FUJITSU_ES is not set
# CONFIG_ISDN is not set
+# CONFIG_NVM is not set
#
# Input device support
@@ -1227,6 +1336,7 @@ CONFIG_KEYBOARD_ATKBD=y
CONFIG_INPUT_MOUSE=y
CONFIG_MOUSE_PS2=y
CONFIG_MOUSE_PS2_ALPS=y
+CONFIG_MOUSE_PS2_BYD=y
CONFIG_MOUSE_PS2_LOGIPS2PP=y
CONFIG_MOUSE_PS2_SYNAPTICS=y
CONFIG_MOUSE_PS2_CYPRESS=y
@@ -1245,6 +1355,7 @@ CONFIG_MOUSE_PS2_FOCALTECH=y
# CONFIG_INPUT_TABLET is not set
# CONFIG_INPUT_TOUCHSCREEN is not set
# CONFIG_INPUT_MISC is not set
+# CONFIG_RMI4_CORE is not set
#
# Hardware I/O ports
@@ -1260,6 +1371,7 @@ CONFIG_SERIO_LIBPS2=y
# CONFIG_SERIO_ALTERA_PS2 is not set
# CONFIG_SERIO_PS2MULT is not set
# CONFIG_SERIO_ARC_PS2 is not set
+# CONFIG_USERIO is not set
# CONFIG_GAMEPORT is not set
#
@@ -1291,6 +1403,7 @@ CONFIG_DEVKMEM=y
#
# Non-8250 serial port support
#
+# CONFIG_SERIAL_UARTLITE is not set
# CONFIG_SERIAL_JSM is not set
# CONFIG_SERIAL_SCCNXP is not set
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
@@ -1298,6 +1411,7 @@ CONFIG_DEVKMEM=y
# CONFIG_SERIAL_ARC is not set
# CONFIG_SERIAL_RP2 is not set
# CONFIG_SERIAL_FSL_LPUART is not set
+# CONFIG_SERIAL_MVEBU_UART is not set
CONFIG_HVC_DRIVER=y
CONFIG_VIRTIO_CONSOLE=y
# CONFIG_IPMI_HANDLER is not set
@@ -1348,7 +1462,7 @@ CONFIG_POWER_SUPPLY=y
# CONFIG_TEST_POWER is not set
# CONFIG_BATTERY_DS2780 is not set
# CONFIG_BATTERY_DS2781 is not set
-# CONFIG_BATTERY_BQ27x00 is not set
+# CONFIG_BATTERY_BQ27XXX is not set
# CONFIG_CHARGER_MAX8903 is not set
# CONFIG_POWER_RESET is not set
# CONFIG_POWER_AVS is not set
@@ -1410,10 +1524,7 @@ CONFIG_THERMAL_GOV_STEP_WISE=y
# CONFIG_INTEL_POWERCLAMP is not set
# CONFIG_INTEL_SOC_DTS_THERMAL is not set
# CONFIG_INT340X_THERMAL is not set
-
-#
-# Texas Instruments thermal drivers
-#
+# CONFIG_INTEL_PCH_THERMAL is not set
# CONFIG_WATCHDOG is not set
CONFIG_SSB_POSSIBLE=y
@@ -1436,6 +1547,8 @@ CONFIG_BCMA_POSSIBLE=y
# CONFIG_HTC_PASIC3 is not set
# CONFIG_LPC_ICH is not set
# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_INTEL_LPSS_ACPI is not set
+# CONFIG_MFD_INTEL_LPSS_PCI is not set
# CONFIG_MFD_JANZ_CMODIO is not set
# CONFIG_MFD_KEMPLD is not set
# CONFIG_MFD_MT6397 is not set
@@ -1457,11 +1570,12 @@ CONFIG_BCMA_POSSIBLE=y
CONFIG_VGA_ARB=y
CONFIG_VGA_ARB_MAX_GPUS=16
# CONFIG_VGA_SWITCHEROO is not set
+# CONFIG_DRM is not set
#
-# Direct Rendering Manager
+# ACP (Audio CoProcessor) Configuration
#
-# CONFIG_DRM is not set
+# CONFIG_DRM_AMD_ACP is not set
#
# Frame buffer Devices
@@ -1502,11 +1616,14 @@ CONFIG_HID_APPLE=y
CONFIG_HID_BELKIN=y
CONFIG_HID_CHERRY=y
CONFIG_HID_CHICONY=y
+# CONFIG_HID_CMEDIA is not set
CONFIG_HID_CYPRESS=y
# CONFIG_HID_DRAGONRISE is not set
# CONFIG_HID_EMS_FF is not set
# CONFIG_HID_ELECOM is not set
CONFIG_HID_EZKEY=y
+# CONFIG_HID_GEMBIRD is not set
+# CONFIG_HID_GFRM is not set
# CONFIG_HID_KEYTOUCH is not set
# CONFIG_HID_KYE is not set
# CONFIG_HID_WALTOP is not set
@@ -1602,11 +1719,13 @@ CONFIG_X86_PLATFORM_DEVICES=y
# CONFIG_HP_WIRELESS is not set
# CONFIG_SENSORS_HDAPS is not set
# CONFIG_INTEL_MENLOW is not set
+# CONFIG_ASUS_WIRELESS is not set
# CONFIG_ACPI_WMI is not set
# CONFIG_TOPSTAR_LAPTOP is not set
# CONFIG_TOSHIBA_BT_RFKILL is not set
# CONFIG_TOSHIBA_HAPS is not set
# CONFIG_ACPI_CMPC is not set
+# CONFIG_INTEL_HID_EVENT is not set
# CONFIG_INTEL_IPS is not set
# CONFIG_IBM_RTL is not set
# CONFIG_SAMSUNG_Q10 is not set
@@ -1614,6 +1733,8 @@ CONFIG_X86_PLATFORM_DEVICES=y
# CONFIG_INTEL_SMARTCONNECT is not set
# CONFIG_PVPANIC is not set
# CONFIG_INTEL_PMC_IPC is not set
+# CONFIG_SURFACE_PRO3_BUTTON is not set
+# CONFIG_INTEL_PUNIT_IPC is not set
# CONFIG_CHROME_PLATFORMS is not set
#
@@ -1662,6 +1783,7 @@ CONFIG_IOMMU_SUPPORT=y
# CONFIG_NTB is not set
# CONFIG_VME_BUS is not set
# CONFIG_PWM is not set
+CONFIG_ARM_GIC_MAX_NR=1
# CONFIG_IPACK_BUS is not set
# CONFIG_RESET_CONTROLLER is not set
# CONFIG_FMC is not set
@@ -1675,6 +1797,11 @@ CONFIG_IOMMU_SUPPORT=y
# CONFIG_BCM_KONA_USB2_PHY is not set
# CONFIG_POWERCAP is not set
# CONFIG_MCB is not set
+
+#
+# Performance monitor support
+#
+# CONFIG_RAS is not set
# CONFIG_THUNDERBOLT is not set
#
@@ -1682,6 +1809,14 @@ CONFIG_IOMMU_SUPPORT=y
#
# CONFIG_ANDROID is not set
# CONFIG_LIBNVDIMM is not set
+# CONFIG_NVMEM is not set
+# CONFIG_STM is not set
+# CONFIG_INTEL_TH is not set
+
+#
+# FPGA Configuration Support
+#
+# CONFIG_FPGA is not set
#
# Firmware Drivers
@@ -1694,6 +1829,7 @@ CONFIG_DMIID=y
# CONFIG_DMI_SYSFS is not set
CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
# CONFIG_ISCSI_IBFT_FIND is not set
+# CONFIG_FW_CFG_SYSFS is not set
# CONFIG_GOOGLE_FIRMWARE is not set
#
@@ -1703,10 +1839,16 @@ CONFIG_DCACHE_WORD_ACCESS=y
CONFIG_EXT2_FS=y
# CONFIG_EXT2_FS_XATTR is not set
CONFIG_EXT3_FS=y
-# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
-# CONFIG_EXT3_FS_XATTR is not set
-# CONFIG_EXT4_FS is not set
-CONFIG_JBD=y
+# CONFIG_EXT3_FS_POSIX_ACL is not set
+# CONFIG_EXT3_FS_SECURITY is not set
+CONFIG_EXT4_FS=y
+# CONFIG_EXT4_FS_POSIX_ACL is not set
+# CONFIG_EXT4_FS_SECURITY is not set
+# CONFIG_EXT4_ENCRYPTION is not set
+# CONFIG_EXT4_DEBUG is not set
+CONFIG_JBD2=y
+# CONFIG_JBD2_DEBUG is not set
+CONFIG_FS_MBCACHE=y
CONFIG_REISERFS_FS=y
# CONFIG_REISERFS_CHECK is not set
# CONFIG_REISERFS_PROC_INFO is not set
@@ -1719,7 +1861,10 @@ CONFIG_REISERFS_FS=y
# CONFIG_F2FS_FS is not set
# CONFIG_FS_DAX is not set
CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
CONFIG_FILE_LOCKING=y
+CONFIG_MANDATORY_FILE_LOCKING=y
+# CONFIG_FS_ENCRYPTION is not set
CONFIG_FSNOTIFY=y
CONFIG_DNOTIFY=y
CONFIG_INOTIFY_USER=y
@@ -1772,6 +1917,7 @@ CONFIG_TMPFS=y
# CONFIG_HUGETLB_PAGE is not set
# CONFIG_CONFIGFS_FS is not set
CONFIG_MISC_FILESYSTEMS=y
+# CONFIG_ORANGEFS_FS is not set
# CONFIG_ADFS_FS is not set
# CONFIG_AFFS_FS is not set
# CONFIG_HFS_FS is not set
@@ -1885,8 +2031,10 @@ CONFIG_FRAME_WARN=1024
# CONFIG_DEBUG_FS is not set
# CONFIG_HEADERS_CHECK is not set
# CONFIG_DEBUG_SECTION_MISMATCH is not set
+CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_ARCH_WANT_FRAME_POINTERS=y
CONFIG_FRAME_POINTER=y
+# CONFIG_STACK_VALIDATION is not set
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
# CONFIG_MAGIC_SYSRQ is not set
CONFIG_DEBUG_KERNEL=y
@@ -1896,6 +2044,7 @@ CONFIG_DEBUG_KERNEL=y
#
# CONFIG_PAGE_EXTENSION is not set
# CONFIG_DEBUG_PAGEALLOC is not set
+# CONFIG_PAGE_POISONING is not set
# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_DEBUG_SLAB is not set
CONFIG_HAVE_DEBUG_KMEMLEAK=y
@@ -1908,6 +2057,9 @@ CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
# CONFIG_DEBUG_STACKOVERFLOW is not set
CONFIG_HAVE_ARCH_KMEMCHECK=y
CONFIG_HAVE_ARCH_KASAN=y
+# CONFIG_KASAN is not set
+CONFIG_ARCH_HAS_KCOV=y
+# CONFIG_KCOV is not set
# CONFIG_DEBUG_SHIRQ is not set
#
@@ -1918,6 +2070,7 @@ CONFIG_DETECT_HUNG_TASK=y
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
+# CONFIG_WQ_WATCHDOG is not set
# CONFIG_PANIC_ON_OOPS is not set
CONFIG_PANIC_ON_OOPS_VALUE=0
CONFIG_PANIC_TIMEOUT=0
@@ -1959,6 +2112,7 @@ CONFIG_DEBUG_BUGVERBOSE=y
# CONFIG_RCU_TORTURE_TEST is not set
# CONFIG_RCU_TRACE is not set
# CONFIG_RCU_EQS_DEBUG is not set
+# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set
# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
# CONFIG_NOTIFIER_ERROR_INJECTION is not set
# CONFIG_FAULT_INJECTION is not set
@@ -2003,6 +2157,8 @@ CONFIG_BRANCH_PROFILE_NONE=y
# CONFIG_TEST_HEXDUMP is not set
# CONFIG_TEST_STRING_HELPERS is not set
# CONFIG_TEST_KSTRTOX is not set
+# CONFIG_TEST_PRINTF is not set
+# CONFIG_TEST_BITMAP is not set
# CONFIG_TEST_RHASHTABLE is not set
# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
# CONFIG_DMA_API_DEBUG is not set
@@ -2012,13 +2168,17 @@ CONFIG_BRANCH_PROFILE_NONE=y
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
# CONFIG_KGDB is not set
+CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
+# CONFIG_UBSAN is not set
+CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
# CONFIG_STRICT_DEVMEM is not set
CONFIG_X86_VERBOSE_BOOTUP=y
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_X86_PTDUMP_CORE is not set
# CONFIG_X86_PTDUMP is not set
-CONFIG_DEBUG_RODATA=y
CONFIG_DEBUG_RODATA_TEST=y
+# CONFIG_DEBUG_WX is not set
CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_IOMMU_DEBUG is not set
@@ -2037,7 +2197,6 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=0
# CONFIG_OPTIMIZE_INLINING is not set
# CONFIG_DEBUG_ENTRY is not set
# CONFIG_DEBUG_NMI_SELFTEST is not set
-# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
CONFIG_X86_DEBUG_FPU=y
# CONFIG_PUNIT_ATOM_DEBUG is not set
@@ -2066,8 +2225,6 @@ CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_RNG=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=y
-CONFIG_CRYPTO_PCOMP=y
-CONFIG_CRYPTO_PCOMP2=y
CONFIG_CRYPTO_AKCIPHER2=y
# CONFIG_CRYPTO_RSA is not set
CONFIG_CRYPTO_MANAGER=y
@@ -2076,6 +2233,7 @@ CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
CONFIG_CRYPTO_GF128MUL=y
CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_NULL2=y
CONFIG_CRYPTO_WORKQUEUE=y
CONFIG_CRYPTO_CRYPTD=y
# CONFIG_CRYPTO_MCRYPTD is not set
@@ -2102,6 +2260,7 @@ CONFIG_CRYPTO_ECB=y
CONFIG_CRYPTO_LRW=y
CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_XTS=y
+# CONFIG_CRYPTO_KEYWRAP is not set
#
# Hash modes
@@ -2121,6 +2280,7 @@ CONFIG_CRYPTO_CRC32C=y
# CONFIG_CRYPTO_CRCT10DIF is not set
CONFIG_CRYPTO_GHASH=y
CONFIG_CRYPTO_POLY1305=y
+CONFIG_CRYPTO_POLY1305_X86_64=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=y
@@ -2166,6 +2326,7 @@ CONFIG_CRYPTO_KHAZAD=y
CONFIG_CRYPTO_SALSA20=y
CONFIG_CRYPTO_SALSA20_X86_64=y
CONFIG_CRYPTO_CHACHA20=y
+CONFIG_CRYPTO_CHACHA20_X86_64=y
CONFIG_CRYPTO_SEED=y
CONFIG_CRYPTO_SERPENT=y
CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
@@ -2182,7 +2343,6 @@ CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y
# Compression
#
CONFIG_CRYPTO_DEFLATE=y
-CONFIG_CRYPTO_ZLIB=y
CONFIG_CRYPTO_LZO=y
CONFIG_CRYPTO_842=y
CONFIG_CRYPTO_LZ4=y
@@ -2204,6 +2364,10 @@ CONFIG_CRYPTO_USER_API_SKCIPHER=y
# CONFIG_CRYPTO_USER_API_RNG is not set
CONFIG_CRYPTO_USER_API_AEAD=y
# CONFIG_CRYPTO_HW is not set
+
+#
+# Certificates for signature checking
+#
CONFIG_HAVE_KVM=y
CONFIG_VIRTUALIZATION=y
# CONFIG_KVM is not set
@@ -2259,8 +2423,10 @@ CONFIG_HAS_DMA=y
CONFIG_DQL=y
CONFIG_NLATTR=y
CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
-CONFIG_AVERAGE=y
# CONFIG_CORDIC is not set
# CONFIG_DDR is not set
+# CONFIG_IRQ_POLL is not set
+# CONFIG_SG_SPLIT is not set
CONFIG_ARCH_HAS_SG_CHAIN=y
CONFIG_ARCH_HAS_PMEM_API=y
+CONFIG_ARCH_HAS_MMIO_FLUSH=y
diff --git a/testing/do-tests b/testing/do-tests
index 2a424e5..d0d1ead 100755
--- a/testing/do-tests
+++ b/testing/do-tests
@@ -111,6 +111,13 @@ done
[ -f $SHAREDDIR/.strongswan-version ] && SWANVERSION=`cat $SHAREDDIR/.strongswan-version`
KERNELVERSION=`ssh $SSHCONF root@\$ipv4_winnetou uname -r 2>/dev/null`
+# check if tcpdump supports --immediate-mode
+ssh $SSHCONF root@$ipv4_winnetou tcpdump --immediate-mode -c 1 >/dev/null 2>&1
+if [ $? -eq 0 ]
+then
+ TCPDUMP_IM=--immediate-mode
+fi
+
##############################################################################
# create header for the results html file
#
@@ -359,7 +366,7 @@ do
do
host=`echo $host_iface | awk -F ":" '{print $1}'`
iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'`
- tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain > /tmp/tcpdump.log 2>&1 &"
+ tcpdump_cmd="tcpdump -l $TCPDUMP_IM -i $iface not port ssh and not port domain >/tmp/tcpdump.log 2>/tmp/tcpdump.err.log &"
echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG
ssh $SSHCONF root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'`
eval TDUP_${host}="true"
@@ -417,10 +424,12 @@ do
#
function stop_tcpdump {
+ # wait for packets to get processed, but don't wait longer than 1s
+ eval ssh $SSHCONF root@\$ipv4_${1} "\"i=100; while [ \\\$i -gt 0 ]; do pkill -USR1 tcpdump; tail -1 /tmp/tcpdump.err.log | perl -n -e '/(\\d+).*?(\\d+)/; exit (\\\$1 == \\\$2)' || break; sleep 0.01; i=\\\$((\\\$i-1)); done;\""
echo "${1}# killall tcpdump" >> $CONSOLE_LOG
- eval ssh $SSHCONF root@\$ipv4_${1} killall tcpdump
+ eval ssh $SSHCONF root@\$ipv4_${1} "\"killall tcpdump; while true; do killall -q -0 tcpdump || break; sleep 0.01; done;\""
eval TDUP_${1}="false"
- echo ""
+ echo "" >> $CONSOLE_LOG
}
@@ -712,15 +721,9 @@ do
for host in $TCPDUMPHOSTS
do
- eval HOSTLOGIN=root@\$ipv4_${host}
-
- scp $SSHCONF $HOSTLOGIN:/tmp/tcpdump.log \
- $TESTRESULTDIR/${host}.tcpdump.log > /dev/null 2>&1
-
cat >> $TESTRESULTDIR/index.html <<@EOF
<li><a href="$host.tcpdump.log">$host tcpdump.log</a></li>
@EOF
-
done
cat >> $TESTRESULTDIR/index.html <<@EOF
@@ -802,10 +805,11 @@ do
do
if [ "`eval echo \\\$TDUP_${host}`" = "true" ]
then
- echo "${host}# killall tcpdump" >> $CONSOLE_LOG
- eval ssh $SSHCONF root@\$ipv4_$host killall tcpdump
- eval TDUP_${host}="false"
+ stop_tcpdump $host
fi
+ eval HOSTLOGIN=root@\$ipv4_${host}
+ scp $SSHCONF $HOSTLOGIN:/tmp/tcpdump.log \
+ $TESTRESULTDIR/${host}.tcpdump.log > /dev/null 2>&1
done
##########################################################################
diff --git a/testing/hosts/default/etc/fstab b/testing/hosts/default/etc/fstab
index 1274723..9b0f702 100644
--- a/testing/hosts/default/etc/fstab
+++ b/testing/hosts/default/etc/fstab
@@ -1 +1,2 @@
+/dev/vda1 / ext3 defaults,relatime,barrier=1 0 1
/hostshare /root/shared 9p trans=virtio,version=9p2000.L 0 0
diff --git a/testing/hosts/default/etc/ssh/sshd_config b/testing/hosts/default/etc/ssh/sshd_config
index 07b7e78..ae2e4cc 100644
--- a/testing/hosts/default/etc/ssh/sshd_config
+++ b/testing/hosts/default/etc/ssh/sshd_config
@@ -1,5 +1,6 @@
Port 22
Protocol 2
+Ciphers arcfour
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
diff --git a/testing/hosts/default/usr/local/bin/expect-connection b/testing/hosts/default/usr/local/bin/expect-connection
index 17e2b7f..ded9f79 100755
--- a/testing/hosts/default/usr/local/bin/expect-connection
+++ b/testing/hosts/default/usr/local/bin/expect-connection
@@ -17,7 +17,7 @@ secs=$2
cmd="swanctl --list-conns"
grep 'load.*stroke' /etc/strongswan.conf >/dev/null
-if [ $? -eq 0 ]; then
+if [ $? -eq 0 -o -n "$DAEMON_NAME" ]; then
cmd="ipsec statusall"
fi
diff --git a/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf
new file mode 100644
index 0000000..6f5f301
--- /dev/null
+++ b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf
@@ -0,0 +1 @@
+AddType text/plain .iptables .log .sql
diff --git a/testing/hosts/winnetou/etc/apache2/sites-available/000-default.conf b/testing/hosts/winnetou/etc/apache2/sites-available/000-default.conf
new file mode 100644
index 0000000..9335899
--- /dev/null
+++ b/testing/hosts/winnetou/etc/apache2/sites-available/000-default.conf
@@ -0,0 +1,12 @@
+<VirtualHost *:80>
+ ServerAdmin webmaster at localhost
+
+ DocumentRoot /var/www
+ <Directory /var/www/>
+ Options Indexes FollowSymLinks MultiViews
+ </Directory>
+
+ LogLevel warn
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
diff --git a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf
similarity index 65%
rename from testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost
rename to testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf
index b76080e..0772c34 100644
--- a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost
+++ b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf
@@ -11,9 +11,14 @@ AddHandler cgi-script .cgi
ServerAlias 192.168.0.150
DirectoryIndex ocsp.cgi
<Directory "/etc/openssl/ocsp">
- Options +ExecCGI
- Order allow,deny
- Allow from all
+ Options +ExecCGI
+ <IfModule mod_authz_core.c>
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Allow from all
+ </IfModule>
</Directory>
ErrorLog /var/log/apache2/ocsp/error_log
CustomLog /var/log/apache2/ocsp/access_log combined
@@ -28,9 +33,14 @@ Listen 8881
ServerAlias ocsp.strongswan.org 192.168.0.150
DirectoryIndex ocsp.cgi
<Directory "/etc/openssl/research/ocsp">
- Options +ExecCGI
- Order allow,deny
- Allow from all
+ Options +ExecCGI
+ <IfModule mod_authz_core.c>
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Allow from all
+ </IfModule>
</Directory>
ErrorLog /var/log/apache2/ocsp/error_log
CustomLog /var/log/apache2/ocsp/access_log combined
@@ -45,9 +55,14 @@ Listen 8882
ServerAlias ocsp.strongswan.org 192.168.0.150
DirectoryIndex ocsp.cgi
<Directory "/etc/openssl/sales/ocsp">
- Options +ExecCGI
- Order allow,deny
- Allow from all
+ Options +ExecCGI
+ <IfModule mod_authz_core.c>
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Allow from all
+ </IfModule>
</Directory>
ErrorLog /var/log/apache2/ocsp/error_log
CustomLog /var/log/apache2/ocsp/access_log combined
diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl
index de3c13d..fd75ed0 100755
--- a/testing/hosts/winnetou/etc/openssl/generate-crl
+++ b/testing/hosts/winnetou/etc/openssl/generate-crl
@@ -14,6 +14,10 @@
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
+# libgnutls, if pulled in by libcurl, does not properly cleanup all memory,
+# which causes invalid frees during shutdown when leak detective is used
+export LEAK_DETECTIVE_DISABLE=1
+
export COMMON_NAME=strongSwan
ROOT=/var/www
diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage
index d9500cb..1264bd7 100755
--- a/testing/scripts/build-baseimage
+++ b/testing/scripts/build-baseimage
@@ -12,16 +12,27 @@ running_any $STRONGSWANHOSTS && die "Please stop test environment before running
check_commands debootstrap mkfs.ext3 partprobe qemu-img qemu-nbd sfdisk
# package includes/excludes
-INC=automake,autoconf,libtool,bison,flex,gperf,pkg-config,gettext
+INC=automake,autoconf,libtool,bison,flex,gperf,pkg-config,gettext,less
INC=$INC,build-essential,libgmp-dev,libldap2-dev,libcurl4-openssl-dev,ethtool
INC=$INC,libxml2-dev,libtspi-dev,libsqlite3-dev,openssh-server,tcpdump,psmisc
-INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libxerces-c2-dev,libltdl-dev
-INC=$INC,liblog4cxx10-dev,libboost-thread-dev,libboost-system-dev,git-core,iperf
-INC=$INC,less,acpid,acpi-support-base,libldns-dev,libunbound-dev,dnsutils,screen
-INC=$INC,gnat,gprbuild,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev,htop
-INC=$INC,libalog0.4.1-base-dev,hostapd,libsoup2.4-dev,ca-certificates,unzip
-INC=$INC,python,python-setuptools,python-dev,python-pip
+INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libltdl-dev,liblog4cxx10-dev
+INC=$INC,libboost-thread-dev,libboost-system-dev,git-core,iperf,htop,screen
+INC=$INC,gnat,gprbuild,acpid,acpi-support-base,libldns-dev,libunbound-dev
+INC=$INC,dnsutils,libsoup2.4-dev,ca-certificates,unzip
+INC=$INC,python,python-setuptools,python-dev,python-pip,apt-transport-https
INC=$INC,libjson0-dev,libxslt1-dev,libapache2-mod-wsgi,iptables-dev
+case "$BASEIMGSUITE" in
+wheezy)
+ INC=$INC,libxerces-c2-dev,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev
+ INC=$INC,libalog0.4.1-base-dev
+ ;;
+jessie)
+ INC=$INC,libxerces-c-dev,libahven4-dev,libxmlada5-dev,libgmpada5-dev
+ INC=$INC,libalog1-dev,libgcrypt20-dev
+ ;;
+*)
+ echo_warn "Package list for '$BASEIMGSUITE' might has to be updated"
+esac
SERVICES="apache2 dbus isc-dhcp-server slapd bind9"
INC=$INC,${SERVICES// /,}
@@ -45,7 +56,7 @@ execute "qemu-nbd -c $NBDEV $BASEIMG"
do_on_exit qemu-nbd -d $NBDEV
log_action "Partitioning disk"
-sfdisk /dev/nbd0 -D -uM >>$LOGFILE 2>&1 << EOF
+sfdisk /dev/nbd0 >>$LOGFILE 2>&1 << EOF
;
EOF
if [ $? != 0 ]
@@ -75,12 +86,39 @@ execute "debootstrap --arch=$BASEIMGARCH --include=$INC $BASEIMGSUITE $LOOPDIR $
execute "mount -t proc none $LOOPDIR/proc" 0
do_on_exit graceful_umount $LOOPDIR/proc
+log_action "Downloading signing key for custom apt repo"
+execute_chroot "wget -q $BASEIMGEXTKEY -O /tmp/key"
+log_action "Installing signing key for custom apt repo"
+execute_chroot "apt-key add /tmp/key"
+
+log_action "Enabling custom apt repo"
+cat > $LOOPDIR/etc/apt/sources.list.d/strongswan.list << EOF
+deb $BASEIMGEXTREPO $BASEIMGSUITE main
+EOF
+log_status $?
+
+log_action "Prioritize custom apt repo"
+cat > $LOOPDIR/etc/apt/preferences.d/strongswan.pref << EOF
+Package: *
+Pin: origin "$BASEIMGEXTREPOHOST"
+Pin-Priority: 1001
+EOF
+log_status $?
+
+log_action "Update package sources"
+execute_chroot "apt-get update"
+log_action "Install packages from custom repo"
+execute_chroot "apt-get -y upgrade"
+
for service in $SERVICES
do
- log_action "Stopping service $service"
- execute_chroot "/etc/init.d/$service stop"
log_action "Disabling service $service"
- execute_chroot "update-rc.d -f $service remove"
+ if [ "$BASEIMGSUITE" == "wheezy" ]
+ then
+ execute_chroot "update-rc.d -f $service remove"
+ else
+ execute_chroot "systemctl disable $service"
+ fi
done
log_action "Disabling root password"
diff --git a/testing/scripts/build-guestimages b/testing/scripts/build-guestimages
index 3e107c0..e2ec422 100755
--- a/testing/scripts/build-guestimages
+++ b/testing/scripts/build-guestimages
@@ -60,17 +60,25 @@ do
then
execute "mkdir $LOOPDIR/var/log/apache2/ocsp" 0
execute "cp -rf $DIR/../images $LOOPDIR/var/www/" 0
+ execute_chroot "a2enmod -q cgid" 0
execute_chroot "ln -s /etc/openssl/certs /var/www/certs" 0
execute_chroot "/etc/openssl/generate-crl" 0
- execute_chroot "update-rc.d apache2 defaults" 0
- execute_chroot "update-rc.d slapd defaults" 0
execute_chroot "rm -rf /var/lib/ldap/*" 0
execute_chroot "slapadd -l /etc/ldap/ldif.txt -f /etc/ldap/slapd.conf" 0
execute_chroot "chown -R openldap:openldap /var/lib/ldap" 0
execute_chroot "dnssec-signzone -K /etc/bind -o strongswan.org. /etc/bind/db.strongswan.org" 0
execute_chroot "dnssec-signzone -K /etc/bind -o org. /etc/bind/db.org" 0
execute_chroot "dnssec-signzone -K /etc/bind -o . /etc/bind/db.root" 0
- execute_chroot "update-rc.d bind9 defaults" 0
+
+ for service in "apache2 slapd bind9"
+ do
+ if [ "$BASEIMGSUITE" == "wheezy" ]
+ then
+ execute_chroot "update-rc.d $service defaults" 0
+ else
+ execute_chroot "systemctl enable $service" 0
+ fi
+ done
fi
sync
execute "umount -l $LOOPDIR" 0
diff --git a/testing/scripts/chroot b/testing/scripts/chroot
new file mode 100755
index 0000000..4f42455
--- /dev/null
+++ b/testing/scripts/chroot
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+DIR=$(dirname `readlink -f $0`)
+. $DIR/../testing.conf
+. $DIR/function.sh
+
+[ `id -u` -eq 0 ] || die "You must be root to run $0"
+running_any $STRONGSWANHOSTS && die "Please stop test environment before running $0"
+
+[ -n "$1" ] || die "$0 <image to mount: base|root|<guest>>"
+
+check_commands partprobe qemu-nbd
+
+load_qemu_nbd
+
+mkdir -p $LOOPDIR
+mkdir -p $IMGDIR
+mkdir -p $SHAREDDIR
+
+echo "Mounting image"
+
+case "$1" in
+base)
+ [ -f "$BASEIMG" ] || die "Base image $BASEIMG not found"
+ log_action "Connecting base image to NBD device $NBDEV"
+ execute "qemu-nbd -c $NBDEV $BASEIMG"
+ affected="root and guest"
+ ;;
+root)
+ [ -f "$ROOTIMG" ] || die "Root image $ROOTIMG not found"
+ log_action "Connecting root image to NBD device $NBDEV"
+ execute "qemu-nbd -c $NBDEV $ROOTIMG"
+ affected="guest"
+ ;;
+*)
+ echo $STRONGSWANHOSTS | grep -q "\b$1\b" || die "Guest $1 not found"
+ GUESTIMG="$IMGDIR/$1.$IMGEXT"
+ [ -f "$GUESTIMG" ] || die "Guest image $GUESTIMG not found"
+ log_action "Connecting guest image to NBD device $NBDEV"
+ execute "qemu-nbd -c $NBDEV $GUESTIMG"
+ ;;
+esac
+
+do_on_exit qemu-nbd -d $NBDEV
+partprobe $NBDEV
+
+log_action "Mounting $NBDPARTITION to $LOOPDIR"
+execute "mount $NBDPARTITION $LOOPDIR"
+do_on_exit umount $LOOPDIR
+
+log_action "Mounting proc filesystem to $LOOPDIR/proc"
+execute "mount -t proc none $LOOPDIR/proc"
+do_on_exit umount $LOOPDIR/proc
+
+mkdir -p $LOOPDIR/root/shared
+log_action "Mounting $SHAREDDIR as /root/shared"
+execute "mount -o bind $SHAREDDIR $LOOPDIR/root/shared"
+do_on_exit umount $LOOPDIR/root/shared
+
+if [ -n "$affected" ]; then
+echo
+echo "Rebuild the $affected images after making changes to this image!"
+echo
+fi
+
+export debian_chroot="$1"
+chroot $LOOPDIR /bin/bash -i
diff --git a/testing/scripts/function.sh b/testing/scripts/function.sh
index bab2f74..9a32c44 100755
--- a/testing/scripts/function.sh
+++ b/testing/scripts/function.sh
@@ -17,6 +17,7 @@
export TERM=xterm
RED=$(tput setaf 1)
GREEN=$(tput setaf 2)
+YELLOW=$(tput setaf 3)
NORMAL=$(tput op)
# exit with given error message
@@ -66,6 +67,13 @@ echo_failed()
echo -e "${RED}$1${NORMAL}"
}
+# write yellow status message to console
+# $1 - msg
+echo_warn()
+{
+ echo -e "${YELLOW}$1${NORMAL}"
+}
+
# log an action
# $1 - current action description
log_action()
diff --git a/testing/scripts/recipes/002_tnc-fhh.mk b/testing/scripts/recipes/002_tnc-fhh.mk
index 397cef9..d4ed4f9 100644
--- a/testing/scripts/recipes/002_tnc-fhh.mk
+++ b/testing/scripts/recipes/002_tnc-fhh.mk
@@ -9,6 +9,9 @@ CONFIG_OPTS = \
-DCOMPONENT=all \
-DNAL=8021x
+PATCHES = \
+ tnc-fhh-tncsim
+
all: install
.$(PKG)-cloned:
@@ -16,7 +19,11 @@ all: install
mkdir $(PKG)/build
@touch $@
-.$(PKG)-configured: .$(PKG)-cloned
+.$(PKG)-patches-applied: .$(PKG)-cloned
+ cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1
+ @touch $@
+
+.$(PKG)-configured: .$(PKG)-patches-applied
cd $(PKG)/build && cmake $(CONFIG_OPTS) ../
@touch $@
diff --git a/testing/scripts/recipes/003_freeradius.mk b/testing/scripts/recipes/003_freeradius.mk
index 05ed8b3..71cfc23 100644
--- a/testing/scripts/recipes/003_freeradius.mk
+++ b/testing/scripts/recipes/003_freeradius.mk
@@ -1,6 +1,6 @@
#!/usr/bin/make
-PV = 2.2.1
+PV = 2.2.8
PKG = freeradius-server-$(PV)
TAR = $(PKG).tar.bz2
SRC = ftp://ftp.freeradius.org/pub/freeradius/old/$(TAR)
diff --git a/testing/scripts/recipes/004_wpa_supplicant.mk b/testing/scripts/recipes/004_hostapd.mk
similarity index 83%
copy from testing/scripts/recipes/004_wpa_supplicant.mk
copy to testing/scripts/recipes/004_hostapd.mk
index 14b64ea..0acd428 100644
--- a/testing/scripts/recipes/004_wpa_supplicant.mk
+++ b/testing/scripts/recipes/004_hostapd.mk
@@ -1,18 +1,18 @@
#!/usr/bin/make
PV = 2.0
-PKG = wpa_supplicant-$(PV)
+PKG = hostapd-$(PV)
TAR = $(PKG).tar.gz
-SRC = http://hostap.epitest.fi/releases/$(TAR)
+SRC = http://w1.fi/releases/$(TAR)
NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)
CONFIG_OPTS =
PATCHES = \
- wpa_supplicant-eap-tnc
+ hostapd-config
-SUBDIR = wpa_supplicant
+SUBDIR = hostapd
all: install
diff --git a/testing/scripts/recipes/004_wpa_supplicant.mk b/testing/scripts/recipes/004_wpa_supplicant.mk
index 14b64ea..4cc870c 100644
--- a/testing/scripts/recipes/004_wpa_supplicant.mk
+++ b/testing/scripts/recipes/004_wpa_supplicant.mk
@@ -3,7 +3,7 @@
PV = 2.0
PKG = wpa_supplicant-$(PV)
TAR = $(PKG).tar.gz
-SRC = http://hostap.epitest.fi/releases/$(TAR)
+SRC = http://w1.fi/releases/$(TAR)
NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)
diff --git a/testing/scripts/recipes/011_openssl-fips.mk b/testing/scripts/recipes/011_openssl-fips.mk
deleted file mode 100644
index 5d28b18..0000000
--- a/testing/scripts/recipes/011_openssl-fips.mk
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/make
-
-PV = 2.0.3
-PKG = openssl-fips-$(PV)
-TAR = $(PKG).tar.gz
-SRC = http://www.openssl.org/source/$(TAR)
-
-all: install
-
-$(TAR):
- wget $(SRC)
-
-$(PKG): $(TAR)
- tar xfz $(TAR)
-
-configure: $(PKG)
- cd $(PKG) && ./config
-
-build: configure
- cd $(PKG) && make
-
-install: build
- cd $(PKG) && make install
diff --git a/testing/scripts/recipes/012_openssl.mk b/testing/scripts/recipes/012_openssl.mk
deleted file mode 100644
index 16aec23..0000000
--- a/testing/scripts/recipes/012_openssl.mk
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/make
-
-PV = 1.0.1e
-PKG = openssl-$(PV)
-SRC = http://download.strongswan.org/testing/openssl-fips/
-
-all: install
-
-$(PKG):
- wget -r $(SRC) --no-directories --directory-prefix $(PKG) --accept deb --no-parent
-
-install: $(PKG)
- cd $(PKG) && dpkg -i *.deb
diff --git a/testing/scripts/recipes/patches/freeradius-tnc-fhh b/testing/scripts/recipes/patches/freeradius-tnc-fhh
index 7855383..26a233d 100644
--- a/testing/scripts/recipes/patches/freeradius-tnc-fhh
+++ b/testing/scripts/recipes/patches/freeradius-tnc-fhh
@@ -5463,8 +5463,8 @@ diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc
-HEADERS = eap_tnc.h tncs.h tncs_connect.h ../../eap.h ../../rlm_eap.h
+SRCS = rlm_eap_tnc.c eap_tnc.c
+HEADERS = eap_tnc.h ../../eap.h ../../rlm_eap.h
- RLM_CFLAGS = -I../.. -I../../libeap $(OPENSSL_INCLUDE) @eap_tnc_cflags@
- RLM_LIBS = @eap_tnc_ldflags@ ../../libeap/$(LIBPREFIX)freeradius-eap.la $(OPENSSL_LIBS)
+ RLM_CFLAGS = -I../.. -I../../libeap @eap_tnc_cflags@
+ RLM_LIBS = @eap_tnc_ldflags@ ../../libeap/$(LIBPREFIX)freeradius-eap.la
RLM_INSTALL =
diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c
--- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c 2012-09-10 13:51:34.000000000 +0200
diff --git a/testing/scripts/recipes/patches/hostapd-config b/testing/scripts/recipes/patches/hostapd-config
new file mode 100644
index 0000000..b26d278
--- /dev/null
+++ b/testing/scripts/recipes/patches/hostapd-config
@@ -0,0 +1,38 @@
+diff -u -ur hostapd-2.0.orig/hostapd/defconfig hostapd-2.0/hostapd/defconfig
+--- hostapd-2.0.orig/hostapd/defconfig 2013-01-12 16:42:53.000000000 +0100
++++ hostapd-2.0/hostapd/defconfig 2016-06-15 17:32:57.000000000 +0200
+@@ -13,14 +13,14 @@
+ CONFIG_DRIVER_HOSTAP=y
+
+ # Driver interface for wired authenticator
+-#CONFIG_DRIVER_WIRED=y
++CONFIG_DRIVER_WIRED=y
+
+ # Driver interface for madwifi driver
+ #CONFIG_DRIVER_MADWIFI=y
+ #CFLAGS += -I../../madwifi # change to the madwifi source directory
+
+ # Driver interface for drivers using the nl80211 kernel interface
+-CONFIG_DRIVER_NL80211=y
++#CONFIG_DRIVER_NL80211=y
+
+ # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+ #CONFIG_DRIVER_BSD=y
+@@ -30,7 +30,7 @@
+ #LIBS_c += -L/usr/local/lib
+
+ # Driver interface for no driver (e.g., RADIUS server only)
+-#CONFIG_DRIVER_NONE=y
++CONFIG_DRIVER_NONE=y
+
+ # IEEE 802.11F/IAPP
+ CONFIG_IAPP=y
+@@ -152,7 +152,7 @@
+
+ # Add support for writing debug log to a file: -f /tmp/hostapd.log
+ # Disabled by default.
+-#CONFIG_DEBUG_FILE=y
++CONFIG_DEBUG_FILE=y
+
+ # Remove support for RADIUS accounting
+ #CONFIG_NO_ACCOUNTING=y
\ No newline at end of file
diff --git a/testing/scripts/recipes/patches/tnc-fhh-tncsim b/testing/scripts/recipes/patches/tnc-fhh-tncsim
new file mode 100644
index 0000000..42c7144
--- /dev/null
+++ b/testing/scripts/recipes/patches/tnc-fhh-tncsim
@@ -0,0 +1,12 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index fe65134512ea..3c5255f21ea6 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -101,7 +101,6 @@ IF(${COMPONENT} STREQUAL "ALL")
+ add_subdirectory(tncxacml)
+ add_subdirectory(imcv)
+ add_subdirectory(tncs)
+- add_subdirectory(tncsim)
+
+ IF(${NAL} STREQUAL "8021X" OR ${NAL} STREQUAL "ALL")
+ add_subdirectory(naaeap)
diff --git a/testing/testing.conf b/testing/testing.conf
index dedc331..ee40343 100644
--- a/testing/testing.conf
+++ b/testing/testing.conf
@@ -24,19 +24,17 @@ fi
: ${TESTDIR=/srv/strongswan-testing}
# Kernel configuration
-: ${KERNELVERSION=4.2}
+: ${KERNELVERSION=4.6.4}
: ${KERNEL=linux-$KERNELVERSION}
: ${KERNELTARBALL=$KERNEL.tar.xz}
-: ${KERNELCONFIG=$DIR/../config/kernel/config-4.2}
-: ${KERNELPATCH=ha-4.2-abicompat.patch.bz2}
+: ${KERNELCONFIG=$DIR/../config/kernel/config-4.6}
+: ${KERNELPATCH=ha-4.4-abicompat.patch.bz2}
# strongSwan version used in tests
-: ${SWANVERSION=5.3.3}
+: ${SWANVERSION=5.5.0}
# Build directory where the guest kernel and images will be built
: ${BUILDDIR=$TESTDIR/build}
-# Directory shared between host and guests
-: ${SHAREDDIR=$BUILDDIR/shared}
# Logfile
: ${LOGFILE=$BUILDDIR/testing.log}
@@ -50,11 +48,17 @@ fi
# Base image settings
# The base image is a pristine OS installation created using debootstrap.
-: ${BASEIMGSIZE=1400}
-: ${BASEIMGSUITE=wheezy}
+: ${BASEIMGSIZE=1600}
+: ${BASEIMGSUITE=jessie}
: ${BASEIMGARCH=amd64}
: ${BASEIMG=$IMGDIR/debian-$BASEIMGSUITE-$BASEIMGARCH.$IMGEXT}
: ${BASEIMGMIRROR=http://http.debian.net/debian}
+: ${BASEIMGEXTREPOHOST=download.strongswan.org}
+: ${BASEIMGEXTKEY=https://$BASEIMGEXTREPOHOST/testing/repos/strongswan-testing.gpg.key}
+: ${BASEIMGEXTREPO=https://$BASEIMGEXTREPOHOST/testing/repos/apt/debian}
+
+# Directory shared between host and guests
+: ${SHAREDDIR=$BUILDDIR/shared/$BASEIMGSUITE}
# Root image settings
# The root image is the origin of all guest images. It is a clone of the base
diff --git a/testing/tests/af-alg/alg-camellia/evaltest.dat b/testing/tests/af-alg/alg-camellia/evaltest.dat
index d88c526..8a2e36b 100644
--- a/testing/tests/af-alg/alg-camellia/evaltest.dat
+++ b/testing/tests/af-alg/alg-camellia/evaltest.dat
@@ -1,4 +1,4 @@
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=CAMELLIA_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=CAMELLIA_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192.*local-ts=\[192. [...]
moon:: swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=CAMELLIA_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=CAMELLIA_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192.*local-ts=\[10.1.0.0/16] remote-t [...]
moon:: ip xfrm state::enc cbc(camellia)::YES
diff --git a/testing/tests/af-alg/rw-cert/evaltest.dat b/testing/tests/af-alg/rw-cert/evaltest.dat
index 3cd928b..eccdcf0 100644
--- a/testing/tests/af-alg/rw-cert/evaltest.dat
+++ b/testing/tests/af-alg/rw-cert/evaltest.dat
@@ -1,5 +1,5 @@
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_1536.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/3 [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_1536.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat
index db5a762..4759775 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat
@@ -1,12 +1,6 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ipsec statusall 2> /dev/null::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512_256::YES
-moon:: ipsec statusall 2> /dev/null::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512_256::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ipsec statusall 2> /dev/null::SERPENT_CBC_256/HMAC_SHA2_512_256,::YES
-moon:: ipsec statusall 2> /dev/null::SERPENT_CBC_256/HMAC_SHA2_512_256,::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168. [...]
+moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol at strongswan.org.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[10.1.0.0/16] remote-ts=\[1 [...]
carol::ip xfrm state::enc cbc(serpent)::YES
moon:: ip xfrm state::enc cbc(serpent)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
index 1dcaed4..10c0ac6 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
@@ -1,8 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
- send_vendor_id = yes
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ send_vendor_id = yes
}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/swanctl/swanctl.conf
similarity index 57%
copy from testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf
copy to testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/swanctl/swanctl.conf
index 2d2639e..f26335c 100755
--- a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/swanctl/swanctl.conf
@@ -9,9 +9,6 @@ connections {
certs = carolCert.pem
id = carol at strongswan.org
}
- local-xauth {
- auth = xauth
- }
remote {
auth = pubkey
id = moon.strongswan.org
@@ -20,19 +17,10 @@ connections {
home {
remote_ts = 10.1.0.0/16
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128gcm128-modp3072
+ esp_proposals = serpent256-sha512
}
}
version = 1
- proposals = aes128-sha256-modp3072
- }
-}
-
-secrets {
-
- xauth-carol {
- id = carol at strongswan.org
- secret = "4iChxLT3"
+ proposals = serpent256-sha512-modp4096
}
}
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
index 1dcaed4..6c49b5e 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
- send_vendor_id = yes
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ send_vendor_id = yes
}
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 0000000..92b4786
--- /dev/null
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,24 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ esp_proposals = serpent256-sha512
+ }
+ }
+ version = 1
+ proposals = serpent256-sha512-modp4096
+ }
+}
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat
index c6d6235..6387dff 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat
@@ -1,2 +1,2 @@
-moon::ipsec stop
-carol::ipsec stop
+moon::service charon stop
+carol::service charon stop
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat
index 8230de0..0f615f4 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat
@@ -1,4 +1,5 @@
-carol::ipsec start
-moon::ipsec start
-carol::expect-connection home
-carol::ipsec up home
+moon::service charon start 2> /dev/null
+carol::service charon start 2> /dev/null
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf b/testing/tests/gcrypt-ikev1/alg-serpent/test.conf
index d7b7142..307c7e9 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/test.conf
@@ -20,3 +20,6 @@ TCPDUMPHOSTS="moon"
#
IPSECHOSTS="moon carol"
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat
index ac3b5e0..d6b04f4 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat
@@ -1,12 +1,6 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ipsec statusall 2> /dev/null::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512_256::YES
-moon:: ipsec statusall 2> /dev/null::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512_256::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ipsec statusall 2> /dev/null::TWOFISH_CBC_256/HMAC_SHA2_512_256,::YES
-moon:: ipsec statusall 2> /dev/null::TWOFISH_CBC_256/HMAC_SHA2_512_256,::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168. [...]
+moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol at strongswan.org.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[10.1.0.0/16] remote-ts=\[1 [...]
carol::ip xfrm state::enc cbc(twofish)::YES
moon:: ip xfrm state::enc cbc(twofish)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index fe1a78d..0000000
--- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev1
- ike=twofish256-sha512-modp4096!
- esp=twofish256-sha512!
-
-conn home
- left=PH_IP_CAROL
- leftcert=carolCert.pem
- leftid=carol at strongswan.org
- right=PH_IP_MOON
- rightsubnet=10.1.0.0/16
- rightid=@moon.strongswan.org
- auto=add
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
index 1dcaed4..10c0ac6 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
@@ -1,8 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
- send_vendor_id = yes
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ send_vendor_id = yes
}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/swanctl/swanctl.conf
similarity index 57%
copy from testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf
copy to testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/swanctl/swanctl.conf
index 2d2639e..b6ca9f1 100755
--- a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/swanctl/swanctl.conf
@@ -9,9 +9,6 @@ connections {
certs = carolCert.pem
id = carol at strongswan.org
}
- local-xauth {
- auth = xauth
- }
remote {
auth = pubkey
id = moon.strongswan.org
@@ -20,19 +17,10 @@ connections {
home {
remote_ts = 10.1.0.0/16
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128gcm128-modp3072
+ esp_proposals = twofish256-sha512
}
}
version = 1
- proposals = aes128-sha256-modp3072
- }
-}
-
-secrets {
-
- xauth-carol {
- id = carol at strongswan.org
- secret = "4iChxLT3"
+ proposals = twofish256-sha512-modp4096
}
}
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index b4391cd..0000000
--- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev1
- ike=twofish256-sha512-modp4096!
- esp=twofish256-sha512!
-
-conn rw
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- right=%any
- rightid=carol at strongswan.org
- auto=add
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
index 1dcaed4..6c49b5e 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
- send_vendor_id = yes
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
- dh_exponent_ansi_x9_42 = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ send_vendor_id = yes
}
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 0000000..3339fff
--- /dev/null
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,24 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ esp_proposals = twofish256-sha512
+ }
+ }
+ version = 1
+ proposals = twofish256-sha512-modp4096
+ }
+}
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat
index c6d6235..6387dff 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat
@@ -1,2 +1,2 @@
-moon::ipsec stop
-carol::ipsec stop
+moon::service charon stop
+carol::service charon stop
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat
index 8230de0..0f615f4 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat
@@ -1,4 +1,5 @@
-carol::ipsec start
-moon::ipsec start
-carol::expect-connection home
-carol::ipsec up home
+moon::service charon start 2> /dev/null
+carol::service charon start 2> /dev/null
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/test.conf b/testing/tests/gcrypt-ikev1/alg-twofish/test.conf
index d7b7142..307c7e9 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/test.conf
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/test.conf
@@ -20,3 +20,6 @@ TCPDUMPHOSTS="moon"
#
IPSECHOSTS="moon carol"
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat
index 236647b..562336f 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES
carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
moon:: ip xfrm state::enc cbc(camellia)::YES
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat b/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat
index 2342d02..849d59a 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat
+++ b/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ha/active-passive/evaltest.dat b/testing/tests/ha/active-passive/evaltest.dat
index 9af5c4c..bc5d642 100644
--- a/testing/tests/ha/active-passive/evaltest.dat
+++ b/testing/tests/ha/active-passive/evaltest.dat
@@ -11,8 +11,8 @@ dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*mars.s
alice::cat /var/log/daemon.log::HA segment 1 activated::YES
alice::cat /var/log/daemon.log::handling HA CHILD_SA::YES
moon:: cat /var/log/daemon.log::installed HA CHILD_SA::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
alice::ip xfrm policy flush::no output expected::NO
alice::ip xfrm state flush::no output expected::NO
alice::killall -9 starter charon::no output expected::NO
@@ -20,8 +20,8 @@ carol::sleep 2::no output expected::NO
moon:: cat /var/log/daemon.log::no heartbeat received, taking all segments::YES
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*mars.strongswan.org.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*mars.strongswan.org.*dave at strongswan.org::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
carol::tcpdump::IP carol.strongswan.org > mars.strongswan.org: ESP::YES
carol::tcpdump::IP mars.strongswan.org > carol.strongswan.org: ESP::YES
dave::tcpdump::IP dave.strongswan.org > mars.strongswan.org: ESP::YES
diff --git a/testing/tests/ha/both-active/evaltest.dat b/testing/tests/ha/both-active/evaltest.dat
index 3865be9..a81ba52 100644
--- a/testing/tests/ha/both-active/evaltest.dat
+++ b/testing/tests/ha/both-active/evaltest.dat
@@ -8,8 +8,8 @@ alice::cat /var/log/daemon.log::HA segment 1 activated::YES
moon:: cat /var/log/daemon.log::HA segment 2 activated::YES
alice::cat /var/log/daemon.log::handling HA CHILD_SA::YES
moon:: cat /var/log/daemon.log::installed HA CHILD_SA::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
carol::tcpdump::IP carol.strongswan.org > mars.strongswan.org: ESP::YES
carol::tcpdump::IP mars.strongswan.org > carol.strongswan.org: ESP::YES
dave::tcpdump::IP dave.strongswan.org > mars.strongswan.org: ESP::YES
diff --git a/testing/tests/ike/rw-cert/evaltest.dat b/testing/tests/ike/rw-cert/evaltest.dat
index e431ce5..ce1f944 100644
--- a/testing/tests/ike/rw-cert/evaltest.dat
+++ b/testing/tests/ike/rw-cert/evaltest.dat
@@ -10,8 +10,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ike/rw-cert/pretest.dat b/testing/tests/ike/rw-cert/pretest.dat
index f1af9ed..9065f83 100644
--- a/testing/tests/ike/rw-cert/pretest.dat
+++ b/testing/tests/ike/rw-cert/pretest.dat
@@ -1,7 +1,8 @@
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
-dave::expect-connection home
carol::ipsec up home
+dave::expect-connection home
dave::ipsec up home
diff --git a/testing/tests/ike/rw_v1-net_v2/evaltest.dat b/testing/tests/ike/rw_v1-net_v2/evaltest.dat
index 847a2d9..ede91bd 100644
--- a/testing/tests/ike/rw_v1-net_v2/evaltest.dat
+++ b/testing/tests/ike/rw_v1-net_v2/evaltest.dat
@@ -2,13 +2,13 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ike/rw_v1-net_v2/pretest.dat b/testing/tests/ike/rw_v1-net_v2/pretest.dat
index 072d9dd..e292089 100644
--- a/testing/tests/ike/rw_v1-net_v2/pretest.dat
+++ b/testing/tests/ike/rw_v1-net_v2/pretest.dat
@@ -1,6 +1,7 @@
moon::ipsec start
sun::ipsec start
carol::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
carol::expect-connection home
moon::ipsec up net-net
diff --git a/testing/tests/ikev1/alg-3des-md5/evaltest.dat b/testing/tests/ikev1/alg-3des-md5/evaltest.dat
index ad0ebd4..b5009aa 100644
--- a/testing/tests/ikev1/alg-3des-md5/evaltest.dat
+++ b/testing/tests/ikev1/alg-3des-md5/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96/MODP_1024,::YES
carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96/MODP_1024,::YES
moon:: ip xfrm state::enc cbc(des3_ede)::YES
diff --git a/testing/tests/ikev1/alg-3des-md5/pretest.dat b/testing/tests/ikev1/alg-3des-md5/pretest.dat
index de4acbb..6a892fe 100644
--- a/testing/tests/ikev1/alg-3des-md5/pretest.dat
+++ b/testing/tests/ikev1/alg-3des-md5/pretest.dat
@@ -1,6 +1,7 @@
+moon::ipsec start
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::ipsec start
+moon::expect-connection rw
carol::ipsec start
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/alg-blowfish/evaltest.dat b/testing/tests/ikev1/alg-blowfish/evaltest.dat
index cd83c56..a4f1f29 100644
--- a/testing/tests/ikev1/alg-blowfish/evaltest.dat
+++ b/testing/tests/ikev1/alg-blowfish/evaltest.dat
@@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro
moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES
dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES
carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
diff --git a/testing/tests/ikev1/alg-blowfish/pretest.dat b/testing/tests/ikev1/alg-blowfish/pretest.dat
index f1a4b96..e87a8ee 100644
--- a/testing/tests/ikev1/alg-blowfish/pretest.dat
+++ b/testing/tests/ikev1/alg-blowfish/pretest.dat
@@ -4,7 +4,8 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
-dave::expect-connection home
carol::ipsec up home
+dave::expect-connection home
dave::ipsec up home
diff --git a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
index 8230ee3..0543bcc 100644
--- a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
+++ b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/alg-modp-subgroup/pretest.dat b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat
index f1a4b96..e87a8ee 100644
--- a/testing/tests/ikev1/alg-modp-subgroup/pretest.dat
+++ b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat
@@ -4,7 +4,8 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
-dave::expect-connection home
carol::ipsec up home
+dave::expect-connection home
dave::ipsec up home
diff --git a/testing/tests/ikev1/alg-sha256/evaltest.dat b/testing/tests/ikev1/alg-sha256/evaltest.dat
index 364d89f..8cbac4f 100644
--- a/testing/tests/ikev1/alg-sha256/evaltest.dat
+++ b/testing/tests/ikev1/alg-sha256/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128/MODP_3072,::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/MODP_3072,::YES
moon:: ip xfrm state::auth-trunc hmac(sha256)::YES
diff --git a/testing/tests/ikev1/alg-sha256/pretest.dat b/testing/tests/ikev1/alg-sha256/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev1/alg-sha256/pretest.dat
+++ b/testing/tests/ikev1/alg-sha256/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/alg-sha384/evaltest.dat b/testing/tests/ikev1/alg-sha384/evaltest.dat
index 14f0ba4..166aa81 100644
--- a/testing/tests/ikev1/alg-sha384/evaltest.dat
+++ b/testing/tests/ikev1/alg-sha384/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192/MODP_3072,::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/MODP_3072,::YES
moon:: ip xfrm state::auth-trunc hmac(sha384)::YES
diff --git a/testing/tests/ikev1/alg-sha384/pretest.dat b/testing/tests/ikev1/alg-sha384/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev1/alg-sha384/pretest.dat
+++ b/testing/tests/ikev1/alg-sha384/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/alg-sha512/evaltest.dat b/testing/tests/ikev1/alg-sha512/evaltest.dat
index 6f8c05d..3c39e2c 100644
--- a/testing/tests/ikev1/alg-sha512/evaltest.dat
+++ b/testing/tests/ikev1/alg-sha512/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256/MODP_4096,::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256/MODP_4096,::YES
moon:: ip xfrm state::auth-trunc hmac(sha512)::YES
diff --git a/testing/tests/ikev1/alg-sha512/pretest.dat b/testing/tests/ikev1/alg-sha512/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev1/alg-sha512/pretest.dat
+++ b/testing/tests/ikev1/alg-sha512/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/compress/pretest.dat b/testing/tests/ikev1/compress/pretest.dat
index 8230de0..d7f7959 100644
--- a/testing/tests/ikev1/compress/pretest.dat
+++ b/testing/tests/ikev1/compress/pretest.dat
@@ -1,4 +1,5 @@
-carol::ipsec start
moon::ipsec start
+carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/config-payload-push/evaltest.dat b/testing/tests/ikev1/config-payload-push/evaltest.dat
index b46dfdd..9471f88 100644
--- a/testing/tests/ikev1/config-payload-push/evaltest.dat
+++ b/testing/tests/ikev1/config-payload-push/evaltest.dat
@@ -3,15 +3,15 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*by strongSwan::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*by strongSwan::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev1/config-payload-push/pretest.dat b/testing/tests/ikev1/config-payload-push/pretest.dat
index c0ec6a7..bdbe341 100644
--- a/testing/tests/ikev1/config-payload-push/pretest.dat
+++ b/testing/tests/ikev1/config-payload-push/pretest.dat
@@ -1,10 +1,11 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw-carol
carol::expect-connection home
-dave::expect-connection home
carol::ipsec up home
+dave::expect-connection home
dave::ipsec up home
diff --git a/testing/tests/ikev1/config-payload/evaltest.dat b/testing/tests/ikev1/config-payload/evaltest.dat
index b46dfdd..9471f88 100644
--- a/testing/tests/ikev1/config-payload/evaltest.dat
+++ b/testing/tests/ikev1/config-payload/evaltest.dat
@@ -3,15 +3,15 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*by strongSwan::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*by strongSwan::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev1/config-payload/pretest.dat b/testing/tests/ikev1/config-payload/pretest.dat
index c0ec6a7..bdbe341 100644
--- a/testing/tests/ikev1/config-payload/pretest.dat
+++ b/testing/tests/ikev1/config-payload/pretest.dat
@@ -1,10 +1,11 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw-carol
carol::expect-connection home
-dave::expect-connection home
carol::ipsec up home
+dave::expect-connection home
dave::ipsec up home
diff --git a/testing/tests/ikev1/double-nat-net/evaltest.dat b/testing/tests/ikev1/double-nat-net/evaltest.dat
index 8f5ffdb..af29ce7 100644
--- a/testing/tests/ikev1/double-nat-net/evaltest.dat
+++ b/testing/tests/ikev1/double-nat-net/evaltest.dat
@@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice at strongswan.org.*bob@
bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob at strongswan.org.*alice at strongswan.org::YES
alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
-alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_req=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev1/double-nat-net/pretest.dat b/testing/tests/ikev1/double-nat-net/pretest.dat
index d300a27..4b4c8ce 100644
--- a/testing/tests/ikev1/double-nat-net/pretest.dat
+++ b/testing/tests/ikev1/double-nat-net/pretest.dat
@@ -5,7 +5,8 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-
sun::iptables -t nat -A POSTROUTING -o eth0 -s 10.2.0.0/16 -p tcp -j SNAT --to-source PH_IP_SUN:2000-2100
sun::iptables -t nat -A PREROUTING -i eth0 -s PH_IP_MOON -p udp -j DNAT --to-destination PH_IP_BOB
sun::ip route add 10.1.0.0/16 via PH_IP_BOB
-alice::ipsec start
bob::ipsec start
+alice::ipsec start
+bob::expect-connection nat-t
alice::expect-connection nat-t
alice::ipsec up nat-t
diff --git a/testing/tests/ikev1/double-nat/evaltest.dat b/testing/tests/ikev1/double-nat/evaltest.dat
index 5f06226..9032267 100644
--- a/testing/tests/ikev1/double-nat/evaltest.dat
+++ b/testing/tests/ikev1/double-nat/evaltest.dat
@@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice at strongswan.org.*bob@
bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob at strongswan.org.*alice at strongswan.org::YES
alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev1/double-nat/pretest.dat b/testing/tests/ikev1/double-nat/pretest.dat
index 6a861d2..5fe5eae 100644
--- a/testing/tests/ikev1/double-nat/pretest.dat
+++ b/testing/tests/ikev1/double-nat/pretest.dat
@@ -4,7 +4,8 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
sun::iptables -t nat -A POSTROUTING -o eth0 -s 10.2.0.0/16 -p tcp -j SNAT --to-source PH_IP_SUN:2000-2100
sun::iptables -t nat -A PREROUTING -i eth0 -s PH_IP_MOON -p udp -j DNAT --to-destination PH_IP_BOB
-alice::ipsec start
bob::ipsec start
+alice::ipsec start
+bob::expect-connection nat-t
alice::expect-connection nat-t
alice::ipsec up nat-t
diff --git a/testing/tests/ikev1/dpd-clear/pretest.dat b/testing/tests/ikev1/dpd-clear/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev1/dpd-clear/pretest.dat
+++ b/testing/tests/ikev1/dpd-clear/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/dpd-restart/pretest.dat b/testing/tests/ikev1/dpd-restart/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev1/dpd-restart/pretest.dat
+++ b/testing/tests/ikev1/dpd-restart/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/dynamic-initiator/evaltest.dat b/testing/tests/ikev1/dynamic-initiator/evaltest.dat
index 61546f4..e3549f2 100644
--- a/testing/tests/ikev1/dynamic-initiator/evaltest.dat
+++ b/testing/tests/ikev1/dynamic-initiator/evaltest.dat
@@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES
moon:: cat /var/log/daemon.log::deleting duplicate IKE_SA for.*carol at strongswan.org.*due to uniqueness policy::YES
moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/dynamic-initiator/pretest.dat b/testing/tests/ikev1/dynamic-initiator/pretest.dat
index 7e6ad46..a056e1d 100644
--- a/testing/tests/ikev1/dynamic-initiator/pretest.dat
+++ b/testing/tests/ikev1/dynamic-initiator/pretest.dat
@@ -1,7 +1,8 @@
carol::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection carol
carol::expect-connection moon
carol::ipsec up moon
carol::iptables -D INPUT -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT
diff --git a/testing/tests/ikev1/dynamic-responder/evaltest.dat b/testing/tests/ikev1/dynamic-responder/evaltest.dat
index 61546f4..e3549f2 100644
--- a/testing/tests/ikev1/dynamic-responder/evaltest.dat
+++ b/testing/tests/ikev1/dynamic-responder/evaltest.dat
@@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES
moon:: cat /var/log/daemon.log::deleting duplicate IKE_SA for.*carol at strongswan.org.*due to uniqueness policy::YES
moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/dynamic-responder/pretest.dat b/testing/tests/ikev1/dynamic-responder/pretest.dat
index 0c423ae..f71d69f 100644
--- a/testing/tests/ikev1/dynamic-responder/pretest.dat
+++ b/testing/tests/ikev1/dynamic-responder/pretest.dat
@@ -2,6 +2,7 @@ carol::iptables-restore < /etc/iptables.rules
carol::ipsec start
dave::ipsec start
moon::ipsec start
+carol::expect-connection moon
moon::expect-connection carol
moon::ipsec up carol
moon::sleep 0.5
diff --git a/testing/tests/ikev1/dynamic-two-peers/evaltest.dat b/testing/tests/ikev1/dynamic-two-peers/evaltest.dat
index 82d2e73..6666054 100644
--- a/testing/tests/ikev1/dynamic-two-peers/evaltest.dat
+++ b/testing/tests/ikev1/dynamic-two-peers/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::dave.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
diff --git a/testing/tests/ikev1/dynamic-two-peers/pretest.dat b/testing/tests/ikev1/dynamic-two-peers/pretest.dat
index c19b38f..e862b15 100644
--- a/testing/tests/ikev1/dynamic-two-peers/pretest.dat
+++ b/testing/tests/ikev1/dynamic-two-peers/pretest.dat
@@ -6,7 +6,8 @@ dave::iptables-restore < /etc/iptables.rules
carol::ipsec start
dave::ipsec start
moon::ipsec start
+moon::expect-connection carol
carol::expect-connection moon
-dave::expect-connection moon
carol::ipsec up moon
+dave::expect-connection moon
dave::ipsec up moon
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat
index 6489201..4aceaa8 100644
--- a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat
@@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128::YES
carol::ipsec statusall 2> /dev/null::AES_CCM_12_128::YES
carol::ip xfrm state::aead rfc4309(ccm(aes))::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat b/testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat
index c86f580..79ab17c 100644
--- a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat
@@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::AES_CTR_256/AES_XCBC_96::YES
carol::ipsec statusall 2> /dev/null::AES_CTR_256/AES_XCBC_96::YES
moon:: ip xfrm state::rfc3686(ctr(aes))::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat b/testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat
index a7f52c7..25cd459 100644
--- a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat
@@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256::YES
carol::ipsec statusall 2> /dev/null::AES_GCM_16_256::YES
carol::ip xfrm state::aead rfc4106(gcm(aes))::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat b/testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
index d5d3bc0..293b5ab 100644
--- a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
carol::ip xfrm state::aead rfc4543(gcm(aes))::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat
index b466813..a3f8d80 100644
--- a/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat
@@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::ipsec statusall 2> /dev/null::AES_CBC_256/AES_XCBC_96,::YES
moon:: ipsec statusall 2> /dev/null::AES_CBC_256/AES_XCBC_96,::YES
carol::ip xfrm state::auth-trunc xcbc(aes)::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat b/testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat
index 8230de0..d7f7959 100644
--- a/testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat
@@ -1,4 +1,5 @@
-carol::ipsec start
moon::ipsec start
+carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat
index 1b9c6c2..d9888a1 100644
--- a/testing/tests/ikev1/esp-alg-null/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
moon:: ip xfrm state::enc ecb(cipher_null)::YES
diff --git a/testing/tests/ikev1/esp-alg-null/pretest.dat b/testing/tests/ikev1/esp-alg-null/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev1/esp-alg-null/pretest.dat
+++ b/testing/tests/ikev1/esp-alg-null/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/host2host-ah/evaltest.dat b/testing/tests/ikev1/host2host-ah/evaltest.dat
index 9269547..1e50ef4 100644
--- a/testing/tests/ikev1/host2host-ah/evaltest.dat
+++ b/testing/tests/ikev1/host2host-ah/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES
diff --git a/testing/tests/ikev1/host2host-ah/pretest.dat b/testing/tests/ikev1/host2host-ah/pretest.dat
index 997a481..36a8423 100644
--- a/testing/tests/ikev1/host2host-ah/pretest.dat
+++ b/testing/tests/ikev1/host2host-ah/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection host-host
moon::expect-connection host-host
moon::ipsec up host-host
diff --git a/testing/tests/ikev1/host2host-cert/evaltest.dat b/testing/tests/ikev1/host2host-cert/evaltest.dat
index 3305f45..e0c40ba 100644
--- a/testing/tests/ikev1/host2host-cert/evaltest.dat
+++ b/testing/tests/ikev1/host2host-cert/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/host2host-cert/pretest.dat b/testing/tests/ikev1/host2host-cert/pretest.dat
index 997a481..36a8423 100644
--- a/testing/tests/ikev1/host2host-cert/pretest.dat
+++ b/testing/tests/ikev1/host2host-cert/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection host-host
moon::expect-connection host-host
moon::ipsec up host-host
diff --git a/testing/tests/ikev1/host2host-transport/evaltest.dat b/testing/tests/ikev1/host2host-transport/evaltest.dat
index fc49e57..98251d1 100644
--- a/testing/tests/ikev1/host2host-transport/evaltest.dat
+++ b/testing/tests/ikev1/host2host-transport/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/host2host-transport/pretest.dat b/testing/tests/ikev1/host2host-transport/pretest.dat
index 997a481..36a8423 100644
--- a/testing/tests/ikev1/host2host-transport/pretest.dat
+++ b/testing/tests/ikev1/host2host-transport/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection host-host
moon::expect-connection host-host
moon::ipsec up host-host
diff --git a/testing/tests/ikev1/ip-pool-db/evaltest.dat b/testing/tests/ikev1/ip-pool-db/evaltest.dat
index 42e3530..925e9a1 100644
--- a/testing/tests/ikev1/ip-pool-db/evaltest.dat
+++ b/testing/tests/ikev1/ip-pool-db/evaltest.dat
@@ -6,7 +6,7 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES
dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
@@ -15,7 +15,7 @@ dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
moon:: cat /var/log/daemon.log::assigning virtual IP::YES
diff --git a/testing/tests/ikev1/ip-pool-db/pretest.dat b/testing/tests/ikev1/ip-pool-db/pretest.dat
index 337ccb2..c422045 100644
--- a/testing/tests/ikev1/ip-pool-db/pretest.dat
+++ b/testing/tests/ikev1/ip-pool-db/pretest.dat
@@ -10,6 +10,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev1/ip-pool/evaltest.dat b/testing/tests/ikev1/ip-pool/evaltest.dat
index 1fdc3f0..c558592 100644
--- a/testing/tests/ikev1/ip-pool/evaltest.dat
+++ b/testing/tests/ikev1/ip-pool/evaltest.dat
@@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES
moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
moon:: cat /var/log/daemon.log::assigning virtual IP::YES
diff --git a/testing/tests/ikev1/ip-pool/pretest.dat b/testing/tests/ikev1/ip-pool/pretest.dat
index 2d09e88..e87a8ee 100644
--- a/testing/tests/ikev1/ip-pool/pretest.dat
+++ b/testing/tests/ikev1/ip-pool/pretest.dat
@@ -1,9 +1,10 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/pretest.dat b/testing/tests/ikev1/multi-level-ca-cr-init/pretest.dat
index bee9bc7..1476785 100644
--- a/testing/tests/ikev1/multi-level-ca-cr-init/pretest.dat
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/pretest.dat
@@ -1,7 +1,8 @@
carol::ipsec start
dave::ipsec start
moon::ipsec start
-moon::expect-connection alice
+carol::expect-connection alice
+dave::expect-connection venus
moon::expect-connection venus
moon::ipsec up alice
moon::ipsec up venus
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/pretest.dat b/testing/tests/ikev1/multi-level-ca-cr-resp/pretest.dat
index be0051e..4bc6a0e 100644
--- a/testing/tests/ikev1/multi-level-ca-cr-resp/pretest.dat
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/pretest.dat
@@ -1,6 +1,7 @@
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection venus
carol::expect-connection alice
carol::ipsec up alice
dave::expect-connection venus
diff --git a/testing/tests/ikev1/multi-level-ca/pretest.dat b/testing/tests/ikev1/multi-level-ca/pretest.dat
index 2134d6b..81b3070 100644
--- a/testing/tests/ikev1/multi-level-ca/pretest.dat
+++ b/testing/tests/ikev1/multi-level-ca/pretest.dat
@@ -1,11 +1,10 @@
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
-carol::expect-connection alice
+moon::expect-connection venus
carol::expect-connection venus
carol::ipsec up alice
carol::ipsec up venus
-dave::expect-connection alice
dave::expect-connection venus
dave::ipsec up venus
dave::ipsec up alice
diff --git a/testing/tests/ikev1/nat-rw/evaltest.dat b/testing/tests/ikev1/nat-rw/evaltest.dat
index 36d9f84..2d265b0 100644
--- a/testing/tests/ikev1/nat-rw/evaltest.dat
+++ b/testing/tests/ikev1/nat-rw/evaltest.dat
@@ -6,13 +6,13 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL.*ESP in UDP::YES
sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL.*ESP in UDP::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
moon:: sleep 6::no output expected::NO
-bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: isakmp-nat-keep-alive::YES
+bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): isakmp-nat-keep-alive::YES
alice::cat /var/log/daemon.log::sending keep alive::YES
venus::cat /var/log/daemon.log::sending keep alive::YES
diff --git a/testing/tests/ikev1/nat-rw/pretest.dat b/testing/tests/ikev1/nat-rw/pretest.dat
index e3d9fc8..36d23b5 100644
--- a/testing/tests/ikev1/nat-rw/pretest.dat
+++ b/testing/tests/ikev1/nat-rw/pretest.dat
@@ -3,9 +3,10 @@ venus::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
+sun::ipsec start
alice::ipsec start
venus::ipsec start
-sun::ipsec start
+sun::expect-connection nat-t
alice::expect-connection nat-t
alice::ipsec up nat-t
venus::expect-connection nat-t
diff --git a/testing/tests/ikev1/nat-virtual-ip/evaltest.dat b/testing/tests/ikev1/nat-virtual-ip/evaltest.dat
index c60ffc7..d4910ea 100644
--- a/testing/tests/ikev1/nat-virtual-ip/evaltest.dat
+++ b/testing/tests/ikev1/nat-virtual-ip/evaltest.dat
@@ -1,7 +1,7 @@
moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
bob::tcpdump::IP alice2.strongswan.org > bob.strongswan.org: ICMP::YES
diff --git a/testing/tests/ikev1/nat-virtual-ip/pretest.dat b/testing/tests/ikev1/nat-virtual-ip/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/ikev1/nat-virtual-ip/pretest.dat
+++ b/testing/tests/ikev1/nat-virtual-ip/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-ah/evaltest.dat b/testing/tests/ikev1/net2net-ah/evaltest.dat
index bf6234b..d13369f 100644
--- a/testing/tests/ikev1/net2net-ah/evaltest.dat
+++ b/testing/tests/ikev1/net2net-ah/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES
moon::ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES
diff --git a/testing/tests/ikev1/net2net-ah/pretest.dat b/testing/tests/ikev1/net2net-ah/pretest.dat
index 25e393c..bcc2cb0 100644
--- a/testing/tests/ikev1/net2net-ah/pretest.dat
+++ b/testing/tests/ikev1/net2net-ah/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
sun::ipsec start
moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-cert/evaltest.dat b/testing/tests/ikev1/net2net-cert/evaltest.dat
index 2b37cad..fe4aa5a 100644
--- a/testing/tests/ikev1/net2net-cert/evaltest.dat
+++ b/testing/tests/ikev1/net2net-cert/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-cert/pretest.dat b/testing/tests/ikev1/net2net-cert/pretest.dat
index 25e393c..bcc2cb0 100644
--- a/testing/tests/ikev1/net2net-cert/pretest.dat
+++ b/testing/tests/ikev1/net2net-cert/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
sun::ipsec start
moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-esn/description.txt b/testing/tests/ikev1/net2net-esn/description.txt
new file mode 100644
index 0000000..13bb62b
--- /dev/null
+++ b/testing/tests/ikev1/net2net-esn/description.txt
@@ -0,0 +1,7 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+With <b>esp=aes128-sha1-esn!</b> gateway <b>moon</b> proposes the use of
+<b>Extended Sequence Numbers</b>. Gateway <b>sun</b> defines <b>esp=aes128-sha1-esn-noesn!</b>,
+accepting proposals with and without ESN.
+<p/>
+Upon the successful establishment of the CHILD SA with ESN, client <b>alice</b> behind
+gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b> 10 times.
diff --git a/testing/tests/ikev1/net2net-esn/evaltest.dat b/testing/tests/ikev1/net2net-esn/evaltest.dat
new file mode 100644
index 0000000..d8d7cb4
--- /dev/null
+++ b/testing/tests/ikev1/net2net-esn/evaltest.dat
@@ -0,0 +1,17 @@
+sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES
+sun:: cat /var/log/daemon.log::configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES
+sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES
+sun:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
+moon:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES
+moon:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES
+alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES
+sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES
+
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf
similarity index 59%
rename from testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf
index 46dc368..8929072 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf
@@ -1,21 +1,24 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
-
+ charondebug="cfg 2, knl 2"
+
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
- ike=serpent256-sha512-modp4096!
- esp=serpent256-sha512!
+ ike=aes128-sha1-modp1536!
+ esp=aes128-sha1-esn!
-conn rw
+conn net-net
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
- right=%any
- rightid=carol at strongswan.org
+ leftfirewall=yes
+ right=PH_IP_SUN
+ rightid=@sun.strongswan.org
+ rightsubnet=10.2.0.0/16
auto=add
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
similarity index 56%
copy from testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
copy to testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
index 4c778a7..ddba8b1 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
- multiple_authentication=no
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+ multiple_authentication = no
}
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf
similarity index 54%
rename from testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf
index ce9e54f..666e32d 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf
@@ -1,6 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
+ charondebug="cfg 2, knl 2"
conn %default
ikelifetime=60m
@@ -8,14 +9,16 @@ conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
- ike=serpent256-sha512-modp4096!
- esp=serpent256-sha512!
+ ike=aes128-sha1-modp1536!
+ esp=aes128-sha1-esn-noesn!
-conn home
- left=PH_IP_CAROL
- leftcert=carolCert.pem
- leftid=carol at strongswan.org
+conn net-net
+ left=PH_IP_SUN
+ leftcert=sunCert.pem
+ leftid=@sun.strongswan.org
+ leftsubnet=10.2.0.0/16
+ leftfirewall=yes
right=PH_IP_MOON
- rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
auto=add
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
similarity index 56%
copy from testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
copy to testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
index 4c778a7..ddba8b1 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
- multiple_authentication=no
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+ multiple_authentication = no
}
diff --git a/testing/tests/ikev1/net2net-esn/posttest.dat b/testing/tests/ikev1/net2net-esn/posttest.dat
new file mode 100644
index 0000000..837738f
--- /dev/null
+++ b/testing/tests/ikev1/net2net-esn/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+
diff --git a/testing/tests/ikev1/nat-virtual-ip/pretest.dat b/testing/tests/ikev1/net2net-esn/pretest.dat
similarity index 85%
copy from testing/tests/ikev1/nat-virtual-ip/pretest.dat
copy to testing/tests/ikev1/net2net-esn/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/ikev1/nat-virtual-ip/pretest.dat
+++ b/testing/tests/ikev1/net2net-esn/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf b/testing/tests/ikev1/net2net-esn/test.conf
similarity index 75%
copy from testing/tests/gcrypt-ikev1/alg-serpent/test.conf
copy to testing/tests/ikev1/net2net-esn/test.conf
index d7b7142..afa2acc 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf
+++ b/testing/tests/ikev1/net2net-esn/test.conf
@@ -5,18 +5,17 @@
# All guest instances that are required for this test
#
-VIRTHOSTS="alice moon carol winnetou"
+VIRTHOSTS="alice moon winnetou sun bob"
# Corresponding block diagram
#
-DIAGRAM="a-m-c-w.png"
+DIAGRAM="a-m-w-s-b.png"
# Guest instances on which tcpdump is to be started
#
-TCPDUMPHOSTS="moon"
+TCPDUMPHOSTS="sun"
# Guest instances on which IPsec is started
# Used for IPsec logging purposes
#
-IPSECHOSTS="moon carol"
-
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/net2net-fragmentation/evaltest.dat b/testing/tests/ikev1/net2net-fragmentation/evaltest.dat
index 2dd5a40..7180fee 100644
--- a/testing/tests/ikev1/net2net-fragmentation/evaltest.dat
+++ b/testing/tests/ikev1/net2net-fragmentation/evaltest.dat
@@ -10,6 +10,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-fragmentation/pretest.dat b/testing/tests/ikev1/net2net-fragmentation/pretest.dat
index 25e393c..bcc2cb0 100644
--- a/testing/tests/ikev1/net2net-fragmentation/pretest.dat
+++ b/testing/tests/ikev1/net2net-fragmentation/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
sun::ipsec start
moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-ntru-cert/evaltest.dat b/testing/tests/ikev1/net2net-ntru-cert/evaltest.dat
index 78d2bff..1ac624e 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/evaltest.dat
+++ b/testing/tests/ikev1/net2net-ntru-cert/evaltest.dat
@@ -4,6 +4,6 @@ moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
moon::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES
sun::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-ntru-cert/pretest.dat b/testing/tests/ikev1/net2net-ntru-cert/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/pretest.dat
+++ b/testing/tests/ikev1/net2net-ntru-cert/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-psk-fail/pretest.dat b/testing/tests/ikev1/net2net-psk-fail/pretest.dat
index fe4223a..c7e2c61 100644
--- a/testing/tests/ikev1/net2net-psk-fail/pretest.dat
+++ b/testing/tests/ikev1/net2net-psk-fail/pretest.dat
@@ -4,5 +4,6 @@ moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
sun::ipsec start
moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-psk/evaltest.dat b/testing/tests/ikev1/net2net-psk/evaltest.dat
index 2b37cad..fe4aa5a 100644
--- a/testing/tests/ikev1/net2net-psk/evaltest.dat
+++ b/testing/tests/ikev1/net2net-psk/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-psk/pretest.dat b/testing/tests/ikev1/net2net-psk/pretest.dat
index fe4223a..c7e2c61 100644
--- a/testing/tests/ikev1/net2net-psk/pretest.dat
+++ b/testing/tests/ikev1/net2net-psk/pretest.dat
@@ -4,5 +4,6 @@ moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
sun::ipsec start
moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev1/protoport-dual/evaltest.dat b/testing/tests/ikev1/protoport-dual/evaltest.dat
index cf45f3b..7d367e3 100644
--- a/testing/tests/ikev1/protoport-dual/evaltest.dat
+++ b/testing/tests/ikev1/protoport-dual/evaltest.dat
@@ -2,8 +2,8 @@ carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/protoport-dual/pretest.dat b/testing/tests/ikev1/protoport-dual/pretest.dat
index 4759fdb..02f4aa8 100644
--- a/testing/tests/ikev1/protoport-dual/pretest.dat
+++ b/testing/tests/ikev1/protoport-dual/pretest.dat
@@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-icmp
+moon::expect-connection rw-ssh
carol::expect-connection home-icmp
carol::expect-connection home-ssh
carol::ipsec up home-icmp
diff --git a/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat b/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat
index ba66197..be78c51 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat
+++ b/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/rw-cert-aggressive/pretest.dat b/testing/tests/ikev1/rw-cert-aggressive/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/pretest.dat
+++ b/testing/tests/ikev1/rw-cert-aggressive/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev1/rw-cert-unity/evaltest.dat b/testing/tests/ikev1/rw-cert-unity/evaltest.dat
index c183f48..ff13f5f 100644
--- a/testing/tests/ikev1/rw-cert-unity/evaltest.dat
+++ b/testing/tests/ikev1/rw-cert-unity/evaltest.dat
@@ -3,6 +3,6 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro
carol::ipsec status 2> /dev/null::10.2.1.1/32 === 192.168.0.0/24 PASS::YES
carol::ipsec status 2> /dev/null::home.*10.2.1.1/32 === 10.1.0.0/16 10.2.1.0/24::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 10.2.1.0/24 === 10.2.1.1/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/rw-cert-unity/pretest.dat b/testing/tests/ikev1/rw-cert-unity/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev1/rw-cert-unity/pretest.dat
+++ b/testing/tests/ikev1/rw-cert-unity/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/rw-cert/evaltest.dat b/testing/tests/ikev1/rw-cert/evaltest.dat
index ba66197..be78c51 100644
--- a/testing/tests/ikev1/rw-cert/evaltest.dat
+++ b/testing/tests/ikev1/rw-cert/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/rw-initiator-only/evaltest.dat b/testing/tests/ikev1/rw-initiator-only/evaltest.dat
index 80fd7c5..c5dc4a0 100644
--- a/testing/tests/ikev1/rw-initiator-only/evaltest.dat
+++ b/testing/tests/ikev1/rw-initiator-only/evaltest.dat
@@ -3,6 +3,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/rw-initiator-only/pretest.dat b/testing/tests/ikev1/rw-initiator-only/pretest.dat
index 5a97207..9317b0f 100644
--- a/testing/tests/ikev1/rw-initiator-only/pretest.dat
+++ b/testing/tests/ikev1/rw-initiator-only/pretest.dat
@@ -6,5 +6,6 @@ carol::ipsec start
dave::ipsec start
dave::expect-connection peer
dave::ipsec up peer
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/rw-ntru-psk/evaltest.dat b/testing/tests/ikev1/rw-ntru-psk/evaltest.dat
index 5622135..3a3de31 100644
--- a/testing/tests/ikev1/rw-ntru-psk/evaltest.dat
+++ b/testing/tests/ikev1/rw-ntru-psk/evaltest.dat
@@ -1,11 +1,11 @@
carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw-carol.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
moon:: ipsec statusall 2> /dev/null::rw-dave.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES
moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
diff --git a/testing/tests/ikev1/rw-ntru-psk/pretest.dat b/testing/tests/ikev1/rw-ntru-psk/pretest.dat
index e827687..1e38590 100644
--- a/testing/tests/ikev1/rw-ntru-psk/pretest.dat
+++ b/testing/tests/ikev1/rw-ntru-psk/pretest.dat
@@ -7,7 +7,9 @@ dave::rm /etc/ipsec.d/cacerts/*
carol::ipsec start
dave::ipsec start
moon::ipsec start
+moon::expect-connection rw-carol
carol::expect-connection home
carol::ipsec up home
+moon::expect-connection rw-dave
dave::expect-connection home
dave::ipsec up home
diff --git a/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat b/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat
index 2342d02..849d59a 100644
--- a/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat
+++ b/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/rw-psk-aggressive/pretest.dat b/testing/tests/ikev1/rw-psk-aggressive/pretest.dat
index ab5e18d..ee5bc7c 100644
--- a/testing/tests/ikev1/rw-psk-aggressive/pretest.dat
+++ b/testing/tests/ikev1/rw-psk-aggressive/pretest.dat
@@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat
index 77f5488..4dfc92f 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat
+++ b/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/rw-psk-fqdn/pretest.dat b/testing/tests/ikev1/rw-psk-fqdn/pretest.dat
index ab5e18d..0fb389d 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/pretest.dat
+++ b/testing/tests/ikev1/rw-psk-fqdn/pretest.dat
@@ -7,7 +7,9 @@ dave::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-carol
carol::expect-connection home
carol::ipsec up home
+moon::expect-connection rw-dave
dave::expect-connection home
dave::ipsec up home
diff --git a/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat
index df37719..4e08d59 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat
+++ b/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/rw-psk-ipv4/pretest.dat b/testing/tests/ikev1/rw-psk-ipv4/pretest.dat
index ab5e18d..0fb389d 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/pretest.dat
+++ b/testing/tests/ikev1/rw-psk-ipv4/pretest.dat
@@ -7,7 +7,9 @@ dave::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-carol
carol::expect-connection home
carol::ipsec up home
+moon::expect-connection rw-dave
dave::expect-connection home
dave::ipsec up home
diff --git a/testing/tests/ikev1/virtual-ip/evaltest.dat b/testing/tests/ikev1/virtual-ip/evaltest.dat
index 0f5df71..8da2ceb 100644
--- a/testing/tests/ikev1/virtual-ip/evaltest.dat
+++ b/testing/tests/ikev1/virtual-ip/evaltest.dat
@@ -14,12 +14,12 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::src PH_IP_CAROL1::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::src PH_IP_DAVE1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
-moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES
-moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES
+moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_.eq=1::YES
+moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/virtual-ip/pretest.dat b/testing/tests/ikev1/virtual-ip/pretest.dat
index 2d09e88..e87a8ee 100644
--- a/testing/tests/ikev1/virtual-ip/pretest.dat
+++ b/testing/tests/ikev1/virtual-ip/pretest.dat
@@ -1,9 +1,10 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat b/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat
index cd4ebd8..210072e 100644
--- a/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat
+++ b/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat
@@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YE
moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-id-psk-config/pretest.dat b/testing/tests/ikev1/xauth-id-psk-config/pretest.dat
index ab5e18d..ee5bc7c 100644
--- a/testing/tests/ikev1/xauth-id-psk-config/pretest.dat
+++ b/testing/tests/ikev1/xauth-id-psk-config/pretest.dat
@@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat
index 34c124c..b482ddb 100644
--- a/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat
+++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/pretest.dat b/testing/tests/ikev1/xauth-id-rsa-aggressive/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev1/xauth-id-rsa-aggressive/pretest.dat
+++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat
index 7604a15..13e4b26 100644
--- a/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat
+++ b/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat
@@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YE
moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat b/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat
index a55cf37..2eddae2 100644
--- a/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat
+++ b/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat
@@ -4,6 +4,8 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-carol
+moon::expect-connection rw-dave
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat
index 34c124c..b482ddb 100644
--- a/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat
+++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/pretest.dat b/testing/tests/ikev1/xauth-id-rsa-hybrid/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev1/xauth-id-rsa-hybrid/pretest.dat
+++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev1/xauth-psk/evaltest.dat b/testing/tests/ikev1/xauth-psk/evaltest.dat
index c6637cb..90cf05c 100644
--- a/testing/tests/ikev1/xauth-psk/evaltest.dat
+++ b/testing/tests/ikev1/xauth-psk/evaltest.dat
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
moon:: cat /var/log/daemon.log::XAuth authentication of.*carol at strongswan.org.*successful::YES
moon:: cat /var/log/daemon.log::XAuth authentication of.*dave at strongswan.org.*successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-psk/pretest.dat b/testing/tests/ikev1/xauth-psk/pretest.dat
index ab5e18d..ee5bc7c 100644
--- a/testing/tests/ikev1/xauth-psk/pretest.dat
+++ b/testing/tests/ikev1/xauth-psk/pretest.dat
@@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat
index fe148cd..1d023f3 100644
--- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat
+++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat
@@ -5,6 +5,6 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat
index c65fbda..b4c7637 100644
--- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat
+++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat
@@ -3,5 +3,6 @@ carol::iptables-restore < /etc/iptables.rules
alice::radiusd
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/xauth-rsa-radius/evaltest.dat b/testing/tests/ikev1/xauth-rsa-radius/evaltest.dat
index a88debd..7e11d2a 100644
--- a/testing/tests/ikev1/xauth-rsa-radius/evaltest.dat
+++ b/testing/tests/ikev1/xauth-rsa-radius/evaltest.dat
@@ -4,6 +4,6 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-rsa-radius/pretest.dat b/testing/tests/ikev1/xauth-rsa-radius/pretest.dat
index c65fbda..b4c7637 100644
--- a/testing/tests/ikev1/xauth-rsa-radius/pretest.dat
+++ b/testing/tests/ikev1/xauth-rsa-radius/pretest.dat
@@ -3,5 +3,6 @@ carol::iptables-restore < /etc/iptables.rules
alice::radiusd
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev1/xauth-rsa/evaltest.dat b/testing/tests/ikev1/xauth-rsa/evaltest.dat
index c6637cb..90cf05c 100644
--- a/testing/tests/ikev1/xauth-rsa/evaltest.dat
+++ b/testing/tests/ikev1/xauth-rsa/evaltest.dat
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
moon:: cat /var/log/daemon.log::XAuth authentication of.*carol at strongswan.org.*successful::YES
moon:: cat /var/log/daemon.log::XAuth authentication of.*dave at strongswan.org.*successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-rsa/pretest.dat b/testing/tests/ikev1/xauth-rsa/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev1/xauth-rsa/pretest.dat
+++ b/testing/tests/ikev1/xauth-rsa/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/acert-cached/evaltest.dat b/testing/tests/ikev2/acert-cached/evaltest.dat
index c0bb035..6d6b1d9 100644
--- a/testing/tests/ikev2/acert-cached/evaltest.dat
+++ b/testing/tests/ikev2/acert-cached/evaltest.dat
@@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro
moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::NO
moon::cat /var/log/daemon.log::constraint check failed: group membership to 'sales' required::YES
dave::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO
diff --git a/testing/tests/ikev2/acert-cached/pretest.dat b/testing/tests/ikev2/acert-cached/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev2/acert-cached/pretest.dat
+++ b/testing/tests/ikev2/acert-cached/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/acert-fallback/evaltest.dat b/testing/tests/ikev2/acert-fallback/evaltest.dat
index 17d83d1..8c4e9e2 100644
--- a/testing/tests/ikev2/acert-fallback/evaltest.dat
+++ b/testing/tests/ikev2/acert-fallback/evaltest.dat
@@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.
moon:: ipsec status 2> /dev/null::finance.*: ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::NO
moon:: ipsec status 2> /dev/null::sales.*: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
moon::cat /var/log/daemon.log::constraint check failed: group membership to 'finance' required::YES
-carol::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+carol::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/acert-fallback/pretest.dat b/testing/tests/ikev2/acert-fallback/pretest.dat
index de4acbb..084516a 100644
--- a/testing/tests/ikev2/acert-fallback/pretest.dat
+++ b/testing/tests/ikev2/acert-fallback/pretest.dat
@@ -2,5 +2,7 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection finance
+moon::expect-connection sales
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/acert-inline/evaltest.dat b/testing/tests/ikev2/acert-inline/evaltest.dat
index 98128e7..1363354 100644
--- a/testing/tests/ikev2/acert-inline/evaltest.dat
+++ b/testing/tests/ikev2/acert-inline/evaltest.dat
@@ -7,8 +7,8 @@ carol::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH,
dave::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O=Linux strongSwan, CN=strongSwan AA\"::YES
dave::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O=Linux strongSwan, CN=expired AA\"::YES
dave::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO
diff --git a/testing/tests/ikev2/acert-inline/pretest.dat b/testing/tests/ikev2/acert-inline/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev2/acert-inline/pretest.dat
+++ b/testing/tests/ikev2/acert-inline/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/after-2038-certs/evaltest.dat b/testing/tests/ikev2/after-2038-certs/evaltest.dat
index 427aa74..8c2c078 100644
--- a/testing/tests/ikev2/after-2038-certs/evaltest.dat
+++ b/testing/tests/ikev2/after-2038-certs/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/after-2038-certs/pretest.dat b/testing/tests/ikev2/after-2038-certs/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/after-2038-certs/pretest.dat
+++ b/testing/tests/ikev2/after-2038-certs/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-3des-md5/evaltest.dat b/testing/tests/ikev2/alg-3des-md5/evaltest.dat
index abd29e9..00465c2 100644
--- a/testing/tests/ikev2/alg-3des-md5/evaltest.dat
+++ b/testing/tests/ikev2/alg-3des-md5/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES
carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES
moon:: ip xfrm state::enc cbc(des3_ede)::YES
diff --git a/testing/tests/ikev2/alg-3des-md5/pretest.dat b/testing/tests/ikev2/alg-3des-md5/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/alg-3des-md5/pretest.dat
+++ b/testing/tests/ikev2/alg-3des-md5/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat
index 5a14b98..447445b 100644
--- a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat
+++ b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES
carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES
moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES
diff --git a/testing/tests/ikev2/alg-aes-ccm/pretest.dat b/testing/tests/ikev2/alg-aes-ccm/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/alg-aes-ccm/pretest.dat
+++ b/testing/tests/ikev2/alg-aes-ccm/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat
index 6a5203a..1bbaacf 100644
--- a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat
+++ b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES
carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES
moon:: ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES
diff --git a/testing/tests/ikev2/alg-aes-ctr/pretest.dat b/testing/tests/ikev2/alg-aes-ctr/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/alg-aes-ctr/pretest.dat
+++ b/testing/tests/ikev2/alg-aes-ctr/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat
index ce27fcc..487928c 100644
--- a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat
+++ b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES
carol::ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES
moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES
diff --git a/testing/tests/ikev2/alg-aes-gcm/pretest.dat b/testing/tests/ikev2/alg-aes-gcm/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/alg-aes-gcm/pretest.dat
+++ b/testing/tests/ikev2/alg-aes-gcm/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
index c896b5f..4b85484 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
+++ b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES
moon:: ip xfrm state::auth-trunc xcbc(aes)::YES
diff --git a/testing/tests/ikev2/alg-aes-xcbc/pretest.dat b/testing/tests/ikev2/alg-aes-xcbc/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/pretest.dat
+++ b/testing/tests/ikev2/alg-aes-xcbc/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-blowfish/evaltest.dat b/testing/tests/ikev2/alg-blowfish/evaltest.dat
index f76522c..106087b 100644
--- a/testing/tests/ikev2/alg-blowfish/evaltest.dat
+++ b/testing/tests/ikev2/alg-blowfish/evaltest.dat
@@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro
moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES
dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES
carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
diff --git a/testing/tests/ikev2/alg-blowfish/pretest.dat b/testing/tests/ikev2/alg-blowfish/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev2/alg-blowfish/pretest.dat
+++ b/testing/tests/ikev2/alg-blowfish/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat b/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat
index 893e94d..ab54ce1 100644
--- a/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat
+++ b/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305_256::YES
carol::ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305_256::YES
moon:: ipsec statusall 2> /dev/null::CHACHA20_POLY1305_256,::YES
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat b/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat
+++ b/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
index 5e4ab98..8bcba9a 100644
--- a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
+++ b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
@@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES
dave:: cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/alg-modp-subgroup/pretest.dat b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev2/alg-modp-subgroup/pretest.dat
+++ b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/alg-sha256-96/evaltest.dat b/testing/tests/ikev2/alg-sha256-96/evaltest.dat
index 8ad0fb2..c5ea03f 100644
--- a/testing/tests/ikev2/alg-sha256-96/evaltest.dat
+++ b/testing/tests/ikev2/alg-sha256-96/evaltest.dat
@@ -6,7 +6,7 @@ moon:: cat /var/log/daemon.log::received strongSwan vendor ID::YES
carol::cat /var/log/daemon.log::received strongSwan vendor ID::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES
moon:: ip xfrm state::auth-trunc hmac(sha256)::YES
diff --git a/testing/tests/ikev2/alg-sha256-96/pretest.dat b/testing/tests/ikev2/alg-sha256-96/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/alg-sha256-96/pretest.dat
+++ b/testing/tests/ikev2/alg-sha256-96/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-sha256/evaltest.dat b/testing/tests/ikev2/alg-sha256/evaltest.dat
index c826c3f..8bfcbc4 100644
--- a/testing/tests/ikev2/alg-sha256/evaltest.dat
+++ b/testing/tests/ikev2/alg-sha256/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES
moon:: ip xfrm state::auth-trunc hmac(sha256)::YES
diff --git a/testing/tests/ikev2/alg-sha256/pretest.dat b/testing/tests/ikev2/alg-sha256/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/alg-sha256/pretest.dat
+++ b/testing/tests/ikev2/alg-sha256/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-sha384/evaltest.dat b/testing/tests/ikev2/alg-sha384/evaltest.dat
index 3b24217..1148a18 100644
--- a/testing/tests/ikev2/alg-sha384/evaltest.dat
+++ b/testing/tests/ikev2/alg-sha384/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
moon:: ip xfrm state::auth-trunc hmac(sha384)::YES
diff --git a/testing/tests/ikev2/alg-sha384/pretest.dat b/testing/tests/ikev2/alg-sha384/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/alg-sha384/pretest.dat
+++ b/testing/tests/ikev2/alg-sha384/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-sha512/evaltest.dat b/testing/tests/ikev2/alg-sha512/evaltest.dat
index 6bdceeb..0b2a71a 100644
--- a/testing/tests/ikev2/alg-sha512/evaltest.dat
+++ b/testing/tests/ikev2/alg-sha512/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
moon:: ip xfrm state::auth-trunc hmac(sha512)::YES
diff --git a/testing/tests/ikev2/alg-sha512/pretest.dat b/testing/tests/ikev2/alg-sha512/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/alg-sha512/pretest.dat
+++ b/testing/tests/ikev2/alg-sha512/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/any-interface/pretest.dat b/testing/tests/ikev2/any-interface/pretest.dat
index 2f27224..2fb313a 100644
--- a/testing/tests/ikev2/any-interface/pretest.dat
+++ b/testing/tests/ikev2/any-interface/pretest.dat
@@ -4,6 +4,8 @@ alice::ipsec start
moon::ipsec start
sun::ipsec start
bob::ipsec start
+alice::expect-connection remote
+sun::expect-connection remote
moon::expect-connection alice
moon::ping -n -c 3 -W 1 -i 0.2 -s 8184 -p deadbeef PH_IP_ALICE
moon::ping -n -c 3 -W 1 -i 0.2 -s 8184 -p deadbeef PH_IP_SUN
diff --git a/testing/tests/ikev2/compress-nat/evaltest.dat b/testing/tests/ikev2/compress-nat/evaltest.dat
index 2c5db89..63bfe19 100644
--- a/testing/tests/ikev2/compress-nat/evaltest.dat
+++ b/testing/tests/ikev2/compress-nat/evaltest.dat
@@ -10,12 +10,12 @@ carol::cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES
alice::ip xfrm state::proto comp spi::YES
bob:: ip xfrm state::proto comp spi::YES
carol::ip xfrm state::proto comp spi::YES
-alice::ping -c 1 -s 8184 -p deadbeef PH_IP_CAROL::8192 bytes from PH_IP_CAROL: icmp_req=1::YES
-alice::ping -c 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=1::YES
-alice::ping -c 1 -s 8184 -p deadbeef PH_IP_BOB::8192 bytes from PH_IP_BOB: icmp_req=1::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-bob:: ping -c 1 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE: icmp_req=1::YES
-bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 -s 8184 -p deadbeef PH_IP_CAROL::8192 bytes from PH_IP_CAROL: icmp_.eq=1::YES
+alice::ping -c 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_.eq=1::YES
+alice::ping -c 1 -s 8184 -p deadbeef PH_IP_BOB::8192 bytes from PH_IP_BOB: icmp_.eq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+bob:: ping -c 1 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP moon.strongswan.org.* > carol.strongswan.org.*: UDP::YES
moon::tcpdump::IP carol.strongswan.org.* > moon.strongswan.org.*: UDP::YES
sun::tcpdump::IP sun.strongswan.org.* > carol.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/compress/pretest.dat b/testing/tests/ikev2/compress/pretest.dat
index 1fd37b6..5536d28 100644
--- a/testing/tests/ikev2/compress/pretest.dat
+++ b/testing/tests/ikev2/compress/pretest.dat
@@ -2,5 +2,6 @@ carol::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
carol::ipsec start
moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/config-payload-swapped/evaltest.dat b/testing/tests/ikev2/config-payload-swapped/evaltest.dat
index b6a1c96..b257017 100644
--- a/testing/tests/ikev2/config-payload-swapped/evaltest.dat
+++ b/testing/tests/ikev2/config-payload-swapped/evaltest.dat
@@ -3,13 +3,13 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev2/config-payload-swapped/pretest.dat b/testing/tests/ikev2/config-payload-swapped/pretest.dat
index 2d09e88..bdbe341 100644
--- a/testing/tests/ikev2/config-payload-swapped/pretest.dat
+++ b/testing/tests/ikev2/config-payload-swapped/pretest.dat
@@ -1,9 +1,10 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw-carol
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/config-payload/evaltest.dat b/testing/tests/ikev2/config-payload/evaltest.dat
index b46dfdd..9471f88 100644
--- a/testing/tests/ikev2/config-payload/evaltest.dat
+++ b/testing/tests/ikev2/config-payload/evaltest.dat
@@ -3,15 +3,15 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*by strongSwan::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*by strongSwan::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev2/config-payload/pretest.dat b/testing/tests/ikev2/config-payload/pretest.dat
index 2d09e88..bdbe341 100644
--- a/testing/tests/ikev2/config-payload/pretest.dat
+++ b/testing/tests/ikev2/config-payload/pretest.dat
@@ -1,9 +1,10 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw-carol
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/critical-extension/pretest.dat b/testing/tests/ikev2/critical-extension/pretest.dat
index 1732d6e..08ca6b5 100644
--- a/testing/tests/ikev2/critical-extension/pretest.dat
+++ b/testing/tests/ikev2/critical-extension/pretest.dat
@@ -3,4 +3,5 @@ sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
moon::expect-connection net-net
+sun::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/crl-from-cache/pretest.dat b/testing/tests/ikev2/crl-from-cache/pretest.dat
index d4141a3..c073160 100644
--- a/testing/tests/ikev2/crl-from-cache/pretest.dat
+++ b/testing/tests/ikev2/crl-from-cache/pretest.dat
@@ -4,5 +4,6 @@ carol::wget -q http://crl.strongswan.org/strongswan.crl
carol::mv strongswan.crl /etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/crl-ldap/pretest.dat b/testing/tests/ikev2/crl-ldap/pretest.dat
index 4eed5e0..6cb50d7 100644
--- a/testing/tests/ikev2/crl-ldap/pretest.dat
+++ b/testing/tests/ikev2/crl-ldap/pretest.dat
@@ -3,5 +3,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/crl-revoked/pretest.dat b/testing/tests/ikev2/crl-revoked/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev2/crl-revoked/pretest.dat
+++ b/testing/tests/ikev2/crl-revoked/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/crl-to-cache/pretest.dat b/testing/tests/ikev2/crl-to-cache/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev2/crl-to-cache/pretest.dat
+++ b/testing/tests/ikev2/crl-to-cache/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/default-keys/evaltest.dat b/testing/tests/ikev2/default-keys/evaltest.dat
index 4df2d1e..43d85d0 100644
--- a/testing/tests/ikev2/default-keys/evaltest.dat
+++ b/testing/tests/ikev2/default-keys/evaltest.dat
@@ -4,6 +4,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*CN=carol.*CN=moon::YES
moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*CN=moon.*CN=carol::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/default-keys/pretest.dat b/testing/tests/ikev2/default-keys/pretest.dat
index 9e291d2..8ae5062 100644
--- a/testing/tests/ikev2/default-keys/pretest.dat
+++ b/testing/tests/ikev2/default-keys/pretest.dat
@@ -15,5 +15,6 @@ moon::scp /etc/ipsec.d/certs/selfCert.der carol:/etc/ipsec.d/certs/peerCert.der
moon::scp carol:/etc/ipsec.d/certs/selfCert.der /etc/ipsec.d/certs/peerCert.der
moon::ipsec reload
carol::ipsec reload
+moon::expect-connection carol
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
index 9e53687..0c4914f 100644
--- a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
+++ b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
@@ -1,11 +1,11 @@
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_req=1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.50/32::YES
diff --git a/testing/tests/ikev2/dhcp-dynamic/posttest.dat b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
index f783127..d4a05b2 100644
--- a/testing/tests/ikev2/dhcp-dynamic/posttest.dat
+++ b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
@@ -2,7 +2,7 @@ moon::ipsec stop
carol::ipsec stop
dave::ipsec stop
venus::cat /var/state/dhcp/dhcpd.leases
-venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null
+venus::service isc-dhcp-server stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev2/dhcp-dynamic/pretest.dat b/testing/tests/ikev2/dhcp-dynamic/pretest.dat
index 3b22f29..ff3c04b 100644
--- a/testing/tests/ikev2/dhcp-dynamic/pretest.dat
+++ b/testing/tests/ikev2/dhcp-dynamic/pretest.dat
@@ -2,10 +2,11 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
venus::cat /etc/dhcp/dhcpd.conf
-venus::/etc/init.d/isc-dhcp-server start 2> /dev/null
+venus::service isc-dhcp-server start 2> /dev/null
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
index c95b69a..4492bb2 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
+++ b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
@@ -1,11 +1,11 @@
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES
diff --git a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat
index 7fff998..669f52e 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat
+++ b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat
@@ -1,7 +1,7 @@
moon::ipsec stop
carol::ipsec stop
dave::ipsec stop
-venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null
+venus::service isc-dhcp-server stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat
index 8eafe1a..ff3c04b 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat
+++ b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat
@@ -2,11 +2,12 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
venus::cat /etc/dhcp/dhcpd.conf
-venus::/etc/init.d/isc-dhcp-server start 2> /dev/null
+venus::service isc-dhcp-server start 2> /dev/null
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
-carol::expect-connection home
+dave::expect-connection home
dave::ipsec up home
diff --git a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
index c95b69a..4492bb2 100644
--- a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
+++ b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
@@ -1,11 +1,11 @@
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES
diff --git a/testing/tests/ikev2/dhcp-static-mac/posttest.dat b/testing/tests/ikev2/dhcp-static-mac/posttest.dat
index 7fff998..669f52e 100644
--- a/testing/tests/ikev2/dhcp-static-mac/posttest.dat
+++ b/testing/tests/ikev2/dhcp-static-mac/posttest.dat
@@ -1,7 +1,7 @@
moon::ipsec stop
carol::ipsec stop
dave::ipsec stop
-venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null
+venus::service isc-dhcp-server stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev2/dhcp-static-mac/pretest.dat b/testing/tests/ikev2/dhcp-static-mac/pretest.dat
index 3b22f29..ff3c04b 100644
--- a/testing/tests/ikev2/dhcp-static-mac/pretest.dat
+++ b/testing/tests/ikev2/dhcp-static-mac/pretest.dat
@@ -2,10 +2,11 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
venus::cat /etc/dhcp/dhcpd.conf
-venus::/etc/init.d/isc-dhcp-server start 2> /dev/null
+venus::service isc-dhcp-server start 2> /dev/null
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/double-nat-net/evaltest.dat b/testing/tests/ikev2/double-nat-net/evaltest.dat
index 8f5ffdb..af29ce7 100644
--- a/testing/tests/ikev2/double-nat-net/evaltest.dat
+++ b/testing/tests/ikev2/double-nat-net/evaltest.dat
@@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice at strongswan.org.*bob@
bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob at strongswan.org.*alice at strongswan.org::YES
alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
-alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_req=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/double-nat-net/pretest.dat b/testing/tests/ikev2/double-nat-net/pretest.dat
index d300a27..e58c234 100644
--- a/testing/tests/ikev2/double-nat-net/pretest.dat
+++ b/testing/tests/ikev2/double-nat-net/pretest.dat
@@ -7,5 +7,6 @@ sun::iptables -t nat -A PREROUTING -i eth0 -s PH_IP_MOON -p udp -j DNAT --to-des
sun::ip route add 10.1.0.0/16 via PH_IP_BOB
alice::ipsec start
bob::ipsec start
+bob::expect-connection nat-t
alice::expect-connection nat-t
alice::ipsec up nat-t
diff --git a/testing/tests/ikev2/double-nat/evaltest.dat b/testing/tests/ikev2/double-nat/evaltest.dat
index 5f06226..9032267 100644
--- a/testing/tests/ikev2/double-nat/evaltest.dat
+++ b/testing/tests/ikev2/double-nat/evaltest.dat
@@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice at strongswan.org.*bob@
bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob at strongswan.org.*alice at strongswan.org::YES
alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/double-nat/pretest.dat b/testing/tests/ikev2/double-nat/pretest.dat
index 6a861d2..6f74000 100644
--- a/testing/tests/ikev2/double-nat/pretest.dat
+++ b/testing/tests/ikev2/double-nat/pretest.dat
@@ -6,5 +6,6 @@ sun::iptables -t nat -A POSTROUTING -o eth0 -s 10.2.0.0/16 -p tcp -j SNAT --to-s
sun::iptables -t nat -A PREROUTING -i eth0 -s PH_IP_MOON -p udp -j DNAT --to-destination PH_IP_BOB
alice::ipsec start
bob::ipsec start
+bob::expect-connection nat-t
alice::expect-connection nat-t
alice::ipsec up nat-t
diff --git a/testing/tests/ikev2/dpd-clear/pretest.dat b/testing/tests/ikev2/dpd-clear/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev2/dpd-clear/pretest.dat
+++ b/testing/tests/ikev2/dpd-clear/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/dpd-hold/pretest.dat b/testing/tests/ikev2/dpd-hold/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev2/dpd-hold/pretest.dat
+++ b/testing/tests/ikev2/dpd-hold/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/dpd-restart/pretest.dat b/testing/tests/ikev2/dpd-restart/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev2/dpd-restart/pretest.dat
+++ b/testing/tests/ikev2/dpd-restart/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/dynamic-initiator/evaltest.dat b/testing/tests/ikev2/dynamic-initiator/evaltest.dat
index 3db70be..43ccdda 100644
--- a/testing/tests/ikev2/dynamic-initiator/evaltest.dat
+++ b/testing/tests/ikev2/dynamic-initiator/evaltest.dat
@@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES
moon:: cat /var/log/daemon.log::destroying duplicate IKE_SA for.*carol at strongswan.org.*received INITIAL_CONTACT::YES
moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dynamic-initiator/pretest.dat b/testing/tests/ikev2/dynamic-initiator/pretest.dat
index f354efe..18cbc45 100644
--- a/testing/tests/ikev2/dynamic-initiator/pretest.dat
+++ b/testing/tests/ikev2/dynamic-initiator/pretest.dat
@@ -1,9 +1,10 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection carol
carol::expect-connection moon
carol::ipsec up moon
carol::iptables -D INPUT -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT
diff --git a/testing/tests/ikev2/dynamic-two-peers/evaltest.dat b/testing/tests/ikev2/dynamic-two-peers/evaltest.dat
index 82d2e73..6666054 100644
--- a/testing/tests/ikev2/dynamic-two-peers/evaltest.dat
+++ b/testing/tests/ikev2/dynamic-two-peers/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::dave.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
diff --git a/testing/tests/ikev2/dynamic-two-peers/pretest.dat b/testing/tests/ikev2/dynamic-two-peers/pretest.dat
index ee0b156..8437153 100644
--- a/testing/tests/ikev2/dynamic-two-peers/pretest.dat
+++ b/testing/tests/ikev2/dynamic-two-peers/pretest.dat
@@ -3,9 +3,10 @@ moon::mv /etc/hosts.stale /etc/hosts
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection carol
carol::expect-connection moon
carol::ipsec up moon
dave::expect-connection moon
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
index d5d3bc0..293b5ab 100644
--- a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
carol::ip xfrm state::aead rfc4543(gcm(aes))::YES
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat
index 3665399..4e457f1 100644
--- a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat
+++ b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES
carol::ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES
moon:: ip xfrm state::auth-trunc hmac(md5)::YES
diff --git a/testing/tests/ikev2/esp-alg-md5-128/pretest.dat b/testing/tests/ikev2/esp-alg-md5-128/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/esp-alg-md5-128/pretest.dat
+++ b/testing/tests/ikev2/esp-alg-md5-128/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/esp-alg-null/evaltest.dat b/testing/tests/ikev2/esp-alg-null/evaltest.dat
index 1b9c6c2..d9888a1 100644
--- a/testing/tests/ikev2/esp-alg-null/evaltest.dat
+++ b/testing/tests/ikev2/esp-alg-null/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
moon:: ip xfrm state::enc ecb(cipher_null)::YES
diff --git a/testing/tests/ikev2/esp-alg-null/pretest.dat b/testing/tests/ikev2/esp-alg-null/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/esp-alg-null/pretest.dat
+++ b/testing/tests/ikev2/esp-alg-null/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat
index 00c3536..20a9cf9 100644
--- a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat
+++ b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES
carol::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES
moon:: ip xfrm state::auth-trunc hmac(sha1)::YES
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat b/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat
+++ b/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/farp/evaltest.dat b/testing/tests/ikev2/farp/evaltest.dat
index 891ec20..bffd142 100644
--- a/testing/tests/ikev2/farp/evaltest.dat
+++ b/testing/tests/ikev2/farp/evaltest.dat
@@ -1,11 +1,11 @@
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev2/farp/pretest.dat b/testing/tests/ikev2/farp/pretest.dat
index 1a98228..9a3ab8b 100644
--- a/testing/tests/ikev2/farp/pretest.dat
+++ b/testing/tests/ikev2/farp/pretest.dat
@@ -3,9 +3,10 @@ carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
alice::arp -d 10.1.0.30
alice::arp -d 10.1.0.40
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw-carol
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/force-udp-encaps/evaltest.dat b/testing/tests/ikev2/force-udp-encaps/evaltest.dat
index 36af646..f34225e 100644
--- a/testing/tests/ikev2/force-udp-encaps/evaltest.dat
+++ b/testing/tests/ikev2/force-udp-encaps/evaltest.dat
@@ -3,6 +3,6 @@ sun:: ipsec status 2> /dev/null::nat.t.*ESTABLISHED.*sun.strongswan.org.*alice@
alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
alice::cat /var/log/daemon.log::faking NAT situation to enforce UDP encapsulation::YES
-alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > alice.strongswan.org.*: UDP::YES
+alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > alice.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/force-udp-encaps/pretest.dat b/testing/tests/ikev2/force-udp-encaps/pretest.dat
index 87a7764..65b934f 100644
--- a/testing/tests/ikev2/force-udp-encaps/pretest.dat
+++ b/testing/tests/ikev2/force-udp-encaps/pretest.dat
@@ -4,5 +4,6 @@ sun::ip route add 10.1.0.0/16 via PH_IP_MOON
winnetou::ip route add 10.1.0.0/16 via PH_IP_MOON
alice::ipsec start
sun::ipsec start
+sun::expect-connection nat-t
alice::expect-connection nat-t
alice::ipsec up nat-t
diff --git a/testing/tests/ikev2/forecast/pretest.dat b/testing/tests/ikev2/forecast/pretest.dat
index 68a0c2c..9065f83 100644
--- a/testing/tests/ikev2/forecast/pretest.dat
+++ b/testing/tests/ikev2/forecast/pretest.dat
@@ -1,6 +1,7 @@
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/host2host-ah/evaltest.dat b/testing/tests/ikev2/host2host-ah/evaltest.dat
index 9269547..1e50ef4 100644
--- a/testing/tests/ikev2/host2host-ah/evaltest.dat
+++ b/testing/tests/ikev2/host2host-ah/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES
diff --git a/testing/tests/ikev2/host2host-ah/pretest.dat b/testing/tests/ikev2/host2host-ah/pretest.dat
index 997a481..36a8423 100644
--- a/testing/tests/ikev2/host2host-ah/pretest.dat
+++ b/testing/tests/ikev2/host2host-ah/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection host-host
moon::expect-connection host-host
moon::ipsec up host-host
diff --git a/testing/tests/ikev2/host2host-cert/evaltest.dat b/testing/tests/ikev2/host2host-cert/evaltest.dat
index 3305f45..e0c40ba 100644
--- a/testing/tests/ikev2/host2host-cert/evaltest.dat
+++ b/testing/tests/ikev2/host2host-cert/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/host2host-cert/pretest.dat b/testing/tests/ikev2/host2host-cert/pretest.dat
index 997a481..36a8423 100644
--- a/testing/tests/ikev2/host2host-cert/pretest.dat
+++ b/testing/tests/ikev2/host2host-cert/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection host-host
moon::expect-connection host-host
moon::ipsec up host-host
diff --git a/testing/tests/ikev2/host2host-swapped/evaltest.dat b/testing/tests/ikev2/host2host-swapped/evaltest.dat
index 3305f45..e0c40ba 100644
--- a/testing/tests/ikev2/host2host-swapped/evaltest.dat
+++ b/testing/tests/ikev2/host2host-swapped/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/host2host-swapped/pretest.dat b/testing/tests/ikev2/host2host-swapped/pretest.dat
index 997a481..36a8423 100644
--- a/testing/tests/ikev2/host2host-swapped/pretest.dat
+++ b/testing/tests/ikev2/host2host-swapped/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection host-host
moon::expect-connection host-host
moon::ipsec up host-host
diff --git a/testing/tests/ikev2/host2host-transport-connmark/evaltest.dat b/testing/tests/ikev2/host2host-transport-connmark/evaltest.dat
index 04a35c1..867ad96 100644
--- a/testing/tests/ikev2/host2host-transport-connmark/evaltest.dat
+++ b/testing/tests/ikev2/host2host-transport-connmark/evaltest.dat
@@ -5,3 +5,4 @@ venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TRANSPORT, reqid 1::YES
alice::ssh 192.168.0.2 'echo alice-echo && exit'::alice-echo::YES
venus::ssh 192.168.0.2 'echo venus-echo && exit'::venus-echo::YES
sun::iptables -t mangle -L -n -v
+sun::conntrack -L
diff --git a/testing/tests/ikev2/host2host-transport-connmark/pretest.dat b/testing/tests/ikev2/host2host-transport-connmark/pretest.dat
index ab64084..2c40b38 100644
--- a/testing/tests/ikev2/host2host-transport-connmark/pretest.dat
+++ b/testing/tests/ikev2/host2host-transport-connmark/pretest.dat
@@ -2,10 +2,11 @@ moon::iptables-restore < /etc/iptables.rules
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -j MASQUERADE
moon::iptables -A FORWARD -i eth1 -o eth0 -s 10.1.0.0/16 -j ACCEPT
moon::iptables -A FORWARD -i eth0 -o eth1 -d 10.1.0.0/16 -j ACCEPT
+sun::ipsec start
alice::ipsec start
venus::ipsec start
-sun::ipsec start
+sun::expect-connection nat-t
alice::expect-connection nat-t
-venus::expect-connection nat-t
alice::ipsec up nat-t
+venus::expect-connection nat-t
venus::ipsec up nat-t
diff --git a/testing/tests/ikev2/host2host-transport-nat/evaltest.dat b/testing/tests/ikev2/host2host-transport-nat/evaltest.dat
index 0ec50bc..4d0a63d 100644
--- a/testing/tests/ikev2/host2host-transport-nat/evaltest.dat
+++ b/testing/tests/ikev2/host2host-transport-nat/evaltest.dat
@@ -3,7 +3,7 @@ sun:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*sun.strongswan.org.*alice at s
alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TRANSPORT, reqid 1::YES
venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TRANSPORT, reqid 1::YES
sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TRANSPORT, reqid 1::YES
-alice::ping -c 1 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::NO
-venus::ping -c 1 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+alice::ping -c 1 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::NO
+venus::ping -c 1 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.*: UDP::YES
sun::tcpdump::IP sun.strongswan.org.* > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/host2host-transport-nat/pretest.dat b/testing/tests/ikev2/host2host-transport-nat/pretest.dat
index 2d26070..f7054cd 100644
--- a/testing/tests/ikev2/host2host-transport-nat/pretest.dat
+++ b/testing/tests/ikev2/host2host-transport-nat/pretest.dat
@@ -4,10 +4,11 @@ sun::iptables-restore < /etc/iptables.rules
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -j MASQUERADE
moon::iptables -A FORWARD -i eth1 -o eth0 -s 10.1.0.0/16 -j ACCEPT
moon::iptables -A FORWARD -i eth0 -o eth1 -d 10.1.0.0/16 -j ACCEPT
+sun::ipsec start
alice::ipsec start
venus::ipsec start
-sun::ipsec start
+sun::expect-connection nat-t
alice::expect-connection nat-t
-venus::expect-connection nat-t
alice::ipsec up nat-t
+venus::expect-connection nat-t
venus::ipsec up nat-t
diff --git a/testing/tests/ikev2/host2host-transport/evaltest.dat b/testing/tests/ikev2/host2host-transport/evaltest.dat
index fc49e57..98251d1 100644
--- a/testing/tests/ikev2/host2host-transport/evaltest.dat
+++ b/testing/tests/ikev2/host2host-transport/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/host2host-transport/pretest.dat b/testing/tests/ikev2/host2host-transport/pretest.dat
index 997a481..36a8423 100644
--- a/testing/tests/ikev2/host2host-transport/pretest.dat
+++ b/testing/tests/ikev2/host2host-transport/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection host-host
moon::expect-connection host-host
moon::ipsec up host-host
diff --git a/testing/tests/ikev2/inactivity-timeout/evaltest.dat b/testing/tests/ikev2/inactivity-timeout/evaltest.dat
index 76b45c2..102a147 100644
--- a/testing/tests/ikev2/inactivity-timeout/evaltest.dat
+++ b/testing/tests/ikev2/inactivity-timeout/evaltest.dat
@@ -1,8 +1,8 @@
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::sleep 11::NO
carol::cat /var/log/daemon.log::deleting CHILD_SA after 10 seconds of inactivity::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO
carol::ipsec status 2> /dev/null::home.*INSTALLED::NO
-carol::ping -c 1 -W 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 -W 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/ikev2/inactivity-timeout/pretest.dat b/testing/tests/ikev2/inactivity-timeout/pretest.dat
index ac7b8d9..8e4ceba 100644
--- a/testing/tests/ikev2/inactivity-timeout/pretest.dat
+++ b/testing/tests/ikev2/inactivity-timeout/pretest.dat
@@ -1,5 +1,6 @@
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/ip-pool-db/evaltest.dat b/testing/tests/ikev2/ip-pool-db/evaltest.dat
index 42e3530..925e9a1 100644
--- a/testing/tests/ikev2/ip-pool-db/evaltest.dat
+++ b/testing/tests/ikev2/ip-pool-db/evaltest.dat
@@ -6,7 +6,7 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES
dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
@@ -15,7 +15,7 @@ dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
moon:: cat /var/log/daemon.log::assigning virtual IP::YES
diff --git a/testing/tests/ikev2/ip-pool-db/pretest.dat b/testing/tests/ikev2/ip-pool-db/pretest.dat
index 337ccb2..c422045 100644
--- a/testing/tests/ikev2/ip-pool-db/pretest.dat
+++ b/testing/tests/ikev2/ip-pool-db/pretest.dat
@@ -10,6 +10,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/ip-pool-wish/evaltest.dat b/testing/tests/ikev2/ip-pool-wish/evaltest.dat
index 44310cd..2e8d1e6 100644
--- a/testing/tests/ikev2/ip-pool-wish/evaltest.dat
+++ b/testing/tests/ikev2/ip-pool-wish/evaltest.dat
@@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org.::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES
moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
moon:: cat /var/log/daemon.log::assigning virtual IP::YES
diff --git a/testing/tests/ikev2/ip-pool-wish/pretest.dat b/testing/tests/ikev2/ip-pool-wish/pretest.dat
index 2d09e88..e87a8ee 100644
--- a/testing/tests/ikev2/ip-pool-wish/pretest.dat
+++ b/testing/tests/ikev2/ip-pool-wish/pretest.dat
@@ -1,9 +1,10 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/ip-pool/evaltest.dat b/testing/tests/ikev2/ip-pool/evaltest.dat
index 8ea7960..7de5903 100644
--- a/testing/tests/ikev2/ip-pool/evaltest.dat
+++ b/testing/tests/ikev2/ip-pool/evaltest.dat
@@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES
moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
moon:: cat /var/log/daemon.log::assigning virtual IP::YES
diff --git a/testing/tests/ikev2/ip-pool/pretest.dat b/testing/tests/ikev2/ip-pool/pretest.dat
index 2d09e88..e87a8ee 100644
--- a/testing/tests/ikev2/ip-pool/pretest.dat
+++ b/testing/tests/ikev2/ip-pool/pretest.dat
@@ -1,9 +1,10 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/ip-split-pools-db/pretest.dat b/testing/tests/ikev2/ip-split-pools-db/pretest.dat
index f745763..5c6143d 100644
--- a/testing/tests/ikev2/ip-split-pools-db/pretest.dat
+++ b/testing/tests/ikev2/ip-split-pools-db/pretest.dat
@@ -3,9 +3,10 @@ moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
moon::ipsec pool --add pool0 --start 10.3.0.1 --end 10.3.0.1 --timeout 48 2> /dev/null
moon::ipsec pool --add pool1 --start 10.3.1.1 --end 10.3.1.1 --timeout 48 2> /dev/null
moon::ipsec pool --status 2> /dev/null
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat
index fdc3d4d..cf7ce20 100644
--- a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat
+++ b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat
@@ -28,10 +28,10 @@ carol::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/res
dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES
alice::cat /var/log/daemon.log::installing DNS server PH_IP_ALICE to /etc/resolv.conf::YES
venus::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS to /etc/resolv.conf::YES
-alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES
-alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_req=1::YES
-dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_req=1::YES
+alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_.eq=1::YES
+alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_.eq=1::YES
+dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_.eq=1::YES
alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
dave::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/ip-two-pools-db/pretest.dat b/testing/tests/ikev2/ip-two-pools-db/pretest.dat
index 2d8b28c..927de7d 100644
--- a/testing/tests/ikev2/ip-two-pools-db/pretest.dat
+++ b/testing/tests/ikev2/ip-two-pools-db/pretest.dat
@@ -18,6 +18,8 @@ alice::ipsec start
venus::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection int
+moon::expect-connection ext
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat
index 0d7a364..f632207 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat
+++ b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat
@@ -13,8 +13,8 @@ moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*
moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice at strongswan.org 2> /dev/null::online::YES
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES
-carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES
-alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES
carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat b/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat
index 5b32741..094dfd8 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat
+++ b/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat
@@ -7,6 +7,8 @@ alice::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
alice::ipsec start
+moon::expect-connection int
+moon::expect-connection ext
carol::expect-connection home
carol::ipsec up home
alice::expect-connection home
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/evaltest.dat b/testing/tests/ikev2/ip-two-pools-v4v6-db/evaltest.dat
index 0bf3500..7e343ef 100644
--- a/testing/tests/ikev2/ip-two-pools-v4v6-db/evaltest.dat
+++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/evaltest.dat
@@ -5,5 +5,5 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
carol::cat /var/log/daemon.log::installing new virtual IP fec3:\:1::YES
carol::cat /var/log/daemon.log::TS 10.3.0.1/32 fec3:\:1/128 === 10.1.0.0/16 fec1:\:/16::YES
-carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=1::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat b/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat
index 60af3bc..dcc47f5 100644
--- a/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat
+++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat
@@ -5,5 +5,6 @@ moon::ipsec pool --add v6_pool --start fec3:\:1 --end fec3:\:fe --timeout 48 2>
alice::ip -6 route add default via fec1:\:1
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat b/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat
index 0bf3500..7e343ef 100644
--- a/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat
@@ -5,5 +5,5 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
carol::cat /var/log/daemon.log::installing new virtual IP fec3:\:1::YES
carol::cat /var/log/daemon.log::TS 10.3.0.1/32 fec3:\:1/128 === 10.1.0.0/16 fec1:\:/16::YES
-carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=1::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat b/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat
index 7eb81b6..9ceefe7 100644
--- a/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat
@@ -1,5 +1,6 @@
alice::ip -6 route add default via fec1:\:1
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/ip-two-pools/evaltest.dat b/testing/tests/ikev2/ip-two-pools/evaltest.dat
index fad3781..b620538 100644
--- a/testing/tests/ikev2/ip-two-pools/evaltest.dat
+++ b/testing/tests/ikev2/ip-two-pools/evaltest.dat
@@ -14,8 +14,8 @@ moon:: ipsec leases 10.3.0.0/28 PH_IP_CAROL1 2> /dev/null::carol at strongswan.org:
moon:: ipsec leases 10.4.0.0/28 10.4.0.1 2> /dev/null::alice at strongswan.org::YES
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES
-carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES
-alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES
carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/ip-two-pools/pretest.dat b/testing/tests/ikev2/ip-two-pools/pretest.dat
index 3aa610b..8fb8dfb 100644
--- a/testing/tests/ikev2/ip-two-pools/pretest.dat
+++ b/testing/tests/ikev2/ip-two-pools/pretest.dat
@@ -4,6 +4,8 @@ alice::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
alice::ipsec start
+moon::expect-connection int
+moon::expect-connection ext
carol::expect-connection home
carol::ipsec up home
alice::expect-connection home
diff --git a/testing/tests/ikev2/lookip/evaltest.dat b/testing/tests/ikev2/lookip/evaltest.dat
index 6846617..0c4b2c7 100644
--- a/testing/tests/ikev2/lookip/evaltest.dat
+++ b/testing/tests/ikev2/lookip/evaltest.dat
@@ -1,11 +1,11 @@
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec lookip --lookup PH_IP_CAROL1 2> /dev/null::192.168.0.100.*rw\[1].*carol at strongswan.org::YES
moon:: ipsec lookip --lookup PH_IP_DAVE1 2> /dev/null::192.168.0.200.*rw\[2].*dave at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
diff --git a/testing/tests/ikev2/lookip/pretest.dat b/testing/tests/ikev2/lookip/pretest.dat
index 2d09e88..618bf36 100644
--- a/testing/tests/ikev2/lookip/pretest.dat
+++ b/testing/tests/ikev2/lookip/pretest.dat
@@ -1,9 +1,11 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/mobike-nat/evaltest.dat b/testing/tests/ikev2/mobike-nat/evaltest.dat
index c71e3f7..2afe13e 100644
--- a/testing/tests/ikev2/mobike-nat/evaltest.dat
+++ b/testing/tests/ikev2/mobike-nat/evaltest.dat
@@ -2,14 +2,14 @@ alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::
sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
alice::ifdown eth1::No output expected::NO
alice::sleep 1::No output expected::NO
alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES
alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
moon::tcpdump::moon.strongswan.org.*sun.strongswan.org.*: UDP-encap: ESP.*seq=0x2::YES
diff --git a/testing/tests/ikev2/mobike-nat/pretest.dat b/testing/tests/ikev2/mobike-nat/pretest.dat
index 68df1b5..ece8912 100644
--- a/testing/tests/ikev2/mobike-nat/pretest.dat
+++ b/testing/tests/ikev2/mobike-nat/pretest.dat
@@ -6,4 +6,5 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-
alice::ipsec start
sun::ipsec start
alice::expect-connection mobike
+sun::expect-connection mobike
alice::ipsec up mobike
diff --git a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat
index 17593ef..6bef4a5 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat
+++ b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat
@@ -2,14 +2,14 @@ alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*192.168.0.50.*PH_IP_SUN::
sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*192.168.0.50::YES
alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
alice::ifdown eth1::No output expected::NO
alice::sleep 1::No output expected::NO
alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
moon::tcpdump::alice.strongswan.org.*sun.strongswan.org.*: ESP.*seq=0x2::YES
diff --git a/testing/tests/ikev2/mobike-virtual-ip/pretest.dat b/testing/tests/ikev2/mobike-virtual-ip/pretest.dat
index 8197296..3e376d2 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/pretest.dat
+++ b/testing/tests/ikev2/mobike-virtual-ip/pretest.dat
@@ -5,4 +5,5 @@ sun::ip route add 10.1.0.0/16 via PH_IP_MOON
alice::ipsec start
sun::ipsec start
alice::expect-connection mobike
+sun::expect-connection mobike
alice::ipsec up mobike
diff --git a/testing/tests/ikev2/mobike/evaltest.dat b/testing/tests/ikev2/mobike/evaltest.dat
index e346404..4c0d0dd 100644
--- a/testing/tests/ikev2/mobike/evaltest.dat
+++ b/testing/tests/ikev2/mobike/evaltest.dat
@@ -2,14 +2,14 @@ alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*192.168.0.50.*PH_IP_SUN::
sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*192.168.0.50::YES
alice::ipsec statusall 2> /dev/null::192.168.0.50/32 === 10.2.0.0/16::YES
sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 192.168.0.50/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
alice::ifdown eth1::No output expected::NO
alice::sleep 1::No output expected::NO
alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
alice::ipsec statusall 2> /dev/null::PH_IP_ALICE/32 === 10.2.0.0/16::YES
sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
moon::tcpdump::alice.strongswan.org.*sun.strongswan.org: ESP.*seq=0x2::YES
diff --git a/testing/tests/ikev2/mobike/pretest.dat b/testing/tests/ikev2/mobike/pretest.dat
index 8197296..3e376d2 100644
--- a/testing/tests/ikev2/mobike/pretest.dat
+++ b/testing/tests/ikev2/mobike/pretest.dat
@@ -5,4 +5,5 @@ sun::ip route add 10.1.0.0/16 via PH_IP_MOON
alice::ipsec start
sun::ipsec start
alice::expect-connection mobike
+sun::expect-connection mobike
alice::ipsec up mobike
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat
index eb20c7f..db17d1e 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat
@@ -6,7 +6,7 @@ moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES
moon:: cat /var/log/daemon.log::authentication of .*228060123456001 at strongswan.org.* with EAP successful::YES
moon:: ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456001 at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*228060123456001 at strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::cat /var/log/daemon.log::authentication of .*dave at strongswan.org.* with RSA.* successful::YES
@@ -18,4 +18,4 @@ moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer 22806012345600
moon::ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456002 at strongswan.org::NO
dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
dave::ipsec status 2> /dev/null::home.*ESTABLISHED::NO
-dave::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+dave::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat
index 07ffe10..9ffd27f 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat
@@ -8,6 +8,7 @@ alice::radiusd
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-mult
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat b/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat
index bee9bc7..dc6991d 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat
@@ -1,6 +1,8 @@
carol::ipsec start
dave::ipsec start
moon::ipsec start
+carol::expect-connection alice
+dave::expect-connection venus
moon::expect-connection alice
moon::expect-connection venus
moon::ipsec up alice
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat b/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat
index be0051e..95ca1e5 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat
@@ -1,6 +1,8 @@
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection alice
+moon::expect-connection venus
carol::expect-connection alice
carol::ipsec up alice
dave::expect-connection venus
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat b/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat
index d9ed527..815d7be 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat
+++ b/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat
@@ -3,6 +3,8 @@ moon::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection alice
+moon::expect-connection venus
carol::expect-connection alice
carol::expect-connection venus
carol::ipsec up alice
diff --git a/testing/tests/ikev2/multi-level-ca-loop/pretest.dat b/testing/tests/ikev2/multi-level-ca-loop/pretest.dat
index 3407743..b71c416 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/pretest.dat
+++ b/testing/tests/ikev2/multi-level-ca-loop/pretest.dat
@@ -1,5 +1,6 @@
moon::rm /etc/ipsec.d/cacerts/strongswanCert.pem
carol::ipsec start
moon::ipsec start
+moon::expect-connection alice
carol::expect-connection alice
carol::ipsec up alice
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat b/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat
index 8230de0..a063a24 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat
@@ -1,4 +1,5 @@
carol::ipsec start
moon::ipsec start
+moon::expect-connection duck
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat b/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat
index 3a1982f..1d847c0 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat
+++ b/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection alice
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/multi-level-ca-strict/pretest.dat b/testing/tests/ikev2/multi-level-ca-strict/pretest.dat
index 2134d6b..91ade79 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/pretest.dat
+++ b/testing/tests/ikev2/multi-level-ca-strict/pretest.dat
@@ -1,6 +1,8 @@
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection alice
+moon::expect-connection venus
carol::expect-connection alice
carol::expect-connection venus
carol::ipsec up alice
diff --git a/testing/tests/ikev2/multi-level-ca/pretest.dat b/testing/tests/ikev2/multi-level-ca/pretest.dat
index 2134d6b..91ade79 100644
--- a/testing/tests/ikev2/multi-level-ca/pretest.dat
+++ b/testing/tests/ikev2/multi-level-ca/pretest.dat
@@ -1,6 +1,8 @@
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection alice
+moon::expect-connection venus
carol::expect-connection alice
carol::expect-connection venus
carol::ipsec up alice
diff --git a/testing/tests/ikev2/nat-rw-mark/evaltest.dat b/testing/tests/ikev2/nat-rw-mark/evaltest.dat
index c5390fb..33a975a 100644
--- a/testing/tests/ikev2/nat-rw-mark/evaltest.dat
+++ b/testing/tests/ikev2/nat-rw-mark/evaltest.dat
@@ -6,12 +6,12 @@ sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@
sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES
sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES
sun:: ipsec statusall 2> /dev/null::venus.*10.2.0.0/16 === 10.1.0.0/25::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.4500: UDP::YES
-moon::tcpdump::IP moon.strongswan.org.4520.* > sun.strongswan.org.4500: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4510.*: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4520.*: UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES
+moon::tcpdump::IP moon.strongswan.org.4520.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.4510.*: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.4520.*: UDP::YES
bob::tcpdump::PH_IP_CAROL10 > bob.strongswan.org: ICMP echo request::YES
bob::tcpdump::PH_IP_DAVE10 > bob.strongswan.org: ICMP echo request::YES
bob::tcpdump::bob.strongswan.org > PH_IP_CAROL10: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/nat-rw-mark/pretest.dat b/testing/tests/ikev2/nat-rw-mark/pretest.dat
index 9d68e3c..e3dfc65 100644
--- a/testing/tests/ikev2/nat-rw-mark/pretest.dat
+++ b/testing/tests/ikev2/nat-rw-mark/pretest.dat
@@ -13,6 +13,8 @@ sun::iptables -t mangle -A PREROUTING -d PH_IP_DAVE10 -j MARK --set-mark 20
sun::ipsec start
alice::ipsec start
venus::ipsec start
+sun::expect-connection alice
+sun::expect-connection venus
alice::expect-connection nat-t
alice::ipsec up nat-t
venus::expect-connection nat-t
diff --git a/testing/tests/ikev2/nat-rw-psk/evaltest.dat b/testing/tests/ikev2/nat-rw-psk/evaltest.dat
index 86fc197..fbcb631 100644
--- a/testing/tests/ikev2/nat-rw-psk/evaltest.dat
+++ b/testing/tests/ikev2/nat-rw-psk/evaltest.dat
@@ -3,7 +3,7 @@ venus::ipsec status 2> /dev/null::nat-t.*INSTALLED. TUNNEL.*ESP in UDP::YES
sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_ALICE\]::YES
sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_VENUS\]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/nat-rw-psk/pretest.dat b/testing/tests/ikev2/nat-rw-psk/pretest.dat
index e52bc9d..1798d27 100644
--- a/testing/tests/ikev2/nat-rw-psk/pretest.dat
+++ b/testing/tests/ikev2/nat-rw-psk/pretest.dat
@@ -9,6 +9,7 @@ sun::rm /etc/ipsec.d/cacerts/*
sun::ipsec start
alice::ipsec start
venus::ipsec start
+sun::expect-connection nat-t
alice::expect-connection nat-t
alice::ipsec up nat-t
venus::expect-connection nat-t
diff --git a/testing/tests/ikev2/nat-rw/evaltest.dat b/testing/tests/ikev2/nat-rw/evaltest.dat
index 36d9f84..2d265b0 100644
--- a/testing/tests/ikev2/nat-rw/evaltest.dat
+++ b/testing/tests/ikev2/nat-rw/evaltest.dat
@@ -6,13 +6,13 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL.*ESP in UDP::YES
sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL.*ESP in UDP::YES
sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL.*ESP in UDP::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
moon:: sleep 6::no output expected::NO
-bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: isakmp-nat-keep-alive::YES
+bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): isakmp-nat-keep-alive::YES
alice::cat /var/log/daemon.log::sending keep alive::YES
venus::cat /var/log/daemon.log::sending keep alive::YES
diff --git a/testing/tests/ikev2/nat-rw/pretest.dat b/testing/tests/ikev2/nat-rw/pretest.dat
index e3d9fc8..36d23b5 100644
--- a/testing/tests/ikev2/nat-rw/pretest.dat
+++ b/testing/tests/ikev2/nat-rw/pretest.dat
@@ -3,9 +3,10 @@ venus::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
+sun::ipsec start
alice::ipsec start
venus::ipsec start
-sun::ipsec start
+sun::expect-connection nat-t
alice::expect-connection nat-t
alice::ipsec up nat-t
venus::expect-connection nat-t
diff --git a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat
index c60ffc7..d4910ea 100644
--- a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat
+++ b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat
@@ -1,7 +1,7 @@
moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
bob::tcpdump::IP alice2.strongswan.org > bob.strongswan.org: ICMP::YES
diff --git a/testing/tests/ikev2/nat-virtual-ip/pretest.dat b/testing/tests/ikev2/nat-virtual-ip/pretest.dat
index 1732d6e..08ca6b5 100644
--- a/testing/tests/ikev2/nat-virtual-ip/pretest.dat
+++ b/testing/tests/ikev2/nat-virtual-ip/pretest.dat
@@ -3,4 +3,5 @@ sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
moon::expect-connection net-net
+sun::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-ah/evaltest.dat b/testing/tests/ikev2/net2net-ah/evaltest.dat
index c5f2b1e..1cfc450 100644
--- a/testing/tests/ikev2/net2net-ah/evaltest.dat
+++ b/testing/tests/ikev2/net2net-ah/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES
moon::ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES
diff --git a/testing/tests/ikev2/net2net-ah/pretest.dat b/testing/tests/ikev2/net2net-ah/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/ikev2/net2net-ah/pretest.dat
+++ b/testing/tests/ikev2/net2net-ah/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat b/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat
index 65737ba..91451e9 100644
--- a/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat
+++ b/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat
@@ -4,6 +4,6 @@ sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-cert-sha2/pretest.dat b/testing/tests/ikev2/net2net-cert-sha2/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/ikev2/net2net-cert-sha2/pretest.dat
+++ b/testing/tests/ikev2/net2net-cert-sha2/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-cert/evaltest.dat b/testing/tests/ikev2/net2net-cert/evaltest.dat
index 2b37cad..fe4aa5a 100644
--- a/testing/tests/ikev2/net2net-cert/evaltest.dat
+++ b/testing/tests/ikev2/net2net-cert/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-cert/pretest.dat b/testing/tests/ikev2/net2net-cert/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/ikev2/net2net-cert/pretest.dat
+++ b/testing/tests/ikev2/net2net-cert/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-dnscert/evaltest.dat b/testing/tests/ikev2/net2net-dnscert/evaltest.dat
index effc9bc..7e6b8d1 100644
--- a/testing/tests/ikev2/net2net-dnscert/evaltest.dat
+++ b/testing/tests/ikev2/net2net-dnscert/evaltest.dat
@@ -4,6 +4,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-dnscert/pretest.dat b/testing/tests/ikev2/net2net-dnscert/pretest.dat
index f2cbf6a..c7e2c61 100644
--- a/testing/tests/ikev2/net2net-dnscert/pretest.dat
+++ b/testing/tests/ikev2/net2net-dnscert/pretest.dat
@@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-dnssec/evaltest.dat b/testing/tests/ikev2/net2net-dnssec/evaltest.dat
index 389cac7..f5a1a5d 100644
--- a/testing/tests/ikev2/net2net-dnssec/evaltest.dat
+++ b/testing/tests/ikev2/net2net-dnssec/evaltest.dat
@@ -4,6 +4,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-dnssec/pretest.dat b/testing/tests/ikev2/net2net-dnssec/pretest.dat
index f2cbf6a..c7e2c61 100644
--- a/testing/tests/ikev2/net2net-dnssec/pretest.dat
+++ b/testing/tests/ikev2/net2net-dnssec/pretest.dat
@@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-esn/pretest.dat b/testing/tests/ikev2/net2net-esn/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/ikev2/net2net-esn/pretest.dat
+++ b/testing/tests/ikev2/net2net-esn/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-fragmentation/evaltest.dat b/testing/tests/ikev2/net2net-fragmentation/evaltest.dat
index c7437c8..c6a8ff5 100644
--- a/testing/tests/ikev2/net2net-fragmentation/evaltest.dat
+++ b/testing/tests/ikev2/net2net-fragmentation/evaltest.dat
@@ -10,6 +10,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-fragmentation/pretest.dat b/testing/tests/ikev2/net2net-fragmentation/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/ikev2/net2net-fragmentation/pretest.dat
+++ b/testing/tests/ikev2/net2net-fragmentation/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/evaltest.dat b/testing/tests/ikev2/net2net-ntru-bandwidth/evaltest.dat
index 69b5ef7..2fc102f 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/evaltest.dat
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/evaltest.dat
@@ -4,6 +4,6 @@ moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
moon::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
sun::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat b/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-ntru-cert/evaltest.dat b/testing/tests/ikev2/net2net-ntru-cert/evaltest.dat
index 78d2bff..1ac624e 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/evaltest.dat
+++ b/testing/tests/ikev2/net2net-ntru-cert/evaltest.dat
@@ -4,6 +4,6 @@ moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
moon::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES
sun::ipsec statusall 2> /dev/null::net-net.*IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/NTRU_256::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-ntru-cert/pretest.dat b/testing/tests/ikev2/net2net-ntru-cert/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/pretest.dat
+++ b/testing/tests/ikev2/net2net-ntru-cert/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat
index 460c659..468c5f7 100644
--- a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat
+++ b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*71:27:04:32:cd:76:3a:18:
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun <sun.strongswan.org>.*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-pgp-v3/pretest.dat b/testing/tests/ikev2/net2net-pgp-v3/pretest.dat
index f2cbf6a..c7e2c61 100644
--- a/testing/tests/ikev2/net2net-pgp-v3/pretest.dat
+++ b/testing/tests/ikev2/net2net-pgp-v3/pretest.dat
@@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat
index f74eb6a..99bbcf7 100644
--- a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat
+++ b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*b4:
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*b4:2f:31:fe:c8:0a:e3:26:4a:10:1c:85:97:7a:04:ac:8d:16:38:d3.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-pgp-v4/pretest.dat b/testing/tests/ikev2/net2net-pgp-v4/pretest.dat
index f2cbf6a..c7e2c61 100644
--- a/testing/tests/ikev2/net2net-pgp-v4/pretest.dat
+++ b/testing/tests/ikev2/net2net-pgp-v4/pretest.dat
@@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-pkcs12/evaltest.dat b/testing/tests/ikev2/net2net-pkcs12/evaltest.dat
index 2b37cad..fe4aa5a 100644
--- a/testing/tests/ikev2/net2net-pkcs12/evaltest.dat
+++ b/testing/tests/ikev2/net2net-pkcs12/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-pkcs12/pretest.dat b/testing/tests/ikev2/net2net-pkcs12/pretest.dat
index fd1ce37..3f3f7d1 100644
--- a/testing/tests/ikev2/net2net-pkcs12/pretest.dat
+++ b/testing/tests/ikev2/net2net-pkcs12/pretest.dat
@@ -4,7 +4,8 @@ sun::rm /etc/ipsec.d/private/sunKey.pem
sun::rm /etc/ipsec.d/cacerts/strongswanCert.pem
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat
index 113c3d9..cc5483e 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat
+++ b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*moon-be.*sun-be::YES
moon:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*moon-ef.*sun-ef::YES
sun:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*sun-be.*moon-be::YES
sun:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*sun-ef.*moon-ef::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-psk-dscp/pretest.dat b/testing/tests/ikev2/net2net-psk-dscp/pretest.dat
index ef3eb9e..925b773 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/pretest.dat
+++ b/testing/tests/ikev2/net2net-psk-dscp/pretest.dat
@@ -10,9 +10,10 @@ bob::iptables -t mangle -A OUTPUT -d PH_IP_ALICE -p icmp -j DSCP --set-dscp-clas
bob::iptables -t mangle -A OUTPUT -d PH_IP_VENUS -p icmp -j DSCP --set-dscp-class EF
sun::iptables -t mangle -A PREROUTING -m dscp --dscp-class BE -j MARK --set-mark 10
sun::iptables -t mangle -A PREROUTING -m dscp --dscp-class EF -j MARK --set-mark 20
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection dscp-ef
moon::expect-connection dscp-be
-moon::expect-connection dscp-ef
moon::ipsec up dscp-be
+moon::expect-connection dscp-ef
moon::ipsec up dscp-ef
diff --git a/testing/tests/ikev2/net2net-psk-fail/pretest.dat b/testing/tests/ikev2/net2net-psk-fail/pretest.dat
index f2cbf6a..c7e2c61 100644
--- a/testing/tests/ikev2/net2net-psk-fail/pretest.dat
+++ b/testing/tests/ikev2/net2net-psk-fail/pretest.dat
@@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-psk/evaltest.dat b/testing/tests/ikev2/net2net-psk/evaltest.dat
index 2b37cad..fe4aa5a 100644
--- a/testing/tests/ikev2/net2net-psk/evaltest.dat
+++ b/testing/tests/ikev2/net2net-psk/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-psk/pretest.dat b/testing/tests/ikev2/net2net-psk/pretest.dat
index f2cbf6a..c7e2c61 100644
--- a/testing/tests/ikev2/net2net-psk/pretest.dat
+++ b/testing/tests/ikev2/net2net-psk/pretest.dat
@@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-pubkey/evaltest.dat b/testing/tests/ikev2/net2net-pubkey/evaltest.dat
index bc03a39..d39cb07 100644
--- a/testing/tests/ikev2/net2net-pubkey/evaltest.dat
+++ b/testing/tests/ikev2/net2net-pubkey/evaltest.dat
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-pubkey/pretest.dat b/testing/tests/ikev2/net2net-pubkey/pretest.dat
index 0f4ae0f..969c423 100644
--- a/testing/tests/ikev2/net2net-pubkey/pretest.dat
+++ b/testing/tests/ikev2/net2net-pubkey/pretest.dat
@@ -4,5 +4,6 @@ moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
sun::ipsec start
-moon::sleep 2
+moon::expect-connection net-net
+sun::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat
index e8e1a46..ae970ba 100644
--- a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat
+++ b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat
@@ -10,6 +10,6 @@ sun:: cat /var/log/daemon.log::subject address block fec0:\:1/128 is contained
sun:: cat /var/log/daemon.log::subject address block fec1:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES
moon:: cat /var/log/daemon.log::TS 10.2.0.0/16 is contained in address block constraint 10.2.0.0/16::YES
sun:: cat /var/log/daemon.log::TS 10.1.0.0/16 is contained in address block constraint 10.1.0.0/16::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-rfc3779/pretest.dat b/testing/tests/ikev2/net2net-rfc3779/pretest.dat
index 1732d6e..16eb9a6 100644
--- a/testing/tests/ikev2/net2net-rfc3779/pretest.dat
+++ b/testing/tests/ikev2/net2net-rfc3779/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-route/evaltest.dat b/testing/tests/ikev2/net2net-route/evaltest.dat
index 77ab6e7..3b247fd 100644
--- a/testing/tests/ikev2/net2net-route/evaltest.dat
+++ b/testing/tests/ikev2/net2net-route/evaltest.dat
@@ -3,6 +3,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-route/pretest.dat b/testing/tests/ikev2/net2net-route/pretest.dat
index a1c5670..57dc45f 100644
--- a/testing/tests/ikev2/net2net-route/pretest.dat
+++ b/testing/tests/ikev2/net2net-route/pretest.dat
@@ -3,4 +3,5 @@ sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
moon::expect-connection net-net
+sun::expect-connection net-net
alice::ping -c 3 -W 1 -i 0.2 PH_IP_BOB
diff --git a/testing/tests/ikev2/net2net-rsa/evaltest.dat b/testing/tests/ikev2/net2net-rsa/evaltest.dat
index bc03a39..d39cb07 100644
--- a/testing/tests/ikev2/net2net-rsa/evaltest.dat
+++ b/testing/tests/ikev2/net2net-rsa/evaltest.dat
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-rsa/pretest.dat b/testing/tests/ikev2/net2net-rsa/pretest.dat
index f2cbf6a..c7e2c61 100644
--- a/testing/tests/ikev2/net2net-rsa/pretest.dat
+++ b/testing/tests/ikev2/net2net-rsa/pretest.dat
@@ -2,7 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-same-nets/evaltest.dat b/testing/tests/ikev2/net2net-same-nets/evaltest.dat
index 3b479ce..f0e3588 100644
--- a/testing/tests/ikev2/net2net-same-nets/evaltest.dat
+++ b/testing/tests/ikev2/net2net-same-nets/evaltest.dat
@@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_req=1::YES
-bob:: ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_req=1::YES
+alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_.eq=1::YES
+bob:: ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
bob::tcpdump::IP 10.9.0.10 > bob.strongswan.org: ICMP echo request::YES
diff --git a/testing/tests/ikev2/net2net-same-nets/pretest.dat b/testing/tests/ikev2/net2net-same-nets/pretest.dat
index 1732d6e..08ca6b5 100644
--- a/testing/tests/ikev2/net2net-same-nets/pretest.dat
+++ b/testing/tests/ikev2/net2net-same-nets/pretest.dat
@@ -3,4 +3,5 @@ sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
moon::expect-connection net-net
+sun::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-start/evaltest.dat b/testing/tests/ikev2/net2net-start/evaltest.dat
index f003f82..5c4aa85 100644
--- a/testing/tests/ikev2/net2net-start/evaltest.dat
+++ b/testing/tests/ikev2/net2net-start/evaltest.dat
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/ocsp-local-cert/pretest.dat b/testing/tests/ikev2/ocsp-local-cert/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev2/ocsp-local-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-local-cert/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/ocsp-multi-level/pretest.dat b/testing/tests/ikev2/ocsp-multi-level/pretest.dat
index be0051e..eedd737 100644
--- a/testing/tests/ikev2/ocsp-multi-level/pretest.dat
+++ b/testing/tests/ikev2/ocsp-multi-level/pretest.dat
@@ -1,6 +1,7 @@
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection alice
carol::expect-connection alice
carol::ipsec up alice
dave::expect-connection venus
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
index 6296b4e..903d1e9 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
@@ -1,5 +1,6 @@
moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/ocsp-revoked/pretest.dat b/testing/tests/ikev2/ocsp-revoked/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev2/ocsp-revoked/pretest.dat
+++ b/testing/tests/ikev2/ocsp-revoked/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/ocsp-root-cert/pretest.dat b/testing/tests/ikev2/ocsp-root-cert/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev2/ocsp-root-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-root-cert/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/ocsp-signer-cert/pretest.dat b/testing/tests/ikev2/ocsp-signer-cert/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-signer-cert/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat b/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat
index be0051e..eedd737 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat
@@ -1,6 +1,7 @@
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection alice
carol::expect-connection alice
carol::ipsec up alice
dave::expect-connection venus
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat b/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat
+++ b/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat b/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat
index a43ba35..0c9d5a9 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-
carol::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
index 6296b4e..903d1e9 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
@@ -1,5 +1,6 @@
moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/protoport-dual/evaltest.dat b/testing/tests/ikev2/protoport-dual/evaltest.dat
index cf45f3b..7d367e3 100644
--- a/testing/tests/ikev2/protoport-dual/evaltest.dat
+++ b/testing/tests/ikev2/protoport-dual/evaltest.dat
@@ -2,8 +2,8 @@ carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/protoport-dual/pretest.dat b/testing/tests/ikev2/protoport-dual/pretest.dat
index 4759fdb..02f4aa8 100644
--- a/testing/tests/ikev2/protoport-dual/pretest.dat
+++ b/testing/tests/ikev2/protoport-dual/pretest.dat
@@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-icmp
+moon::expect-connection rw-ssh
carol::expect-connection home-icmp
carol::expect-connection home-ssh
carol::ipsec up home-icmp
diff --git a/testing/tests/ikev2/protoport-route/evaltest.dat b/testing/tests/ikev2/protoport-route/evaltest.dat
index 75c5479..f4b0c77 100644
--- a/testing/tests/ikev2/protoport-route/evaltest.dat
+++ b/testing/tests/ikev2/protoport-route/evaltest.dat
@@ -1,5 +1,5 @@
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq::YES
carol::ssh PH_IP_ALICE hostname::alice::YES
carol::cat /var/log/daemon.log::creating acquire job::YES
carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED::YES
diff --git a/testing/tests/ikev2/protoport-route/pretest.dat b/testing/tests/ikev2/protoport-route/pretest.dat
index 433d0cf..8e2c73e 100644
--- a/testing/tests/ikev2/protoport-route/pretest.dat
+++ b/testing/tests/ikev2/protoport-route/pretest.dat
@@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-icmp
+moon::expect-connection rw-ssh
carol::expect-connection home-icmp
carol::expect-connection home-ssh
carol::ssh PH_IP_ALICE hostname
diff --git a/testing/tests/ikev2/reauth-early/evaltest.dat b/testing/tests/ikev2/reauth-early/evaltest.dat
index dbc6f8d..dadde17 100644
--- a/testing/tests/ikev2/reauth-early/evaltest.dat
+++ b/testing/tests/ikev2/reauth-early/evaltest.dat
@@ -1,6 +1,6 @@
moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 30s, scheduling reauthentication in 25s::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/reauth-early/pretest.dat b/testing/tests/ikev2/reauth-early/pretest.dat
index d3ce70e..656de74 100644
--- a/testing/tests/ikev2/reauth-early/pretest.dat
+++ b/testing/tests/ikev2/reauth-early/pretest.dat
@@ -2,6 +2,7 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
carol::sleep 30
diff --git a/testing/tests/ikev2/reauth-late/evaltest.dat b/testing/tests/ikev2/reauth-late/evaltest.dat
index 205a4d9..d6a9809 100644
--- a/testing/tests/ikev2/reauth-late/evaltest.dat
+++ b/testing/tests/ikev2/reauth-late/evaltest.dat
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*caro
carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::cat /var/log/daemon.log::scheduling reauthentication in 2[0-5]s::YES
carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 360[01]s, reauthentication already scheduled in 2[0-5]s::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/reauth-late/pretest.dat b/testing/tests/ikev2/reauth-late/pretest.dat
index d3ce70e..656de74 100644
--- a/testing/tests/ikev2/reauth-late/pretest.dat
+++ b/testing/tests/ikev2/reauth-late/pretest.dat
@@ -2,6 +2,7 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
carol::sleep 30
diff --git a/testing/tests/ikev2/reauth-mbb-revoked/pretest.dat b/testing/tests/ikev2/reauth-mbb-revoked/pretest.dat
index 3a1982f..d7f7959 100644
--- a/testing/tests/ikev2/reauth-mbb-revoked/pretest.dat
+++ b/testing/tests/ikev2/reauth-mbb-revoked/pretest.dat
@@ -1,4 +1,5 @@
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat b/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat
+++ b/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/reauth-mbb/pretest.dat b/testing/tests/ikev2/reauth-mbb/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/ikev2/reauth-mbb/pretest.dat
+++ b/testing/tests/ikev2/reauth-mbb/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/redirect-active/evaltest.dat b/testing/tests/ikev2/redirect-active/evaltest.dat
index 6d84173..1c90344 100644
--- a/testing/tests/ikev2/redirect-active/evaltest.dat
+++ b/testing/tests/ikev2/redirect-active/evaltest.dat
@@ -2,8 +2,8 @@ alice::ipsec status 2> /dev/null::rw\[1].*ESTABLISHED.*mars.strongswan.org.*caro
alice::ipsec status 2> /dev/null::rw\[2].*ESTABLISHED.*mars.strongswan.org.*dave at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*mars.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*mars.strongswan.org::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
alice::swanctl --redirect --peer-ip PH_IP_CAROL --gateway 192.168.0.1::redirect completed successfully::YES
alice::swanctl --redirect --peer-id dave at strongswan.org --gateway moon.strongswan.org::redirect completed successfully::YES
carol::sleep 1::No output expected::NO
@@ -12,8 +12,8 @@ dave::cat /var/log/daemon.log::redirected to moon.strongswan.org::YES
moon::cat /var/log/daemon.log::client got redirected from 192.168.0.5::YES
moon::ipsec status 2> /dev/null::rw\[1].*ESTABLISHED.*mars.strongswan.org.*carol at strongswan.org::YES
moon::ipsec status 2> /dev/null::rw\[2].*ESTABLISHED.*mars.strongswan.org.*dave at strongswan.org::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
carol::tcpdump::IP carol.strongswan.org > mars.strongswan.org: ESP::YES
carol::tcpdump::IP mars.strongswan.org > carol.strongswan.org: ESP::NO
carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/redirect-active/pretest.dat b/testing/tests/ikev2/redirect-active/pretest.dat
index 3f7ac1d..5a02bdd 100644
--- a/testing/tests/ikev2/redirect-active/pretest.dat
+++ b/testing/tests/ikev2/redirect-active/pretest.dat
@@ -8,6 +8,9 @@ moon::ipsec start
alice::ipsec start
carol::ipsec start
dave::ipsec start
-carol::sleep 1
+moon::expect-connection rw
+alice::expect-connection rw
+carol::expect-connection home
carol::ipsec up home
+dave::expect-connection home
dave::ipsec up home
diff --git a/testing/tests/ikev2/rw-cert/evaltest.dat b/testing/tests/ikev2/rw-cert/evaltest.dat
index ba66197..be78c51 100644
--- a/testing/tests/ikev2/rw-cert/evaltest.dat
+++ b/testing/tests/ikev2/rw-cert/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-dnssec/evaltest.dat b/testing/tests/ikev2/rw-dnssec/evaltest.dat
index 49183fb..ea7103a 100644
--- a/testing/tests/ikev2/rw-dnssec/evaltest.dat
+++ b/testing/tests/ikev2/rw-dnssec/evaltest.dat
@@ -2,12 +2,12 @@ carol::cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*moon
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol.strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave.strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*carol.strongswan.org::YES
moon:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*dave.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
diff --git a/testing/tests/ikev2/rw-dnssec/posttest.dat b/testing/tests/ikev2/rw-dnssec/posttest.dat
index 3d55e09..17572e0 100644
--- a/testing/tests/ikev2/rw-dnssec/posttest.dat
+++ b/testing/tests/ikev2/rw-dnssec/posttest.dat
@@ -4,9 +4,9 @@ dave::ipsec stop
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
-moon:rm /etc/resolv.conf
-carol:rm /etc/resolv.conf
-dave:rm /etc/resolv.conf
-moon:rm /etc/ipsec.d/dnssec.key
-carol:rm /etc/ipsec.d/dnssec.key
-dave:rm /etc/ipse.cd/dnssec.key
+moon::rm /etc/resolv.conf
+carol::rm /etc/resolv.conf
+dave::rm /etc/resolv.conf
+moon::rm /etc/ipsec.d/dnssec.keys
+carol::rm /etc/ipsec.d/dnssec.keys
+dave::rm /etc/ipsec.d/dnssec.keys
diff --git a/testing/tests/ikev2/rw-dnssec/pretest.dat b/testing/tests/ikev2/rw-dnssec/pretest.dat
index ab5e18d..ee5bc7c 100644
--- a/testing/tests/ikev2/rw-dnssec/pretest.dat
+++ b/testing/tests/ikev2/rw-dnssec/pretest.dat
@@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat
index 20f1f13..25871f8 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat
@@ -7,7 +7,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat
index de4acbb..1578796 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat
index 77e306b..795164c 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat
@@ -6,7 +6,7 @@ moon:: ipsec status 2> /dev/null::rw-eap-aka.*ESTABLISHED.*moon.strongswan.org.*
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap-aka.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat
index de4acbb..ee46730 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap-aka
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat b/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat
index e09765f..ab2068a 100644
--- a/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat
@@ -15,8 +15,8 @@ moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-dynamic/pretest.dat b/testing/tests/ikev2/rw-eap-dynamic/pretest.dat
index a55cf37..dccf854 100644
--- a/testing/tests/ikev2/rw-eap-dynamic/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-dynamic/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-framed-ip-radius/evaltest.dat
index 10ce861..7416e55 100644
--- a/testing/tests/ikev2/rw-eap-framed-ip-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/evaltest.dat
@@ -18,8 +18,8 @@ dave ::ipsec status 2> /dev/null::home.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswan
moon ::ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED, TUNNEL::YES
dave ::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave ::cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat b/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat
index 98bf0b1..fa2d7ee 100644
--- a/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat
@@ -5,6 +5,7 @@ alice::radiusd
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat
index 47a4977..1bf1455 100644
--- a/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat
@@ -18,8 +18,8 @@ dave ::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswa
moon ::ipsec status 2> /dev/null::accounting.*INSTALLED, TUNNEL::YES
dave ::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::NO
dave ::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat
index 8893e01..3031396 100644
--- a/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat
@@ -5,6 +5,8 @@ alice::radiusd
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection research
+moon::expect-connection accounting
carol::expect-connection alice
carol::expect-connection venus
carol::ipsec up alice
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat
index 5853deb..37206c7 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat
@@ -8,7 +8,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[PH
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[PH_IP_CAROL].*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat
index d44910d..16f90ec 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat
@@ -2,6 +2,7 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec stroke user-creds home carol "Ar3etTnp"
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat
index 109407b..60a5a77 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat
@@ -7,7 +7,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat
index c65fbda..b27673c 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat
@@ -3,5 +3,6 @@ carol::iptables-restore < /etc/iptables.rules
alice::radiusd
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat
index 49045c9..f3e5aa0 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat
@@ -6,6 +6,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat
index c65fbda..b27673c 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat
@@ -3,5 +3,6 @@ carol::iptables-restore < /etc/iptables.rules
alice::radiusd
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
index 88ab87d..d4617bf 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
@@ -5,7 +5,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat
index de4acbb..1578796 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat
index 892fdd6..e72426b 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat
@@ -7,7 +7,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[PH
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[PH_IP_CAROL].*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat
index de4acbb..1578796 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat
index 4ed5257..6b609f8 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat
@@ -18,6 +18,6 @@ moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED::NO
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat b/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat
index a55cf37..dccf854 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat
index fc75e1c..f77c31c 100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat
@@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave at stronswan.org::NO
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat b/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat
index a55cf37..dccf854 100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat
index d3d97dc..edfb7cd 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat
@@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::NO
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat b/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat
index 98bf0b1..fa2d7ee 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat
@@ -5,6 +5,7 @@ alice::radiusd
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat
index 0dfc89e..e7d9786 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat
@@ -7,6 +7,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat
index fa11647..122ee22 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat
@@ -5,5 +5,6 @@ carol::cat /etc/ipsec.d/triplets.dat
alice::radiusd
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat
index 4f8f728..8502d7a 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat
@@ -4,7 +4,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP
moon:: cat /var/log/daemon.log::authentication of 'carol at strongswan.org' with EAP successful::YES
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave at strongswan.org' failed::YES
@@ -12,4 +12,4 @@ moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave at strongsw
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::NO
dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat
index a204f88..960352c 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat
@@ -11,6 +11,7 @@ alice::radiusd
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat
index 01aed24..0c9c2b4 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat
@@ -4,7 +4,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP
moon:: cat /var/log/daemon.log::authentication of 'carol at strongswan.org' with EAP successful::YES
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave at strongswan.org' failed::YES
@@ -12,4 +12,4 @@ moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave at strongsw
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::NO
dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat
index fdb50fc..52d5962 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat
@@ -11,6 +11,7 @@ alice::radiusd
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat
index f33e7bc..17e3157 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat
@@ -5,6 +5,6 @@ moon:: ipsec status 2> /dev/null::rw-eap-sim.*ESTABLISHED.*moon.strongswan.org.*
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap-sim.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat
index 3e05e4e..71cab1f 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat
@@ -4,5 +4,6 @@ moon::cat /etc/ipsec.d/triplets.dat
carol::cat /etc/ipsec.d/triplets.dat
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap-sim
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat
index 314769b..df58881 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat
@@ -4,6 +4,6 @@ carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, C
moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=carol at d.strongswan.org' with EAP successful::YES
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat b/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat
index 7ed2021..bbf5c61 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat
@@ -4,5 +4,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat
index 06d4dd9..b2e3ce6 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat
@@ -5,6 +5,6 @@ carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=
moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol at strongswan.org' with EAP successful::YES
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-tls-only/pretest.dat b/testing/tests/ikev2/rw-eap-tls-only/pretest.dat
index de4acbb..1578796 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-tls-only/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat
index 75349b0..b53b085 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat
@@ -4,6 +4,6 @@ carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=
moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol at strongswan.org' with EAP successful::YES
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
index 4c778a7..50f0389 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
@@ -4,3 +4,6 @@ charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
}
+libtls {
+ suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+}
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat b/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat
index c65fbda..b27673c 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat
@@ -3,5 +3,6 @@ carol::iptables-restore < /etc/iptables.rules
alice::radiusd
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat
index d22dd18..2285608 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat
@@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave at stronswan.org::NO
carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat b/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat
index a55cf37..dccf854 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat
index d22dd18..2285608 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat
@@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave at stronswan.org::NO
carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat
index a55cf37..dccf854 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat
index f250c0c..4be6164 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat
@@ -14,7 +14,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave at strongswan.org::NO
carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat b/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat
index 98bf0b1..fa2d7ee 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat
@@ -5,6 +5,7 @@ alice::radiusd
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat
index 7a9a709..3c0aaf0 100644
--- a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat
+++ b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat
@@ -10,8 +10,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-hash-and-url/pretest.dat b/testing/tests/ikev2/rw-hash-and-url/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev2/rw-hash-and-url/pretest.dat
+++ b/testing/tests/ikev2/rw-hash-and-url/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-initiator-only/evaltest.dat b/testing/tests/ikev2/rw-initiator-only/evaltest.dat
index 80fd7c5..c5dc4a0 100644
--- a/testing/tests/ikev2/rw-initiator-only/evaltest.dat
+++ b/testing/tests/ikev2/rw-initiator-only/evaltest.dat
@@ -3,6 +3,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-initiator-only/pretest.dat b/testing/tests/ikev2/rw-initiator-only/pretest.dat
index 4660c29..290f57e 100644
--- a/testing/tests/ikev2/rw-initiator-only/pretest.dat
+++ b/testing/tests/ikev2/rw-initiator-only/pretest.dat
@@ -4,7 +4,8 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
-carol::expect-connection peer
+moon::expect-connection rw
+dave::expect-connection peer
dave::ipsec up peer
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat
index 26b2620..489c6d2 100644
--- a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat
+++ b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat
@@ -4,8 +4,8 @@ sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@
sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES
sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES
sun:: ipsec statusall 2> /dev/null::venus.*10.2.0.0/16 === 10.1.0.0/25::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
moon::tcpdump::IP alice.strongswan.org > sun.strongswan.org: ESP::YES
moon::tcpdump::IP venus.strongswan.org > sun.strongswan.org: ESP::YES
moon::tcpdump::IP sun.strongswan.org > alice.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-mark-in-out/pretest.dat b/testing/tests/ikev2/rw-mark-in-out/pretest.dat
index 7288314..2418263 100644
--- a/testing/tests/ikev2/rw-mark-in-out/pretest.dat
+++ b/testing/tests/ikev2/rw-mark-in-out/pretest.dat
@@ -7,9 +7,10 @@ sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to PH_IP
sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to PH_IP_DAVE10
sun::iptables -t mangle -A PREROUTING -d PH_IP_CAROL10 -j MARK --set-mark 11
sun::iptables -t mangle -A PREROUTING -d PH_IP_DAVE10 -j MARK --set-mark 21
+sun::ipsec start
alice::ipsec start
venus::ipsec start
-sun::ipsec start
+sun::expect-connection alice
alice::expect-connection home
alice::ipsec up home
venus::expect-connection home
diff --git a/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat b/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat
index 72f3a0e..ebb738c 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat
+++ b/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat
@@ -2,12 +2,12 @@ carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLI
carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES
dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: cat /var/log/daemon.log::authentication of.*carol at strongswan.org.*with BLISS_WITH_SHA2_256 successful::YES
moon:: cat /var/log/daemon.log::authentication of.*dave at strongswan.org.*with BLISS_WITH_SHA2_384 successful::YES
moon:: ipsec statusall 2> /dev/null::rw\[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
diff --git a/testing/tests/ikev2/rw-ntru-bliss/pretest.dat b/testing/tests/ikev2/rw-ntru-bliss/pretest.dat
index c0f963d..058b3c3 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/pretest.dat
+++ b/testing/tests/ikev2/rw-ntru-bliss/pretest.dat
@@ -4,9 +4,10 @@ dave::iptables-restore < /etc/iptables.rules
moon::rm /etc/ipsec.d/cacerts/strongswanCert.pem
carol::rm /etc/ipsec.d/cacerts/strongswanCert.pem
dave::rm /etc/ipsec.d/cacerts/strongswanCert.pem
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-ntru-psk/evaltest.dat b/testing/tests/ikev2/rw-ntru-psk/evaltest.dat
index 938157c..6d5d1cd 100644
--- a/testing/tests/ikev2/rw-ntru-psk/evaltest.dat
+++ b/testing/tests/ikev2/rw-ntru-psk/evaltest.dat
@@ -1,11 +1,11 @@
carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw\[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES
moon:: ipsec statusall 2> /dev/null::rw\[2]: IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
diff --git a/testing/tests/ikev2/rw-ntru-psk/pretest.dat b/testing/tests/ikev2/rw-ntru-psk/pretest.dat
index e827687..1b38f32 100644
--- a/testing/tests/ikev2/rw-ntru-psk/pretest.dat
+++ b/testing/tests/ikev2/rw-ntru-psk/pretest.dat
@@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/*
carol::ipsec start
dave::ipsec start
moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-pkcs8/evaltest.dat b/testing/tests/ikev2/rw-pkcs8/evaltest.dat
index 2342d02..849d59a 100644
--- a/testing/tests/ikev2/rw-pkcs8/evaltest.dat
+++ b/testing/tests/ikev2/rw-pkcs8/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-pkcs8/pretest.dat b/testing/tests/ikev2/rw-pkcs8/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev2/rw-pkcs8/pretest.dat
+++ b/testing/tests/ikev2/rw-pkcs8/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat
index 2fbcc47..a5aa06b 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat
@@ -7,8 +7,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-psk-fqdn/pretest.dat b/testing/tests/ikev2/rw-psk-fqdn/pretest.dat
index ab5e18d..ee5bc7c 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/pretest.dat
+++ b/testing/tests/ikev2/rw-psk-fqdn/pretest.dat
@@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat
index 2bd97b7..0c8c311 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-psk-ipv4/pretest.dat b/testing/tests/ikev2/rw-psk-ipv4/pretest.dat
index ab5e18d..ee5bc7c 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/pretest.dat
+++ b/testing/tests/ikev2/rw-psk-ipv4/pretest.dat
@@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat
index 2342d02..849d59a 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-psk-no-idr/pretest.dat b/testing/tests/ikev2/rw-psk-no-idr/pretest.dat
index ab5e18d..ee5bc7c 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/pretest.dat
+++ b/testing/tests/ikev2/rw-psk-no-idr/pretest.dat
@@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat
index 55b2957..ecd86f8 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat
@@ -6,8 +6,8 @@ moon:: cat /var/log/daemon.log::authentication of 'dave at strongswan.org' with RSA
moon:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA.* successful::YES
moon:: ipsec status 2> /dev/null::rw-rsasig.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave at strongswan.org.*moon.strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat
index 08b891a..c6d53d0 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat
@@ -5,6 +5,8 @@ carol::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw-rsasig
+moon::expect-connection rw-psk
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat
index 1206ea4..e3d58e1 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat
@@ -9,8 +9,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat b/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat
+++ b/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/rw-radius-accounting/pretest.dat b/testing/tests/ikev2/rw-radius-accounting/pretest.dat
index d262296..7ec7c12 100644
--- a/testing/tests/ikev2/rw-radius-accounting/pretest.dat
+++ b/testing/tests/ikev2/rw-radius-accounting/pretest.dat
@@ -4,5 +4,6 @@ alice::rm /var/log/freeradius/radacct/PH_IP_MOON1/*
alice::radiusd
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/ikev2/rw-sig-auth/evaltest.dat b/testing/tests/ikev2/rw-sig-auth/evaltest.dat
index 261475f..5e264c5 100644
--- a/testing/tests/ikev2/rw-sig-auth/evaltest.dat
+++ b/testing/tests/ikev2/rw-sig-auth/evaltest.dat
@@ -12,8 +12,8 @@ dave ::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswa
moon ::ipsec status 2> /dev/null::accounting.*INSTALLED, TUNNEL::YES
dave ::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::NO
dave ::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-sig-auth/pretest.dat b/testing/tests/ikev2/rw-sig-auth/pretest.dat
index 9c26ea1..eb31a1f 100644
--- a/testing/tests/ikev2/rw-sig-auth/pretest.dat
+++ b/testing/tests/ikev2/rw-sig-auth/pretest.dat
@@ -4,6 +4,8 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection research
+moon::expect-connection accounting
carol::expect-connection alice
carol::expect-connection venus
carol::ipsec up alice
diff --git a/testing/tests/ikev2/rw-whitelist/evaltest.dat b/testing/tests/ikev2/rw-whitelist/evaltest.dat
index a9917bc..f27e6a0 100644
--- a/testing/tests/ikev2/rw-whitelist/evaltest.dat
+++ b/testing/tests/ikev2/rw-whitelist/evaltest.dat
@@ -3,10 +3,10 @@ moon:: cat /var/log/daemon.log::authentication of 'carol at strongswan.org' with RS
moon:: cat /var/log/daemon.log::authentication of 'dave at strongswan.org' with RSA.* successful::YES
moon:: cat /var/log/daemon.log::peer identity 'dave at strongswan.org' not whitelisted::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::NO
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/evaltest.dat b/testing/tests/ikev2/shunt-policies-nat-rw/evaltest.dat
index 4d36673..67014c5 100644
--- a/testing/tests/ikev2/shunt-policies-nat-rw/evaltest.dat
+++ b/testing/tests/ikev2/shunt-policies-nat-rw/evaltest.dat
@@ -2,11 +2,11 @@ alice::ipsec status 2> /dev/null::local-net.*PASS::YES
venus::ipsec status 2> /dev/null::local-net.*PASS::YES
alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice at strongswan.org.*sun.strongswan.org::YES
venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES
alice::tcpdump::IP alice.strongswan.org > venus.strongswan.org: ICMP::YES
alice::tcpdump::IP venus.strongswan.org > alice.strongswan.org: ICMP::YES
\ No newline at end of file
diff --git a/testing/tests/ikev2/strong-keys-certs/evaltest.dat b/testing/tests/ikev2/strong-keys-certs/evaltest.dat
index 2342d02..849d59a 100644
--- a/testing/tests/ikev2/strong-keys-certs/evaltest.dat
+++ b/testing/tests/ikev2/strong-keys-certs/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/strong-keys-certs/pretest.dat b/testing/tests/ikev2/strong-keys-certs/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/ikev2/strong-keys-certs/pretest.dat
+++ b/testing/tests/ikev2/strong-keys-certs/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/trap-any/evaltest.dat b/testing/tests/ikev2/trap-any/evaltest.dat
index 27df31f..6484c04 100644
--- a/testing/tests/ikev2/trap-any/evaltest.dat
+++ b/testing/tests/ikev2/trap-any/evaltest.dat
@@ -1,9 +1,9 @@
-moon::ping -c 2 -W 1 -i 0.4 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=2::YES
-moon::ping -c 2 -W 1 -i 0.4 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=2::YES
-sun::ping -c 2 -W 1 -i 0.4 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=2::YES
-dave::ping -c 2 -W 1 -i 0.4 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=2::YES
-dave::ping -c 2 -W 1 -i 0.4 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=2::YES
-dave::ping -c 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=1::YES
+moon::ping -c 2 -W 1 -i 0.4 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=2::YES
+moon::ping -c 2 -W 1 -i 0.4 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_.eq=2::YES
+sun::ping -c 2 -W 1 -i 0.4 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_.eq=2::YES
+dave::ping -c 2 -W 1 -i 0.4 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=2::YES
+dave::ping -c 2 -W 1 -i 0.4 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=2::YES
+dave::ping -c 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_.eq=1::YES
moon::ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_MOON.*PH_IP_SUN::YES
moon::ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_MOON.*PH_IP_CAROL::YES
moon::ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_MOON.*PH_IP_DAVE::YES
diff --git a/testing/tests/ikev2/two-certs/evaltest.dat b/testing/tests/ikev2/two-certs/evaltest.dat
index 2b4476a..422c76e 100644
--- a/testing/tests/ikev2/two-certs/evaltest.dat
+++ b/testing/tests/ikev2/two-certs/evaltest.dat
@@ -1,11 +1,11 @@
moon:: cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::YES
moon:: cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol at strongswan.org::YES
moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/two-certs/pretest.dat b/testing/tests/ikev2/two-certs/pretest.dat
index 5936eda..ead4b6b 100644
--- a/testing/tests/ikev2/two-certs/pretest.dat
+++ b/testing/tests/ikev2/two-certs/pretest.dat
@@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection alice
+moon::expect-connection venus
carol::expect-connection alice
carol::expect-connection venus
carol::ipsec up alice
diff --git a/testing/tests/ikev2/virtual-ip-override/pretest.dat b/testing/tests/ikev2/virtual-ip-override/pretest.dat
index 2d09e88..bdbe341 100644
--- a/testing/tests/ikev2/virtual-ip-override/pretest.dat
+++ b/testing/tests/ikev2/virtual-ip-override/pretest.dat
@@ -1,9 +1,10 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw-carol
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/virtual-ip/evaltest.dat b/testing/tests/ikev2/virtual-ip/evaltest.dat
index 0f5df71..8da2ceb 100644
--- a/testing/tests/ikev2/virtual-ip/evaltest.dat
+++ b/testing/tests/ikev2/virtual-ip/evaltest.dat
@@ -14,12 +14,12 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::src PH_IP_CAROL1::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::src PH_IP_DAVE1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
-moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES
-moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES
+moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_.eq=1::YES
+moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/virtual-ip/pretest.dat b/testing/tests/ikev2/virtual-ip/pretest.dat
index 2d09e88..e87a8ee 100644
--- a/testing/tests/ikev2/virtual-ip/pretest.dat
+++ b/testing/tests/ikev2/virtual-ip/pretest.dat
@@ -1,9 +1,10 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
carol::ipsec start
dave::ipsec start
-moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/ikev2/wildcards/pretest.dat b/testing/tests/ikev2/wildcards/pretest.dat
index 2134d6b..96acd25 100644
--- a/testing/tests/ikev2/wildcards/pretest.dat
+++ b/testing/tests/ikev2/wildcards/pretest.dat
@@ -1,6 +1,8 @@
carol::ipsec start
dave::ipsec start
moon::ipsec start
+moon::expect-connection alice
+moon::expect-connection venus
carol::expect-connection alice
carol::expect-connection venus
carol::ipsec up alice
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat
index 151b73c..ee9e22e 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat
index 151b73c..ee9e22e 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/libipsec/host2host-cert/evaltest.dat b/testing/tests/libipsec/host2host-cert/evaltest.dat
index 105c2a4..77c2528 100644
--- a/testing/tests/libipsec/host2host-cert/evaltest.dat
+++ b/testing/tests/libipsec/host2host-cert/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
-sun::tcpdump::IP moon.strongswan.org.4500 > sun.strongswan.org.4500: UDP-encap: ESP::YES
-sun::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
+sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown
index f7ec064..9ca3bae 100755
--- a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown
+++ b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/updown
@@ -441,6 +441,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -465,6 +473,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -504,6 +519,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -547,6 +571,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown
index f7ec064..9ca3bae 100755
--- a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown
+++ b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/updown
@@ -441,6 +441,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -465,6 +473,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -504,6 +519,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -547,6 +571,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/testing/tests/libipsec/host2host-cert/pretest.dat b/testing/tests/libipsec/host2host-cert/pretest.dat
index b095bf5..35c0f3e 100644
--- a/testing/tests/libipsec/host2host-cert/pretest.dat
+++ b/testing/tests/libipsec/host2host-cert/pretest.dat
@@ -2,7 +2,8 @@ moon::sysctl -w net.ipv4.conf.all.rp_filter=2
sun::sysctl -w net.ipv4.conf.all.rp_filter=2
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection host-host
moon::expect-connection host-host
moon::ipsec up host-host
diff --git a/testing/tests/libipsec/net2net-3des/evaltest.dat b/testing/tests/libipsec/net2net-3des/evaltest.dat
index f60fea6..e71456e 100644
--- a/testing/tests/libipsec/net2net-3des/evaltest.dat
+++ b/testing/tests/libipsec/net2net-3des/evaltest.dat
@@ -4,8 +4,8 @@ moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
moon::ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024::YES
sun:: ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
moon::ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES
sun:: ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES
-sun::tcpdump::IP moon.strongswan.org.4500 > sun.strongswan.org.4500: UDP-encap: ESP::YES
-sun::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES
+sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown
index 61f6531..e7c3640 100755
--- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown
+++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/updown
@@ -441,6 +441,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -465,6 +473,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -504,6 +519,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -547,6 +571,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown
index 61f6531..e7c3640 100755
--- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown
+++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/updown
@@ -441,6 +441,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -465,6 +473,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -504,6 +519,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -547,6 +571,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/testing/tests/libipsec/net2net-3des/pretest.dat b/testing/tests/libipsec/net2net-3des/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/libipsec/net2net-3des/pretest.dat
+++ b/testing/tests/libipsec/net2net-3des/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/libipsec/net2net-cert/evaltest.dat b/testing/tests/libipsec/net2net-cert/evaltest.dat
index f702cea..e489fec 100644
--- a/testing/tests/libipsec/net2net-cert/evaltest.dat
+++ b/testing/tests/libipsec/net2net-cert/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-sun::tcpdump::IP moon.strongswan.org.4500 > sun.strongswan.org.4500: UDP-encap: ESP::YES
-sun::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown
index 61f6531..e7c3640 100755
--- a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown
+++ b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/updown
@@ -441,6 +441,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -465,6 +473,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -504,6 +519,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -547,6 +571,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown
index 61f6531..e7c3640 100755
--- a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown
+++ b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/updown
@@ -441,6 +441,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -465,6 +473,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -504,6 +519,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -547,6 +571,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/testing/tests/libipsec/net2net-cert/pretest.dat b/testing/tests/libipsec/net2net-cert/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/libipsec/net2net-cert/pretest.dat
+++ b/testing/tests/libipsec/net2net-cert/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/libipsec/net2net-null/evaltest.dat b/testing/tests/libipsec/net2net-null/evaltest.dat
index 0cafb4f..c1aae40 100644
--- a/testing/tests/libipsec/net2net-null/evaltest.dat
+++ b/testing/tests/libipsec/net2net-null/evaltest.dat
@@ -4,8 +4,8 @@ moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
moon::ipsec statusall 2> /dev/null::net-net\[1].*NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
sun:: ipsec statusall 2> /dev/null::net-net\[1].*NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
moon::ipsec statusall 2> /dev/null::net-net[{]1}.*NULL/HMAC_SHA2_256::YES
sun:: ipsec statusall 2> /dev/null::net-net[{]1}.*NULL/HMAC_SHA2_256::YES
-sun::tcpdump::IP moon.strongswan.org.4500 > sun.strongswan.org.4500: UDP-encap: ESP::YES
-sun::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES
+sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-null/hosts/moon/etc/updown b/testing/tests/libipsec/net2net-null/hosts/moon/etc/updown
index 61f6531..e7c3640 100755
--- a/testing/tests/libipsec/net2net-null/hosts/moon/etc/updown
+++ b/testing/tests/libipsec/net2net-null/hosts/moon/etc/updown
@@ -441,6 +441,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -465,6 +473,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -504,6 +519,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -547,6 +571,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/testing/tests/libipsec/net2net-null/hosts/sun/etc/updown b/testing/tests/libipsec/net2net-null/hosts/sun/etc/updown
index 61f6531..e7c3640 100755
--- a/testing/tests/libipsec/net2net-null/hosts/sun/etc/updown
+++ b/testing/tests/libipsec/net2net-null/hosts/sun/etc/updown
@@ -441,6 +441,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -465,6 +473,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -504,6 +519,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -547,6 +571,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/testing/tests/libipsec/net2net-null/pretest.dat b/testing/tests/libipsec/net2net-null/pretest.dat
index 1732d6e..bcc2cb0 100644
--- a/testing/tests/libipsec/net2net-null/pretest.dat
+++ b/testing/tests/libipsec/net2net-null/pretest.dat
@@ -1,6 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
sun::ipsec start
+moon::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/libipsec/rw-suite-b/evaltest.dat b/testing/tests/libipsec/rw-suite-b/evaltest.dat
index 3a9493b..487a21c 100644
--- a/testing/tests/libipsec/rw-suite-b/evaltest.dat
+++ b/testing/tests/libipsec/rw-suite-b/evaltest.dat
@@ -11,9 +11,9 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-moon::tcpdump::IP carol.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES
-moon::tcpdump::IP moon.strongswan.org.4500 > carol.strongswan.org.4500: UDP-encap: ESP::YES
-moon::tcpdump::IP dave.strongswan.org.4500 > moon.strongswan.org.4500: UDP-encap: ESP::YES
-moon::tcpdump::IP moon.strongswan.org.4500 > dave.strongswan.org.4500: UDP-encap: ESP::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+moon::tcpdump::IP carol.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > carol.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+moon::tcpdump::IP dave.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > dave.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown
index 652d17d..6a5b18d 100755
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown
+++ b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown
@@ -482,6 +482,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -506,6 +514,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -545,6 +560,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -588,6 +612,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown
index 652d17d..6a5b18d 100755
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown
+++ b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown
@@ -482,6 +482,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -506,6 +514,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -545,6 +560,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -588,6 +612,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown
index 652d17d..6a5b18d 100755
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown
+++ b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown
@@ -482,6 +482,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -506,6 +514,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -545,6 +560,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -588,6 +612,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat b/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat
index 3b67703..9378605 100644
--- a/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat
+++ b/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat
@@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES
carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
moon:: ip xfrm state::enc cbc(camellia)::YES
diff --git a/testing/tests/openssl-ikev1/alg-camellia/pretest.dat b/testing/tests/openssl-ikev1/alg-camellia/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/openssl-ikev1/alg-camellia/pretest.dat
+++ b/testing/tests/openssl-ikev1/alg-camellia/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat b/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat
index ac7d8cd..553c794 100644
--- a/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat
+++ b/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES
dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/pretest.dat b/testing/tests/openssl-ikev1/alg-ecp-high/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/openssl-ikev1/alg-ecp-high/pretest.dat
+++ b/testing/tests/openssl-ikev1/alg-ecp-high/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat b/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat
index 178d541..327d63b 100644
--- a/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat
+++ b/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES
dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/pretest.dat b/testing/tests/openssl-ikev1/alg-ecp-low/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/openssl-ikev1/alg-ecp-low/pretest.dat
+++ b/testing/tests/openssl-ikev1/alg-ecp-low/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat b/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat
index 941a2fe..9a8516d 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat
@@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::authentication of.*carol at strongswan.org.*with EC
moon:: cat /var/log/daemon.log::authentication of.*dave at strongswan.org.*with ECDSA_WITH_NULL successful::YES
carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA_WITH_NULL successful::YES
dave:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA_WITH_NULL successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/pretest.dat b/testing/tests/openssl-ikev1/ecdsa-certs/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/pretest.dat
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/openssl-ikev2/alg-aes-gcm/evaltest.dat b/testing/tests/openssl-ikev2/alg-aes-gcm/evaltest.dat
index 4cf89b7..44bd758 100644
--- a/testing/tests/openssl-ikev2/alg-aes-gcm/evaltest.dat
+++ b/testing/tests/openssl-ikev2/alg-aes-gcm/evaltest.dat
@@ -6,8 +6,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw\[1].*IKE proposal: AES_GCM_16_256::YES
moon:: ipsec statusall 2> /dev/null::rw\[2].*IKE proposal: AES_GCM_16_128::YES
carol::ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES
diff --git a/testing/tests/openssl-ikev2/alg-aes-gcm/pretest.dat b/testing/tests/openssl-ikev2/alg-aes-gcm/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/openssl-ikev2/alg-aes-gcm/pretest.dat
+++ b/testing/tests/openssl-ikev2/alg-aes-gcm/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat b/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat
index cd83c56..a4f1f29 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat
+++ b/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat
@@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro
moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave at strongswan.org::YES
carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES
dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES
carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/pretest.dat b/testing/tests/openssl-ikev2/alg-blowfish/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/pretest.dat
+++ b/testing/tests/openssl-ikev2/alg-blowfish/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat b/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat
index 3b67703..9378605 100644
--- a/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat
+++ b/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat
@@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES
carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
moon:: ip xfrm state::enc cbc(camellia)::YES
diff --git a/testing/tests/openssl-ikev2/alg-camellia/pretest.dat b/testing/tests/openssl-ikev2/alg-camellia/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/openssl-ikev2/alg-camellia/pretest.dat
+++ b/testing/tests/openssl-ikev2/alg-camellia/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/evaltest.dat
index b7606a4..ebc7752 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/evaltest.dat
+++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/evaltest.dat
@@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::ECP_256_BP.*ECP_384_BP::YES
dave:: cat /var/log/daemon.log::ECP_256_BP.*ECP_512_BP::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384_BP::YES
dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_512_BP::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/pretest.dat b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/pretest.dat
+++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/evaltest.dat
index 5fb2073..ff9fb20 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/evaltest.dat
+++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/evaltest.dat
@@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::ECP_384_BP.*ECP_224_BP::YES
dave:: cat /var/log/daemon.log::ECP_384_BP.*ECP_256_BP::YES
carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224_BP::YES
dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256_BP::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/pretest.dat b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/pretest.dat
+++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat
index 375ed86..4cee48d 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat
@@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::ECP_256.*ECP_384::YES
dave:: cat /var/log/daemon.log::ECP_256.*ECP_521::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES
dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/pretest.dat b/testing/tests/openssl-ikev2/alg-ecp-high/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/pretest.dat
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat
index c46ed1d..818082c 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat
@@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::ECP_192.*ECP_224::YES
dave:: cat /var/log/daemon.log::ECP_192.*ECP_256::YES
carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES
dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/pretest.dat b/testing/tests/openssl-ikev2/alg-ecp-low/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/pretest.dat
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/openssl-ikev2/critical-extension/pretest.dat b/testing/tests/openssl-ikev2/critical-extension/pretest.dat
index 1732d6e..08ca6b5 100644
--- a/testing/tests/openssl-ikev2/critical-extension/pretest.dat
+++ b/testing/tests/openssl-ikev2/critical-extension/pretest.dat
@@ -3,4 +3,5 @@ sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
moon::expect-connection net-net
+sun::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat b/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat
index 55ac109..18fdacf 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat
@@ -10,8 +10,8 @@ moon:: cat /var/log/daemon.log::authentication of.*carol at strongswan.org.*with EC
moon:: cat /var/log/daemon.log::authentication of.*dave at strongswan.org.*with ECDSA-384 signature successful::YES
carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA_WITH_SHA512_DER successful::YES
dave:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/pretest.dat b/testing/tests/openssl-ikev2/ecdsa-certs/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/pretest.dat
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat b/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat
index 2d7324a..46eaccd 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat
@@ -6,8 +6,8 @@ moon:: cat /var/log/daemon.log::authentication of.*carol at strongswan.org.*with EC
moon:: cat /var/log/daemon.log::authentication of.*dave at strongswan.org.*with ECDSA_WITH_SHA384_DER successful::YES
carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA_WITH_SHA512_DER successful::YES
dave:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA_WITH_SHA512_DER successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat b/testing/tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat
index a55cf37..e87a8ee 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
dave::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
dave::expect-connection home
diff --git a/testing/tests/openssl-ikev2/net2net-pgp-v3/evaltest.dat b/testing/tests/openssl-ikev2/net2net-pgp-v3/evaltest.dat
index 460c659..468c5f7 100644
--- a/testing/tests/openssl-ikev2/net2net-pgp-v3/evaltest.dat
+++ b/testing/tests/openssl-ikev2/net2net-pgp-v3/evaltest.dat
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*71:27:04:32:cd:76:3a:18:
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun <sun.strongswan.org>.*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/net2net-pgp-v3/pretest.dat b/testing/tests/openssl-ikev2/net2net-pgp-v3/pretest.dat
index f2cbf6a..969c423 100644
--- a/testing/tests/openssl-ikev2/net2net-pgp-v3/pretest.dat
+++ b/testing/tests/openssl-ikev2/net2net-pgp-v3/pretest.dat
@@ -5,4 +5,5 @@ sun::rm /etc/ipsec.d/cacerts/*
moon::ipsec start
sun::ipsec start
moon::expect-connection net-net
+sun::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat b/testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat
index 2b37cad..fe4aa5a 100644
--- a/testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat
+++ b/testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat b/testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat
index fd1ce37..47e6d86 100644
--- a/testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat
+++ b/testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat
@@ -7,4 +7,5 @@ sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
moon::expect-connection net-net
+sun::expect-connection net-net
moon::ipsec up net-net
diff --git a/testing/tests/openssl-ikev2/rw-cert/evaltest.dat b/testing/tests/openssl-ikev2/rw-cert/evaltest.dat
index ba66197..be78c51 100644
--- a/testing/tests/openssl-ikev2/rw-cert/evaltest.dat
+++ b/testing/tests/openssl-ikev2/rw-cert/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat
index 7d32c11..a24c7a0 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat
@@ -5,6 +5,6 @@ carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_W
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES
moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 256 bit, CN=carol at strongswan.org' with EAP successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/pretest.dat b/testing/tests/openssl-ikev2/rw-eap-tls-only/pretest.dat
index de4acbb..1578796 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/pretest.dat
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-eap
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/evaltest.dat b/testing/tests/openssl-ikev2/rw-suite-b-128/evaltest.dat
index a0831f7..b00c4cd 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/evaltest.dat
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/evaltest.dat
@@ -6,6 +6,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/evaltest.dat b/testing/tests/openssl-ikev2/rw-suite-b-192/evaltest.dat
index 200ec3c..3de5c94 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/evaltest.dat
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/evaltest.dat
@@ -6,6 +6,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol at strongswan.org::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/p2pnat/behind-same-nat/evaltest.dat b/testing/tests/p2pnat/behind-same-nat/evaltest.dat
index 3785205..85a910a 100644
--- a/testing/tests/p2pnat/behind-same-nat/evaltest.dat
+++ b/testing/tests/p2pnat/behind-same-nat/evaltest.dat
@@ -7,5 +7,5 @@ alice::ipsec status 2> /dev/null::peer.*ESTABLISHED.*alice at strongswan.org.*venus
venus::ipsec status 2> /dev/null::peer.*ESTABLISHED.*venus.strongswan.org.*alice at strongswan.org::YES
alice::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES
venus::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
diff --git a/testing/tests/p2pnat/medsrv-psk/evaltest.dat b/testing/tests/p2pnat/medsrv-psk/evaltest.dat
index 2c60807..55ada8c 100644
--- a/testing/tests/p2pnat/medsrv-psk/evaltest.dat
+++ b/testing/tests/p2pnat/medsrv-psk/evaltest.dat
@@ -6,7 +6,7 @@ alice::ipsec status 2> /dev/null::peer.*ESTABLISHED.*alice at strongswan.org.*bob at s
bob:: ipsec status 2> /dev/null::peer.*ESTABLISHED.*bob at strongswan.org.*alice at strongswan.org::YES
alice::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES
bob:: ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.*: UDP::YES
moon::tcpdump::IP sun.strongswan.org.* > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat
index 9c6b73b..5380b7e 100644
--- a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat
+++ b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES
moon:: ip xfrm state::auth-trunc xcbc(aes)::YES
diff --git a/testing/tests/pfkey/alg-aes-xcbc/pretest.dat b/testing/tests/pfkey/alg-aes-xcbc/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/pfkey/alg-aes-xcbc/pretest.dat
+++ b/testing/tests/pfkey/alg-aes-xcbc/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/pfkey/alg-sha384/evaltest.dat b/testing/tests/pfkey/alg-sha384/evaltest.dat
index 3b24217..1148a18 100644
--- a/testing/tests/pfkey/alg-sha384/evaltest.dat
+++ b/testing/tests/pfkey/alg-sha384/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
moon:: ip xfrm state::auth-trunc hmac(sha384)::YES
diff --git a/testing/tests/pfkey/alg-sha384/pretest.dat b/testing/tests/pfkey/alg-sha384/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/pfkey/alg-sha384/pretest.dat
+++ b/testing/tests/pfkey/alg-sha384/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/pfkey/alg-sha512/evaltest.dat b/testing/tests/pfkey/alg-sha512/evaltest.dat
index 6bdceeb..0b2a71a 100644
--- a/testing/tests/pfkey/alg-sha512/evaltest.dat
+++ b/testing/tests/pfkey/alg-sha512/evaltest.dat
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
moon:: ip xfrm state::auth-trunc hmac(sha512)::YES
diff --git a/testing/tests/pfkey/alg-sha512/pretest.dat b/testing/tests/pfkey/alg-sha512/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/pfkey/alg-sha512/pretest.dat
+++ b/testing/tests/pfkey/alg-sha512/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/pfkey/compress/pretest.dat b/testing/tests/pfkey/compress/pretest.dat
index 1fd37b6..5536d28 100644
--- a/testing/tests/pfkey/compress/pretest.dat
+++ b/testing/tests/pfkey/compress/pretest.dat
@@ -2,5 +2,6 @@ carol::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
carol::ipsec start
moon::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/pfkey/esp-alg-null/evaltest.dat b/testing/tests/pfkey/esp-alg-null/evaltest.dat
index c50b188..5370bdf 100644
--- a/testing/tests/pfkey/esp-alg-null/evaltest.dat
+++ b/testing/tests/pfkey/esp-alg-null/evaltest.dat
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol at st
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
moon:: ip xfrm state::enc ecb(cipher_null)::YES
diff --git a/testing/tests/pfkey/esp-alg-null/pretest.dat b/testing/tests/pfkey/esp-alg-null/pretest.dat
index de4acbb..e34f702 100644
--- a/testing/tests/pfkey/esp-alg-null/pretest.dat
+++ b/testing/tests/pfkey/esp-alg-null/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw
carol::expect-connection home
carol::ipsec up home
diff --git a/testing/tests/pfkey/host2host-transport/evaltest.dat b/testing/tests/pfkey/host2host-transport/evaltest.dat
index fbd0c1c..489fc1e 100644
--- a/testing/tests/pfkey/host2host-transport/evaltest.dat
+++ b/testing/tests/pfkey/host2host-transport/evaltest.dat
@@ -5,6 +5,6 @@ sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES
moon::ip xfrm state::mode transport::YES
sun:: ip xfrm state::mode transport::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/pfkey/host2host-transport/pretest.dat b/testing/tests/pfkey/host2host-transport/pretest.dat
index 997a481..c6849de 100644
--- a/testing/tests/pfkey/host2host-transport/pretest.dat
+++ b/testing/tests/pfkey/host2host-transport/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
+sun::expect-connection host-host
moon::expect-connection host-host
moon::ipsec up host-host
diff --git a/testing/tests/pfkey/nat-rw/evaltest.dat b/testing/tests/pfkey/nat-rw/evaltest.dat
index ac09e2d..da257f7 100644
--- a/testing/tests/pfkey/nat-rw/evaltest.dat
+++ b/testing/tests/pfkey/nat-rw/evaltest.dat
@@ -6,7 +6,7 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/pfkey/nat-rw/pretest.dat b/testing/tests/pfkey/nat-rw/pretest.dat
index e3d9fc8..36d23b5 100644
--- a/testing/tests/pfkey/nat-rw/pretest.dat
+++ b/testing/tests/pfkey/nat-rw/pretest.dat
@@ -3,9 +3,10 @@ venus::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
+sun::ipsec start
alice::ipsec start
venus::ipsec start
-sun::ipsec start
+sun::expect-connection nat-t
alice::expect-connection nat-t
alice::ipsec up nat-t
venus::expect-connection nat-t
diff --git a/testing/tests/pfkey/net2net-route/evaltest.dat b/testing/tests/pfkey/net2net-route/evaltest.dat
index 1de6ca8..cc93421 100644
--- a/testing/tests/pfkey/net2net-route/evaltest.dat
+++ b/testing/tests/pfkey/net2net-route/evaltest.dat
@@ -4,6 +4,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/pfkey/net2net-route/pretest.dat b/testing/tests/pfkey/net2net-route/pretest.dat
index a1c5670..1ba8e42 100644
--- a/testing/tests/pfkey/net2net-route/pretest.dat
+++ b/testing/tests/pfkey/net2net-route/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::ipsec start
sun::ipsec start
+sun::expect-connection net-net
moon::expect-connection net-net
alice::ping -c 3 -W 1 -i 0.2 PH_IP_BOB
diff --git a/testing/tests/pfkey/protoport-dual/evaltest.dat b/testing/tests/pfkey/protoport-dual/evaltest.dat
index 50b53cc..826c09f 100644
--- a/testing/tests/pfkey/protoport-dual/evaltest.dat
+++ b/testing/tests/pfkey/protoport-dual/evaltest.dat
@@ -4,8 +4,8 @@ carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/pfkey/protoport-dual/pretest.dat b/testing/tests/pfkey/protoport-dual/pretest.dat
index 12112b1..de347e2 100644
--- a/testing/tests/pfkey/protoport-dual/pretest.dat
+++ b/testing/tests/pfkey/protoport-dual/pretest.dat
@@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-icmp
+moon::expect-connection rw-ssh
carol::expect-connection home-icmp
carol::ipsec up home-icmp
carol::expect-connection home-ssh
diff --git a/testing/tests/pfkey/protoport-route/evaltest.dat b/testing/tests/pfkey/protoport-route/evaltest.dat
index 9e970f0..459b45f 100644
--- a/testing/tests/pfkey/protoport-route/evaltest.dat
+++ b/testing/tests/pfkey/protoport-route/evaltest.dat
@@ -1,5 +1,5 @@
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq::YES
carol::ssh PH_IP_ALICE hostname::alice::YES
carol::cat /var/log/daemon.log::creating acquire job::YES
carol::ipsec status 2> /dev/null::home-icmp.*ESTABLISHED.*carol at strongswan.org.*moon.strongswan.org::YES
diff --git a/testing/tests/pfkey/protoport-route/pretest.dat b/testing/tests/pfkey/protoport-route/pretest.dat
index b1bf238..55f1678 100644
--- a/testing/tests/pfkey/protoport-route/pretest.dat
+++ b/testing/tests/pfkey/protoport-route/pretest.dat
@@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::ipsec start
carol::ipsec start
+moon::expect-connection rw-icmp
+moon::expect-connection rw-ssh
carol::expect-connection home-icmp
carol::expect-connection home-ssh
carol::ssh PH_IP_ALICE hostname
diff --git a/testing/tests/pfkey/rw-cert/evaltest.dat b/testing/tests/pfkey/rw-cert/evaltest.dat
index 2342d02..849d59a 100644
--- a/testing/tests/pfkey/rw-cert/evaltest.dat
+++ b/testing/tests/pfkey/rw-cert/evaltest.dat
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/pfkey/shunt-policies-nat-rw/evaltest.dat b/testing/tests/pfkey/shunt-policies-nat-rw/evaltest.dat
index 4d36673..67014c5 100644
--- a/testing/tests/pfkey/shunt-policies-nat-rw/evaltest.dat
+++ b/testing/tests/pfkey/shunt-policies-nat-rw/evaltest.dat
@@ -2,11 +2,11 @@ alice::ipsec status 2> /dev/null::local-net.*PASS::YES
venus::ipsec status 2> /dev/null::local-net.*PASS::YES
alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice at strongswan.org.*sun.strongswan.org::YES
venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES
alice::tcpdump::IP alice.strongswan.org > venus.strongswan.org: ICMP::YES
alice::tcpdump::IP venus.strongswan.org > alice.strongswan.org: ICMP::YES
\ No newline at end of file
diff --git a/testing/tests/sql/ip-pool-db-expired/evaltest.dat b/testing/tests/sql/ip-pool-db-expired/evaltest.dat
index 9b84561..a105fc0 100644
--- a/testing/tests/sql/ip-pool-db-expired/evaltest.dat
+++ b/testing/tests/sql/ip-pool-db-expired/evaltest.dat
@@ -1,12 +1,12 @@
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*lo [...]
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*loc [...]
moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
diff --git a/testing/tests/sql/ip-pool-db-restart/evaltest.dat b/testing/tests/sql/ip-pool-db-restart/evaltest.dat
index ce7a8f5..2e3fe8f 100644
--- a/testing/tests/sql/ip-pool-db-restart/evaltest.dat
+++ b/testing/tests/sql/ip-pool-db-restart/evaltest.dat
@@ -1,12 +1,12 @@
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*lo [...]
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*loc [...]
moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
moon:: cat /var/log/daemon.log::acquired existing lease for address.*in pool.*bigpool::YES
diff --git a/testing/tests/sql/ip-pool-db/evaltest.dat b/testing/tests/sql/ip-pool-db/evaltest.dat
index 7996924..0f55c04 100644
--- a/testing/tests/sql/ip-pool-db/evaltest.dat
+++ b/testing/tests/sql/ip-pool-db/evaltest.dat
@@ -5,7 +5,7 @@ carol::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES
carol::cat /var/log/daemon.log::handling APPLICATION_VERSION attribute failed::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*lo [...]
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
@@ -15,7 +15,7 @@ dave:: cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES
dave:: cat /var/log/daemon.log::handling APPLICATION_VERSION attribute failed::YES
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*loc [...]
moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
diff --git a/testing/tests/sql/ip-split-pools-db/evaltest.dat b/testing/tests/sql/ip-split-pools-db/evaltest.dat
index 16ea228..f0e82a2 100644
--- a/testing/tests/sql/ip-split-pools-db/evaltest.dat
+++ b/testing/tests/sql/ip-split-pools-db/evaltest.dat
@@ -1,7 +1,7 @@
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*lo [...]
dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.1.1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.1.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*loc [...]
moon:: cat /var/log/daemon.log::acquired new lease for address 10.3.0.1 in pool.*pool0::YES
moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer::YES
@@ -13,4 +13,4 @@ moon:: ipsec pool --status 2> /dev/null::pool1.*10.3.1.1.*10.3.1.1.*static.*1 .*
moon:: ipsec pool --leases --filter pool=pool0,addr=10.3.0.1,id=carol at strongswan.org 2> /dev/null::online::YES
moon:: ipsec pool --leases --filter pool=pool1,addr=10.3.1.1,id=dave at strongswan.org 2> /dev/null::online::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts [...]
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.1.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts= [...]
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.1.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts= [...]
diff --git a/testing/tests/sql/multi-level-ca/evaltest.dat b/testing/tests/sql/multi-level-ca/evaltest.dat
index a0eaae1..b003091 100644
--- a/testing/tests/sql/multi-level-ca/evaltest.dat
+++ b/testing/tests/sql/multi-level-ca/evaltest.dat
@@ -1,8 +1,8 @@
carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=[192.168.0.100/32 remote-t [...]
dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/3 [...]
moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
diff --git a/testing/tests/sql/net2net-cert/evaltest.dat b/testing/tests/sql/net2net-cert/evaltest.dat
index 5180ab3..42dfb9f 100644
--- a/testing/tests/sql/net2net-cert/evaltest.dat
+++ b/testing/tests/sql/net2net-cert/evaltest.dat
@@ -1,5 +1,5 @@
moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.1.0.0/16] remote-ts=\ [...]
sun:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/sql/net2net-psk/evaltest.dat b/testing/tests/sql/net2net-psk/evaltest.dat
index 5180ab3..42dfb9f 100644
--- a/testing/tests/sql/net2net-psk/evaltest.dat
+++ b/testing/tests/sql/net2net-psk/evaltest.dat
@@ -1,5 +1,5 @@
moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.1.0.0/16] remote-ts=\ [...]
sun:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/sql/net2net-route-pem/evaltest.dat b/testing/tests/sql/net2net-route-pem/evaltest.dat
index 87af401..44063cc 100644
--- a/testing/tests/sql/net2net-route-pem/evaltest.dat
+++ b/testing/tests/sql/net2net-route-pem/evaltest.dat
@@ -2,7 +2,7 @@ moon:: cat /var/log/daemon.log::creating acquire job for policy 10.1.0.10/32\[ic
sun:: cat /var/log/daemon.log::creating acquire job for policy 10.2.0.10/32\[icmp/8\] === 10.1.0.20/32\[icmp/8\] with reqid {2}::YES
moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/28] remo [...]
sun:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.2.0.0/23] remote-ts=\[10.1.0 [...]
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/sql/net2net-start-pem/evaltest.dat b/testing/tests/sql/net2net-start-pem/evaltest.dat
index 630c17e..e7fd283 100644
--- a/testing/tests/sql/net2net-start-pem/evaltest.dat
+++ b/testing/tests/sql/net2net-start-pem/evaltest.dat
@@ -1,6 +1,6 @@
moon:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[10.2.0.0/23].*ne [...]
sun:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/23] remote-ts=\[10.1.0.0/28].*net-2.*state=INS [...]
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/sql/rw-cert/evaltest.dat b/testing/tests/sql/rw-cert/evaltest.dat
index bddf2fe..10a332b 100644
--- a/testing/tests/sql/rw-cert/evaltest.dat
+++ b/testing/tests/sql/rw-cert/evaltest.dat
@@ -1,5 +1,5 @@
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/ [...]
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/3 [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168. [...]
diff --git a/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat b/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat
index 4f3de0f..36bdeda 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat
+++ b/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat
@@ -1,7 +1,7 @@
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
moon:: cat /var/log/daemon.log::authentication of 'carol at strongswan.org' with EAP successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/ [...]
moon:: swanctl --list-sas --raw 2> /dev/null::rw-eap-aka.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw-eap-aka.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[19 [...]
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/sql/rw-psk-ipv4/evaltest.dat b/testing/tests/sql/rw-psk-ipv4/evaltest.dat
index 80fd718..8211acf 100644
--- a/testing/tests/sql/rw-psk-ipv4/evaltest.dat
+++ b/testing/tests/sql/rw-psk-ipv4/evaltest.dat
@@ -1,5 +1,5 @@
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\ [...]
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\ [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
diff --git a/testing/tests/sql/rw-psk-rsa-split/evaltest.dat b/testing/tests/sql/rw-psk-rsa-split/evaltest.dat
index d3ddd8c..9bf39d6 100644
--- a/testing/tests/sql/rw-psk-rsa-split/evaltest.dat
+++ b/testing/tests/sql/rw-psk-rsa-split/evaltest.dat
@@ -1,8 +1,8 @@
moon:: cat /var/log/daemon.log::authentication of 'carol at strongswan.org' with pre-shared key successful::YES
moon:: cat /var/log/daemon.log::authentication of 'dave at strongswan.org' with pre-shared key successful::YES
moon:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA.* successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/ [...]
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/3 [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168. [...]
diff --git a/testing/tests/sql/rw-rsa-keyid/evaltest.dat b/testing/tests/sql/rw-rsa-keyid/evaltest.dat
index 8d6c64a..b03e5c3 100644
--- a/testing/tests/sql/rw-rsa-keyid/evaltest.dat
+++ b/testing/tests/sql/rw-rsa-keyid/evaltest.dat
@@ -1,5 +1,5 @@
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=1f:a1:.*:6e:7c remote-host=192.168.0.1 remote-port=4500 remote-id=6a:9c:.*:29:2e initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote- [...]
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=ee:7f:.*:8e:0e remote-host=192.168.0.1 remote-port=4500 remote-id=6a:9c:.*:29:2e initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote- [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=6a:9c:.*:29:2e remote-host=192.168.0.200 remote-port=4500 remote-id=ee:7f:.*:8e:0e.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
diff --git a/testing/tests/sql/rw-rsa/evaltest.dat b/testing/tests/sql/rw-rsa/evaltest.dat
index b28e4c4..de697cc 100644
--- a/testing/tests/sql/rw-rsa/evaltest.dat
+++ b/testing/tests/sql/rw-rsa/evaltest.dat
@@ -1,5 +1,5 @@
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/ [...]
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/3 [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168. [...]
diff --git a/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat b/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat
index 8b11737..2d8b956 100644
--- a/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat
+++ b/testing/tests/sql/shunt-policies-nat-rw/evaltest.dat
@@ -1,7 +1,7 @@
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
alice::swanctl --list-pols --raw 2> /dev/null::local-net.*mode=PASS local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.0/16]::YES
venus::swanctl --list-pols --raw 2> /dev/null::local-net.*mode=PASS local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.0/16]::YES
alice::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=4500 local-id=alice at strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=12 [...]
@@ -9,7 +9,7 @@ venus::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED
sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2
local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=alice at strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.1/32]::YES
sun::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=venus.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_ [...]
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES
alice::tcpdump::IP alice.strongswan.org > venus.strongswan.org: ICMP::YES
alice::tcpdump::IP venus.strongswan.org > alice.strongswan.org: ICMP::YES
diff --git a/testing/tests/swanctl/config-payload/evaltest.dat b/testing/tests/swanctl/config-payload/evaltest.dat
index 7d55844..8115a9e 100755
--- a/testing/tests/swanctl/config-payload/evaltest.dat
+++ b/testing/tests/swanctl/config-payload/evaltest.dat
@@ -8,8 +8,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol at str
moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave at strongswan.org::YES
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
-alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_req=1::YES
-alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_req=1::YES
+alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
+alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/dhcp-dynamic/evaltest.dat b/testing/tests/swanctl/dhcp-dynamic/evaltest.dat
index 74d6ca8..bc85611 100644
--- a/testing/tests/swanctl/dhcp-dynamic/evaltest.dat
+++ b/testing/tests/swanctl/dhcp-dynamic/evaltest.dat
@@ -1,7 +1,7 @@
-alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_req=1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.1.0.50] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.50/32] remote-ts [...]
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.1.0.51] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.51/32] remote-ts= [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.1.0.50] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote- [...]
diff --git a/testing/tests/swanctl/dhcp-dynamic/posttest.dat b/testing/tests/swanctl/dhcp-dynamic/posttest.dat
index 624a26b..87e7315 100644
--- a/testing/tests/swanctl/dhcp-dynamic/posttest.dat
+++ b/testing/tests/swanctl/dhcp-dynamic/posttest.dat
@@ -4,7 +4,7 @@ carol::service charon stop 2> /dev/null
dave::service charon stop 2> /dev/null
moon::service charon stop 2> /dev/null
venus::cat /var/state/dhcp/dhcpd.leases
-venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null
+venus::server isc-dhcp-server stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/dhcp-dynamic/pretest.dat b/testing/tests/swanctl/dhcp-dynamic/pretest.dat
index 6d935b6..fd3d1bf 100644
--- a/testing/tests/swanctl/dhcp-dynamic/pretest.dat
+++ b/testing/tests/swanctl/dhcp-dynamic/pretest.dat
@@ -2,7 +2,7 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
venus::cat /etc/dhcp/dhcpd.conf
-venus::/etc/init.d/isc-dhcp-server start 2> /dev/null
+venus::service isc-dhcp-server start 2> /dev/null
moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
diff --git a/testing/tests/swanctl/frags-ipv4/evaltest.dat b/testing/tests/swanctl/frags-ipv4/evaltest.dat
index af4c5a0..4b04556 100755
--- a/testing/tests/swanctl/frags-ipv4/evaltest.dat
+++ b/testing/tests/swanctl/frags-ipv4/evaltest.dat
@@ -11,8 +11,8 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\ [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[ [...]
-alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
-alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/ip-pool-db/evaltest.dat b/testing/tests/swanctl/ip-pool-db/evaltest.dat
index 4af4f30..5fa9dca 100755
--- a/testing/tests/swanctl/ip-pool-db/evaltest.dat
+++ b/testing/tests/swanctl/ip-pool-db/evaltest.dat
@@ -15,8 +15,8 @@ dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES
dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
dave:: cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES
-alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_req=1::YES
-alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_req=1::YES
+alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
+alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/ip-pool/evaltest.dat b/testing/tests/swanctl/ip-pool/evaltest.dat
index 5ba0002..ee0b980 100755
--- a/testing/tests/swanctl/ip-pool/evaltest.dat
+++ b/testing/tests/swanctl/ip-pool/evaltest.dat
@@ -9,8 +9,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol at str
moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave at strongswan.org::YES
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
-alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_req=1::YES
-alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_req=1::YES
+alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
+alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/manual-prio/description.txt b/testing/tests/swanctl/manual-prio/description.txt
new file mode 100755
index 0000000..120fa39
--- /dev/null
+++ b/testing/tests/swanctl/manual-prio/description.txt
@@ -0,0 +1,4 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+High priority passthrough rules cause ssh connections to be exempted from both
+ESP encryption and a general drop rule for <b>moon</b>'s external eth0 interface.
diff --git a/testing/tests/swanctl/rw-hash-and-url/evaltest.dat b/testing/tests/swanctl/manual-prio/evaltest.dat
similarity index 65%
copy from testing/tests/swanctl/rw-hash-and-url/evaltest.dat
copy to testing/tests/swanctl/manual-prio/evaltest.dat
index 5286ffe..8a03505 100755
--- a/testing/tests/swanctl/rw-hash-and-url/evaltest.dat
+++ b/testing/tests/swanctl/manual-prio/evaltest.dat
@@ -1,13 +1,23 @@
-carol::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES
-dave:: cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES
-moon:: cat /var/log/daemon.log::fetched certificate.*carol at strongswan.org::YES
-moon:: cat /var/log/daemon.log::fetched certificate.*dave at strongswan.org::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
-alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
-alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
+carol::ping -c 1 10.1.0.1::64 bytes from 10.1.0.1: icmp_.eq=1::YES
+carol::ping -c 1 10.1.0.10::64 bytes from 10.1.0.10: icmp_.eq=1::YES
+dave:: ping -c 1 10.1.0.1::64 bytes from 10.1.0.1: icmp_.eq=1::YES
+dave:: ping -c 1 10.1.0.20::64 bytes from 10.1.0.20: icmp_.eq=1::YES
+moon:: ping -c 1 10.1.0.10::64 bytes from 10.1.0.10: icmp_.eq=1::YES
+moon:: ping -c 1 10.1.0.20::64 bytes from 10.1.0.20: icmp_.eq=1::YES
+alice::ping -c 1 -W 1 192.168.0.150::64 bytes from 192.168.0.150: icmp_.eq=1::NO
+moon:: ping -c 1 -W 1 192.168.0.150::64 bytes from 192.168.0.150: icmp_.eq=1::NO
+winnetou::ping -c 1 -W 1 192.168.0.1::64 bytes from 192.168.0.1: icmp_.eq=1::NO
+carol::ssh -o ConnectTimeout=5 192.168.0.1 hostname 2> /dev/null::moon::YES
+carol::ssh -o ConnectTimeout=5 10.1.0.1 hostname 2> /dev/null::moon::YES
+carol::ssh -o ConnectTimeout=5 10.1.0.10 hostname 2> /dev/null::alice::YES
+dave:: ssh -o ConnectTimeout=5 192.168.0.1 hostname 2> /dev/null::moon::YES
+dave ::ssh -o ConnectTimeout=5 10.1.0.1 hostname 2> /dev/null::moon::YES
+dave ::ssh -o ConnectTimeout=5 10.1.0.20 hostname 2> /dev/null::venus::YES
+moon ::ssh -o ConnectTimeout=5 192.168.0.150 hostname 2> /dev/null::winnetou::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
new file mode 100755
index 0000000..7d7e5f9
--- /dev/null
+++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf
similarity index 51%
copy from testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf
copy to testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf
index 2d2639e..1821c1c 100755
--- a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf
@@ -9,9 +9,6 @@ connections {
certs = carolCert.pem
id = carol at strongswan.org
}
- local-xauth {
- auth = xauth
- }
remote {
auth = pubkey
id = moon.strongswan.org
@@ -19,20 +16,34 @@ connections {
children {
home {
remote_ts = 10.1.0.0/16
+ priority = 2
- updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-modp3072
}
}
- version = 1
+ version = 2
proposals = aes128-sha256-modp3072
}
-}
-secrets {
+ shunts {
+
+ children {
+ pass-ssh-in {
+ local_ts = 0.0.0.0/0[tcp/ssh]
+ remote_ts = 0.0.0.0/0[tcp]
+ priority = 1
+
+ mode = pass
+ start_action = trap
+ }
+ pass-ssh-out {
+ local_ts = 0.0.0.0/0[tcp]
+ remote_ts = 0.0.0.0/0[tcp/ssh]
+ priority = 1
- xauth-carol {
- id = carol at strongswan.org
- secret = "4iChxLT3"
+ mode = pass
+ start_action = trap
+ }
+ }
}
}
diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
new file mode 100755
index 0000000..7d7e5f9
--- /dev/null
+++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf
similarity index 55%
copy from testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf
copy to testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf
index f3758e3..ecdd585 100755
--- a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf
@@ -9,9 +9,6 @@ connections {
certs = daveCert.pem
id = dave at strongswan.org
}
- local-xauth {
- auth = xauth
- }
remote {
auth = pubkey
id = moon.strongswan.org
@@ -24,15 +21,29 @@ connections {
esp_proposals = aes128gcm128-modp3072
}
}
- version = 1
+ version = 2
proposals = aes128-sha256-modp3072
}
-}
-secrets {
+ shunts {
+
+ children {
+ pass-ssh-in {
+ local_ts = 0.0.0.0/0[tcp/ssh]
+ remote_ts = 0.0.0.0/0[tcp]
+ priority = 1
+
+ mode = pass
+ start_action = trap
+ }
+ pass-ssh-out {
+ local_ts = 0.0.0.0/0[tcp]
+ remote_ts = 0.0.0.0/0[tcp/ssh]
+ priority = 1
- xauth-dave {
- id = dave at strongswan.org
- secret = "ryftzG4A"
+ mode = pass
+ start_action = trap
+ }
+ }
}
}
diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
new file mode 100755
index 0000000..7d7e5f9
--- /dev/null
+++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 0000000..53883f7
--- /dev/null
+++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,66 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+ priority = 2
+ interface = eth0
+
+ esp_proposals = aes128gcm128-modp3072
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-modp3072
+ }
+
+ shunts {
+ rekey_time = 0
+
+ children {
+ drop-eth0-default {
+ local_ts = 0.0.0.0/0
+ remote_ts = 0.0.0.0/0
+ interface = eth0
+ priority = 4
+
+ mode = drop
+ start_action = trap
+ }
+ pass-ssh-in {
+ local_ts = 0.0.0.0/0[tcp/ssh]
+ remote_ts = 0.0.0.0/0[tcp]
+ priority = 1
+
+ mode = pass
+ start_action = trap
+ }
+ pass-ssh-out {
+ local_ts = 0.0.0.0/0[tcp]
+ remote_ts = 0.0.0.0/0[tcp/ssh]
+ priority = 1
+
+ mode = pass
+ start_action = trap
+ }
+ pass-http-out {
+ local_ts = 0.0.0.0/0[tcp]
+ remote_ts = 192.168.0.150[tcp/http]
+ priority = 1
+
+ mode = pass
+ start_action = trap
+ }
+ }
+ }
+}
diff --git a/testing/tests/swanctl/manual-prio/posttest.dat b/testing/tests/swanctl/manual-prio/posttest.dat
new file mode 100755
index 0000000..fd97263
--- /dev/null
+++ b/testing/tests/swanctl/manual-prio/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::service charon stop 2> /dev/null
+dave::service charon stop 2> /dev/null
+moon::service charon stop 2> /dev/null
+winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
+carol::ip route del 10.1.0.0/16 via 192.168.0.1
+dave::ip route del 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/swanctl/dhcp-dynamic/pretest.dat b/testing/tests/swanctl/manual-prio/pretest.dat
old mode 100644
new mode 100755
similarity index 58%
copy from testing/tests/swanctl/dhcp-dynamic/pretest.dat
copy to testing/tests/swanctl/manual-prio/pretest.dat
index 6d935b6..8613a01
--- a/testing/tests/swanctl/dhcp-dynamic/pretest.dat
+++ b/testing/tests/swanctl/manual-prio/pretest.dat
@@ -1,8 +1,6 @@
-moon::iptables-restore < /etc/iptables.rules
-carol::iptables-restore < /etc/iptables.rules
-dave::iptables-restore < /etc/iptables.rules
-venus::cat /etc/dhcp/dhcpd.conf
-venus::/etc/init.d/isc-dhcp-server start 2> /dev/null
+winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
+carol::ip route add 10.1.0.0/16 via 192.168.0.1
+dave::ip route add 10.1.0.0/16 via 192.168.0.1
moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf b/testing/tests/swanctl/manual-prio/test.conf
old mode 100644
new mode 100755
similarity index 70%
copy from testing/tests/gcrypt-ikev1/alg-serpent/test.conf
copy to testing/tests/swanctl/manual-prio/test.conf
index d7b7142..b8048b4
--- a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf
+++ b/testing/tests/swanctl/manual-prio/test.conf
@@ -5,11 +5,11 @@
# All guest instances that are required for this test
#
-VIRTHOSTS="alice moon carol winnetou"
+VIRTHOSTS="alice venus moon carol winnetou dave"
# Corresponding block diagram
#
-DIAGRAM="a-m-c-w.png"
+DIAGRAM="a-v-m-c-w-d.png"
# Guest instances on which tcpdump is to be started
#
@@ -18,5 +18,8 @@ TCPDUMPHOSTS="moon"
# Guest instances on which IPsec is started
# Used for IPsec logging purposes
#
-IPSECHOSTS="moon carol"
+IPSECHOSTS="moon carol dave"
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat
index 50128d5..ebaad54 100644
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat
@@ -4,7 +4,7 @@ carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with R
carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES
moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES
moon:: cat /var/log/daemon.log::authentication of .*228060123456001 at strongswan.org.* with EAP successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=228060123456001 at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\ [...]
moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=228060123456001 at strongswan.org remote-eap-id=228060123456001.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remo [...]
moon::cat /var/log/daemon.log::authentication of .*dave at strongswan.org.* with RSA.* successful::YES
@@ -14,7 +14,7 @@ moon::cat /var/log/daemon.log::received EAP identity .*228060123456002::YES
moon::cat /var/log/daemon.log::RADIUS authentication of '228060123456002' failed::YES
moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer 228060123456002 at strongswan.org::YES
dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-dave::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+dave::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/net2net-cert/evaltest.dat b/testing/tests/swanctl/net2net-cert/evaltest.dat
index 48a8857..1d9bd64 100755
--- a/testing/tests/swanctl/net2net-cert/evaltest.dat
+++ b/testing/tests/swanctl/net2net-cert/evaltest.dat
@@ -1,5 +1,5 @@
moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
index b1c005b..9034651 100755
--- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
@@ -19,11 +19,15 @@ connections {
remote_ts = 10.2.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 5400
+ rekey_bytes = 500000000
+ rekey_packets = 1000000
esp_proposals = aes128gcm128-modp3072
}
}
version = 2
mobike = no
+ reauth_time = 10800
proposals = aes128-sha256-modp3072
}
}
diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
index c351213..2b9ddcf 100755
--- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
@@ -19,11 +19,15 @@ connections {
remote_ts = 10.1.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 5400
+ rekey_bytes = 500000000
+ rekey_packets = 1000000
esp_proposals = aes128gcm128-modp3072
}
}
version = 2
mobike = no
+ reauth_time = 10800
proposals = aes128-sha256-modp3072
}
}
diff --git a/testing/tests/swanctl/net2net-gw/description.txt b/testing/tests/swanctl/net2net-gw/description.txt
new file mode 100755
index 0000000..00c9f10
--- /dev/null
+++ b/testing/tests/swanctl/net2net-gw/description.txt
@@ -0,0 +1,7 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up
+via the gateway <b>carol</b>.
+The authentication is based on <b>X.509 certificates</b>. Upon the successful
+establishment of the IPsec tunnels, the updown script automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test tunnels and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/swanctl/net2net-gw/evaltest.dat b/testing/tests/swanctl/net2net-gw/evaltest.dat
new file mode 100755
index 0000000..4908d80
--- /dev/null
+++ b/testing/tests/swanctl/net2net-gw/evaltest.dat
@@ -0,0 +1,5 @@
+moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol at strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+sun::tcpdump::IP carol.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
new file mode 100755
index 0000000..febe9fa
--- /dev/null
+++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 0000000..d450053
--- /dev/null
+++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,49 @@
+connections {
+
+ gw-moon {
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol at strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-moon {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-modp3072
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-modp3072
+ }
+ gw-sun {
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol at strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-sun {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-modp3072
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-modp3072
+ }
+}
diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
new file mode 100755
index 0000000..febe9fa
--- /dev/null
+++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf
similarity index 71%
copy from testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
copy to testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf
index b1c005b..348e532 100755
--- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf
@@ -1,8 +1,7 @@
connections {
gw-gw {
- local_addrs = 192.168.0.1
- remote_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.100
local {
auth = pubkey
@@ -11,12 +10,12 @@ connections {
}
remote {
auth = pubkey
- id = sun.strongswan.org
+ id = carol at strongswan.org
}
children {
net-net {
- local_ts = 10.1.0.0/16
- remote_ts = 10.2.0.0/16
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-modp3072
diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
new file mode 100755
index 0000000..febe9fa
--- /dev/null
+++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+}
diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf
similarity index 71%
copy from testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
copy to testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf
index c351213..68e70be 100755
--- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf
@@ -1,8 +1,7 @@
connections {
gw-gw {
- local_addrs = 192.168.0.2
- remote_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.100
local {
auth = pubkey
@@ -11,12 +10,12 @@ connections {
}
remote {
auth = pubkey
- id = moon.strongswan.org
+ id = carol at strongswan.org
}
children {
net-net {
- local_ts = 10.2.0.0/16
- remote_ts = 10.1.0.0/16
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-modp3072
diff --git a/testing/tests/swanctl/net2net-gw/posttest.dat b/testing/tests/swanctl/net2net-gw/posttest.dat
new file mode 100755
index 0000000..94914f8
--- /dev/null
+++ b/testing/tests/swanctl/net2net-gw/posttest.dat
@@ -0,0 +1,8 @@
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+sun::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::service charon stop 2> /dev/null
+sun::service charon stop 2> /dev/null
+carol::service charon stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-pubkey/pretest.dat b/testing/tests/swanctl/net2net-gw/pretest.dat
old mode 100644
new mode 100755
similarity index 51%
copy from testing/tests/swanctl/net2net-pubkey/pretest.dat
copy to testing/tests/swanctl/net2net-gw/pretest.dat
index 11e7d50..e313649
--- a/testing/tests/swanctl/net2net-pubkey/pretest.dat
+++ b/testing/tests/swanctl/net2net-gw/pretest.dat
@@ -1,8 +1,12 @@
-sun::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
-sun::cd /etc/swanctl; rm x509/* x509ca/*
-moon::cd /etc/swanctl; rm x509/* x509ca/*
-sun::service charon start 2> /dev/null
+sun::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
moon::service charon start 2> /dev/null
+sun::service charon start 2> /dev/null
+carol::service charon start 2> /dev/null
+carol::expect-connection gw-moon
+carol::expect-connection gw-sun
moon::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
+sun::expect-connection gw-gw
+sun::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf b/testing/tests/swanctl/net2net-gw/test.conf
old mode 100644
new mode 100755
similarity index 66%
copy from testing/tests/gcrypt-ikev1/alg-serpent/test.conf
copy to testing/tests/swanctl/net2net-gw/test.conf
index d7b7142..6eafdf2
--- a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf
+++ b/testing/tests/swanctl/net2net-gw/test.conf
@@ -5,18 +5,21 @@
# All guest instances that are required for this test
#
-VIRTHOSTS="alice moon carol winnetou"
+VIRTHOSTS="alice moon carol winnetou sun bob"
# Corresponding block diagram
#
-DIAGRAM="a-m-c-w.png"
+DIAGRAM="a-m-c-w-s-b-med.png"
# Guest instances on which tcpdump is to be started
#
-TCPDUMPHOSTS="moon"
+TCPDUMPHOSTS="sun"
# Guest instances on which IPsec is started
# Used for IPsec logging purposes
#
-IPSECHOSTS="moon carol"
+IPSECHOSTS="moon sun carol"
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/net2net-pubkey/evaltest.dat b/testing/tests/swanctl/net2net-pubkey/evaltest.dat
index 8491176..b539804 100644
--- a/testing/tests/swanctl/net2net-pubkey/evaltest.dat
+++ b/testing/tests/swanctl/net2net-pubkey/evaltest.dat
@@ -1,5 +1,5 @@
moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/net2net-pubkey/pretest.dat b/testing/tests/swanctl/net2net-pubkey/pretest.dat
index 11e7d50..b4f48af 100644
--- a/testing/tests/swanctl/net2net-pubkey/pretest.dat
+++ b/testing/tests/swanctl/net2net-pubkey/pretest.dat
@@ -4,5 +4,6 @@ sun::cd /etc/swanctl; rm x509/* x509ca/*
moon::cd /etc/swanctl; rm x509/* x509ca/*
sun::service charon start 2> /dev/null
moon::service charon start 2> /dev/null
+sun::expect-connection gw-gw
moon::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-route/evaltest.dat b/testing/tests/swanctl/net2net-route/evaltest.dat
index ae292c1..a500b29 100755
--- a/testing/tests/swanctl/net2net-route/evaltest.dat
+++ b/testing/tests/swanctl/net2net-route/evaltest.dat
@@ -2,6 +2,6 @@ moon::swanctl --list-pols --raw 2> /dev/null::net-net.*mode=TUNNEL local-ts=\[10
moon::cat /var/log/daemon.log::creating acquire job for policy 10.1.0.10/32\[icmp/8] === 10.2.0.10/32\[icmp/8]::YES
moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/net2net-start/evaltest.dat b/testing/tests/swanctl/net2net-start/evaltest.dat
index 48a8857..1d9bd64 100755
--- a/testing/tests/swanctl/net2net-start/evaltest.dat
+++ b/testing/tests/swanctl/net2net-start/evaltest.dat
@@ -1,5 +1,5 @@
moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/protoport-dual/evaltest.dat b/testing/tests/swanctl/protoport-dual/evaltest.dat
index a471d1d..74ba593 100644
--- a/testing/tests/swanctl/protoport-dual/evaltest.dat
+++ b/testing/tests/swanctl/protoport-dual/evaltest.dat
@@ -1,5 +1,5 @@
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32\[icmp]] remote-ts=\[10 [...]
moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16\[icmp]] remote-ts=\[192.168.0.100/32\[icmp]] [...]
diff --git a/testing/tests/swanctl/protoport-dual/pretest.dat b/testing/tests/swanctl/protoport-dual/pretest.dat
index 0e8e433..87ee29b 100644
--- a/testing/tests/swanctl/protoport-dual/pretest.dat
+++ b/testing/tests/swanctl/protoport-dual/pretest.dat
@@ -2,6 +2,8 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
+moon::expect-connection icmp
+moon::expect-connection ssh
carol::expect-connection icmp
carol::expect-connection ssh
carol::swanctl --initiate --child icmp 2> /dev/null
diff --git a/testing/tests/swanctl/protoport-range/evaltest.dat b/testing/tests/swanctl/protoport-range/evaltest.dat
index 89caa9b..45bf76f 100644
--- a/testing/tests/swanctl/protoport-range/evaltest.dat
+++ b/testing/tests/swanctl/protoport-range/evaltest.dat
@@ -1,5 +1,5 @@
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp-req.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32\[icmp/8]] remote-t [...]
moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp-req.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16\[icmp/8]] remote-ts=\[192.168.0.100/32\[ [...]
diff --git a/testing/tests/swanctl/protoport-range/pretest.dat b/testing/tests/swanctl/protoport-range/pretest.dat
index 7e864f5..b45d4b3 100644
--- a/testing/tests/swanctl/protoport-range/pretest.dat
+++ b/testing/tests/swanctl/protoport-range/pretest.dat
@@ -2,6 +2,9 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
+moon::expect-connection icmp-req
+moon::expect-connection icmp-rep
+moon::expect-connection ftp-ssh
carol::expect-connection icmp-req
carol::expect-connection icmp-rep
carol::expect-connection ftp-ssh
diff --git a/testing/tests/swanctl/rw-cert/evaltest.dat b/testing/tests/swanctl/rw-cert/evaltest.dat
index 09bc82b..51bf8c1 100755
--- a/testing/tests/swanctl/rw-cert/evaltest.dat
+++ b/testing/tests/swanctl/rw-cert/evaltest.dat
@@ -2,8 +2,8 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
-alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
-alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-dnssec/evaltest.dat b/testing/tests/swanctl/rw-dnssec/evaltest.dat
index 6792334..6dafe78 100644
--- a/testing/tests/swanctl/rw-dnssec/evaltest.dat
+++ b/testing/tests/swanctl/rw-dnssec/evaltest.dat
@@ -1,11 +1,11 @@
carol::cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*moon.strongswan.org::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] rem [...]
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*moon.strongswan.org::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remo [...]
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*carol.strongswan.org::YES
moon:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*dave.strongswan.org::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-t [...]
diff --git a/testing/tests/swanctl/rw-hash-and-url/evaltest.dat b/testing/tests/swanctl/rw-hash-and-url/evaltest.dat
index 5286ffe..f0a25b1 100755
--- a/testing/tests/swanctl/rw-hash-and-url/evaltest.dat
+++ b/testing/tests/swanctl/rw-hash-and-url/evaltest.dat
@@ -6,8 +6,8 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
-alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
-alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/description.txt b/testing/tests/swanctl/rw-multi-ciphers-ikev1/description.txt
new file mode 100755
index 0000000..a46d5a0
--- /dev/null
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/description.txt
@@ -0,0 +1,15 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b>. The IKEv1 main mode authentication is based on
+<b>X.509 certificates</b>.
+On the gateway two connections with differing parameters are defined:
+One for <b>carol</b> using the IKE proposal <b>aes128-sha256-modp3072</b>
+allowing to reach host <b>alice</b> and one for <b>dave</b> using
+the IKE proposal <b>3des-sha1-modp2048</b> allowing to reach host <b>venus</b>.
+<p/>
+Since the IP addresses of <b>carol</b> and <b>dave</b> are not known
+to <b>moon</b> the matching connection definition can only be determined
+by <b>moon</b> after the peer identities have been received.
+<p/>
+Upon the successful establishment of the IPsec tunnels, <b>carol</b> pings the
+client <b>alice</b> and <b>dave</b> the client <b>venus</b> lying in two different
+subnets behind the gateway <b>moon</b>.
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat
new file mode 100755
index 0000000..e7bff2d
--- /dev/null
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat
@@ -0,0 +1,12 @@
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+venus::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
+alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO
+venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::NO
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts [...]
+dave::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 dh-group=MODP_2048.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES
+moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts=\[ [...]
+moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave at strongswan.org.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 dh-group=MODP_2048.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf
new file mode 100755
index 0000000..bbb6f6c
--- /dev/null
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,23 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ syslog {
+ auth {
+ default = 0
+ }
+ daemon {
+ cfg = 1
+ ike = 1
+ }
+ }
+}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf
similarity index 54%
copy from testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf
copy to testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf
index 2d2639e..12f62cf 100755
--- a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf
@@ -6,11 +6,7 @@ connections {
local {
auth = pubkey
- certs = carolCert.pem
- id = carol at strongswan.org
- }
- local-xauth {
- auth = xauth
+ id = carol at strongswan.org
}
remote {
auth = pubkey
@@ -18,21 +14,13 @@ connections {
}
children {
home {
- remote_ts = 10.1.0.0/16
+ remote_ts = 10.1.0.0/28
updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128gcm128-modp3072
+ esp_proposals = aes128-sha256-modp3072
}
}
- version = 1
+ version = 1
proposals = aes128-sha256-modp3072
}
}
-
-secrets {
-
- xauth-carol {
- id = carol at strongswan.org
- secret = "4iChxLT3"
- }
-}
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf
new file mode 100755
index 0000000..c5c1fc3
--- /dev/null
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,23 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ syslog {
+ auth {
+ default = 0
+ }
+ daemon {
+ cfg = 1
+ ike = 1
+ }
+ }
+}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/swanctl/swanctl.conf
similarity index 51%
copy from testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf
copy to testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/swanctl/swanctl.conf
index f3758e3..a146c1d 100755
--- a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/swanctl/swanctl.conf
@@ -6,33 +6,21 @@ connections {
local {
auth = pubkey
- certs = daveCert.pem
id = dave at strongswan.org
}
- local-xauth {
- auth = xauth
- }
remote {
auth = pubkey
- id = moon.strongswan.org
+ id = moon.strongswan.org
}
children {
home {
- remote_ts = 10.1.0.0/16
+ remote_ts = 10.1.0.16/28
updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128gcm128-modp3072
+ esp_proposals = 3des-sha1-modp2048
}
}
version = 1
- proposals = aes128-sha256-modp3072
- }
-}
-
-secrets {
-
- xauth-dave {
- id = dave at strongswan.org
- secret = "ryftzG4A"
+ proposals = 3des-sha1-modp2048
}
}
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100755
index 0000000..71ae251
--- /dev/null
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,23 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ syslog {
+ auth {
+ default = 0
+ }
+ daemon {
+ cfg = 1
+ ike = 1
+ }
+ }
+}
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 0000000..8356c02
--- /dev/null
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,45 @@
+connections {
+
+ rw-1 {
+
+ local {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = carol at strongswan.org
+ }
+ children {
+ net-1 {
+ local_ts = 10.1.0.0/28
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-modp3072
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-modp3072,3des-sha1-modp2048
+ }
+
+ rw-2 {
+ local {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = dave at strongswan.org
+ }
+ children {
+ net-2 {
+ local_ts = 10.1.0.16/28
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = 3des-sha1-modp2048
+ }
+ }
+ version = 1
+ proposals = 3des-sha1-modp2048,aes128-sha256-modp3072
+ }
+}
diff --git a/testing/tests/swanctl/dhcp-dynamic/posttest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat
old mode 100644
new mode 100755
similarity index 70%
copy from testing/tests/swanctl/dhcp-dynamic/posttest.dat
copy to testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat
index 624a26b..d7107cc
--- a/testing/tests/swanctl/dhcp-dynamic/posttest.dat
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat
@@ -3,10 +3,6 @@ dave::swanctl --terminate --ike home
carol::service charon stop 2> /dev/null
dave::service charon stop 2> /dev/null
moon::service charon stop 2> /dev/null
-venus::cat /var/state/dhcp/dhcpd.leases
-venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
-alice::arp -d 10.1.0.50
-alice::arp -d 10.1.0.51
diff --git a/testing/tests/swanctl/dhcp-dynamic/pretest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat
old mode 100644
new mode 100755
similarity index 78%
copy from testing/tests/swanctl/dhcp-dynamic/pretest.dat
copy to testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat
index 6d935b6..37029c0
--- a/testing/tests/swanctl/dhcp-dynamic/pretest.dat
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat
@@ -1,12 +1,11 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-venus::cat /etc/dhcp/dhcpd.conf
-venus::/etc/init.d/isc-dhcp-server start 2> /dev/null
moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
-moon::expect-connection rw
+moon::expect-connection net-1
+moon::expect-connection net-2
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/test.conf
old mode 100644
new mode 100755
similarity index 70%
copy from testing/tests/gcrypt-ikev1/alg-serpent/test.conf
copy to testing/tests/swanctl/rw-multi-ciphers-ikev1/test.conf
index d7b7142..b8048b4
--- a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/test.conf
@@ -5,11 +5,11 @@
# All guest instances that are required for this test
#
-VIRTHOSTS="alice moon carol winnetou"
+VIRTHOSTS="alice venus moon carol winnetou dave"
# Corresponding block diagram
#
-DIAGRAM="a-m-c-w.png"
+DIAGRAM="a-v-m-c-w-d.png"
# Guest instances on which tcpdump is to be started
#
@@ -18,5 +18,8 @@ TCPDUMPHOSTS="moon"
# Guest instances on which IPsec is started
# Used for IPsec logging purposes
#
-IPSECHOSTS="moon carol"
+IPSECHOSTS="moon carol dave"
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/rw-ntru-bliss/evaltest.dat b/testing/tests/swanctl/rw-ntru-bliss/evaltest.dat
index 69149cd..937425f 100644
--- a/testing/tests/swanctl/rw-ntru-bliss/evaltest.dat
+++ b/testing/tests/swanctl/rw-ntru-bliss/evaltest.dat
@@ -1,7 +1,7 @@
carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: cat /var/log/daemon.log::authentication of.*carol at strongswan.org.*with BLISS_WITH_SHA2_256 successful::YES
moon:: cat /var/log/daemon.log::authentication of.*dave at strongswan.org.*with BLISS_WITH_SHA2_384 successful::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NTRU_128.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*loc [...]
diff --git a/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat b/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat
index a184ee9..41595b6 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat
+++ b/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat
@@ -2,8 +2,8 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]
-alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
-alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat
index 96d74c8..097489d 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat
+++ b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat
@@ -1,9 +1,9 @@
dave::cat /var/log/daemon.log::updown approximates remote TS 10.1.0.17..10.1.0.20 by next larger subnet::YES
moon::cat /var/log/daemon.log::updown approximates local TS 10.1.0.17..10.1.0.20 by next larger subnet::YES
-alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
-venus::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
-alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::NO
-venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::NO
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+venus::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
+alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO
+venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::NO
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.17..10.1.0.20]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net-1.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]
diff --git a/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat b/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat
index 7acb15a..1f9fb0e 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat
+++ b/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat
@@ -2,8 +2,8 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]
-alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
-alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat b/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat
index f0cd34c..b295891 100755
--- a/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat
+++ b/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat
@@ -1,5 +1,5 @@
-alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
-alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=0d:36:.*:cc:90 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=67:f6:.*:40:80 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=42:91:.*:f7:60 remote-host=192.168.0.100 remote-port=4500 remote-id=0d:36:.*:cc:90.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat b/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat
index 70905de..2dfc3cf 100755
--- a/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat
+++ b/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat
@@ -1,5 +1,5 @@
-alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_req=1::YES
-alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_req=1::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=0d:36:.*:cc:90 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=67:f6:.*:40:80 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-carol.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=42:91:.*:f7:60 remote-host=192.168.0.100 remote-port=4500 remote-id=0d:36:.*:cc:90.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat b/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat
index d89eeb6..032cd68 100644
--- a/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat
+++ b/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat
@@ -1,14 +1,14 @@
alice::swanctl --list-pols --raw 2> /dev/null::local-net.*mode=PASS local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.0/16::YES
venus::swanctl --list-pols --raw 2> /dev/null::local-net.*mode=PASS local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.0/16::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
-venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
alice::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=4500 local-id=alice at strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize [...]
venus::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.20 local-port=4500 local-id=venus.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize [...]
sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=alice at strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[ [...]
sun::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=venus.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[ [...]
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES
-moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES
alice::tcpdump::IP alice.strongswan.org > venus.strongswan.org: ICMP::YES
alice::tcpdump::IP venus.strongswan.org > alice.strongswan.org: ICMP::YES
diff --git a/testing/tests/swanctl/xauth-rsa/evaltest.dat b/testing/tests/swanctl/xauth-rsa/evaltest.dat
index c50c7fb..46d66a0 100644
--- a/testing/tests/swanctl/xauth-rsa/evaltest.dat
+++ b/testing/tests/swanctl/xauth-rsa/evaltest.dat
@@ -1,8 +1,8 @@
-moon:: cat /var/log/daemon.log::XAuth authentication of.*carol at strongswan.org.*successful::YES
-moon:: cat /var/log/daemon.log::XAuth authentication of.*dave at strongswan.org.*successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072 established=1.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[192.168. [...]
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol at strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[192.168.0.100/32] remo [...]
dave::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[192.168.0.200/32] remote [...]
moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[10.1.0.0/16] remote-ts=\[192. [...]
moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[10.1.0.0/16] remote-ts=\[192.1 [...]
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf
index 2d2639e..ddfe896 100755
--- a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/swanctl/swanctl.conf
@@ -11,6 +11,7 @@ connections {
}
local-xauth {
auth = xauth
+ xauth_id = carol
}
remote {
auth = pubkey
@@ -32,7 +33,7 @@ connections {
secrets {
xauth-carol {
- id = carol at strongswan.org
+ id = carol
secret = "4iChxLT3"
}
}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf
index f3758e3..61ca64d 100755
--- a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/swanctl/swanctl.conf
@@ -11,6 +11,7 @@ connections {
}
local-xauth {
auth = xauth
+ xauth_id = dave
}
remote {
auth = pubkey
@@ -32,7 +33,7 @@ connections {
secrets {
xauth-dave {
- id = dave at strongswan.org
+ id = dave
secret = "ryftzG4A"
}
}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/swanctl/swanctl.conf
index 27a8802..f71bea1 100755
--- a/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/swanctl/swanctl.conf
@@ -30,11 +30,11 @@ connections {
secrets {
xauth-carol {
- id = carol at strongswan.org
+ id = carol
secret = "4iChxLT3"
}
xauth-dave {
- id = dave at strongswan.org
+ id = dave
secret = "ryftzG4A"
}
}
diff --git a/testing/tests/tkm/host2host-initiator/evaltest.dat b/testing/tests/tkm/host2host-initiator/evaltest.dat
index cf34e41..65b47c3 100644
--- a/testing/tests/tkm/host2host-initiator/evaltest.dat
+++ b/testing/tests/tkm/host2host-initiator/evaltest.dat
@@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org.
sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES
sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES
diff --git a/testing/tests/tkm/host2host-responder/evaltest.dat b/testing/tests/tkm/host2host-responder/evaltest.dat
index bc04360..9921960 100644
--- a/testing/tests/tkm/host2host-responder/evaltest.dat
+++ b/testing/tests/tkm/host2host-responder/evaltest.dat
@@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org.
sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES
sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES
diff --git a/testing/tests/tkm/host2host-xfrmproxy/evaltest.dat b/testing/tests/tkm/host2host-xfrmproxy/evaltest.dat
index 6b9050a..eb954bd 100644
--- a/testing/tests/tkm/host2host-xfrmproxy/evaltest.dat
+++ b/testing/tests/tkm/host2host-xfrmproxy/evaltest.dat
@@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org.
sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES
sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
moon::cat /var/log/daemon.log::ees: acquire received for reqid 1::YES
diff --git a/testing/tests/tkm/multiple-clients/evaltest.dat b/testing/tests/tkm/multiple-clients/evaltest.dat
index 89da764..045e583 100644
--- a/testing/tests/tkm/multiple-clients/evaltest.dat
+++ b/testing/tests/tkm/multiple-clients/evaltest.dat
@@ -6,8 +6,8 @@ sun::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES
sun::ipsec stroke status 2> /dev/null::conn2.*INSTALLED, TRANSPORT::YES
carol::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
dave::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-carol::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
-dave::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+carol::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
+dave::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
carol::tcpdump::IP carol.strongswan.org > sun.strongswan.org: ESP::YES
carol::tcpdump::IP sun.strongswan.org > carol.strongswan.org: ESP::YES
dave::tcpdump::IP dave.strongswan.org > sun.strongswan.org: ESP::YES
diff --git a/testing/tests/tkm/net2net-initiator/evaltest.dat b/testing/tests/tkm/net2net-initiator/evaltest.dat
index 80492a9..54b7ca4 100644
--- a/testing/tests/tkm/net2net-initiator/evaltest.dat
+++ b/testing/tests/tkm/net2net-initiator/evaltest.dat
@@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org.
sun::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TUNNEL::YES
sun::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES
diff --git a/testing/tests/tkm/net2net-xfrmproxy/evaltest.dat b/testing/tests/tkm/net2net-xfrmproxy/evaltest.dat
index 6c5d8b3..3e61ea6 100644
--- a/testing/tests/tkm/net2net-xfrmproxy/evaltest.dat
+++ b/testing/tests/tkm/net2net-xfrmproxy/evaltest.dat
@@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org.
sun::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TUNNEL::YES
sun::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
moon::cat /var/log/daemon.log::ees: acquire received for reqid 1::YES
diff --git a/testing/tests/tkm/xfrmproxy-expire/evaltest.dat b/testing/tests/tkm/xfrmproxy-expire/evaltest.dat
index 21d198c..05bf420 100644
--- a/testing/tests/tkm/xfrmproxy-expire/evaltest.dat
+++ b/testing/tests/tkm/xfrmproxy-expire/evaltest.dat
@@ -2,7 +2,7 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org.
sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES
sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
moon::cat /var/log/daemon.log::ees: acquire received for reqid 1::YES
diff --git a/testing/tests/tnc/tnccs-11-fhh/evaltest.dat b/testing/tests/tnc/tnccs-11-fhh/evaltest.dat
index 800fa3c..0b7655b 100644
--- a/testing/tests/tnc/tnccs-11-fhh/evaltest.dat
+++ b/testing/tests/tnc/tnccs-11-fhh/evaltest.dat
@@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/ [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168. [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192. [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat b/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat
index ef02166..b2fc619 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat
@@ -11,5 +11,5 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home::NO
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw::NO
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat
index baf8c97..cc0ce6c 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat
@@ -14,6 +14,7 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat b/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat
index d57b5e7..588ddf4 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat
@@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0. [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.16 [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf
index 4584571..a3f4ca1 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf
@@ -4,7 +4,7 @@ libimcv {
load = random nonce openssl pubkey sqlite
debug_level = 3
database = sqlite:///etc/db.d/config.db
- policy_script = ipsec imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
assessment_result = no
}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
index c96e063..5745ffe 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
@@ -18,6 +18,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-11-radius/evaltest.dat b/testing/tests/tnc/tnccs-11-radius/evaltest.dat
index 0415c33..cbafc13 100644
--- a/testing/tests/tnc/tnccs-11-radius/evaltest.dat
+++ b/testing/tests/tnc/tnccs-11-radius/evaltest.dat
@@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/ [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168. [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192. [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
index 80c96b6..09ca9d0 100644
--- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
@@ -32,3 +32,6 @@ libimcv {
}
}
}
+libtls {
+ suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+}
diff --git a/testing/tests/tnc/tnccs-11-radius/pretest.dat b/testing/tests/tnc/tnccs-11-radius/pretest.dat
index baf8c97..57e2ee6 100644
--- a/testing/tests/tnc/tnccs-11-radius/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-radius/pretest.dat
@@ -14,6 +14,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-11/evaltest.dat b/testing/tests/tnc/tnccs-11/evaltest.dat
index 800fa3c..0b7655b 100644
--- a/testing/tests/tnc/tnccs-11/evaltest.dat
+++ b/testing/tests/tnc/tnccs-11/evaltest.dat
@@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/ [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168. [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192. [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-11/pretest.dat b/testing/tests/tnc/tnccs-11/pretest.dat
index c8ab143..e173ae7 100644
--- a/testing/tests/tnc/tnccs-11/pretest.dat
+++ b/testing/tests/tnc/tnccs-11/pretest.dat
@@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-block/evaltest.dat b/testing/tests/tnc/tnccs-20-block/evaltest.dat
index b67affb..725c3aa 100644
--- a/testing/tests/tnc/tnccs-20-block/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-block/evaltest.dat
@@ -10,5 +10,5 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home::NO
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw::NO
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-block/pretest.dat b/testing/tests/tnc/tnccs-20-block/pretest.dat
index c8ab143..c09abf9 100644
--- a/testing/tests/tnc/tnccs-20-block/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-block/pretest.dat
@@ -11,6 +11,7 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat b/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat
index 1b70ac8..3d9e064 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat
@@ -11,7 +11,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/ [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168. [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192. [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-client-retry/pretest.dat b/testing/tests/tnc/tnccs-20-client-retry/pretest.dat
index c8ab143..e173ae7 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-client-retry/pretest.dat
@@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-fail-init/pretest.dat b/testing/tests/tnc/tnccs-20-fail-init/pretest.dat
index c8ab143..e173ae7 100644
--- a/testing/tests/tnc/tnccs-20-fail-init/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-fail-init/pretest.dat
@@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat b/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat
index 3dba1d7..5af3b75 100644
--- a/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat
@@ -6,5 +6,7 @@ carol::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-20-fhh/evaltest.dat b/testing/tests/tnc/tnccs-20-fhh/evaltest.dat
index d406b59..bf07326 100644
--- a/testing/tests/tnc/tnccs-20-fhh/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-fhh/evaltest.dat
@@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/ [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168. [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192. [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
index a0db6ae..1955343 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
@@ -36,5 +36,5 @@ charon {
libimcv {
debug_level = 3
- policy_script = ipsec imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
}
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat
index db8ce10..f9b4159 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat
@@ -13,6 +13,8 @@ alice::service charon start
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/evaltest.dat b/testing/tests/tnc/tnccs-20-mutual-eap-fail/evaltest.dat
index 9330322..8ffbffc 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/evaltest.dat
@@ -4,4 +4,4 @@ moon::cat /var/log/daemon.log::final recommendation is.*no access::YES
sun:: cat /var/log/daemon.log::final recommendation is.*allow::YES
moon::swanctl --list-sas --raw 2> /dev/null::mutual.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*mutual.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.1/32] remote-ts=\[192.168.0.2/32]::NO
sun::swanctl --list-sas --raw 2> /dev/null::mutual.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*mutual.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.2/32] remote-ts=\[192.168.0.1/32]::NO
-moon::ping -c 1 -W 1 192.168.0.2::64 bytes from 192.168.0.2: icmp_req=1::NO
+moon::ping -c 1 -W 1 192.168.0.2::64 bytes from 192.168.0.2: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat
index 0a35639..ac707d4 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::service charon start
sun::service charon start
-moon::expect-connection mutual
-moon::swanctl --initiate --child mutual
+sun::expect-connection mutual
+moon::expect-connection mutual
+moon::swanctl --initiate --child mutual
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat
index 28f101c..b9fe271 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat
@@ -4,6 +4,6 @@ moon::cat /var/log/daemon.log::final recommendation is.*allow::YES
sun:: cat /var/log/daemon.log::final recommendation is.*allow::YES
moon::swanctl --list-sas --raw 2> /dev/null::mutual.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*mutual.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.1/32] remote-ts=\[192.168.0.2/32]::YES
sun::swanctl --list-sas --raw 2> /dev/null::mutual.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*mutual.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.2/32] remote-ts=\[192.168.0.1/32]::YES
-moon::ping -c 1 192.168.0.2::64 bytes from 192.168.0.2: icmp_req=1::YES
+moon::ping -c 1 192.168.0.2::64 bytes from 192.168.0.2: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat
index 0a35639..ac707d4 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat
@@ -2,5 +2,6 @@ moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::service charon start
sun::service charon start
-moon::expect-connection mutual
-moon::swanctl --initiate --child mutual
+sun::expect-connection mutual
+moon::expect-connection mutual
+moon::swanctl --initiate --child mutual
diff --git a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
index 88b55c9..8056a90 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
@@ -14,7 +14,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/ [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168. [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192. [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
index 4b024e9..e58bab6 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
@@ -34,7 +34,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = ipsec imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-attestation {
hash_algorithm = sha1
diff --git a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
index 81537cc..03e5f22 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
@@ -15,6 +15,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-os/evaltest.dat b/testing/tests/tnc/tnccs-20-os/evaltest.dat
index 202b408..f2a0bad 100644
--- a/testing/tests/tnc/tnccs-20-os/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-os/evaltest.dat
@@ -14,7 +14,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/ [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168. [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192. [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
index 2fae3ba..53c515f 100644
--- a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
@@ -33,7 +33,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = ipsec imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
}
attest {
diff --git a/testing/tests/tnc/tnccs-20-os/pretest.dat b/testing/tests/tnc/tnccs-20-os/pretest.dat
index fa8d089..13ae2b7 100644
--- a/testing/tests/tnc/tnccs-20-os/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-os/pretest.dat
@@ -16,6 +16,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
index 2d3027c..2583528 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
@@ -23,7 +23,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100 remote-eap-id=carol.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote- [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200 remote-eap-id=dave.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] rem [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/000-default.conf
similarity index 70%
copy from testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default
copy to testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/000-default.conf
index 6260006..4075f75 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/000-default.conf
@@ -9,8 +9,13 @@ WSGIPythonPath /var/www/tnc
<Directory /var/www/tnc/config>
<Files wsgi.py>
- Order deny,allow
- Allow from all
+ <IfModule mod_authz_core.c>
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Allow from all
+ </IfModule>
</Files>
</Directory>
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default
index 6260006..1dc8b56 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default
@@ -1,26 +1 @@
-WSGIPythonPath /var/www/tnc
-
-<VirtualHost *:80>
- ServerName tnc.strongswan.org
- ServerAlias tnc
- ServerAdmin webmaster at localhost
-
- DocumentRoot /var/www/tnc
-
- <Directory /var/www/tnc/config>
- <Files wsgi.py>
- Order deny,allow
- Allow from all
- </Files>
- </Directory>
-
- WSGIScriptAlias / /var/www/tnc/config/wsgi.py
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
-
- Alias /static/ /var/www/tnc/static/
-
- ErrorLog ${APACHE_LOG_DIR}/tnc/error.log
- LogLevel warn
- CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined
-</VirtualHost>
+Include sites-available/000-default.conf
\ No newline at end of file
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
index 4328b06..240ebba 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
@@ -37,7 +37,7 @@ charon {
libimcv {
debug_level = 3
database = sqlite:///etc/db.d/config.db
- policy_script = ipsec imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-swid {
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
index 6292d69..36c7cc6 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
@@ -22,6 +22,8 @@ alice::service charon start
moon::service charon start
dave::service charon start
carol::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
dave::expect-connection home
dave::swanctl --initiate --child home 2> /dev/null
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf
similarity index 70%
copy from testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default
copy to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf
index 6260006..4075f75 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/apache2/sites-available/default
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf
@@ -9,8 +9,13 @@ WSGIPythonPath /var/www/tnc
<Directory /var/www/tnc/config>
<Files wsgi.py>
- Order deny,allow
- Allow from all
+ <IfModule mod_authz_core.c>
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Allow from all
+ </IfModule>
</Files>
</Directory>
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default
index 6260006..1dc8b56 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default
@@ -1,26 +1 @@
-WSGIPythonPath /var/www/tnc
-
-<VirtualHost *:80>
- ServerName tnc.strongswan.org
- ServerAlias tnc
- ServerAdmin webmaster at localhost
-
- DocumentRoot /var/www/tnc
-
- <Directory /var/www/tnc/config>
- <Files wsgi.py>
- Order deny,allow
- Allow from all
- </Files>
- </Directory>
-
- WSGIScriptAlias / /var/www/tnc/config/wsgi.py
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
-
- Alias /static/ /var/www/tnc/static/
-
- ErrorLog ${APACHE_LOG_DIR}/tnc/error.log
- LogLevel warn
- CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined
-</VirtualHost>
+Include sites-available/000-default.conf
\ No newline at end of file
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules
index 48b1cf5..c556d94 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules
@@ -9,7 +9,7 @@
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-# allow PT-TLS
+# allow PT-TLS
-A INPUT -i eth0 -p tcp --dport 271 -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 271 -j ACCEPT
@@ -18,7 +18,7 @@
-A OUTPUT -p tcp --sport 22 -j ACCEPT
# allow outbound ssh
--A OUTPU -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --sport 22 -j ACCEPT
# allow crl fetch from winnetou
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
index d1cb6c9..b08a85b 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
@@ -3,9 +3,6 @@
charon {
load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- }
syslog {
auth {
default = 0
@@ -32,7 +29,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = ipsec imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-swid {
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
index ea93b2d..860a6c3 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
@@ -13,9 +13,9 @@ alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
alice::/var/www/tnc/manage.py setpassword strongSwan strongSwan
alice::rm /etc/swanctl/x509/aliceCert.pem
alice::rm /etc/swanctl/rsa/aliceKey.pem
-alice::service apache2 start
alice::service charon start
-alice::expect-connection aaa
+alice::service apache2 start
+alice::swanctl --load-creds
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
dave::ip route add 10.1.0.0/16 via 192.168.0.1
dave::cat /etc/pts/options
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat
index 88b89c9..57aa13a 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat
@@ -14,7 +14,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/ [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168. [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192. [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
index 117ca71..46ed39b 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
@@ -34,7 +34,8 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = ipsec imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+
plugins {
imv-attestation {
hash_algorithm = sha1
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
index 4b1c45e..d89aa23 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
@@ -15,6 +15,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
dave::service charon start
carol::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
dave::expect-connection home
dave::swanctl --initiate --child home 2> /dev/null
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-pts/evaltest.dat
index a531ddf..6147c87 100644
--- a/testing/tests/tnc/tnccs-20-pts/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pts/evaltest.dat
@@ -14,7 +14,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/28]::YES
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0. [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.2 [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
index 4b024e9..e58bab6 100644
--- a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
@@ -34,7 +34,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = ipsec imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-attestation {
hash_algorithm = sha1
diff --git a/testing/tests/tnc/tnccs-20-pts/pretest.dat b/testing/tests/tnc/tnccs-20-pts/pretest.dat
index 4b1c45e..d89aa23 100644
--- a/testing/tests/tnc/tnccs-20-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pts/pretest.dat
@@ -15,6 +15,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
dave::service charon start
carol::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
dave::expect-connection home
dave::swanctl --initiate --child home 2> /dev/null
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat b/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat
index b94dc5e..64d1ec0 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat
@@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/ [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168. [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192. [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-server-retry/pretest.dat b/testing/tests/tnc/tnccs-20-server-retry/pretest.dat
index c8ab143..e173ae7 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-server-retry/pretest.dat
@@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-tls/evaltest.dat
index ff9ac28..bed92fc 100644
--- a/testing/tests/tnc/tnccs-20-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-tls/evaltest.dat
@@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=C=CH, O=Linux strongSwan, OU=Accounting, CN=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-t [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, OU=Research, CN=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*lo [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, OU=Accounting, CN=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=12 [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-tls/pretest.dat b/testing/tests/tnc/tnccs-20-tls/pretest.dat
index 709a771..1d11baa 100644
--- a/testing/tests/tnc/tnccs-20-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-tls/pretest.dat
@@ -7,6 +7,8 @@ dave::cat /etc/tnc_config
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20/evaltest.dat b/testing/tests/tnc/tnccs-20/evaltest.dat
index b94dc5e..64d1ec0 100644
--- a/testing/tests/tnc/tnccs-20/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20/evaltest.dat
@@ -12,7 +12,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/ [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168. [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192. [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20/pretest.dat b/testing/tests/tnc/tnccs-20/pretest.dat
index c8ab143..e173ae7 100644
--- a/testing/tests/tnc/tnccs-20/pretest.dat
+++ b/testing/tests/tnc/tnccs-20/pretest.dat
@@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-dynamic/evaltest.dat b/testing/tests/tnc/tnccs-dynamic/evaltest.dat
index 2bb1254..7c3cf4f 100644
--- a/testing/tests/tnc/tnccs-dynamic/evaltest.dat
+++ b/testing/tests/tnc/tnccs-dynamic/evaltest.dat
@@ -20,7 +20,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave at strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/ [...]
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168. [...]
moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave at strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192. [...]
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
+dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-dynamic/pretest.dat b/testing/tests/tnc/tnccs-dynamic/pretest.dat
index c8ab143..e173ae7 100644
--- a/testing/tests/tnc/tnccs-dynamic/pretest.dat
+++ b/testing/tests/tnc/tnccs-dynamic/pretest.dat
@@ -11,6 +11,8 @@ dave::rm /etc/swanctl/x509/*
moon::service charon start
carol::service charon start
dave::service charon start
+moon::expect-connection rw-allow
+moon::expect-connection rw-isolate
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
diff --git a/ylwrap b/ylwrap
index 1c4d776..7c2d927 100755
--- a/ylwrap
+++ b/ylwrap
@@ -1,9 +1,9 @@
#! /bin/sh
# ylwrap - wrapper for lex/yacc invocations.
-scriptversion=2012-12-21.17; # UTC
+scriptversion=2013-01-12.17; # UTC
-# Copyright (C) 1996-2013 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
#
# Written by Tom Tromey <tromey at cygnus.com>.
#
@@ -40,7 +40,7 @@ get_dirname ()
# guard FILE
# ----------
# The CPP macro used to guard inclusion of FILE.
-guard()
+guard ()
{
printf '%s\n' "$1" \
| sed \
@@ -96,17 +96,17 @@ esac
# The input.
-input="$1"
+input=$1
shift
# We'll later need for a correct munging of "#line" directives.
input_sub_rx=`get_dirname "$input" | quote_for_sed`
-case "$input" in
+case $input in
[\\/]* | ?:[\\/]*)
# Absolute path; do nothing.
;;
*)
# Relative path. Make it absolute.
- input="`pwd`/$input"
+ input=`pwd`/$input
;;
esac
input_rx=`get_dirname "$input" | quote_for_sed`
@@ -132,8 +132,8 @@ sed_fix_filenames=
# guard in its implementation file.
sed_fix_header_guards=
-while test "$#" -ne 0; do
- if test "$1" = "--"; then
+while test $# -ne 0; do
+ if test x"$1" = x"--"; then
shift
break
fi
@@ -153,16 +153,14 @@ while test "$#" -ne 0; do
done
# The program to run.
-prog="$1"
+prog=$1
shift
# Make any relative path in $prog absolute.
-case "$prog" in
+case $prog in
[\\/]* | ?:[\\/]*) ;;
- *[\\/]*) prog="`pwd`/$prog" ;;
+ *[\\/]*) prog=`pwd`/$prog ;;
esac
-# FIXME: add hostname here for parallel makes that run commands on
-# other machines. But that might take us over the 14-char limit.
dirname=ylwrap$$
do_exit="cd '`pwd`' && rm -rf $dirname > /dev/null 2>&1;"' (exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
@@ -188,7 +186,7 @@ if test $ret -eq 0; then
# otherwise prepend '../'.
case $to in
[\\/]* | ?:[\\/]*) target=$to;;
- *) target="../$to";;
+ *) target=../$to;;
esac
# Do not overwrite unchanged header files to avoid useless
@@ -197,7 +195,7 @@ if test $ret -eq 0; then
# output of all other files to a temporary file so we can
# compare them to existing versions.
if test $from != $parser; then
- realtarget="$target"
+ realtarget=$target
target=tmp-`printf '%s\n' "$target" | sed 's|.*[\\/]||g'`
fi
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git
More information about the Pkg-swan-devel
mailing list