Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(73)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ipsec_manager.cc

Issue 6713058: vpn-manager: Fix l2tp/ipsec connections to Windows RRAS server (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vpn-manager.git@master
Patch Set: Add comment, fix wording. Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | ipsec_manager_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "vpn-manager/ipsec_manager.h" 5 #include "vpn-manager/ipsec_manager.h"
6 6
7 #include <arpa/inet.h> // for inet_ntop and inet_pton 7 #include <arpa/inet.h> // for inet_ntop and inet_pton
8 #include <grp.h> 8 #include <grp.h>
9 #include <netdb.h> // for getaddrinfo 9 #include <netdb.h> // for getaddrinfo
10 #include <sys/types.h> 10 #include <sys/types.h>
11 #include <sys/wait.h> 11 #include <sys/wait.h>
12 #include <unistd.h> 12 #include <unistd.h>
13 13
14 #include <string> 14 #include <string>
15 #include <vector> 15 #include <vector>
16 16
17 #include "base/eintr_wrapper.h" 17 #include "base/eintr_wrapper.h"
18 #include "base/file_util.h" 18 #include "base/file_util.h"
19 #include "base/logging.h" 19 #include "base/logging.h"
20 #include "base/string_util.h" 20 #include "base/string_util.h"
21 #include "chromeos/process.h" 21 #include "chromeos/process.h"
22 #include "gflags/gflags.h" 22 #include "gflags/gflags.h"
23 23
24 #pragma GCC diagnostic ignored "-Wstrict-aliasing" 24 #pragma GCC diagnostic ignored "-Wstrict-aliasing"
25 // Windows RRAS requires modp1024 dh-group. Strongswan's
26 // default is modp1536 which it does not support.
27 DEFINE_string(ike, "3des-sha1-modp1024", "ike proposals");
25 DEFINE_int32(ipsec_timeout, 10, "timeout for ipsec to be established"); 28 DEFINE_int32(ipsec_timeout, 10, "timeout for ipsec to be established");
26 DEFINE_string(leftprotoport, "17/1701", "client protocol/port"); 29 DEFINE_string(leftprotoport, "17/1701", "client protocol/port");
30 DEFINE_bool(nat_traversal, true, "Enable NAT-T nat traversal");
27 DEFINE_bool(pfs, false, "pfs"); 31 DEFINE_bool(pfs, false, "pfs");
28 DEFINE_bool(rekey, false, "rekey"); 32 DEFINE_bool(rekey, false, "rekey");
29 DEFINE_string(rightprotoport, "17/1701", "server protocol/port"); 33 DEFINE_string(rightprotoport, "17/1701", "server protocol/port");
34 DEFINE_string(type, "transport", "IPsec type (transport or tunnel)");
30 #pragma GCC diagnostic error "-Wstrict-aliasing" 35 #pragma GCC diagnostic error "-Wstrict-aliasing"
31 36
32 const char kIpsecConnectionName[] = "ipsec_managed"; 37 const char kIpsecConnectionName[] = "ipsec_managed";
33 const char kIpsecGroupName[] = "ipsec"; 38 const char kIpsecGroupName[] = "ipsec";
34 const char kIpsecRunPath[] = "/var/run/ipsec"; 39 const char kIpsecRunPath[] = "/var/run/ipsec";
35 const char kIpsecUpFile[] = "/var/run/ipsec/up"; 40 const char kIpsecUpFile[] = "/var/run/ipsec/up";
36 const char kIpsecServiceName[] = "ipsec"; 41 const char kIpsecServiceName[] = "ipsec";
37 const char kStarterPidFile[] = "/var/run/starter.pid"; 42 const char kStarterPidFile[] = "/var/run/starter.pid";
38 const mode_t kIpsecRunPathMode = (S_IRUSR | S_IWUSR | S_IXUSR | 43 const mode_t kIpsecRunPathMode = (S_IRUSR | S_IWUSR | S_IXUSR |
39 S_IRGRP | S_IWGRP | S_IXGRP); 44 S_IRGRP | S_IWGRP | S_IXGRP);
(...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after
253 } 258 }
254 259
255 std::string IpsecManager::FormatStarterConfigFile() { 260 std::string IpsecManager::FormatStarterConfigFile() {
256 std::string config; 261 std::string config;
257 config.append("config setup\n"); 262 config.append("config setup\n");
258 if (ike_version_ == 1) { 263 if (ike_version_ == 1) {
259 AppendBoolSetting(&config, "charonstart", false); 264 AppendBoolSetting(&config, "charonstart", false);
260 } else { 265 } else {
261 AppendBoolSetting(&config, "plutostart", false); 266 AppendBoolSetting(&config, "plutostart", false);
262 } 267 }
268 AppendBoolSetting(&config, "nat_traversal", FLAGS_nat_traversal);
263 config.append("conn managed\n"); 269 config.append("conn managed\n");
270 AppendStringSetting(&config, "ike", FLAGS_ike);
264 AppendStringSetting(&config, "keyexchange", 271 AppendStringSetting(&config, "keyexchange",
265 ike_version_ == 1 ? "ikev1" : "ikev2"); 272 ike_version_ == 1 ? "ikev1" : "ikev2");
266 if (!psk_file_.empty()) AppendStringSetting(&config, "authby", "psk"); 273 if (!psk_file_.empty()) AppendStringSetting(&config, "authby", "psk");
267 AppendBoolSetting(&config, "pfs", FLAGS_pfs); 274 AppendBoolSetting(&config, "pfs", FLAGS_pfs);
268 AppendBoolSetting(&config, "rekey", FLAGS_rekey); 275 AppendBoolSetting(&config, "rekey", FLAGS_rekey);
269 AppendStringSetting(&config, "left", "%defaultroute"); 276 AppendStringSetting(&config, "left", "%defaultroute");
270 AppendStringSetting(&config, "leftprotoport", FLAGS_leftprotoport); 277 AppendStringSetting(&config, "leftprotoport", FLAGS_leftprotoport);
271 AppendStringSetting(&config, "leftupdown", IPSEC_UPDOWN); 278 AppendStringSetting(&config, "leftupdown", IPSEC_UPDOWN);
272 AppendStringSetting(&config, "right", remote_address_); 279 AppendStringSetting(&config, "right", remote_address_);
273 AppendStringSetting(&config, "rightprotoport", FLAGS_rightprotoport); 280 AppendStringSetting(&config, "rightprotoport", FLAGS_rightprotoport);
281 AppendStringSetting(&config, "type", FLAGS_type);
274 AppendStringSetting(&config, "auto", "start"); 282 AppendStringSetting(&config, "auto", "start");
275 return config; 283 return config;
276 } 284 }
277 285
278 bool IpsecManager::SetIpsecGroup(const FilePath& file_path) { 286 bool IpsecManager::SetIpsecGroup(const FilePath& file_path) {
279 return chown(file_path.value().c_str(), getuid(), ipsec_group_) == 0; 287 return chown(file_path.value().c_str(), getuid(), ipsec_group_) == 0;
280 } 288 }
281 289
282 bool IpsecManager::WriteConfigFiles() { 290 bool IpsecManager::WriteConfigFiles() {
283 // We need to keep secrets in /mnt/stateful_partition/etc for now 291 // We need to keep secrets in /mnt/stateful_partition/etc for now
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
399 return; 407 return;
400 } 408 }
401 409
402 if (!starter_->Kill(SIGTERM, kTermTimeout)) { 410 if (!starter_->Kill(SIGTERM, kTermTimeout)) {
403 starter_->Kill(SIGKILL, 0); 411 starter_->Kill(SIGKILL, 0);
404 OnStopped(true); 412 OnStopped(true);
405 return; 413 return;
406 } 414 }
407 OnStopped(false); 415 OnStopped(false);
408 } 416 }
OLDNEW
« no previous file with comments | « no previous file | ipsec_manager_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698