[NetworkManager-libreswan/fg/fix_conn_import-rh1633174: 3/4] shared: define IKEv1 aggressive ike and esp values

From: Francesco Giudici <fgiudici src gnome org>
To: commits-list gnome org
Cc:
Subject: [NetworkManager-libreswan/fg/fix_conn_import-rh1633174: 3/4] shared: define IKEv1 aggressive ike and esp values
Date: Tue, 9 Oct 2018 07:56:05 +0000 (UTC)

commit 0caac5f5941c2d96e6e85b3148077433ad7f84fd
Author: Francesco Giudici <fgiudici redhat com>
Date:   Fri Sep 28 10:54:22 2018 +0200

    shared: define IKEv1 aggressive ike and esp values
    
    Put default esp and ike values for aggressive mode IKEv1 connections in
    a shared define to be used throughout the code.
    To the same also for ikelifetime and salifetime for IKEv1 connections.

 shared/nm-service-defines.h | 4 ++++
 shared/utils.c              | 8 ++++----
 2 files changed, 8 insertions(+), 4 deletions(-)
---
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 360433c..1abd9ad 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -73,6 +73,10 @@
 #define NM_LIBRESWAN_PW_TYPE_ASK    "ask"
 #define NM_LIBRESWAN_PW_TYPE_UNUSED "unused"
 
+#define NM_LIBRESWAN_AGGRMODE_DEFAULT_IKE   "aes256-sha1;modp1536"
+#define NM_LIBRESWAN_AGGRMODE_DEFAULT_ESP   "aes256-sha1"
+#define NM_LIBRESWAN_IKEV1_DEFAULT_LIFETIME "24h"
+
 #ifndef NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE
 #define NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE "_none_"
 #endif
diff --git a/shared/utils.c b/shared/utils.c
index 0119221..36af877 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -239,13 +239,13 @@ nm_libreswan_config_write (gint fd,
        if (phase1_alg_str && strlen (phase1_alg_str))
                WRITE_CHECK (fd, debug_write_fcn, error, " ike=%s", phase1_alg_str);
        else if (!is_ikev2 && leftid)
-               WRITE_CHECK (fd, debug_write_fcn, error, " ike=aes256-sha1;modp1536");
+               WRITE_CHECK (fd, debug_write_fcn, error, " ike=%s", NM_LIBRESWAN_AGGRMODE_DEFAULT_IKE);
 
        phase2_alg_str = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_ESP);
        if (phase2_alg_str && strlen (phase2_alg_str))
                WRITE_CHECK (fd, debug_write_fcn, error, " phase2alg=%s", phase2_alg_str);
        else if (!is_ikev2 && leftid)
-               WRITE_CHECK (fd, debug_write_fcn, error, " phase2alg=aes256-sha1");
+               WRITE_CHECK (fd, debug_write_fcn, error, " phase2alg=%s", NM_LIBRESWAN_AGGRMODE_DEFAULT_ESP);
 
        pfs = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_PFS);
        if (pfs && !strcmp (pfs, "no"))
@@ -256,14 +256,14 @@ nm_libreswan_config_write (gint fd,
        if (phase1_lifetime_str && strlen (phase1_lifetime_str))
                WRITE_CHECK (fd, debug_write_fcn, error, " ikelifetime=%s", phase1_lifetime_str);
        else if (!is_ikev2)
-               WRITE_CHECK (fd, debug_write_fcn, error, " ikelifetime=24h");
+               WRITE_CHECK (fd, debug_write_fcn, error, " ikelifetime=%s", 
NM_LIBRESWAN_IKEV1_DEFAULT_LIFETIME);
 
        phase2_lifetime_str = nm_setting_vpn_get_data_item (s_vpn,
                                                            NM_LIBRESWAN_KEY_SALIFETIME);
        if (phase2_lifetime_str && strlen (phase2_lifetime_str))
                WRITE_CHECK (fd, debug_write_fcn, error, " salifetime=%s", phase2_lifetime_str);
        else if (!is_ikev2)
-               WRITE_CHECK (fd, debug_write_fcn, error, " salifetime=24h");
+               WRITE_CHECK (fd, debug_write_fcn, error, " salifetime=%s", 
NM_LIBRESWAN_IKEV1_DEFAULT_LIFETIME);
 
        rekey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_REKEY);
        if (!rekey || !strlen (rekey)) {

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]