#include "nattraversal.h"
#include "isakmp_frag.h"
#include "genlist.h"
+#include "vpn_control_var.h"
static TAILQ_HEAD(_rmtree, remoteconf) rmtree;
{
struct remoteconf *p;
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
static const char default_idv[] = "macuser@localhost";
static const int default_idv_len = sizeof(default_idv) - 1;
-#endif
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
TAILQ_FOREACH(p, &rmtree, chain) {
if (ignore_anonymous) {
if (p->remote->ss_family == AF_UNSPEC) /* anonymous */
continue;
}
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
// ignore the default btmm ipv6 config thats always present in racoon.conf
if (p->remote->ss_family == AF_INET6 &&
p->idvtype == IDTYPE_USERFQDN &&
strncmp(p->idv->v, default_idv, p->idv->l) == 0) {
continue;
}
-#endif
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
return 0;
}
return 1;
getrmconf(remote)
struct sockaddr_storage *remote;
{
- return getrmconf_strict(remote, 1);
+ struct remoteconf *rmconf = getrmconf_strict(remote, 1);
+ if (rmconf != NULL) {
+ return rmconf;
+ }
+ if (remote->ss_family == AF_INET6) {
+ struct sockaddr_in v4dst;
+ v4dst.sin_family = AF_INET;
+ v4dst.sin_len = sizeof(struct sockaddr_in);
+ v4dst.sin_port = 0;
+
+ nw_nat64_prefix_t nat64_prefix;
+ if (vpncontrol_set_nat64_prefix(&nat64_prefix)) {
+ nw_nat64_extract_v4(&nat64_prefix, &((struct sockaddr_in6 *)remote)->sin6_addr, &v4dst.sin_addr);
+
+ rmconf = getrmconf(ALIGNED_CAST(struct sockaddr_storage *)&v4dst);
+ if (rmconf != NULL) {
+ return rmconf;
+ }
+ }
+ }
+
+ return NULL;
}
struct remoteconf *
// zero-out pointers
new->remote = NULL;
+ new->forced_local = NULL;
new->keychainCertRef = NULL; /* peristant keychain ref for cert */
new->shared_secret = NULL; /* shared secret */
new->open_dir_auth_group = NULL; /* group to be used to authorize user */
{
if (rmconf->remote)
racoon_free(rmconf->remote);
+ if (rmconf->forced_local)
+ racoon_free(rmconf->forced_local);
#ifdef ENABLE_HYBRID
if (rmconf->xauth)
xauth_rmconf_delete(&rmconf->xauth);
vfree(rmconf->keychainCertRef);
if (rmconf->open_dir_auth_group)
vfree(rmconf->open_dir_auth_group);
-
- if (rmconf->eap_options)
- CFRelease(rmconf->eap_options);
- if (rmconf->eap_types)
- deletypes(rmconf->eap_types);
- if (rmconf->ikev2_cfg_request)
- CFRelease(rmconf->ikev2_cfg_request);
racoon_free(rmconf);
}
s_idtype (id->idtype));
if (id->id)
pbuf += snprintf (pbuf, sizeof(buf) - (pbuf - buf), " \"%s\"", id->id->v);
- plog(ASL_LEVEL_INFO, "%s;\n", buf);
+ plog(ASL_LEVEL_NOTICE, "%s;\n", buf);
return NULL;
}
if (p->inherited_from)
pbuf += snprintf(pbuf, sizeof(buf) - (pbuf - buf), " inherit %s",
saddr2str((struct sockaddr *)p->inherited_from->remote));
- plog(ASL_LEVEL_INFO, "%s {\n", buf);
+ plog(ASL_LEVEL_NOTICE, "%s {\n", buf);
pbuf = buf;
pbuf += snprintf(pbuf, sizeof(buf) - (pbuf - buf), "\texchange_type ");
while (etype) {
etype->next != NULL ? ", " : ";\n");
etype = etype->next;
}
- plog(ASL_LEVEL_INFO, "%s", buf);
- plog(ASL_LEVEL_INFO, "\tdoi %s;\n", s_doi(p->doitype));
+ plog(ASL_LEVEL_NOTICE, "%s", buf);
+ plog(ASL_LEVEL_NOTICE, "\tdoi %s;\n", s_doi(p->doitype));
pbuf = buf;
pbuf += snprintf(pbuf, sizeof(buf) - (pbuf - buf), "\tmy_identifier %s", s_idtype (p->idvtype));
if (p->idvtype == IDTYPE_ASN1DN) {
- plog(ASL_LEVEL_INFO, "%s;\n", buf);
+ plog(ASL_LEVEL_NOTICE, "%s;\n", buf);
switch (p->getcert_method) {
case 0:
break;
case ISAKMP_GETCERT_PAYLOAD:
- plog(ASL_LEVEL_INFO, "\t/* peers certificate from payload */\n");
+ plog(ASL_LEVEL_NOTICE, "\t/* peers certificate from payload */\n");
break;
default:
- plog(ASL_LEVEL_INFO, "\tpeers_certfile *UNKNOWN* (%d)\n", p->getcert_method);
+ plog(ASL_LEVEL_NOTICE, "\tpeers_certfile *UNKNOWN* (%d)\n", p->getcert_method);
}
}
else {
if (p->idv)
pbuf += snprintf (pbuf, sizeof(buf) - (pbuf - buf), " \"%s\"", p->idv->v);
- plog(ASL_LEVEL_INFO, "%s;\n", buf);
+ plog(ASL_LEVEL_NOTICE, "%s;\n", buf);
genlist_foreach(p->idvl_p, &dump_peers_identifiers, NULL);
}
- plog(ASL_LEVEL_INFO, "\tsend_cert %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\tsend_cert %s;\n",
s_switch (p->send_cert));
- plog(ASL_LEVEL_INFO, "\tsend_cr %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\tsend_cr %s;\n",
s_switch (p->send_cr));
- plog(ASL_LEVEL_INFO, "\tverify_cert %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\tverify_cert %s;\n",
s_switch (p->verify_cert));
- plog(ASL_LEVEL_INFO, "\tverify_identifier %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\tverify_identifier %s;\n",
s_switch (p->verify_identifier));
- plog(ASL_LEVEL_INFO, "\tnat_traversal %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\tnat_traversal %s;\n",
p->nat_traversal == NATT_FORCE ?
"force" : s_switch (p->nat_traversal));
- plog(ASL_LEVEL_INFO, "\tnatt_multiple_user %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\tnatt_multiple_user %s;\n",
s_switch (p->natt_multiple_user));
- plog(ASL_LEVEL_INFO, "\tnonce_size %d;\n",
+ plog(ASL_LEVEL_NOTICE, "\tnonce_size %d;\n",
p->nonce_size);
- plog(ASL_LEVEL_INFO, "\tpassive %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\tpassive %s;\n",
s_switch (p->passive));
- plog(ASL_LEVEL_INFO, "\tike_frag %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\tike_frag %s;\n",
p->ike_frag == ISAKMP_FRAG_FORCE ?
"force" : s_switch (p->ike_frag));
- plog(ASL_LEVEL_INFO, "\tesp_frag %d;\n", p->esp_frag);
- plog(ASL_LEVEL_INFO, "\tinitial_contact %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\tesp_frag %d;\n", p->esp_frag);
+ plog(ASL_LEVEL_NOTICE, "\tinitial_contact %s;\n",
s_switch (p->ini_contact));
- plog(ASL_LEVEL_INFO, "\tgenerate_policy %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\tgenerate_policy %s;\n",
s_switch (p->gen_policy));
- plog(ASL_LEVEL_INFO, "\tsupport_proxy %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\tsupport_proxy %s;\n",
s_switch (p->support_proxy));
while (prop) {
- plog(ASL_LEVEL_INFO, "\n");
- plog(ASL_LEVEL_INFO,
+ plog(ASL_LEVEL_NOTICE, "\n");
+ plog(ASL_LEVEL_NOTICE,
"\t/* prop_no=%d, trns_no=%d, rmconf=%s */\n",
prop->prop_no, prop->trns_no,
saddr2str((struct sockaddr *)prop->rmconf->remote));
- plog(ASL_LEVEL_INFO, "\tproposal {\n");
- plog(ASL_LEVEL_INFO, "\t\tlifetime time %lu sec;\n",
+ plog(ASL_LEVEL_NOTICE, "\tproposal {\n");
+ plog(ASL_LEVEL_NOTICE, "\t\tlifetime time %lu sec;\n",
(long)prop->lifetime);
- plog(ASL_LEVEL_INFO, "\t\tlifetime bytes %zd;\n",
+ plog(ASL_LEVEL_NOTICE, "\t\tlifetime bytes %zd;\n",
prop->lifebyte);
- plog(ASL_LEVEL_INFO, "\t\tdh_group %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\t\tdh_group %s;\n",
alg_oakley_dhdef_name(prop->dh_group));
- plog(ASL_LEVEL_INFO, "\t\tencryption_algorithm %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\t\tencryption_algorithm %s;\n",
alg_oakley_encdef_name(prop->enctype));
- plog(ASL_LEVEL_INFO, "\t\thash_algorithm %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\t\thash_algorithm %s;\n",
alg_oakley_hashdef_name(prop->hashtype));
- plog(ASL_LEVEL_INFO, "\t\tprf_algorithm %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\t\tprf_algorithm %s;\n",
alg_oakley_hashdef_name(prop->prf));
- plog(ASL_LEVEL_INFO, "\t\tauthentication_method %s;\n",
+ plog(ASL_LEVEL_NOTICE, "\t\tauthentication_method %s;\n",
alg_oakley_authdef_name(prop->authmethod));
- plog(ASL_LEVEL_INFO, "\t}\n");
+ plog(ASL_LEVEL_NOTICE, "\t}\n");
prop = prop->next;
}
- plog(ASL_LEVEL_INFO, "}\n");
- plog(ASL_LEVEL_INFO, "\n");
+ plog(ASL_LEVEL_NOTICE, "}\n");
+ plog(ASL_LEVEL_NOTICE, "\n");
return NULL;
}
projects / apple / ipsec.git / blobdiff