return 1
}
-add_esp_proposal() {
+config_esp_proposal() {
+ local conf="$1"
+
local encryption_algorithm
local hash_algorithm
local dh_group
- config_get encryption_algorithm "$1" encryption_algorithm
- config_get hash_algorithm "$1" hash_algorithm
- config_get dh_group "$1" dh_group
+ config_get encryption_algorithm "$conf" encryption_algorithm
+ config_get hash_algorithm "$conf" hash_algorithm
+ config_get dh_group "$conf" dh_group
# check for AEAD and clobber hash_algorithm if set
if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then
crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${dh_group:+-${dh_group}}"
}
-parse_esp_proposal() {
+iter_esp_proposal() {
local conf="$1"
local var="$2"
local crypto=""
- config_list_foreach "$conf" crypto_proposal add_esp_proposal
+ config_list_foreach "$conf" crypto_proposal config_esp_proposal
export -n "$var=$crypto"
}
-add_ike_proposal() {
+config_ike_proposal() {
+ local conf="$1"
+
local encryption_algorithm
local hash_algorithm
local dh_group
local prf_algorithm
- config_get encryption_algorithm "$1" encryption_algorithm
- config_get hash_algorithm "$1" hash_algorithm
- config_get dh_group "$1" dh_group
- config_get prf_algorithm "$1" prf_algorithm
+ config_get encryption_algorithm "$conf" encryption_algorithm
+ config_get hash_algorithm "$conf" hash_algorithm
+ config_get dh_group "$conf" dh_group
+ config_get prf_algorithm "$conf" prf_algorithm
# check for AEAD and clobber hash_algorithm if set
if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then
crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${prf_algorithm:+-${prf_algorithm}}${dh_group:+-${dh_group}}"
}
-parse_ike_proposal() {
+iter_ike_proposal() {
local conf="$1"
local var="$2"
local crypto=""
- config_list_foreach "$conf" crypto_proposal add_ike_proposal
+ config_list_foreach "$conf" crypto_proposal config_ike_proposal
export -n "$var=$crypto"
}
config_child() {
# Generic ipsec conn section shared by tunnel and transport
- local config_name="$1"
+ local conf="$1"
local mode="$2"
local hw_offload
local rekeypackets
local lifepackets
- config_get startaction "$1" startaction "route"
- config_get local_nat "$1" local_nat ""
- config_get updown "$1" updown ""
- config_get firewall "$1" firewall ""
- config_get lifetime "$1" lifetime ""
- config_get dpdaction "$1" dpdaction "none"
- config_get closeaction "$1" closeaction "none"
- config_get if_id "$1" if_id ""
- config_get rekeytime "$1" rekeytime ""
- config_get_bool ipcomp "$1" ipcomp 0
- config_get interface "$1" interface ""
- config_get hw_offload "$1" hw_offload ""
- config_get priority "$1" priority ""
- config_get rekeybytes "$1" rekeybytes ""
- config_get lifebytes "$1" lifebytes ""
- config_get rekeypackets "$1" rekeypackets ""
- config_get lifepackets "$1" lifepackets ""
-
- config_list_foreach "$1" local_subnet append_var local_subnet ","
- config_list_foreach "$1" remote_subnet append_var remote_subnet ","
+ config_get startaction "$conf" startaction "route"
+ config_get local_nat "$conf" local_nat ""
+ config_get updown "$conf" updown ""
+ config_get firewall "$conf" firewall ""
+ config_get lifetime "$conf" lifetime ""
+ config_get dpdaction "$conf" dpdaction "none"
+ config_get closeaction "$conf" closeaction "none"
+ config_get if_id "$conf" if_id ""
+ config_get rekeytime "$conf" rekeytime ""
+ config_get_bool ipcomp "$conf" ipcomp 0
+ config_get interface "$conf" interface ""
+ config_get hw_offload "$conf" hw_offload ""
+ config_get priority "$conf" priority ""
+ config_get rekeybytes "$conf" rekeybytes ""
+ config_get lifebytes "$conf" lifebytes ""
+ config_get rekeypackets "$conf" rekeypackets ""
+ config_get lifepackets "$conf" lifepackets ""
+
+ config_list_foreach "$conf" local_subnet append_var local_subnet ","
+ config_list_foreach "$conf" remote_subnet append_var remote_subnet ","
local esp_proposal
- parse_esp_proposal "$1" esp_proposal
+ iter_esp_proposal "$conf" esp_proposal
# translate from ipsec to swanctl
case "$startaction" in
[ -n "$local_nat" ] && local_subnet="$local_nat"
- swanctl_xappend3 "$config_name {"
+ swanctl_xappend3 "$conf {"
[ -n "$local_subnet" ] && swanctl_xappend4 "local_ts = $local_subnet"
[ -n "$remote_subnet" ] && swanctl_xappend4 "remote_ts = $remote_subnet"
config_pool() {
local conf="$1"
+
local addrs
local dns
local nbns
local split_include
local split_exclude
- config_get addrs "$1" addrs
- config_list_foreach "$1" dns append_var dns ","
- config_list_foreach "$1" nbns append_var nbns ","
- config_list_foreach "$1" dhcp append_var dhcp ","
- config_list_foreach "$1" netmask append_var netmask ","
- config_list_foreach "$1" server append_var server ","
- config_list_foreach "$1" subnet append_var subnet ","
- config_list_foreach "$1" split_include append_var split_include ","
- config_list_foreach "$1" split_exclude append_var split_exclude ","
+ config_get addrs "$conf" addrs
+ config_list_foreach "$conf" dns append_var dns ","
+ config_list_foreach "$conf" nbns append_var nbns ","
+ config_list_foreach "$conf" dhcp append_var dhcp ","
+ config_list_foreach "$conf" netmask append_var netmask ","
+ config_list_foreach "$conf" server append_var server ","
+ config_list_foreach "$conf" subnet append_var subnet ","
+ config_list_foreach "$conf" split_include append_var split_include ","
+ config_list_foreach "$conf" split_exclude append_var split_exclude ","
swanctl_xappend1 "$conf {"
[ -n "$addrs" ] && swanctl_xappend2 "addrs = $addrs"
swanctl_xappend1 "}"
}
-config_connection() {
- local config_name="$1"
+config_remote() {
+ local conf="$1"
local enabled
local gateway
local remote_ca_certs
local pools
- config_get_bool enabled "$1" enabled 0
+ config_get_bool enabled "$conf" enabled 0
[ $enabled -eq 0 ] && return
- config_get gateway "$1" gateway
- config_get pre_shared_key "$1" pre_shared_key
- config_get auth_method "$1" authentication_method
- config_get local_identifier "$1" local_identifier ""
- config_get remote_identifier "$1" remote_identifier ""
- config_get local_ip "$1" local_ip "%any"
- config_get keyingtries "$1" keyingtries "3"
- config_get dpddelay "$1" dpddelay "30s"
- config_get inactivity "$1" inactivity
- config_get keyexchange "$1" keyexchange "ikev2"
- config_get fragmentation "$1" fragmentation "yes"
- config_get_bool mobike "$1" mobike 1
- config_get local_cert "$1" local_cert ""
- config_get local_key "$1" local_key ""
- config_get ca_cert "$1" ca_cert ""
- config_get rekeytime "$1" rekeytime
- config_get overtime "$1" overtime
-
- config_list_foreach "$1" local_sourceip append_var local_sourceip ","
- config_list_foreach "$1" remote_ca_certs append_var remote_ca_certs ","
- config_list_foreach "$1" pools append_var pools ","
+ config_get gateway "$conf" gateway
+ config_get pre_shared_key "$conf" pre_shared_key
+ config_get auth_method "$conf" authentication_method
+ config_get local_identifier "$conf" local_identifier ""
+ config_get remote_identifier "$conf" remote_identifier ""
+ config_get local_ip "$conf" local_ip "%any"
+ config_get keyingtries "$conf" keyingtries "3"
+ config_get dpddelay "$conf" dpddelay "30s"
+ config_get inactivity "$conf" inactivity
+ config_get keyexchange "$conf" keyexchange "ikev2"
+ config_get fragmentation "$conf" fragmentation "yes"
+ config_get_bool mobike "$conf" mobike 1
+ config_get local_cert "$conf" local_cert ""
+ config_get local_key "$conf" local_key ""
+ config_get ca_cert "$conf" ca_cert ""
+ config_get rekeytime "$conf" rekeytime
+ config_get overtime "$conf" overtime
+
+ config_list_foreach "$conf" local_sourceip append_var local_sourceip ","
+ config_list_foreach "$conf" remote_ca_certs append_var remote_ca_certs ","
+ config_list_foreach "$conf" pools append_var pools ","
case "$fragmentation" in
0)
fi
local ike_proposal
- parse_ike_proposal "$1" ike_proposal
+ iter_ike_proposal "$conf" ike_proposal
[ -n "$firewall" ] && fatal "Firewall not supported"
fi
fi
- swanctl_xappend0 "# config for $config_name"
+ swanctl_xappend0 "# config for $conf"
swanctl_xappend0 "connections {"
- swanctl_xappend1 "$config_name {"
+ swanctl_xappend1 "$conf {"
swanctl_xappend2 "local_addrs = $local_ip"
swanctl_xappend2 "remote_addrs = $remote_gateway"
swanctl_xappend2 "children {"
- config_list_foreach "$1" tunnel config_tunnel
+ config_list_foreach "$conf" tunnel config_tunnel
- config_list_foreach "$1" transport config_transport
+ config_list_foreach "$conf" transport config_transport
swanctl_xappend2 "}"
if [ -n "$ca_cert" ]; then
swanctl_xappend0 "authorities {"
- swanctl_xappend1 "$config_name {"
+ swanctl_xappend1 "$conf {"
swanctl_xappend2 "cacert = $ca_cert"
swanctl_xappend1 "}"
swanctl_xappend0 "}"
swanctl_xappend0 ""
swanctl_xappend0 "secrets {"
- swanctl_xappend1 "ike-$config_name {"
+ swanctl_xappend1 "ike-$conf {"
swanctl_xappend2 "secret = $pre_shared_key"
if [ -n "$local_identifier" ]; then
swanctl_xappend2 "id1 = $local_identifier"
fi
swanctl_xappend0 "pools {"
- config_list_foreach "$1" pools config_pool
+ config_list_foreach "$conf" pools config_pool
swanctl_xappend0 "}"
swanctl_xappend0 ""
}
config_ipsec() {
+ local conf="$1"
+
local rtinstall_enabled
local routing_table
local routing_table_id
local interface
local interface_list
- config_get debug "$1" debug 0
- config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1
+ config_get debug "$conf" debug 0
+ config_get_bool rtinstall_enabled "$conf" rtinstall_enabled 1
[ $rtinstall_enabled -eq 1 ] && install_routes=yes || install_routes=no
# prepare extra charon config option ignore_routing_tables
- for routing_table in $(config_get "$1" "ignore_routing_tables"); do
+ for routing_table in $(config_get "$conf" "ignore_routing_tables"); do
if [ "$routing_table" -ge 0 ] 2>/dev/null; then
routing_table_id=$routing_table
else
[ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id"
done
- config_list_foreach "$1" interface append_var interface_list
+ config_list_foreach "$conf" interface append_var interface_list
if [ -z "$interface_list" ]; then
WAIT_FOR_INTF=0
config_load ipsec
config_foreach config_ipsec ipsec
- config_foreach config_connection remote
+ config_foreach config_remote remote
do_postamble
}
git.99rst.org / openwrt-packages.git / commitdiff