onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-25 04:37:22 +01:00
Code Issues Releases Wiki Activity

VRRP: Make IPsec AH a configurable option.

Browse Source
This commit is contained in:
Reto Buerki 2010-03-19 17:16:11 +00:00
parent f718ed189c
commit 165ebf427a
3 changed files with 45 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/gui/vrrpOptionsDialog.cpp
View File

@ -52,7 +52,7 @@ vrrpOptionsDialog::vrrpOptionsDialog(QWidget *parent, FWObject *o)
FWOptions *gropt = FWOptions::cast(obj);
assert(gropt != NULL);
data.registerOption(m_dialog->vrrp_secret,
gropt,
"vrrp_secret");
@ -60,6 +60,11 @@ vrrpOptionsDialog::vrrpOptionsDialog(QWidget *parent, FWObject *o)
data.registerOption(m_dialog->vrrp_vrid,
gropt,
"vrrp_vrid");
data.registerOption(m_dialog->vrrp_over_ipsec_ah,
gropt,
"vrrp_over_ipsec_ah");
data.loadAll();
}

23
src/gui/vrrpoptionsdialog_q.ui
View File

@ -6,7 +6,7 @@
<x>0</x>
<y>0</y>
<width>369</width>
<height>304</height>
<height>259</height>
</rect>
</property>
<property name="windowTitle" >
@ -75,25 +75,16 @@
<string>VRRP Parameters</string>
</attribute>
<attribute name="icon" >
<iconset resource="MainRes.qrc" >
<iconset>
<normaloff>:/Icons/Options</normaloff>:/Icons/Options</iconset>
</attribute>
<layout class="QGridLayout" name="gridLayout" >
<item row="0" column="1" colspan="2" >
<spacer>
<property name="orientation" >
<enum>Qt::Vertical</enum>
<item row="0" column="0" colspan="3" >
<widget class="QCheckBox" name="vrrp_over_ipsec_ah" >
<property name="text" >
<string>Use IPsec AH protected VRRP</string>
</property>
<property name="sizeType" >
<enum>QSizePolicy::Minimum</enum>
</property>
<property name="sizeHint" stdset="0" >
<size>
<width>20</width>
<height>20</height>
</size>
</property>
</spacer>
</widget>
</item>
<item row="1" column="0" >
<widget class="QLabel" name="vrrp_sec_label" >

50
src/iptlib/PolicyCompiler_ipt.cpp
View File

@ -4898,30 +4898,44 @@ void PolicyCompiler_ipt::insertFailoverRule()
vrrp_dst->setComment("VRRP Multicast Address");
dbcopy->add(vrrp_dst);
/* Add VRRP-Service to database */
IPService* vrrp_srv = IPService::cast(
dbcopy->create(IPService::TYPENAME));
vrrp_srv->setComment("VRRP service");
vrrp_srv->setProtocolNumber(112);
dbcopy->add(vrrp_srv);
bool use_ipsec_ah = false;
addMgmtRule(NULL, vrrp_dst, vrrp_srv, iface,
FWOptions *failover_opts =
FailoverClusterGroup::cast(failover_group)->getOptionsObject();
if (failover_opts)
{
use_ipsec_ah = failover_opts->getBool("vrrp_over_ipsec_ah");
}
if (!use_ipsec_ah)
{
/* Add VRRP-Service to database */
IPService* vrrp_srv = IPService::cast(
dbcopy->create(IPService::TYPENAME));
vrrp_srv->setComment("VRRP service");
vrrp_srv->setProtocolNumber(112);
dbcopy->add(vrrp_srv);
addMgmtRule(NULL, vrrp_dst, vrrp_srv, iface,
PolicyRule::Both, PolicyRule::Accept,
"VRRP");
} else
{
/*
* Add AH-Service to database.
* According to RFC 2338 section 5.3.6.3, VRRP can use
* IPsec AH.
*/
IPService* ah_srv = IPService::cast(
dbcopy->create(IPService::TYPENAME));
ah_srv->setComment("IPSEC-AH");
ah_srv->setProtocolNumber(51);
dbcopy->add(ah_srv);
/*
* Add AH-Service to database.
* According to RFC 2338 section 5.3.6.3, VRRP can use IPsec AH.
*/
IPService* ah_srv = IPService::cast(
dbcopy->create(IPService::TYPENAME));
ah_srv->setComment("IPSEC-AH");
ah_srv->setProtocolNumber(51);
dbcopy->add(ah_srv);
addMgmtRule(NULL, vrrp_dst, ah_srv, iface,
addMgmtRule(NULL, vrrp_dst, ah_srv, iface,
PolicyRule::Both, PolicyRule::Accept,
"VRRP (with IPSEC-AH)");
}
}
if (failover_group->getStr("type") == "heartbeat")