diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2006-10-25 08:40:34 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2006-10-25 08:40:34 +0000 |
| commit | 0e4d1d05ad29ea86f29d94741ec9d7f24fcdf955 (patch) | |
| tree | 441e862a875fb4219d8c6e24e0c3e7c9ea3da19e | |
| parent | b701b7895b280eb1f6949eb4bc9a45b89e6e9976 (diff) | |
| download | strongswan-0e4d1d05ad29ea86f29d94741ec9d7f24fcdf955.tar.bz2 strongswan-0e4d1d05ad29ea86f29d94741ec9d7f24fcdf955.tar.xz | |
added 'modeconfig=pull|push' and 'left|rightnatip' keywords
| -rw-r--r-- | src/starter/args.c | 2 | ||||
| -rw-r--r-- | src/starter/confread.c | 24 | ||||
| -rw-r--r-- | src/starter/keywords.h | 6 | ||||
| -rw-r--r-- | src/starter/keywords.txt | 3 | ||||
| -rw-r--r-- | src/starter/starterwhack.c | 1 |
5 files changed, 35 insertions, 1 deletions
diff --git a/src/starter/args.c b/src/starter/args.c index 5cf96abde..ad37b1942 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -196,6 +196,7 @@ static const token_info_t token_info[] = { ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL }, { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL }, { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, + { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, /* ca section keywords */ { ARG_STR, offsetof(starter_ca_t, name), NULL }, @@ -214,6 +215,7 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_SUBNETWITHIN */ }, { ARG_MISC, 0, NULL /* KW_PROTOPORT */ }, { ARG_MISC, 0, NULL /* KW_SOURCEIP */ }, + { ARG_MISC, 0, NULL /* KW_NATIP */ }, { ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool }, { ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool }, { ARG_STR, offsetof(starter_end_t, updown), NULL }, diff --git a/src/starter/confread.c b/src/starter/confread.c index 2389154ec..93b8beeb3 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -247,6 +247,11 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token end->has_port_wildcard = has_port_wildcard; break; case KW_SOURCEIP: + if (end->has_natip) + { + plog("# natip and sourceip cannot be defined at the same time"); + goto err; + } if (streq(value, "%modeconfig") || streq(value, "%modecfg")) { end->modecfg = TRUE; @@ -264,6 +269,22 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token } conn->policy |= POLICY_TUNNEL; break; + case KW_NATIP: + if (end->has_srcip) + { + plog("# natip and sourceip cannot be defined at the same time"); + goto err; + } + conn->tunnel_addr_family = ip_version(value); + ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &end->srcip); + if (ugh != NULL) + { + plog("# bad addr: %s=%s [%s]", name, value, ugh); + goto err; + } + end->has_natip = TRUE; + conn->policy |= POLICY_TUNNEL; + break; default: break; } @@ -422,6 +443,9 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) case KW_REKEY: KW_POLICY_FLAG("no", "yes", POLICY_DONT_REKEY) break; + case KW_MODECONFIG: + KW_POLICY_FLAG("push", "pull", POLICY_MODECFG_PUSH) + break; default: break; } diff --git a/src/starter/keywords.h b/src/starter/keywords.h index f574c77b0..1b2cf69c6 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -79,9 +79,10 @@ typedef enum { KW_DPDDELAY, KW_DPDTIMEOUT, KW_DPDACTION, + KW_MODECONFIG, #define KW_CONN_FIRST KW_CONN_SETUP -#define KW_CONN_LAST KW_DPDACTION +#define KW_CONN_LAST KW_MODECONFIG /* ca section keywords */ KW_CA_NAME, @@ -103,6 +104,7 @@ typedef enum { KW_SUBNETWITHIN, KW_PROTOPORT, KW_SOURCEIP, + KW_NATIP, KW_FIREWALL, KW_HOSTACCESS, KW_UPDOWN, @@ -124,6 +126,7 @@ typedef enum { KW_LEFTSUBNETWITHIN, KW_LEFTPROTOPORT, KW_LEFTSOURCEIP, + KW_LEFTNATIP, KW_LEFTFIREWALL, KW_LEFTHOSTACCESS, KW_LEFTUPDOWN, @@ -144,6 +147,7 @@ typedef enum { KW_RIGHTSUBNETWITHIN, KW_RIGHTPROTOPORT, KW_RIGHTSOURCEIP, + KW_RIGHTNATIP, KW_RIGHTFIREWALL, KW_RIGHTHOSTACCESS, KW_RIGHTUPDOWN, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index 6952d4e9b..bc5ef4449 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -68,6 +68,7 @@ pfsgroup, KW_PFSGROUP dpddelay, KW_DPDDELAY dpdtimeout, KW_DPDTIMEOUT dpdaction, KW_DPDACTION +modeconfig, KW_MODECONFIG cacert, KW_CACERT ldaphost, KW_LDAPHOST ldapbase, KW_LDAPBASE @@ -80,6 +81,7 @@ leftsubnet, KW_LEFTSUBNET leftsubnetwithin, KW_LEFTSUBNETWITHIN leftprotoport, KW_LEFTPROTOPORT leftsourceip, KW_LEFTSOURCEIP +leftnatip, KW_LEFTNATIP leftfirewall, KW_LEFTFIREWALL lefthostaccess, KW_LEFTHOSTACCESS leftupdown, KW_LEFTUPDOWN @@ -95,6 +97,7 @@ rightsubnet, KW_RIGHTSUBNET rightsubnetwithin, KW_RIGHTSUBNETWITHIN rightprotoport, KW_RIGHTPROTOPORT rightsourceip, KW_RIGHTSOURCEIP +rightnatip, KW_RIGHTNATIP rightfirewall, KW_RIGHTFIREWALL righthostaccess, KW_RIGHTHOSTACCESS rightupdown, KW_RIGHTUPDOWN diff --git a/src/starter/starterwhack.c b/src/starter/starterwhack.c index 0b37ab742..e837f156d 100644 --- a/src/starter/starterwhack.c +++ b/src/starter/starterwhack.c @@ -167,6 +167,7 @@ set_whack_end(whack_end_t *w, starter_end_t *end) w->has_client_wildcard = end->has_client_wildcard; w->has_port_wildcard = end->has_port_wildcard; w->has_srcip = end->has_srcip; + w->has_natip = end->has_natip; w->modecfg = end->modecfg; w->hostaccess = end->hostaccess; w->sendcert = end->sendcert; |