diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-08-02 18:38:28 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-08-02 18:38:28 +0000 |
| commit | ec11518d1b7f3d3a52e99e661de7f628f3da10cf (patch) | |
| tree | 10a6fdaa263eac51d96f9b512ad16398ba9362f6 | |
| parent | f8afabcac3858f1c43f5fad4ca9fdbc01614180b (diff) | |
| download | strongswan-ec11518d1b7f3d3a52e99e661de7f628f3da10cf.tar.bz2 strongswan-ec11518d1b7f3d3a52e99e661de7f628f3da10cf.tar.xz | |
handle dns lookup failures
| -rw-r--r-- | src/starter/cmp.c | 9 | ||||
| -rw-r--r-- | src/starter/confread.c | 34 | ||||
| -rw-r--r-- | src/starter/confread.h | 1 | ||||
| -rw-r--r-- | src/starter/starterwhack.c | 2 |
4 files changed, 37 insertions, 9 deletions
diff --git a/src/starter/cmp.c b/src/starter/cmp.c index 9222bf58f..ea8e736ce 100644 --- a/src/starter/cmp.c +++ b/src/starter/cmp.c @@ -36,7 +36,14 @@ starter_cmp_end(starter_end_t *c1, starter_end_t *c2) if ((c1 == NULL) || (c2 == NULL)) return FALSE; - ADDCMP(addr); + if (c2->dns_failed) + { + c2->addr = c1->addr; + } + else + { + ADDCMP(addr); + } ADDCMP(nexthop); ADDCMP(srcip); SUBCMP(subnet); diff --git a/src/starter/confread.c b/src/starter/confread.c index 2fe5b8ca7..f754f267f 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -193,11 +193,9 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token } else { - bool fallback_to_any = FALSE; - + /* check for allow_any prefix */ if (value[0] == '%') { - fallback_to_any = TRUE; end->allow_any = TRUE; value++; } @@ -206,12 +204,10 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token if (ugh != NULL) { plog("# bad addr: %s=%s [%s]", name, value, ugh); - if (fallback_to_any) + if (streq(ugh, "does not look numeric and name lookup failed")) { - plog("# fallback to %s=%%any due to '%%' prefix"); + end->dns_failed = TRUE; anyaddr(conn->addr_family, &end->addr); - end->allow_any = FALSE; - cfg->non_fatal_err++; } else { @@ -340,6 +336,27 @@ err: } /* + * handles left|right=<FQDN> DNS resolution failure + */ +static void +handle_dns_failure( const char *label, starter_end_t *end, starter_config_t *cfg) +{ + if (end->dns_failed) + { + if (end->allow_any) + { + plog("# fallback to %s=%%any due to '%%' prefix or %sallowany=yes", + label, label); + } + else + { + /* declare an error */ + cfg->err++; + } + } +} + +/* * handles left|rightfirewall and left|rightupdown parameters */ static void @@ -543,6 +560,9 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) break; } } + + handle_dns_failure("left", &conn->left, cfg); + handle_dns_failure("right", &conn->right, cfg); handle_firewall("left", &conn->left, cfg); handle_firewall("right", &conn->right, cfg); } diff --git a/src/starter/confread.h b/src/starter/confread.h index 970166c90..912af4945 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -76,6 +76,7 @@ struct starter_end { bool firewall; bool hostaccess; bool allow_any; + bool dns_failed; char *updown; u_int16_t port; u_int8_t protocol; diff --git a/src/starter/starterwhack.c b/src/starter/starterwhack.c index e920fc7ee..a546304c9 100644 --- a/src/starter/starterwhack.c +++ b/src/starter/starterwhack.c @@ -168,9 +168,9 @@ set_whack_end(whack_end_t *w, starter_end_t *end) w->has_port_wildcard = end->has_port_wildcard; w->has_srcip = end->has_srcip; w->has_natip = end->has_natip; + w->allow_any = end->allow_any && !end->dns_failed; w->modecfg = end->modecfg; w->hostaccess = end->hostaccess; - w->allow_any = end->allow_any; w->sendcert = end->sendcert; w->updown = end->updown; w->host_port = IKE_UDP_PORT; |