diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2013-06-28 10:29:42 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-06-28 15:10:09 +0200 |
| commit | b7b5432ff8cfdcc56a395ffccd899029a6ca676f (patch) | |
| tree | 0976c523d6c68e9567f394810cbc95c4e594ec68 | |
| parent | b18a53171537f81e8dc4a094a5368bdd9d3c7e4f (diff) | |
| download | strongswan-b7b5432ff8cfdcc56a395ffccd899029a6ca676f.tar.bz2 strongswan-b7b5432ff8cfdcc56a395ffccd899029a6ca676f.tar.xz | |
stroke: Changed how proto/port are specified in left|rightsubnet
Using a colon as separator conflicts with IPv6 addresses.
| -rw-r--r-- | man/ipsec.conf.5.in | 13 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 9 |
2 files changed, 15 insertions, 7 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 22efa4908..07472b292 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -788,7 +788,7 @@ echoed back. Also supported are address pools expressed as or the use of an external IP address pool using %\fIpoolname\fR, where \fIpoolname\fR is the name of the IP address pool used for the lookup. .TP -.BR leftsubnet " = <ip subnet>[:<proto/port>][,...]" +.BR leftsubnet " = <ip subnet>[[<proto/port>]][,...]" private subnet behind the left participant, expressed as \fInetwork\fB/\fInetmask\fR; if omitted, essentially assumed to be \fIleft\fB/32\fR, @@ -800,15 +800,16 @@ configurations. IKEv2 supports multiple subnets separated by commas. IKEv1 only interprets the first subnet of such a definition, unless the Cisco Unity extension plugin is enabled. -The part in each subnet following an optional colon specifies a protocol/port -to restrict the selector for that subnet. +The optional part after each subnet enclosed in square brackets specifies a +protocol/port to restrict the selector for that subnet. -Example: -.BR leftsubnet=10.0.0.1:tcp/http,10.0.0.2:6/80,10.0.0.3:udp,10.0.0.0/16:/53 . +Examples: +.BR leftsubnet=10.0.0.1[tcp/http],10.0.0.2[6/80] " or" +.BR leftsubnet=fec1::1[udp],10.0.0.0/16[/53] . Instead of omitting either value .B %any can be used to the same effect, e.g. -.BR leftsubnet=10.0.0.3:udp/%any,10.0.0.0/16=%any/53 . +.BR leftsubnet=fec1::1[udp/%any],10.0.0.0/16[%any/53] . The port value can alternatively take the value .B %opaque diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 64af5bb9c..da8d35c40 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -895,6 +895,13 @@ static bool parse_protoport(char *token, u_int16_t *from_port, struct servent *svc; long int p; + sep = strrchr(token, ']'); + if (!sep) + { + return FALSE; + } + *sep = '\0'; + sep = strchr(token, '/'); if (sep) { /* protocol/port */ @@ -1009,7 +1016,7 @@ static void add_ts(private_stroke_config_t *this, to_port = end->to_port; proto = end->protocol; - pos = strchr(subnet, ':'); + pos = strchr(subnet, '['); if (pos) { *(pos++) = '\0'; |