diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-01-18 14:51:57 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-01-25 16:56:28 +0100 |
| commit | 69b58e347ee09fa3adf60552f5410dbb346d6f4f (patch) | |
| tree | 0913b94ce1b547efe14a723f33f7db83031235fe | |
| parent | 014737dd545495d941d096addd01e24c5c7933f9 (diff) | |
| download | strongswan-69b58e347ee09fa3adf60552f5410dbb346d6f4f.tar.bz2 strongswan-69b58e347ee09fa3adf60552f5410dbb346d6f4f.tar.xz | |
stroke: Default to %dynamic if no valid TS are specified in left|rightsubnet
Otherwise, we'd end up with an empty TS list, which is not valid.
Because end->tohost is set to !end->subnets in starter the removed branch was
never used.
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 101 |
1 files changed, 44 insertions, 57 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index f2d110434..49bf3ab60 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -982,73 +982,60 @@ static void add_ts(private_stroke_config_t *this, stroke_end_t *end, child_cfg_t *child_cfg, bool local) { traffic_selector_t *ts; + bool ts_added = FALSE; - if (end->tohost) + if (end->subnets) { - ts = traffic_selector_create_dynamic(end->protocol, - end->from_port, end->to_port); - child_cfg->add_traffic_selector(child_cfg, local, ts); - } - else - { - if (!end->subnets) - { - host_t *net; + enumerator_t *enumerator; + char *subnet, *pos; + uint16_t from_port, to_port; + uint8_t proto; - net = host_create_from_string(end->address, 0); - if (net) - { - ts = traffic_selector_create_from_subnet(net, 0, end->protocol, - end->from_port, end->to_port); - child_cfg->add_traffic_selector(child_cfg, local, ts); - } - } - else + enumerator = enumerator_create_token(end->subnets, ",", " "); + while (enumerator->enumerate(enumerator, &subnet)) { - enumerator_t *enumerator; - char *subnet, *pos; - uint16_t from_port, to_port; - uint8_t proto; + from_port = end->from_port; + to_port = end->to_port; + proto = end->protocol; - enumerator = enumerator_create_token(end->subnets, ",", " "); - while (enumerator->enumerate(enumerator, &subnet)) + pos = strchr(subnet, '['); + if (pos) { - from_port = end->from_port; - to_port = end->to_port; - proto = end->protocol; - - pos = strchr(subnet, '['); - if (pos) + *(pos++) = '\0'; + if (!parse_protoport(pos, &from_port, &to_port, &proto)) { - *(pos++) = '\0'; - if (!parse_protoport(pos, &from_port, &to_port, &proto)) - { - DBG1(DBG_CFG, "invalid proto/port: %s, skipped subnet", - pos); - continue; - } - } - if (streq(subnet, "%dynamic")) - { - ts = traffic_selector_create_dynamic(proto, - from_port, to_port); - } - else - { - ts = traffic_selector_create_from_cidr(subnet, proto, - from_port, to_port); - } - if (ts) - { - child_cfg->add_traffic_selector(child_cfg, local, ts); - } - else - { - DBG1(DBG_CFG, "invalid subnet: %s, skipped", subnet); + DBG1(DBG_CFG, "invalid proto/port: %s, skipped subnet", + pos); + continue; } } - enumerator->destroy(enumerator); + if (streq(subnet, "%dynamic")) + { + ts = traffic_selector_create_dynamic(proto, + from_port, to_port); + } + else + { + ts = traffic_selector_create_from_cidr(subnet, proto, + from_port, to_port); + } + if (ts) + { + child_cfg->add_traffic_selector(child_cfg, local, ts); + ts_added = TRUE; + } + else + { + DBG1(DBG_CFG, "invalid subnet: %s, skipped", subnet); + } } + enumerator->destroy(enumerator); + } + if (!ts_added) + { + ts = traffic_selector_create_dynamic(end->protocol, + end->from_port, end->to_port); + child_cfg->add_traffic_selector(child_cfg, local, ts); } } |