diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-06-06 13:16:48 +0000 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-06-06 13:16:48 +0000 |
commit | 9bac1d6640a370c78c975b9ac53ce371a996c364 (patch) | |
tree | 61cece82cf48e380e8d0eba33af7ffb127184e62 | |
parent | 8e481be97a3dd90c568715d4e5d0a2a669bd2b21 (diff) | |
download | strongswan-9bac1d6640a370c78c975b9ac53ce371a996c364.tar.bz2 strongswan-9bac1d6640a370c78c975b9ac53ce371a996c364.tar.xz |
do not print nexthop in ipsec status[all]
-rw-r--r-- | src/pluto/connections.c | 66 |
1 files changed, 5 insertions, 61 deletions
diff --git a/src/pluto/connections.c b/src/pluto/connections.c index 0d02b979c..499e5eda5 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -632,24 +632,13 @@ format_end(char *buf strcpy(&host_id[len < 0? (ptrdiff_t)sizeof(host_id)-2 : 1 + len], "]"); } - /* [---hop] */ - hop[0] = '\0'; - hop_sep = ""; - if (that != NULL && !sameaddr(&this->host_nexthop, &that->host_addr)) - { - addrtot(&this->host_nexthop, 0, hop, sizeof(hop)); - hop_sep = "---"; - } - if (is_left) - snprintf(buf, buf_len, "%s%s%s%s%s%s%s%s%s%s" - , open_brackets, client, close_brackets - , client_sep, host, host_port, host_id - , protoport, hop_sep, hop); + snprintf(buf, buf_len, "%s%s%s%s%s%s%s%s" + , open_brackets, client, close_brackets, client_sep + , host, host_port, host_id, protoport); else - snprintf(buf, buf_len, "%s%s%s%s%s%s%s%s%s%s" - , hop, hop_sep, host, host_port, host_id - , protoport, client_sep + snprintf(buf, buf_len, "%s%s%s%s%s%s%s%s" + , host, host_port, host_id, protoport, client_sep , open_brackets, client, close_brackets); return strlen(buf); } @@ -2975,51 +2964,6 @@ terminate_connection(const char *nm) } while (c != NULL); } -/* check nexthop safety - * Our nexthop must not be within a routed client subnet, and vice versa. - * Note: we don't think this is true. We think that KLIPS will - * not process a packet output by an eroute. - */ -#ifdef NEVER -//bool -//check_nexthop(const struct connection *c) -//{ -// struct connection *d; -// -// if (addrinsubnet(&c->spd.this.host_nexthop, &c->spd.that.client)) -// { -// loglog(RC_LOG_SERIOUS, "cannot perform routing for connection \"%s\"" -// " because nexthop is within peer's client network", -// c->name); -// return FALSE; -// } -// -// for (d = connections; d != NULL; d = d->next) -// { -// if (d->routing != RT_UNROUTED) -// { -// if (addrinsubnet(&c->spd.this.host_nexthop, &d->spd.that.client)) -// { -// loglog(RC_LOG_SERIOUS, "cannot do routing for connection \"%s\" -// " because nexthop is contained in" -// " existing routing for connection \"%s\"", -// c->name, d->name); -// return FALSE; -// } -// if (addrinsubnet(&d->spd.this.host_nexthop, &c->spd.that.client)) -// { -// loglog(RC_LOG_SERIOUS, "cannot do routing for connection \"%s\" -// " because it contains nexthop of" -// " existing routing for connection \"%s\"", -// c->name, d->name); -// return FALSE; -// } -// } -// } -// return TRUE; -//} -#endif /* NEVER */ - /* an ISAKMP SA has been established. * Note the serial number, and release any connections with * the same peer ID but different peer IP address. |