Pass complete port range over stroke interface for more flexibility

7 files changed, 21 insertions, 24 deletions

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 70d6ce562..ed10bdb9f 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -873,21 +873,11 @@ static void add_ts(private_stroke_config_t *this,
 				   stroke_end_t *end, child_cfg_t *child_cfg, bool local)
 {
 	traffic_selector_t *ts;
-	u_int16_t from_port, to_port;
-
-	if (end->port)
-	{
-		from_port = to_port = end->port;
-	}
-	else
-	{
-		from_port = 0;
-		to_port = 65535;
-	}
 
 	if (end->tohost)
 	{
-		ts = traffic_selector_create_dynamic(end->protocol, from_port, to_port);
+		ts = traffic_selector_create_dynamic(end->protocol,
+											 end->from_port, end->to_port);
 		child_cfg->add_traffic_selector(child_cfg, local, ts);
 	}
 	else
@@ -900,7 +890,7 @@ static void add_ts(private_stroke_config_t *this,
 			if (net)
 			{
 				ts = traffic_selector_create_from_subnet(net, 0, end->protocol,
-														 from_port, to_port);
+												end->from_port, end->to_port);
 				child_cfg->add_traffic_selector(child_cfg, local, ts);
 			}
 		}
@@ -913,7 +903,7 @@ static void add_ts(private_stroke_config_t *this,
 			while (enumerator->enumerate(enumerator, &subnet))
 			{
 				ts = traffic_selector_create_from_cidr(subnet, end->protocol,
-													   from_port, to_port);
+												end->from_port, end->to_port);
 				if (ts)
 				{
 					child_cfg->add_traffic_selector(child_cfg, local, ts);
diff --git a/src/starter/cmp.c b/src/starter/cmp.c
index aaba7b11d..cea864a4a 100644
--- a/src/starter/cmp.c
+++ b/src/starter/cmp.c
@@ -27,7 +27,8 @@ static bool starter_cmp_end(starter_end_t *c1, starter_end_t *c2)
 		return FALSE;
 
 	VARCMP(modecfg);
-	VARCMP(port);
+	VARCMP(from_port);
+	VARCMP(to_port);
 	VARCMP(protocol);
 
 	return cmp_args(KW_END_FIRST, KW_END_LAST, (char *)c1, (char *)c2);
@@ -63,4 +64,3 @@ bool starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2)
 
 	return cmp_args(KW_CA_NAME, KW_CA_LAST, (char *)c1, (char *)c2);
 }
-
diff --git a/src/starter/confread.c b/src/starter/confread.c
index fecb998df..92d695478 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -142,6 +142,9 @@ static void default_values(starter_config_t *cfg)
 	cfg->conn_default.left.ikeport = 500;
 	cfg->conn_default.right.ikeport = 500;
 
+	cfg->conn_default.left.to_port = 0xffff;
+	cfg->conn_default.right.to_port = 0xffff;
+
 	cfg->ca_default.seen = SEEN_NONE;
 }
 
@@ -292,14 +295,15 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 		}
 		if (streq(port, "%any"))
 		{
-			end->port = 0;
+			end->from_port = 0;
+			end->to_port = 0xffff;
 		}
 		else
 		{
 			svc = getservbyname(port, NULL);
 			if (svc)
 			{
-				end->port = ntohs(svc->s_port);
+				end->from_port = end->to_port = ntohs(svc->s_port);
 			}
 			else
 			{
@@ -309,7 +313,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 					DBG1(DBG_APP, "# bad port: %s=%s", name, value);
 					goto err;
 				}
-				end->port = (u_int16_t)p;
+				end->from_port = end->to_port = (u_int16_t)p;
 			}
 		}
 		if (sep)
diff --git a/src/starter/confread.h b/src/starter/confread.h
index a0f6234f9..26a3568d4 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -115,7 +115,8 @@ struct starter_end {
 		bool            hostaccess;
 		bool            allow_any;
 		char            *updown;
-		u_int16_t       port;
+		u_int16_t       from_port;
+		u_int16_t       to_port;
 		u_int8_t        protocol;
 		char            *sourceip;
 		char            *dns;
@@ -246,4 +247,3 @@ extern starter_config_t *confread_load(const char *file);
 extern void confread_free(starter_config_t *cfg);
 
 #endif /* _IPSEC_CONFREAD_H_ */
-
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 4f9e8fb14..39c59eb15 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -146,7 +146,8 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
 	msg_end->tohost = !conn_end->subnet;
 	msg_end->allow_any = conn_end->allow_any;
 	msg_end->protocol = conn_end->protocol;
-	msg_end->port = conn_end->port;
+	msg_end->from_port = conn_end->from_port;
+	msg_end->to_port = conn_end->to_port;
 }
 
 int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
@@ -330,4 +331,3 @@ int starter_stroke_configure(starter_config_t *cfg)
 	}
 	return 0;
 }
-
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index e289296c1..c2a505141 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -151,12 +151,14 @@ static int add_connection(char *name,
 	msg.add_conn.me.ikeport = 500;
 	msg.add_conn.me.subnets = push_string(&msg, my_nets);
 	msg.add_conn.me.sendcert = 1;
+	msg.add_conn.me.to_port = 65535;
 
 	msg.add_conn.other.id = push_string(&msg, other_id);
 	msg.add_conn.other.address = push_string(&msg, other_addr);
 	msg.add_conn.other.ikeport = 500;
 	msg.add_conn.other.subnets = push_string(&msg, other_nets);
 	msg.add_conn.other.sendcert = 1;
+	msg.add_conn.other.to_port = 65535;
 
 	return send_stroke_msg(&msg);
 }
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index e972a5984..3eaa327ce 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -167,7 +167,8 @@ struct stroke_end_t {
 	int tohost;
 	int allow_any;
 	u_int8_t protocol;
-	u_int16_t port;
+	u_int16_t from_port;
+	u_int16_t to_port;
 };
 
 typedef struct stroke_msg_t stroke_msg_t;