diff options
| author | Martin Willi <martin@strongswan.org> | 2008-04-09 12:54:47 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2008-04-09 12:54:47 +0000 |
| commit | cdcfe777f4cec7906a28fd2ef57d24ec3290902f (patch) | |
| tree | c225288c98e84133eb392499ce842004e249f816 /src/starter/starterstroke.c | |
| parent | 4a96521965fd1ab21f4e37bb848b6509d912b9a7 (diff) | |
| download | strongswan-cdcfe777f4cec7906a28fd2ef57d24ec3290902f.tar.bz2 strongswan-cdcfe777f4cec7906a28fd2ef57d24ec3290902f.tar.xz | |
implementation of an CFG attribute framework, currently supporting virtual IPs
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
Diffstat (limited to 'src/starter/starterstroke.c')
| -rw-r--r-- | src/starter/starterstroke.c | 48 |
1 files changed, 36 insertions, 12 deletions
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 83db1430c..025cd66f4 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -170,15 +170,47 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta msg_end->tohost = !conn_end->has_client; msg_end->protocol = conn_end->protocol; msg_end->port = conn_end->port; - msg_end->virtual_ip = conn_end->modecfg || conn_end->has_srcip; - ip_address2string(&conn_end->srcip, buffer, sizeof(buffer)); - msg_end->sourceip = push_string(msg, buffer); + if (conn_end->srcip) + { + if (conn_end->srcip[0] == '%') + { /* %poolname, strip % */ + msg_end->sourceip_size = 0; + msg_end->sourceip = push_string(msg, conn_end->srcip + 1); + } + else + { + char *pos = strchr(conn_end->srcip, '/'); + if (pos) + { /* CIDR subnet definition */ + snprintf(buffer, pos - conn_end->srcip + 1, "%s", conn_end->srcip); + msg_end->sourceip = push_string(msg, buffer); + msg_end->sourceip_size = atoi(pos + 1); + } + else + { /* a sigle address */ + msg_end->sourceip = push_string(msg, conn_end->srcip); + if (strchr(conn_end->srcip, ':')) + { /* IPv6 */ + msg_end->sourceip_size = 128; + } + else + { /* IPv4 */ + msg_end->sourceip_size = 32; + } + } + } + } + else if (conn_end->modecfg) + { + msg_end->sourceip_size = 1; + } } int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) { stroke_msg_t msg; + memset(&msg, 0, sizeof(msg)); msg.type = STR_ADD_CONN; msg.length = offsetof(stroke_msg_t, buffer); msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2; @@ -213,15 +245,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.mode = 0; /* XFRM_MODE_TUNNEL */ } - if (conn->policy & POLICY_DONT_REKEY) - { - msg.add_conn.rekey.ipsec_lifetime = 0; - msg.add_conn.rekey.ike_lifetime = 0; - msg.add_conn.rekey.margin = 0; - msg.add_conn.rekey.tries = 0; - msg.add_conn.rekey.fuzz = 0; - } - else + if (!(conn->policy & POLICY_DONT_REKEY)) { msg.add_conn.rekey.reauth = (conn->policy & POLICY_DONT_REAUTH) == LEMPTY; msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds; |