diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-03-10 12:00:56 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-03-10 13:59:37 +0100 |
| commit | 3f1de98678c4d0fc880a425248f907bc2366434f (patch) | |
| tree | cd9e8544eda70dec6583c5df49794231e9bbca2a /src | |
| parent | 90ef7e8af61ca85a3c02cae086f1f110e3088fbb (diff) | |
| download | strongswan-3f1de98678c4d0fc880a425248f907bc2366434f.tar.bz2 strongswan-3f1de98678c4d0fc880a425248f907bc2366434f.tar.xz | |
Support of IP address ranges in traffic selectors
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/updown/updown_listener.c | 16 | ||||
| -rw-r--r-- | src/libcharon/plugins/vici/vici_config.c | 18 |
2 files changed, 27 insertions, 7 deletions
diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c index e472a178e..e51caab10 100644 --- a/src/libcharon/plugins/updown/updown_listener.c +++ b/src/libcharon/plugins/updown/updown_listener.c @@ -311,11 +311,13 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa, ike_sa->get_unique_id(ike_sa)); push_env(envp, countof(envp), "PLUTO_ME=%H", me); push_env(envp, countof(envp), "PLUTO_MY_ID=%Y", ike_sa->get_my_id(ike_sa)); - if (my_ts->to_subnet(my_ts, &host, &mask)) + if (!my_ts->to_subnet(my_ts, &host, &mask)) { - push_env(envp, countof(envp), "PLUTO_MY_CLIENT=%+H/%u", host, mask); - host->destroy(host); + DBG1(DBG_CHD, "updown approximates local TS %R " + "by next larger subnet", my_ts); } + push_env(envp, countof(envp), "PLUTO_MY_CLIENT=%+H/%u", host, mask); + host->destroy(host); push_env(envp, countof(envp), "PLUTO_MY_PORT=%s", get_port(my_ts, other_ts, port_buf, TRUE)); push_env(envp, countof(envp), "PLUTO_MY_PROTOCOL=%u", @@ -323,11 +325,13 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa, push_env(envp, countof(envp), "PLUTO_PEER=%H", other); push_env(envp, countof(envp), "PLUTO_PEER_ID=%Y", ike_sa->get_other_id(ike_sa)); - if (other_ts->to_subnet(other_ts, &host, &mask)) + if (!other_ts->to_subnet(other_ts, &host, &mask)) { - push_env(envp, countof(envp), "PLUTO_PEER_CLIENT=%+H/%u", host, mask); - host->destroy(host); + DBG1(DBG_CHD, "updown approximates remote TS %R " + "by next larger subnet", other_ts); } + push_env(envp, countof(envp), "PLUTO_PEER_CLIENT=%+H/%u", host, mask); + host->destroy(host); push_env(envp, countof(envp), "PLUTO_PEER_PORT=%s", get_port(my_ts, other_ts, port_buf, FALSE)); push_env(envp, countof(envp), "PLUTO_PEER_PROTOCOL=%u", diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 27268a512..6da663b83 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -3,7 +3,7 @@ * Copyright (C) 2014 revosec AG * * Copyright (C) 2015-2016 Tobias Brunner - * Copyright (C) 2015 Andreas Steffen + * Copyright (C) 2015-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -646,6 +646,22 @@ CALLBACK(parse_ts, bool, { ts = traffic_selector_create_dynamic(proto, from, to); } + else if (strchr(buf, '-')) + { + host_t *lower, *upper; + ts_type_t type; + + if (host_create_from_range(buf, &lower, &upper)) + { + type = (lower->get_family(lower) == AF_INET) ? + TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE; + ts = traffic_selector_create_from_bytes(proto, type, + lower->get_address(lower), from, + upper->get_address(upper), to); + lower->destroy(lower); + upper->destroy(upper); + } + } else { ts = traffic_selector_create_from_cidr(buf, proto, from, to); |