Merge branch 'unity-fixes'

Improves compatibility with the Cisco and Shrew clients. Fixes #445.
author: Tobias Brunner <tobias@strongswan.org> 2014-01-23 11:19:38 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2014-01-23 11:19:38 +0100
commit: fa9b6e88a0c88a48935ced23f16c8f8bdef1ad0d (patch)
tree: e9a7e9bbc4a9d8ac7ccc0f6b0ae6fcc26520cc0f /src
parent: 6b95565767038eef1fb07a42bef43690009827c5 (diff)
parent: 21c18f536d97448ce5036707d421b14ba8040877 (diff)
download: strongswan-fa9b6e88a0c88a48935ced23f16c8f8bdef1ad0d.tar.bz2
strongswan-fa9b6e88a0c88a48935ced23f16c8f8bdef1ad0d.tar.xz
2 files changed, 54 insertions, 34 deletions
diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
index edff51a08..9f72a80da 100644
--- a/src/libcharon/plugins/unity/unity_narrow.c
+++ b/src/libcharon/plugins/unity/unity_narrow.c
@@ -97,9 +97,9 @@ static void narrow_initiator(private_unity_narrow_t *this, ike_sa_t *ike_sa,
 }
 
 /**
- * As initiator, bump up TS to 0.0.0.0/0 for on-the-wire bits
+ * As initiator and responder, bump up TS to 0.0.0.0/0 for on-the-wire bits
  */
-static void narrow_initiator_pre(linked_list_t *list)
+static void narrow_pre(linked_list_t *list, char *side)
 {
 	traffic_selector_t *ts;
 
@@ -112,7 +112,7 @@ static void narrow_initiator_pre(linked_list_t *list)
 											 "255.255.255.255", 65535);
 	if (ts)
 	{
-		DBG2(DBG_CFG, "changing proposed traffic selectors for other:");
+		DBG2(DBG_CFG, "changing proposed traffic selectors for %s:", side);
 		DBG2(DBG_CFG, " %R", ts);
 		list->insert_last(list, ts);
 	}
@@ -149,12 +149,15 @@ METHOD(listener_t, narrow, bool,
 		switch (type)
 		{
 			case NARROW_INITIATOR_PRE_AUTH:
-				narrow_initiator_pre(remote);
+				narrow_pre(remote, "other");
 				break;
 			case NARROW_INITIATOR_POST_AUTH:
 				narrow_initiator(this, ike_sa,
 								 child_sa->get_config(child_sa), remote);
 				break;
+			case NARROW_RESPONDER:
+				narrow_pre(local, "us");
+				break;
 			case NARROW_RESPONDER_POST:
 				narrow_responder_post(child_sa->get_config(child_sa), local);
 				break;
diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c
index ac6f93d69..86f81fcfb 100644
--- a/src/libcharon/plugins/unity/unity_provider.c
+++ b/src/libcharon/plugins/unity/unity_provider.c
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2012 Martin Willi
  * Copyright (C) 2012 revosec AG
  *
@@ -16,6 +19,7 @@
 #include "unity_provider.h"
 
 #include <daemon.h>
+#include <bio/bio_writer.h>
 
 typedef struct private_unity_provider_t private_unity_provider_t;
 
@@ -31,58 +35,70 @@ struct private_unity_provider_t {
 };
 
 /**
- * Attribute enumerator for traffic selector list
+ * Attribute enumerator for UNITY_SPLIT_INCLUDE attribute
  */
 typedef struct {
 	/** Implements enumerator_t */
 	enumerator_t public;
 	/** list of traffic selectors to enumerate */
 	linked_list_t *list;
-	/** currently enumerating subnet */
-	u_char subnet[4];
-	/** currently enumerating subnet mask */
-	u_char mask[4];
+	/** attribute value */
+	chunk_t attr;
 } attribute_enumerator_t;
 
+/**
+ * Append data from the given traffic selector to the attribute data
+ */
+static void append_ts(bio_writer_t *writer, traffic_selector_t *ts)
+{
+	host_t *net, *mask;
+	chunk_t padding;
+	u_int8_t bits;
+
+	if (!ts->to_subnet(ts, &net, &bits))
+	{
+		return;
+	}
+	mask = host_create_netmask(AF_INET, bits);
+	if (!mask)
+	{
+		net->destroy(net);
+		return;
+	}
+	writer->write_data(writer, net->get_address(net));
+	writer->write_data(writer, mask->get_address(mask));
+	/* the Cisco client parses the "padding" as protocol, src and dst port, the
+	 * first two in network order the last in host order - no other clients seem
+	 * to support these fields so we don't use them either */
+	padding = writer->skip(writer, 6);
+	memset(padding.ptr, 0, padding.len);
+	mask->destroy(mask);
+	net->destroy(net);
+}
+
 METHOD(enumerator_t, attribute_enumerate, bool,
 	attribute_enumerator_t *this, configuration_attribute_type_t *type,
 	chunk_t *attr)
 {
 	traffic_selector_t *ts;
-	u_int8_t i, mask;
-	host_t *net;
+	bio_writer_t *writer;
 
-	while (TRUE)
+	if (this->list->get_count(this->list) == 0)
 	{
-		if (this->list->remove_first(this->list, (void**)&ts) != SUCCESS)
-		{
-			return FALSE;
-		}
-		if (ts->to_subnet(ts, &net, &mask))
-		{
-			ts->destroy(ts);
-			break;
-		}
-		ts->destroy(ts);
+		return FALSE;
 	}
 
-	memset(this->mask, 0, sizeof(this->mask));
-	for (i = 0; i < sizeof(this->mask); i++)
+	writer = bio_writer_create(14);
+	while (this->list->remove_first(this->list, (void**)&ts) == SUCCESS)
 	{
-		if (mask < 8)
-		{
-			this->mask[i] = 0xFF << (8 - mask);
-			break;
-		}
-		this->mask[i] = 0xFF;
-		mask -= 8;
+		append_ts(writer, ts);
+		ts->destroy(ts);
 	}
-	memcpy(this->subnet, net->get_address(net).ptr, sizeof(this->subnet));
-	net->destroy(net);
 
 	*type = UNITY_SPLIT_INCLUDE;
-	*attr = chunk_create(this->subnet, sizeof(this->subnet) + sizeof(this->mask));
+	*attr = this->attr = writer->extract_buf(writer);
 
+	writer->destroy(writer);
 	return TRUE;
 }
 
@@ -90,6 +106,7 @@ METHOD(enumerator_t, attribute_destroy, void,
 	attribute_enumerator_t *this)
 {
 	this->list->destroy_offset(this->list, offsetof(traffic_selector_t, destroy));
+	chunk_free(&this->attr);
 	free(this);
 }
author	Tobias Brunner <tobias@strongswan.org>	2014-01-23 11:19:38 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2014-01-23 11:19:38 +0100
commit	fa9b6e88a0c88a48935ced23f16c8f8bdef1ad0d (patch)
tree	e9a7e9bbc4a9d8ac7ccc0f6b0ae6fcc26520cc0f /src
parent	6b95565767038eef1fb07a42bef43690009827c5 (diff)
parent	21c18f536d97448ce5036707d421b14ba8040877 (diff)
download	strongswan-fa9b6e88a0c88a48935ced23f16c8f8bdef1ad0d.tar.bz2 strongswan-fa9b6e88a0c88a48935ced23f16c8f8bdef1ad0d.tar.xz