6 files changed, 32 insertions, 11 deletions

diff --git a/src/charon/config/traffic_selector.c b/src/charon/config/traffic_selector.c
index 27a5fcf9f..7f2021090 100644
--- a/src/charon/config/traffic_selector.c
+++ b/src/charon/config/traffic_selector.c
@@ -90,12 +90,12 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
  */
 static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_traffic_selector_t *other)
 {
-	if ((this->type == TS_IPV4_ADDR_RANGE) &&
-		(other->type == TS_IPV4_ADDR_RANGE) &&
-		(this->protocol == other->protocol))
+	if ((this->type == TS_IPV4_ADDR_RANGE) && (other->type == TS_IPV4_ADDR_RANGE) &&
+		(this->protocol == other->protocol || this->protocol == 0 || other->protocol == 0))
 	{
 		u_int32_t from_addr, to_addr;
 		u_int16_t from_port, to_port;
+		u_int8_t protocol;
 		private_traffic_selector_t *new_ts;
 		
 		/* TODO: make output more human readable */
@@ -123,8 +123,11 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
 			return NULL;	
 		}
 		
+		/* select protocol, which is not zero */
+		protocol = max(this->protocol, other->protocol);
+		
 		/* got a match, return it */
-		new_ts = traffic_selector_create(this->protocol, this->type, from_port, to_port); 
+		new_ts = traffic_selector_create(protocol, this->type, from_port, to_port); 
 		new_ts->from_addr_ipv4 = from_addr;
 		new_ts->to_addr_ipv4 = to_addr;
 		new_ts->type = TS_IPV4_ADDR_RANGE;
@@ -337,9 +340,9 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_typ
 /*
  * see header
  */
-traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits)
+traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits, u_int8_t protocol, u_int16_t port)
 {
-	private_traffic_selector_t *this = traffic_selector_create(0, 0, 0, 65535);
+	private_traffic_selector_t *this = traffic_selector_create(protocol, 0, 0, 65535);
 
 	switch (net->get_family(net))
 	{
@@ -369,6 +372,12 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t ne
 			return NULL;	
 		}
 	}
+	if (port)
+	{
+		this->from_port = port;
+		this->to_port = port;
+	}
+	
 	return (&this->public);
 }
 
diff --git a/src/charon/config/traffic_selector.h b/src/charon/config/traffic_selector.h
index 5ac5bdeb1..109b991e7 100644
--- a/src/charon/config/traffic_selector.h
+++ b/src/charon/config/traffic_selector.h
@@ -244,6 +244,8 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_typ
  * is sufficient. This constructor creates a traffic selector for
  * all protocols, all ports and the address range specified by the
  * subnet.
+ * Additionally, a protocol and a port may be specified. Port ranges
+ * are not supported via this constructor.
  * 
  * @param net			subnet to use
  * @param netbits		size of the subnet, as used in e.g. 192.168.0.0/24 notation
@@ -253,6 +255,6 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_typ
  *
  * @ingroup config
  */
-traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits);
+traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits, u_int8_t protocol, u_int16_t port);
 
 #endif /* TRAFFIC_SELECTOR_H_ */
diff --git a/src/charon/threads/stroke_interface.c b/src/charon/threads/stroke_interface.c
index 4c0f80836..ae037666c 100755
--- a/src/charon/threads/stroke_interface.c
+++ b/src/charon/threads/stroke_interface.c
@@ -259,12 +259,14 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
 		goto destroy_ids;
 	}
 				
-	my_ts = traffic_selector_create_from_subnet(my_subnet, msg->add_conn.me.subnet ?
-														   msg->add_conn.me.subnet_mask : 32);
+	my_ts = traffic_selector_create_from_subnet(my_subnet,
+				msg->add_conn.me.subnet ?  msg->add_conn.me.subnet_mask : 32,
+				msg->add_conn.me.protocol, msg->add_conn.me.port);
 	my_subnet->destroy(my_subnet);
 
-	other_ts = traffic_selector_create_from_subnet(other_subnet, msg->add_conn.other.subnet ?
-																 msg->add_conn.other.subnet_mask : 32);
+	other_ts = traffic_selector_create_from_subnet(other_subnet, 
+			msg->add_conn.other.subnet ?  msg->add_conn.other.subnet_mask : 32,
+			msg->add_conn.other.protocol, msg->add_conn.other.port);
 	other_subnet->destroy(other_subnet);
 
 	if (msg->add_conn.me.ca)
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 66a51276f..d17a8508b 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -116,6 +116,8 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
 	msg_end->subnet = push_string(msg, inet_ntoa(conn_end->subnet.addr.u.v4.sin_addr));
 	msg_end->subnet_mask = conn_end->subnet.maskbits;
 	msg_end->sendcert = conn_end->sendcert;
+	msg_end->protocol = conn_end->protocol;
+	msg_end->port = conn_end->port;
 }
 
 int starter_stroke_add_conn(starter_conn_t *conn)
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index c8ec9c728..15661a2ec 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -123,6 +123,8 @@ static int add_connection(char *name,
 	msg.add_conn.me.cert = NULL;
 	msg.add_conn.me.ca = NULL;
 	msg.add_conn.me.sendcert = 1;
+	msg.add_conn.me.protocol = 0;
+	msg.add_conn.me.port = 0;
 	
 	msg.add_conn.other.id = push_string(&msg, other_id);
 	msg.add_conn.other.address = push_string(&msg, other_addr);
@@ -131,6 +133,8 @@ static int add_connection(char *name,
 	msg.add_conn.other.cert = NULL;
 	msg.add_conn.other.ca = NULL;
 	msg.add_conn.other.sendcert = 1;
+	msg.add_conn.other.protocol = 0;
+	msg.add_conn.other.port = 0;
 	
 	return send_stroke_msg(&msg);
 }
diff --git a/src/stroke/stroke.h b/src/stroke/stroke.h
index 52e15fbfa..9aa4de35f 100644
--- a/src/stroke/stroke.h
+++ b/src/stroke/stroke.h
@@ -82,6 +82,8 @@ struct stroke_end_t {
 	char *subnet;
 	int subnet_mask;
 	int sendcert;
+	u_int8_t protocol;
+	u_int16_t port;
 };
 
 typedef struct stroke_msg_t stroke_msg_t;