diff options
| -rw-r--r-- | src/starter/args.c | 3 | ||||
| -rw-r--r-- | src/starter/cmp.c | 11 | ||||
| -rw-r--r-- | src/starter/confread.c | 76 | ||||
| -rw-r--r-- | src/starter/confread.h | 4 | ||||
| -rw-r--r-- | src/starter/keywords.h | 3 | ||||
| -rw-r--r-- | src/starter/starterstroke.c | 42 |
6 files changed, 10 insertions, 129 deletions
diff --git a/src/starter/args.c b/src/starter/args.c index 2f3e48b41..6dc8f8d10 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -253,7 +253,7 @@ static const token_info_t token_info[] = /* end keywords */ { ARG_STR, offsetof(starter_end_t, host), NULL }, { ARG_UINT, offsetof(starter_end_t, ikeport), NULL }, - { ARG_STR, offsetof(starter_end_t, subnet), NULL }, + { ARG_STR, offsetof(starter_end_t, subnet), NULL }, { ARG_MISC, 0, NULL /* KW_SUBNETWITHIN */ }, { ARG_MISC, 0, NULL /* KW_PROTOPORT */ }, { ARG_STR, offsetof(starter_end_t, sourceip), NULL }, @@ -274,7 +274,6 @@ static const token_info_t token_info[] = { ARG_STR, offsetof(starter_end_t, ca), NULL }, { ARG_STR, offsetof(starter_end_t, ca2), NULL }, { ARG_STR, offsetof(starter_end_t, groups), NULL }, - { ARG_STR, offsetof(starter_end_t, iface), NULL } }; static void free_list(char **list) diff --git a/src/starter/cmp.c b/src/starter/cmp.c index f13314e1a..200f42e6b 100644 --- a/src/starter/cmp.c +++ b/src/starter/cmp.c @@ -34,14 +34,6 @@ starter_cmp_end(starter_end_t *c1, starter_end_t *c2) if ((c1 == NULL) || (c2 == NULL)) return FALSE; - if (c2->dns_failed) - { - c2->addr = c1->addr; - } - else - { - ADDCMP(addr); - } VARCMP(ikeport); VARCMP(has_client); VARCMP(has_client_wildcard); @@ -53,7 +45,7 @@ starter_cmp_end(starter_end_t *c1, starter_end_t *c2) VARCMP(protocol); return cmp_args(KW_END_FIRST, KW_END_LAST, (char *)c1, (char *)c2); - } +} bool starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2) @@ -62,7 +54,6 @@ starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2) return FALSE; VARCMP(policy); - VARCMP(addr_family); VARCMP(tunnel_addr_family); VARCMP(mark_in.value); VARCMP(mark_in.mask); diff --git a/src/starter/confread.c b/src/starter/confread.c index a003a14d6..0235af409 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -93,7 +93,6 @@ static void default_values(starter_config_t *cfg) cfg->conn_default.sa_rekey_margin = SA_REPLACEMENT_MARGIN_DEFAULT; cfg->conn_default.sa_rekey_fuzz = SA_REPLACEMENT_FUZZ_DEFAULT; cfg->conn_default.sa_keying_tries = SA_REPLACEMENT_RETRIES_DEFAULT; - cfg->conn_default.addr_family = AF_INET; cfg->conn_default.tunnel_addr_family = AF_INET; cfg->conn_default.install_policy = TRUE; cfg->conn_default.dpd_delay = 30; /* seconds */ @@ -105,8 +104,6 @@ static void default_values(starter_config_t *cfg) cfg->conn_default.left.sendcert = CERT_SEND_IF_ASKED; cfg->conn_default.right.sendcert = CERT_SEND_IF_ASKED; - anyaddr(AF_INET, &cfg->conn_default.left.addr); - anyaddr(AF_INET, &cfg->conn_default.right.addr); cfg->conn_default.left.ikeport = 500; cfg->conn_default.right.ikeport = 500; @@ -179,51 +176,13 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, switch (token) { case KW_HOST: - free(end->host); - end->host = NULL; - if (streq(value, "%any") || streq(value, "%any4")) - { - anyaddr(conn->addr_family, &end->addr); - } - else if (streq(value, "%any6")) - { - conn->addr_family = AF_INET6; - anyaddr(conn->addr_family, &end->addr); - } - else if (streq(value, "%group")) - { - ip_address any; - - conn->policy |= POLICY_GROUP | POLICY_TUNNEL; - anyaddr(conn->addr_family, &end->addr); - anyaddr(conn->tunnel_addr_family, &any); - end->has_client = TRUE; - } - else - { - /* check for allow_any prefix */ - if (value[0] == '%') - { - end->allow_any = TRUE; - value++; - } - conn->addr_family = ip_version(value); - ugh = ttoaddr(value, 0, conn->addr_family, &end->addr); - if (ugh != NULL) - { - DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh); - if (streq(ugh, "does not look numeric and name lookup failed")) - { - end->dns_failed = TRUE; - anyaddr(conn->addr_family, &end->addr); - } - else - { - goto err; - } - } - end->host = strdupnull(value); + if (value && strlen(value) > 0 && value[0] == '%') + { /* allow_any prefix */ + end->allow_any = TRUE; + value++; } + free(end->host); + end->host = strdupnull(value); break; case KW_SUBNET: if ((strlen(value) >= 6 && strncmp(value,"vhost:",6) == 0) @@ -388,27 +347,6 @@ err: } /* - * handles left|right=<FQDN> DNS resolution failure - */ -static void handle_dns_failure(const char *label, starter_end_t *end, - starter_config_t *cfg, starter_conn_t *conn) -{ - if (end->dns_failed) - { - if (end->allow_any) - { - DBG1(DBG_APP, "# fallback to %s=%%any due to '%%' prefix or %sallowany=yes", - label, label); - } - else if (!end->host) - { - /* declare an error */ - cfg->err++; - } - } -} - -/* * handles left|rightfirewall and left|rightupdown parameters */ static void handle_firewall(const char *label, starter_end_t *end, @@ -646,8 +584,6 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg } } - handle_dns_failure("left", &conn->left, cfg, conn); - handle_dns_failure("right", &conn->right, cfg, conn); handle_firewall("left", &conn->left, cfg); handle_firewall("right", &conn->right, cfg); } diff --git a/src/starter/confread.h b/src/starter/confread.h index 0aa6bd515..7aadd45c5 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -70,9 +70,7 @@ struct starter_end { char *ca2; char *groups; char *cert_policy; - char *iface; char *host; - ip_address addr; u_int ikeport; char *subnet; bool has_client; @@ -85,7 +83,6 @@ struct starter_end { bool firewall; bool hostaccess; bool allow_any; - bool dns_failed; char *updown; u_int16_t port; u_int8_t protocol; @@ -133,7 +130,6 @@ struct starter_conn { mark_t mark_in; mark_t mark_out; u_int32_t tfc; - sa_family_t addr_family; sa_family_t tunnel_addr_family; bool install_policy; bool aggressive; diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 3af235fec..59c71a308 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -145,10 +145,9 @@ typedef enum { KW_CA, KW_CA2, KW_GROUPS, - KW_IFACE, #define KW_END_FIRST KW_HOST -#define KW_END_LAST KW_IFACE +#define KW_END_LAST KW_GROUPS /* left end keywords */ KW_LEFT, diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 416163084..e39581ca7 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -117,47 +117,8 @@ static char* connection_name(starter_conn_t *conn) return conn->name; } -static void ip_address2string(ip_address *addr, char *buffer, size_t len) -{ - switch (((struct sockaddr*)addr)->sa_family) - { - case AF_INET6: - { - struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr; - u_int8_t zeroes[IPV6_LEN]; - - memset(zeroes, 0, IPV6_LEN); - if (memcmp(zeroes, &(sin6->sin6_addr.s6_addr), IPV6_LEN) && - inet_ntop(AF_INET6, &sin6->sin6_addr, buffer, len)) - { - return; - } - snprintf(buffer, len, "%%any6"); - break; - } - case AF_INET: - { - struct sockaddr_in* sin = (struct sockaddr_in*)addr; - u_int8_t zeroes[IPV4_LEN]; - - memset(zeroes, 0, IPV4_LEN); - if (memcmp(zeroes, &(sin->sin_addr.s_addr), IPV4_LEN) && - inet_ntop(AF_INET, &sin->sin_addr, buffer, len)) - { - return; - } - /* fall through to default */ - } - default: - snprintf(buffer, len, "%%any"); - break; - } -} - static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, starter_end_t *conn_end) { - char buffer[INET6_ADDRSTRLEN]; - msg_end->auth = push_string(msg, conn_end->auth); msg_end->auth2 = push_string(msg, conn_end->auth2); msg_end->id = push_string(msg, conn_end->id); @@ -176,8 +137,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta } else { - ip_address2string(&conn_end->addr, buffer, sizeof(buffer)); - msg_end->address = push_string(msg, buffer); + msg_end->address = push_string(msg, "%any"); } msg_end->ikeport = conn_end->ikeport; msg_end->subnets = push_string(msg, conn_end->subnet); |