aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/config/traffic_selector.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/config/traffic_selector.c')
-rw-r--r--src/charon/config/traffic_selector.c55
1 files changed, 53 insertions, 2 deletions
diff --git a/src/charon/config/traffic_selector.c b/src/charon/config/traffic_selector.c
index a12e75034..b94003cfb 100644
--- a/src/charon/config/traffic_selector.c
+++ b/src/charon/config/traffic_selector.c
@@ -134,8 +134,9 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this)
int byte, bit;
size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
- /* go trough all bits of the addresses, begging in the front.
- * As longer as they equal, the subnet gets larger */
+ /* go trough all bits of the addresses, beginning in the front.
+ * as long as they are equal, the subnet gets larger
+ */
for (byte = 0; byte < size; byte++)
{
for (bit = 7; bit >= 0; bit--)
@@ -583,6 +584,55 @@ static bool includes(private_traffic_selector_t *this, host_t *host)
}
/**
+ * Implements traffic_selector_t.to_subnet.
+ */
+static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *mask)
+{
+ /* there is no way to do this cleanly, as the address range may
+ * be anything else but a subnet. We use from_addr as subnet
+ * and try to calculate a usable subnet mask.
+ */
+ int family, byte;
+ u_int16_t port = 0;
+ chunk_t net_chunk;
+
+ *mask = calc_netbits(this);
+
+ switch (this->type)
+ {
+ case TS_IPV4_ADDR_RANGE:
+ {
+ family = AF_INET;
+ net_chunk.len = sizeof(this->from4);
+ break;
+ }
+ case TS_IPV6_ADDR_RANGE:
+ {
+ family = AF_INET6;
+ net_chunk.len = sizeof(this->from6);
+ break;
+ }
+ }
+
+ net_chunk.ptr = malloc(net_chunk.len);
+ memcpy(net_chunk.ptr, this->from, net_chunk.len);
+
+ for (byte = net_chunk.len - 1; byte >= (*mask / 8); --byte)
+ {
+ int shift = (byte + 1) * 8 - *mask;
+ net_chunk.ptr[byte] = net_chunk.ptr[byte] & (0xFF << shift);
+ }
+
+ if (this->to_port == this->from_port)
+ {
+ port = this->to_port;
+ }
+
+ *net = host_create_from_chunk(family, net_chunk, port);
+ chunk_free(&net_chunk);
+}
+
+/**
* Implements traffic_selector_t.clone.
*/
static traffic_selector_t *clone_(private_traffic_selector_t *this)
@@ -817,6 +867,7 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol,
this->public.is_contained_in = (bool(*)(traffic_selector_t*,traffic_selector_t*))is_contained_in;
this->public.includes = (bool(*)(traffic_selector_t*,host_t*))includes;
this->public.set_address = (void(*)(traffic_selector_t*,host_t*))set_address;
+ this->public.to_subnet = (void(*)(traffic_selector_t*,host_t**,u_int8_t*))to_subnet;
this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_;
this->public.destroy = (void(*)(traffic_selector_t*))destroy;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 14:57:36 +0000