aboutsummaryrefslogtreecommitdiffstats
path: root/src/starter/starterstroke.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/starter/starterstroke.c')
-rw-r--r--src/starter/starterstroke.c48
1 files changed, 36 insertions, 12 deletions
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 83db1430c..025cd66f4 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -170,15 +170,47 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
msg_end->tohost = !conn_end->has_client;
msg_end->protocol = conn_end->protocol;
msg_end->port = conn_end->port;
- msg_end->virtual_ip = conn_end->modecfg || conn_end->has_srcip;
- ip_address2string(&conn_end->srcip, buffer, sizeof(buffer));
- msg_end->sourceip = push_string(msg, buffer);
+ if (conn_end->srcip)
+ {
+ if (conn_end->srcip[0] == '%')
+ { /* %poolname, strip % */
+ msg_end->sourceip_size = 0;
+ msg_end->sourceip = push_string(msg, conn_end->srcip + 1);
+ }
+ else
+ {
+ char *pos = strchr(conn_end->srcip, '/');
+ if (pos)
+ { /* CIDR subnet definition */
+ snprintf(buffer, pos - conn_end->srcip + 1, "%s", conn_end->srcip);
+ msg_end->sourceip = push_string(msg, buffer);
+ msg_end->sourceip_size = atoi(pos + 1);
+ }
+ else
+ { /* a sigle address */
+ msg_end->sourceip = push_string(msg, conn_end->srcip);
+ if (strchr(conn_end->srcip, ':'))
+ { /* IPv6 */
+ msg_end->sourceip_size = 128;
+ }
+ else
+ { /* IPv4 */
+ msg_end->sourceip_size = 32;
+ }
+ }
+ }
+ }
+ else if (conn_end->modecfg)
+ {
+ msg_end->sourceip_size = 1;
+ }
}
int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
{
stroke_msg_t msg;
+ memset(&msg, 0, sizeof(msg));
msg.type = STR_ADD_CONN;
msg.length = offsetof(stroke_msg_t, buffer);
msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2;
@@ -213,15 +245,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
msg.add_conn.mode = 0; /* XFRM_MODE_TUNNEL */
}
- if (conn->policy & POLICY_DONT_REKEY)
- {
- msg.add_conn.rekey.ipsec_lifetime = 0;
- msg.add_conn.rekey.ike_lifetime = 0;
- msg.add_conn.rekey.margin = 0;
- msg.add_conn.rekey.tries = 0;
- msg.add_conn.rekey.fuzz = 0;
- }
- else
+ if (!(conn->policy & POLICY_DONT_REKEY))
{
msg.add_conn.rekey.reauth = (conn->policy & POLICY_DONT_REAUTH) == LEMPTY;
msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 15:21:36 +0000