diff options
Diffstat (limited to 'src/starter')
| -rw-r--r-- | src/starter/args.c | 17 | ||||
| -rw-r--r-- | src/starter/cmp.c | 4 | ||||
| -rw-r--r-- | src/starter/confread.c | 37 | ||||
| -rw-r--r-- | src/starter/confread.h | 5 | ||||
| -rw-r--r-- | src/starter/keywords.h | 2 | ||||
| -rw-r--r-- | src/starter/keywords.txt | 1 | ||||
| -rw-r--r-- | src/starter/starterstroke.c | 5 |
7 files changed, 58 insertions, 13 deletions
diff --git a/src/starter/args.c b/src/starter/args.c index 390062a99..5fbf51856 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -33,6 +33,7 @@ typedef enum { ARG_TIME, ARG_ULNG, ARG_ULLI, + ARG_UBIN, ARG_PCNT, ARG_STR, ARG_LST, @@ -146,6 +147,7 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_MOBIKE */ }, { ARG_MISC, 0, NULL /* KW_FORCEENCAPS */ }, { ARG_ENUM, offsetof(starter_conn_t, fragmentation), LST_fragmentation }, + { ARG_UBIN, offsetof(starter_conn_t, ikedscp), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_ipsec_life_seconds), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_rekey_margin), NULL }, @@ -399,6 +401,21 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base, } } break; + case ARG_UBIN: + { + char *endptr; + u_int *u = (u_int *)p; + + *u = strtoul(kw->value, &endptr, 2); + + if (*endptr != '\0') + { + DBG1(DBG_APP, "# bad binary value: %s=%s", kw->entry->name, + kw->value); + return FALSE; + } + } + break; case ARG_TIME: { char *endptr; diff --git a/src/starter/cmp.c b/src/starter/cmp.c index aaba7b11d..cea864a4a 100644 --- a/src/starter/cmp.c +++ b/src/starter/cmp.c @@ -27,7 +27,8 @@ static bool starter_cmp_end(starter_end_t *c1, starter_end_t *c2) return FALSE; VARCMP(modecfg); - VARCMP(port); + VARCMP(from_port); + VARCMP(to_port); VARCMP(protocol); return cmp_args(KW_END_FIRST, KW_END_LAST, (char *)c1, (char *)c2); @@ -63,4 +64,3 @@ bool starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2) return cmp_args(KW_CA_NAME, KW_CA_LAST, (char *)c1, (char *)c2); } - diff --git a/src/starter/confread.c b/src/starter/confread.c index fecb998df..883534aad 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -142,6 +142,9 @@ static void default_values(starter_config_t *cfg) cfg->conn_default.left.ikeport = 500; cfg->conn_default.right.ikeport = 500; + cfg->conn_default.left.to_port = 0xffff; + cfg->conn_default.right.to_port = 0xffff; + cfg->ca_default.seen = SEEN_NONE; } @@ -292,24 +295,46 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, } if (streq(port, "%any")) { - end->port = 0; + end->from_port = 0; + end->to_port = 0xffff; } - else + else if (streq(port, "%opaque")) + { + end->from_port = 0xffff; + end->to_port = 0; + } + else if (*port) { svc = getservbyname(port, NULL); if (svc) { - end->port = ntohs(svc->s_port); + end->from_port = end->to_port = ntohs(svc->s_port); } else { p = strtol(port, &endptr, 0); - if ((*port && *endptr) || p < 0 || p > 0xffff) + if (p < 0 || p > 0xffff) + { + DBG1(DBG_APP, "# bad port: %s=%s", name, port); + goto err; + } + end->from_port = p; + if (*endptr == '-') + { + port = endptr + 1; + p = strtol(port, &endptr, 0); + if (p < 0 || p > 0xffff) + { + DBG1(DBG_APP, "# bad port: %s=%s", name, port); + goto err; + } + } + end->to_port = p; + if (*endptr) { - DBG1(DBG_APP, "# bad port: %s=%s", name, value); + DBG1(DBG_APP, "# bad port: %s=%s", name, port); goto err; } - end->port = (u_int16_t)p; } } if (sep) diff --git a/src/starter/confread.h b/src/starter/confread.h index a0f6234f9..0690bed4e 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -115,7 +115,8 @@ struct starter_end { bool hostaccess; bool allow_any; char *updown; - u_int16_t port; + u_int16_t from_port; + u_int16_t to_port; u_int8_t protocol; char *sourceip; char *dns; @@ -148,6 +149,7 @@ struct starter_conn { ipsec_mode_t mode; bool proxy_mode; fragmentation_t fragmentation; + u_int ikedscp; sa_option_t options; time_t sa_ike_life_seconds; time_t sa_ipsec_life_seconds; @@ -246,4 +248,3 @@ extern starter_config_t *confread_load(const char *file); extern void confread_free(starter_config_t *cfg); #endif /* _IPSEC_CONFREAD_H_ */ - diff --git a/src/starter/keywords.h b/src/starter/keywords.h index f776f33c9..4a96a418c 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -43,6 +43,7 @@ typedef enum { KW_MOBIKE, KW_FORCEENCAPS, KW_FRAGMENTATION, + KW_IKEDSCP, KW_IKELIFETIME, KW_KEYLIFE, KW_REKEYMARGIN, @@ -186,4 +187,3 @@ typedef enum { } kw_token_t; #endif /* _KEYWORDS_H_ */ - diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index 1f1641287..cd964b0e3 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -41,6 +41,7 @@ aaa_identity, KW_AAA_IDENTITY mobike, KW_MOBIKE forceencaps, KW_FORCEENCAPS fragmentation, KW_FRAGMENTATION +ikedscp, KW_IKEDSCP, ikelifetime, KW_IKELIFETIME lifetime, KW_KEYLIFE keylife, KW_KEYLIFE diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 4f9e8fb14..cc447c41f 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -146,7 +146,8 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta msg_end->tohost = !conn_end->subnet; msg_end->allow_any = conn_end->allow_any; msg_end->protocol = conn_end->protocol; - msg_end->port = conn_end->port; + msg_end->from_port = conn_end->from_port; + msg_end->to_port = conn_end->to_port; } int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) @@ -181,6 +182,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.mobike = conn->options & SA_OPTION_MOBIKE; msg.add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP; msg.add_conn.fragmentation = conn->fragmentation; + msg.add_conn.ikedscp = conn->ikedscp; msg.add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS; msg.add_conn.install_policy = conn->install_policy; msg.add_conn.aggressive = conn->aggressive; @@ -330,4 +332,3 @@ int starter_stroke_configure(starter_config_t *cfg) } return 0; } - |