aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/plugins/updown/updown_listener.c16
-rw-r--r--src/libcharon/plugins/vici/vici_config.c18
2 files changed, 27 insertions, 7 deletions
diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c
index e472a178e..e51caab10 100644
--- a/src/libcharon/plugins/updown/updown_listener.c
+++ b/src/libcharon/plugins/updown/updown_listener.c
@@ -311,11 +311,13 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa,
ike_sa->get_unique_id(ike_sa));
push_env(envp, countof(envp), "PLUTO_ME=%H", me);
push_env(envp, countof(envp), "PLUTO_MY_ID=%Y", ike_sa->get_my_id(ike_sa));
- if (my_ts->to_subnet(my_ts, &host, &mask))
+ if (!my_ts->to_subnet(my_ts, &host, &mask))
{
- push_env(envp, countof(envp), "PLUTO_MY_CLIENT=%+H/%u", host, mask);
- host->destroy(host);
+ DBG1(DBG_CHD, "updown approximates local TS %R "
+ "by next larger subnet", my_ts);
}
+ push_env(envp, countof(envp), "PLUTO_MY_CLIENT=%+H/%u", host, mask);
+ host->destroy(host);
push_env(envp, countof(envp), "PLUTO_MY_PORT=%s",
get_port(my_ts, other_ts, port_buf, TRUE));
push_env(envp, countof(envp), "PLUTO_MY_PROTOCOL=%u",
@@ -323,11 +325,13 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa,
push_env(envp, countof(envp), "PLUTO_PEER=%H", other);
push_env(envp, countof(envp), "PLUTO_PEER_ID=%Y",
ike_sa->get_other_id(ike_sa));
- if (other_ts->to_subnet(other_ts, &host, &mask))
+ if (!other_ts->to_subnet(other_ts, &host, &mask))
{
- push_env(envp, countof(envp), "PLUTO_PEER_CLIENT=%+H/%u", host, mask);
- host->destroy(host);
+ DBG1(DBG_CHD, "updown approximates remote TS %R "
+ "by next larger subnet", other_ts);
}
+ push_env(envp, countof(envp), "PLUTO_PEER_CLIENT=%+H/%u", host, mask);
+ host->destroy(host);
push_env(envp, countof(envp), "PLUTO_PEER_PORT=%s",
get_port(my_ts, other_ts, port_buf, FALSE));
push_env(envp, countof(envp), "PLUTO_PEER_PROTOCOL=%u",
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 27268a512..6da663b83 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -3,7 +3,7 @@
* Copyright (C) 2014 revosec AG
*
* Copyright (C) 2015-2016 Tobias Brunner
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -646,6 +646,22 @@ CALLBACK(parse_ts, bool,
{
ts = traffic_selector_create_dynamic(proto, from, to);
}
+ else if (strchr(buf, '-'))
+ {
+ host_t *lower, *upper;
+ ts_type_t type;
+
+ if (host_create_from_range(buf, &lower, &upper))
+ {
+ type = (lower->get_family(lower) == AF_INET) ?
+ TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE;
+ ts = traffic_selector_create_from_bytes(proto, type,
+ lower->get_address(lower), from,
+ upper->get_address(upper), to);
+ lower->destroy(lower);
+ upper->destroy(upper);
+ }
+ }
else
{
ts = traffic_selector_create_from_cidr(buf, proto, from, to);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-25 06:47:59 +0000