X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=blobdiff_plain;f=src%2Fstarter%2Fconfread.c;h=fc7dd390f1359fbb9d15a88e3e5ee95fa8d495fc;hp=a4705425c273cb892259735dc7cf8f47e1bf5b29;hb=e59a50009cfb44330a3b6c1cab8ac57badf58434;hpb=88d180c7d86fae68d7b37e285398195dd58bcc36 diff --git a/src/starter/confread.c b/src/starter/confread.c index a470542..fc7dd39 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -185,6 +185,73 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, /* post processing of some keywords that were assigned automatically */ switch (token) { + case KW_HOST: + free(end->host); + end->host = NULL; + if (streq(value, "%defaultroute")) + { + if (cfg->defaultroute.defined) + { + end->addr = cfg->defaultroute.addr; + end->nexthop = cfg->defaultroute.nexthop; + } + else if (!cfg->defaultroute.supported) + { + plog("%%defaultroute not supported, fallback to %%any"); + } + else + { + plog("# default route not known: %s=%s", name, value); + goto err; + } + } + else if (streq(value, "%any") || streq(value, "%any4")) + { + anyaddr(conn->addr_family, &end->addr); + } + else if (streq(value, "%any6")) + { + conn->addr_family = AF_INET6; + anyaddr(conn->addr_family, &end->addr); + } + else if (streq(value, "%group")) + { + ip_address any; + + conn->policy |= POLICY_GROUP | POLICY_TUNNEL; + anyaddr(conn->addr_family, &end->addr); + anyaddr(conn->tunnel_addr_family, &any); + end->has_client = TRUE; + } + else + { + /* check for allow_any prefix */ + if (value[0] == '%') + { + end->allow_any = TRUE; + value++; + } + conn->addr_family = ip_version(value); + ugh = ttoaddr(value, 0, conn->addr_family, &end->addr); + if (ugh != NULL) + { + plog("# bad addr: %s=%s [%s]", name, value, ugh); + if (streq(ugh, "does not look numeric and name lookup failed")) + { + end->dns_failed = TRUE; + anyaddr(conn->addr_family, &end->addr); + } + else + { + goto err; + } + } + if (!end->allow_any) + { + end->host = clone_str(value); + } + } + break; case KW_SUBNET: if ((strlen(value) >= 6 && strncmp(value,"vhost:",6) == 0) || (strlen(value) >= 5 && strncmp(value,"vnet:",5) == 0)) @@ -294,67 +361,6 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, /* individual processing of keywords that were not assigned automatically */ switch (token) { - case KW_HOST: - if (streq(value, "%defaultroute")) - { - if (cfg->defaultroute.defined) - { - end->addr = cfg->defaultroute.addr; - end->nexthop = cfg->defaultroute.nexthop; - } - else if (!cfg->defaultroute.supported) - { - plog("%%defaultroute not supported, fallback to %%any"); - } - else - { - plog("# default route not known: %s=%s", name, value); - goto err; - } - } - else if (streq(value, "%any") || streq(value, "%any4")) - { - anyaddr(conn->addr_family, &end->addr); - } - else if (streq(value, "%any6")) - { - conn->addr_family = AF_INET6; - anyaddr(conn->addr_family, &end->addr); - } - else if (streq(value, "%group")) - { - ip_address any; - - conn->policy |= POLICY_GROUP | POLICY_TUNNEL; - anyaddr(conn->addr_family, &end->addr); - anyaddr(conn->tunnel_addr_family, &any); - end->has_client = TRUE; - } - else - { - /* check for allow_any prefix */ - if (value[0] == '%') - { - end->allow_any = TRUE; - value++; - } - conn->addr_family = ip_version(value); - ugh = ttoaddr(value, 0, conn->addr_family, &end->addr); - if (ugh != NULL) - { - plog("# bad addr: %s=%s [%s]", name, value, ugh); - if (streq(ugh, "does not look numeric and name lookup failed")) - { - end->dns_failed = TRUE; - anyaddr(conn->addr_family, &end->addr); - } - else - { - goto err; - } - } - } - break; case KW_NEXTHOP: if (streq(value, "%defaultroute")) { @@ -455,7 +461,7 @@ err: * handles left|right= DNS resolution failure */ static void handle_dns_failure(const char *label, starter_end_t *end, - starter_config_t *cfg) + starter_config_t *cfg, starter_conn_t *conn) { if (end->dns_failed) { @@ -464,7 +470,7 @@ static void handle_dns_failure(const char *label, starter_end_t *end, plog("# fallback to %s=%%any due to '%%' prefix or %sallowany=yes", label, label); } - else + else if (!end->host || conn->keyexchange != KEY_EXCHANGE_IKEV2) { /* declare an error */ cfg->err++; @@ -792,8 +798,8 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg } } - handle_dns_failure("left", &conn->left, cfg); - handle_dns_failure("right", &conn->right, cfg); + handle_dns_failure("left", &conn->left, cfg, conn); + handle_dns_failure("right", &conn->right, cfg, conn); handle_firewall("left", &conn->left, cfg); handle_firewall("right", &conn->right, cfg); }