added 'modeconfig=pull|push' and 'left|rightnatip' keywords
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 25 Oct 2006 08:40:34 +0000 (08:40 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 25 Oct 2006 08:40:34 +0000 (08:40 -0000)
src/starter/args.c
src/starter/confread.c
src/starter/keywords.h
src/starter/keywords.txt
src/starter/starterwhack.c

index 5cf96ab..ad37b19 100644 (file)
@@ -196,6 +196,7 @@ static const token_info_t token_info[] =
     { ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL                          },
     { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL                        },
     { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action               },
+    { ARG_MISC, 0, NULL  /* KW_MODECONFIG */                                       },
 
     /* ca section keywords */
     { ARG_STR,  offsetof(starter_ca_t, name), NULL                                 },
@@ -214,6 +215,7 @@ static const token_info_t token_info[] =
     { ARG_MISC, 0, NULL  /* KW_SUBNETWITHIN */                                     },
     { ARG_MISC, 0, NULL  /* KW_PROTOPORT */                                        },
     { ARG_MISC, 0, NULL  /* KW_SOURCEIP */                                         },
+    { ARG_MISC, 0, NULL  /* KW_NATIP */                                            },
     { ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool                        },
     { ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool                      },
     { ARG_STR,  offsetof(starter_end_t, updown), NULL                              },
index 2389154..93b8bee 100644 (file)
@@ -247,6 +247,11 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
                end->has_port_wildcard = has_port_wildcard;
                break;
        case KW_SOURCEIP:
+               if (end->has_natip)
+               {
+                       plog("# natip and sourceip cannot be defined at the same time");
+                       goto err;
+               }
                if (streq(value, "%modeconfig") || streq(value, "%modecfg"))
                {
                        end->modecfg = TRUE;
@@ -264,6 +269,22 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
                }
                conn->policy |= POLICY_TUNNEL;
                break;
+       case KW_NATIP:
+               if (end->has_srcip)
+               {
+                       plog("# natip and sourceip cannot be defined at the same time");
+                       goto err;
+               }
+               conn->tunnel_addr_family = ip_version(value);
+               ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &end->srcip);
+               if (ugh != NULL)
+               {
+                       plog("# bad addr: %s=%s [%s]", name, value, ugh);
+                       goto err;
+               }
+               end->has_natip = TRUE;
+               conn->policy |= POLICY_TUNNEL;
+               break;
        default:
                break;
        }
@@ -422,6 +443,9 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
                case KW_REKEY:
                        KW_POLICY_FLAG("no", "yes", POLICY_DONT_REKEY)
                        break;
+               case KW_MODECONFIG:
+                       KW_POLICY_FLAG("push", "pull", POLICY_MODECFG_PUSH)
+                       break;
                default:
                        break;
                }
index f574c77..1b2cf69 100644 (file)
@@ -79,9 +79,10 @@ typedef enum {
     KW_DPDDELAY,
     KW_DPDTIMEOUT,
     KW_DPDACTION,
+    KW_MODECONFIG,
 
 #define KW_CONN_FIRST  KW_CONN_SETUP
-#define KW_CONN_LAST   KW_DPDACTION
+#define KW_CONN_LAST   KW_MODECONFIG
 
    /* ca section keywords */
     KW_CA_NAME,
@@ -103,6 +104,7 @@ typedef enum {
     KW_SUBNETWITHIN,
     KW_PROTOPORT,
     KW_SOURCEIP,
+    KW_NATIP,
     KW_FIREWALL,
     KW_HOSTACCESS,
     KW_UPDOWN,
@@ -124,6 +126,7 @@ typedef enum {
     KW_LEFTSUBNETWITHIN,
     KW_LEFTPROTOPORT,
     KW_LEFTSOURCEIP,
+    KW_LEFTNATIP,
     KW_LEFTFIREWALL,
     KW_LEFTHOSTACCESS,
     KW_LEFTUPDOWN,
@@ -144,6 +147,7 @@ typedef enum {
     KW_RIGHTSUBNETWITHIN,
     KW_RIGHTPROTOPORT,
     KW_RIGHTSOURCEIP,
+    KW_RIGHTNATIP,
     KW_RIGHTFIREWALL,
     KW_RIGHTHOSTACCESS,
     KW_RIGHTUPDOWN,
index 6952d4e..bc5ef44 100644 (file)
@@ -68,6 +68,7 @@ pfsgroup,          KW_PFSGROUP
 dpddelay,          KW_DPDDELAY
 dpdtimeout,        KW_DPDTIMEOUT
 dpdaction,         KW_DPDACTION
+modeconfig,        KW_MODECONFIG
 cacert,            KW_CACERT
 ldaphost,          KW_LDAPHOST
 ldapbase,          KW_LDAPBASE
@@ -80,6 +81,7 @@ leftsubnet,        KW_LEFTSUBNET
 leftsubnetwithin,  KW_LEFTSUBNETWITHIN
 leftprotoport,     KW_LEFTPROTOPORT
 leftsourceip,      KW_LEFTSOURCEIP
+leftnatip,         KW_LEFTNATIP
 leftfirewall,      KW_LEFTFIREWALL
 lefthostaccess,    KW_LEFTHOSTACCESS
 leftupdown,        KW_LEFTUPDOWN
@@ -95,6 +97,7 @@ rightsubnet,       KW_RIGHTSUBNET
 rightsubnetwithin, KW_RIGHTSUBNETWITHIN
 rightprotoport,    KW_RIGHTPROTOPORT
 rightsourceip,     KW_RIGHTSOURCEIP
+rightnatip,        KW_RIGHTNATIP
 rightfirewall,     KW_RIGHTFIREWALL
 righthostaccess,   KW_RIGHTHOSTACCESS
 rightupdown,       KW_RIGHTUPDOWN
index 0b37ab7..e837f15 100644 (file)
@@ -167,6 +167,7 @@ set_whack_end(whack_end_t *w, starter_end_t *end)
     w->has_client_wildcard = end->has_client_wildcard;
     w->has_port_wildcard   = end->has_port_wildcard;
     w->has_srcip           = end->has_srcip;
+    w->has_natip           = end->has_natip;
     w->modecfg             = end->modecfg;
     w->hostaccess          = end->hostaccess;
     w->sendcert            = end->sendcert;