implemented the right|leftallowany feature
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 8 Jun 2012 11:01:08 +0000 (13:01 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 8 Jun 2012 19:24:41 +0000 (21:24 +0200)
19 files changed:
src/charon-nm/nm/nm_service.c
src/conftest/config.c
src/libcharon/config/backend_manager.c
src/libcharon/config/ike_cfg.c
src/libcharon/config/ike_cfg.h
src/libcharon/plugins/android/android_service.c
src/libcharon/plugins/ha/ha_tunnel.c
src/libcharon/plugins/load_tester/load_tester_config.c
src/libcharon/plugins/maemo/maemo_service.c
src/libcharon/plugins/medcli/medcli_config.c
src/libcharon/plugins/medsrv/medsrv_config.c
src/libcharon/plugins/sql/sql_config.c
src/libcharon/plugins/stroke/stroke_config.c
src/libcharon/plugins/stroke/stroke_list.c
src/libcharon/plugins/uci/uci_config.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/trap_manager.c
src/starter/starterstroke.c
src/stroke/stroke_msg.h

index 61b6a6c..d6ecd20 100644 (file)
@@ -496,8 +496,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
        /**
         * Set up configurations
         */
-       ike_cfg = ike_cfg_create(TRUE, encap,
-                                       "0.0.0.0", IKEV2_UDP_PORT, (char*)address, IKEV2_UDP_PORT);
+       ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+                                                       (char*)address, FALSE, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        peer_cfg = peer_cfg_create(priv->name, IKEV2, ike_cfg,
                                        CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
index d45d512..a3f23f3 100644 (file)
@@ -103,9 +103,9 @@ static ike_cfg_t *load_ike_config(private_config_t *this,
 
        ike_cfg = ike_cfg_create(TRUE,
                settings->get_bool(settings, "configs.%s.fake_nat", FALSE, config),
-               settings->get_str(settings, "configs.%s.lhost", "%any", config),
+               settings->get_str(settings, "configs.%s.lhost", "%any", config), FALSE,
                settings->get_int(settings, "configs.%s.lport", 500, config),
-               settings->get_str(settings, "configs.%s.rhost", "%any", config),
+               settings->get_str(settings, "configs.%s.rhost", "%any", config), FALSE,
                settings->get_int(settings, "configs.%s.rport", 500, config));
        token = settings->get_str(settings, "configs.%s.proposal", NULL, config);
        if (token)
index 507f26d..09e123e 100644 (file)
@@ -78,12 +78,14 @@ static enumerator_t *ike_enum_create(backend_t *backend, ike_data_t *data)
 static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
 {
        host_t *me_cand, *other_cand;
+       char *my_addr, *other_addr;
+       bool my_allow_any, other_allow_any;
        ike_cfg_match_t match = MATCH_NONE;
 
        if (me)
        {
-               me_cand = host_create_from_dns(cand->get_my_addr(cand),
-                                                                          me->get_family(me), 0);
+               my_addr = cand->get_my_addr(cand, &my_allow_any);
+               me_cand = host_create_from_dns(my_addr, me->get_family(me), 0);
                if (!me_cand)
                {
                        return MATCH_NONE;
@@ -92,7 +94,7 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
                {
                        match += MATCH_ME;
                }
-               else if (me_cand->is_anyaddr(me_cand))
+               else if (my_allow_any || me_cand->is_anyaddr(me_cand))
                {
                        match += MATCH_ANY;
                }
@@ -110,8 +112,8 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
 
        if (other)
        {
-               other_cand = host_create_from_dns(cand->get_other_addr(cand),
-                                                                                 other->get_family(other), 0);
+               other_addr = cand->get_other_addr(cand, &other_allow_any);
+               other_cand = host_create_from_dns(other_addr, other->get_family(other), 0);
                if (!other_cand)
                {
                        return MATCH_NONE;
@@ -120,7 +122,7 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
                {
                        match += MATCH_OTHER;
                }
-               else if (other_cand->is_anyaddr(other_cand))
+               else if (other_allow_any || other_cand->is_anyaddr(other_cand))
                {
                        match += MATCH_ANY;
                }
@@ -142,6 +144,8 @@ METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
        private_backend_manager_t *this, host_t *me, host_t *other)
 {
        ike_cfg_t *current, *found = NULL;
+       char *my_addr, *other_addr;
+       bool my_allow_any, other_allow_any;
        enumerator_t *enumerator;
        ike_cfg_match_t match, best = MATCH_ANY;
        ike_data_t *data;
@@ -164,9 +168,11 @@ METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
                DBG3(DBG_CFG, "ike config match: %d (%H %H)", match, me, other);
                if (match)
                {
-                       DBG2(DBG_CFG, "  candidate: %s...%s, prio %d",
-                                current->get_my_addr(current),
-                                current->get_other_addr(current), match);
+                       my_addr = current->get_my_addr(current, &my_allow_any);
+                       other_addr = current->get_other_addr(current, &other_allow_any);
+                       DBG2(DBG_CFG, "  candidate: %s%s...%s%s, prio %d",
+                                                 my_allow_any ? "%":"", my_addr,
+                                                 other_allow_any ? "%":"", other_addr, match);
                        if (match > best)
                        {
                                DESTROY_IF(found);
@@ -180,8 +186,11 @@ METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
        this->lock->unlock(this->lock);
        if (found)
        {
-               DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d",
-                        found->get_my_addr(found), found->get_other_addr(found), best);
+               my_addr = found->get_my_addr(found, &my_allow_any);
+               other_addr = found->get_other_addr(found, &other_allow_any);
+               DBG2(DBG_CFG, "found matching ike config: %s%s...%s%s with prio %d",
+                                         my_allow_any ? "%":"", my_addr,
+                                         other_allow_any ? "%":"", other_addr, best);
        }
        return found;
 }
index 342b9dd..5055a93 100644 (file)
@@ -49,6 +49,16 @@ struct private_ike_cfg_t {
        char *other;
 
        /**
+        * Allow override of local address
+        */
+       bool my_allow_any;
+
+       /**
+        * Allow override of remote address
+        */
+       bool other_allow_any;
+
+       /**
         * our source port
         */
        u_int16_t my_port;
@@ -87,14 +97,22 @@ METHOD(ike_cfg_t, force_encap_, bool,
 }
 
 METHOD(ike_cfg_t, get_my_addr, char*,
-       private_ike_cfg_t *this)
+       private_ike_cfg_t *this, bool *allow_any)
 {
+       if (allow_any)
+       {
+               *allow_any = this->my_allow_any;
+       }
        return this->me;
 }
 
 METHOD(ike_cfg_t, get_other_addr, char*,
-       private_ike_cfg_t *this)
+       private_ike_cfg_t *this, bool *allow_any)
 {
+       if (allow_any)
+       {
+               *allow_any = this->other_allow_any;
+       }
        return this->other;
 }
 
@@ -260,7 +278,8 @@ METHOD(ike_cfg_t, destroy, void,
  * Described in header.
  */
 ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
-                               char *me, u_int16_t my_port, char *other, u_int16_t other_port)
+                                                 char *me, bool my_allow_any, u_int16_t my_port,
+                                                 char *other, bool other_allow_any, u_int16_t other_port)
 {
        private_ike_cfg_t *this;
 
@@ -285,6 +304,8 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
                .force_encap = force_encap,
                .me = strdup(me),
                .other = strdup(other),
+               .my_allow_any = my_allow_any,
+               .other_allow_any = other_allow_any,
                .my_port = my_port,
                .other_port = other_port,
                .proposals = linked_list_create(),
index f1edde2..691d223 100644 (file)
@@ -41,28 +41,30 @@ struct ike_cfg_t {
        /**
         * Get own address.
         *
-        * @return              string of address/DNS name
+        * @param allow_any             allow any address to match
+        * @return                              string of address/DNS name
         */
-       char* (*get_my_addr) (ike_cfg_t *this);
+       char* (*get_my_addr) (ike_cfg_t *this, bool *allow_any);
 
        /**
-        * Get peers address.
+        * Get peer's address.
         *
-        * @return              string of address/DNS name
+        * @param allow_any             allow any address to match
+        * @return                              string of address/DNS name
         */
-       char* (*get_other_addr) (ike_cfg_t *this);
+       char* (*get_other_addr) (ike_cfg_t *this, bool *allow_any);
 
        /**
         * Get the port to use as our source port.
         *
-        * @return              source address port, host order
+        * @return                              source address port, host order
         */
        u_int16_t (*get_my_port)(ike_cfg_t *this);
 
        /**
         * Get the port to use as destination port.
         *
-        * @return              destination address, host order
+        * @return                              destination address, host order
         */
        u_int16_t (*get_other_port)(ike_cfg_t *this);
 
@@ -72,7 +74,7 @@ struct ike_cfg_t {
         * The first added proposal has the highest priority, the last
         * added the lowest.
         *
-        * @param proposal      proposal to add
+        * @param proposal              proposal to add
         */
        void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
 
@@ -81,7 +83,7 @@ struct ike_cfg_t {
         *
         * Returned list and its proposals must be destroyed after use.
         *
-        * @return                      list containing all the proposals
+        * @return                              list containing all the proposals
         */
        linked_list_t* (*get_proposals) (ike_cfg_t *this);
 
@@ -90,9 +92,9 @@ struct ike_cfg_t {
         *
         * Returned proposal must be destroyed after use.
         *
-        * @param proposals     list of proposals to select from
-        * @param private       accept algorithms from a private range
-        * @return                      selected proposal, or NULL if none matches.
+        * @param proposals             list of proposals to select from
+        * @param private               accept algorithms from a private range
+        * @return                              selected proposal, or NULL if none matches.
         */
        proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals,
                                                                        bool private);
@@ -100,36 +102,36 @@ struct ike_cfg_t {
        /**
         * Should we send a certificate request in IKE_SA_INIT?
         *
-        * @return                      certificate request sending policy
+        * @return                              certificate request sending policy
         */
        bool (*send_certreq) (ike_cfg_t *this);
 
        /**
         * Enforce UDP encapsulation by faking NATD notifies?
         *
-        * @return                      TRUE to enfoce UDP encapsulation
+        * @return                              TRUE to enfoce UDP encapsulation
         */
        bool (*force_encap) (ike_cfg_t *this);
 
        /**
         * Get the DH group to use for IKE_SA setup.
         *
-        * @return                      dh group to use for initialization
+        * @return                              dh group to use for initialization
         */
        diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
 
        /**
         * Check if two IKE configs are equal.
         *
-        * @param other         other to check for equality
-        * @return                      TRUE if other equal to this
+        * @param other                 other to check for equality
+        * @return                              TRUE if other equal to this
         */
        bool (*equals)(ike_cfg_t *this, ike_cfg_t *other);
 
        /**
         * Increase reference count.
         *
-        * @return                      reference to this
+        * @return                              reference to this
         */
        ike_cfg_t* (*get_ref) (ike_cfg_t *this);
 
@@ -147,15 +149,18 @@ struct ike_cfg_t {
  *
  * Supplied hosts become owned by ike_cfg, the name gets cloned.
  *
- * @param certreq              TRUE to send a certificate request
- * @param force_encap  enforce UDP encapsulation by faking NATD notify
- * @param me                   address/DNS name of local peer
- * @param my_port              IKE port to use as source, 500 uses IKEv2 port floating
- * @param other                        address/DNS name of remote peer
- * @param other_port   IKE port to use as dest, 500 uses IKEv2 port floating
- * @return                             ike_cfg_t object.
+ * @param certreq                      TRUE to send a certificate request
+ * @param force_encap          enforce UDP encapsulation by faking NATD notify
+ * @param me                           address/DNS name of local peer
+ * @param my_allow_any         allow override of local address by any address
+ * @param my_port                      IKE port to use as source, 500 uses IKEv2 port floating
+ * @param other                                address/DNS name of remote peer
+ * @param other_allow_any      allow override of remote address by any address
+ * @param other_port           IKE port to use as dest, 500 uses IKEv2 port floating
+ * @return                                     ike_cfg_t object.
  */
 ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
-                               char *me, u_int16_t my_port, char *other, u_int16_t other_port);
+                                                 char *me, bool my_allow_any, u_int16_t my_port,
+                                                 char *other, bool other_allow_any, u_int16_t other_port);
 
 #endif /** IKE_CFG_H_ @}*/
index a25ca36..f4e7e50 100644 (file)
@@ -269,8 +269,8 @@ static job_requeue_t initiate(private_android_service_t *this)
                this->creds->set_username_password(this->creds, user, password);
        }
 
-       ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", IKEV2_UDP_PORT,
-                                                        hostname, IKEV2_UDP_PORT);
+       ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+                                                        hostname, FALSE, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 
        peer_cfg = peer_cfg_create("android", IKEV2, ike_cfg, CERT_SEND_IF_ASKED,
index 6558ea3..d1edb3e 100644 (file)
@@ -203,8 +203,8 @@ static void setup_tunnel(private_ha_tunnel_t *this,
        lib->credmgr->add_set(lib->credmgr, &this->creds.public);
 
        /* create config and backend */
-       ike_cfg = ike_cfg_create(FALSE, FALSE, local, IKEV2_UDP_PORT,
-                                                        remote, IKEV2_UDP_PORT);
+       ike_cfg = ike_cfg_create(FALSE, FALSE, local, FALSE, IKEV2_UDP_PORT,
+                                                        remote, FALSE, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        peer_cfg = peer_cfg_create("ha", IKEV2, ike_cfg, CERT_NEVER_SEND,
                                                UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30,
index 75ac1ff..d041d4c 100644 (file)
@@ -251,12 +251,14 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
        if (this->port && num)
        {
                ike_cfg = ike_cfg_create(FALSE, FALSE,
-                       this->local, this->port + num - 1, this->remote, IKEV2_NATT_PORT);
+                                                                this->local, FALSE, this->port + num - 1,
+                                                                this->remote, FALSE, IKEV2_NATT_PORT);
        }
        else
        {
                ike_cfg = ike_cfg_create(FALSE, FALSE,
-                       this->local, IKEV2_UDP_PORT, this->remote, IKEV2_UDP_PORT);
+                                                                this->local, FALSE, IKEV2_UDP_PORT,
+                                                                this->remote, FALSE, IKEV2_UDP_PORT);
        }
        ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
        peer_cfg = peer_cfg_create("load-test", IKEV2, ike_cfg,
index 1d1bb63..0e83491 100644 (file)
@@ -323,8 +323,8 @@ static gboolean initiate_connection(private_maemo_service_t *this,
                                                                NULL);
        }
 
-       ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", IKEV2_UDP_PORT,
-                                                        hostname, IKEV2_UDP_PORT);
+       ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+                                                        hostname, FALSE, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 
        peer_cfg = peer_cfg_create(this->current, IKEV2, ike_cfg,
index 3b99144..15d4ffa 100644 (file)
@@ -119,7 +119,8 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                return NULL;
        }
        ike_cfg = ike_cfg_create(FALSE, FALSE,
-                                               "0.0.0.0", IKEV2_UDP_PORT, address, IKEV2_UDP_PORT);
+                                                        "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+                                                        address, FALSE, IKEV2_UDP_PORT);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        med_cfg = peer_cfg_create(
                "mediation", IKEV2, ike_cfg,
@@ -394,8 +395,9 @@ medcli_config_t *medcli_config_create(database_t *db)
                .db = db,
                .rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200),
                .dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300),
-               .ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", IKEV2_UDP_PORT,
-                                                         "0.0.0.0", IKEV2_UDP_PORT),
+               .ike = ike_cfg_create(FALSE, FALSE,
+                                                         "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+                                                         "0.0.0.0", FALSE, IKEV2_UDP_PORT),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
 
index 4256473..ef3b044 100644 (file)
@@ -141,7 +141,8 @@ medsrv_config_t *medsrv_config_create(database_t *db)
                .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200),
                .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300),
                .ike = ike_cfg_create(FALSE, FALSE,
-                                               "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT),
+                                                         "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+                                                         "0.0.0.0", FALSE, IKEV2_UDP_PORT),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
 
index c2d4b68..dd9a0b0 100644 (file)
@@ -259,7 +259,8 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e,
                ike_cfg_t *ike_cfg;
 
                ike_cfg = ike_cfg_create(certreq, force_encap,
-                                                                local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT);
+                                                                local, FALSE, IKEV2_UDP_PORT,
+                                                                remote, FALSE, IKEV2_UDP_PORT);
                add_ike_proposals(this, ike_cfg, id);
                return ike_cfg;
        }
index 6b8dc23..910acf1 100644 (file)
@@ -225,9 +225,13 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg
                }
        }
        ike_cfg = ike_cfg_create(msg->add_conn.other.sendcert != CERT_NEVER_SEND,
-                                       msg->add_conn.force_encap,
-                                       msg->add_conn.me.address, msg->add_conn.me.ikeport,
-                                       msg->add_conn.other.address, msg->add_conn.other.ikeport);
+                                                        msg->add_conn.force_encap,
+                                                        msg->add_conn.me.address,
+                                                        msg->add_conn.me.allow_any,
+                                                        msg->add_conn.me.ikeport,
+                                                        msg->add_conn.other.address,
+                                                        msg->add_conn.other.allow_any,
+                                                        msg->add_conn.other.ikeport);
        add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL);
        return ike_cfg;
 }
@@ -625,7 +629,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
                        }
                        else
                        {
-                               if (strchr(ike_cfg->get_my_addr(ike_cfg), ':'))
+                               if (strchr(ike_cfg->get_my_addr(ike_cfg, NULL), ':'))
                                {
                                        vip = host_create_any(AF_INET6);
                                }
index a179adf..88523ea 100644 (file)
@@ -500,6 +500,9 @@ METHOD(stroke_list_t, status, void,
                                                        charon->backends, NULL, NULL, NULL, NULL, IKE_ANY);
                while (enumerator->enumerate(enumerator, &peer_cfg))
                {
+                       char *my_addr, *other_addr;
+                       bool my_allow_any, other_allow_any;
+
                        if (name && !streq(name, peer_cfg->get_name(peer_cfg)))
                        {
                                continue;
@@ -507,9 +510,12 @@ METHOD(stroke_list_t, status, void,
 
                        ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
                        ike_version = peer_cfg->get_ike_version(peer_cfg);
-                       fprintf(out, "%12s:  %s...%s  %N", peer_cfg->get_name(peer_cfg),
-                               ike_cfg->get_my_addr(ike_cfg), ike_cfg->get_other_addr(ike_cfg),
-                               ike_version_names, ike_version);
+                       my_addr = ike_cfg->get_my_addr(ike_cfg, &my_allow_any);
+                       other_addr = ike_cfg->get_other_addr(ike_cfg, &other_allow_any);
+                       fprintf(out, "%12s:  %s%s...%s%s  %N", peer_cfg->get_name(peer_cfg),
+                                       my_allow_any ? "%":"", my_addr,
+                                       other_allow_any ? "%":"", other_addr,
+                                       ike_version_names, ike_version);
 
                        if (ike_version == IKEV1 && peer_cfg->use_aggressive(peer_cfg))
                        {
index eb2c4b3..9b0fd73 100644 (file)
@@ -169,7 +169,8 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
        {
                DESTROY_IF(this->peer_cfg);
                ike_cfg = ike_cfg_create(FALSE, FALSE,
-                                       local_addr, IKEV2_UDP_PORT, remote_addr, IKEV2_UDP_PORT);
+                                                                local_addr, FALSE, IKEV2_UDP_PORT,
+                                                                remote_addr, FALSE, IKEV2_UDP_PORT);
                ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
                this->peer_cfg = peer_cfg_create(
                                        name, IKEV2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
@@ -265,8 +266,9 @@ METHOD(enumerator_t, ike_enumerator_enumerate, bool,
                                                           &local_addr, &remote_addr, &ike_proposal))
        {
                DESTROY_IF(this->ike_cfg);
-               this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, IKEV2_UDP_PORT,
-                                                                               remote_addr, IKEV2_UDP_PORT);
+               this->ike_cfg = ike_cfg_create(FALSE, FALSE,
+                                                                          local_addr, FALSE, IKEV2_UDP_PORT,
+                                                                          remote_addr, FALSE, IKEV2_UDP_PORT);
                this->ike_cfg->add_proposal(this->ike_cfg,
                                                                        create_proposal(ike_proposal, PROTO_IKE));
 
index c104ff9..a13a7a3 100644 (file)
@@ -1039,8 +1039,12 @@ static void resolve_hosts(private_ike_sa_t *this)
        }
        else
        {
-               host = host_create_from_dns(this->ike_cfg->get_other_addr(this->ike_cfg),
-                                                               0, this->ike_cfg->get_other_port(this->ike_cfg));
+               char *other_addr;
+               u_int16_t other_port;
+
+               other_addr = this->ike_cfg->get_other_addr(this->ike_cfg, NULL);
+               other_port = this->ike_cfg->get_other_port(this->ike_cfg);
+               host = host_create_from_dns(other_addr, 0, other_port);
        }
        if (host)
        {
@@ -1054,6 +1058,8 @@ static void resolve_hosts(private_ike_sa_t *this)
        }
        else
        {
+               char *my_addr;
+               u_int16_t my_port;
                int family = 0;
 
                /* use same address family as for other */
@@ -1061,8 +1067,9 @@ static void resolve_hosts(private_ike_sa_t *this)
                {
                        family = this->other_host->get_family(this->other_host);
                }
-               host = host_create_from_dns(this->ike_cfg->get_my_addr(this->ike_cfg),
-                                                       family, this->ike_cfg->get_my_port(this->ike_cfg));
+               my_addr = this->ike_cfg->get_my_addr(this->ike_cfg, NULL);
+               my_port = this->ike_cfg->get_my_port(this->ike_cfg);
+               host = host_create_from_dns(my_addr, family, my_port);
 
                if (host && host->is_anyaddr(host) &&
                        !this->other_host->is_anyaddr(this->other_host))
@@ -1076,9 +1083,7 @@ static void resolve_hosts(private_ike_sa_t *this)
                        }
                        else
                        {       /* fallback to address family specific %any(6), if configured */
-                               host = host_create_from_dns(
-                                                               this->ike_cfg->get_my_addr(this->ike_cfg),
-                                                               0, this->ike_cfg->get_my_port(this->ike_cfg));
+                               host = host_create_from_dns(my_addr, 0, my_port);
                        }
                }
        }
@@ -1108,7 +1113,7 @@ METHOD(ike_sa_t, initiate, status_t,
 #endif /* ME */
                        )
                {
-                       char *addr = this->ike_cfg->get_other_addr(this->ike_cfg);
+                       char *addr = this->ike_cfg->get_other_addr(this->ike_cfg, NULL);
                        bool is_anyaddr = streq(addr, "%any") || streq(addr, "%any6");
 
                        if (is_anyaddr || !this->retry_initiate_interval)
index 9a6d4eb..e03e306 100644 (file)
@@ -127,14 +127,14 @@ METHOD(trap_manager_t, install, u_int32_t,
 
        /* try to resolve addresses */
        ike_cfg = peer->get_ike_cfg(peer);
-       other = host_create_from_dns(ike_cfg->get_other_addr(ike_cfg),
+       other = host_create_from_dns(ike_cfg->get_other_addr(ike_cfg, NULL),
                                                                 0, ike_cfg->get_other_port(ike_cfg));
        if (!other || other->is_anyaddr(other))
        {
                DBG1(DBG_CFG, "installing trap failed, remote address unknown");
                return 0;
        }
-       me = host_create_from_dns(ike_cfg->get_my_addr(ike_cfg),
+       me = host_create_from_dns(ike_cfg->get_my_addr(ike_cfg, NULL),
                                        other->get_family(other), ike_cfg->get_my_port(ike_cfg));
        if (!me || me->is_anyaddr(me))
        {
index 72b3f1a..4fdd5be 100644 (file)
@@ -186,6 +186,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
        msg_end->sendcert = conn_end->sendcert;
        msg_end->hostaccess = conn_end->hostaccess;
        msg_end->tohost = !conn_end->has_client;
+       msg_end->allow_any = conn_end->allow_any;
        msg_end->protocol = conn_end->protocol;
        msg_end->port = conn_end->port;
 }
index e1ac684..cc0819f 100644 (file)
@@ -162,6 +162,7 @@ struct stroke_end_t {
        int sendcert;
        int hostaccess;
        int tohost;
+       int allow_any;
        u_int8_t protocol;
        u_int16_t port;
 };