stroke: Default to %dynamic if no valid TS are specified in left|rightsubnet
authorTobias Brunner <tobias@strongswan.org>
Wed, 18 Jan 2017 13:51:57 +0000 (14:51 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 25 Jan 2017 15:56:28 +0000 (16:56 +0100)
Otherwise, we'd end up with an empty TS list, which is not valid.

Because end->tohost is set to !end->subnets in starter the removed branch was
never used.

src/libcharon/plugins/stroke/stroke_config.c

index f2d1104..49bf3ab 100644 (file)
@@ -982,73 +982,60 @@ static void add_ts(private_stroke_config_t *this,
                                   stroke_end_t *end, child_cfg_t *child_cfg, bool local)
 {
        traffic_selector_t *ts;
+       bool ts_added = FALSE;
 
-       if (end->tohost)
+       if (end->subnets)
        {
-               ts = traffic_selector_create_dynamic(end->protocol,
-                                                                                        end->from_port, end->to_port);
-               child_cfg->add_traffic_selector(child_cfg, local, ts);
-       }
-       else
-       {
-               if (!end->subnets)
-               {
-                       host_t *net;
+               enumerator_t *enumerator;
+               char *subnet, *pos;
+               uint16_t from_port, to_port;
+               uint8_t proto;
 
-                       net = host_create_from_string(end->address, 0);
-                       if (net)
-                       {
-                               ts = traffic_selector_create_from_subnet(net, 0, end->protocol,
-                                                                                               end->from_port, end->to_port);
-                               child_cfg->add_traffic_selector(child_cfg, local, ts);
-                       }
-               }
-               else
+               enumerator = enumerator_create_token(end->subnets, ",", " ");
+               while (enumerator->enumerate(enumerator, &subnet))
                {
-                       enumerator_t *enumerator;
-                       char *subnet, *pos;
-                       uint16_t from_port, to_port;
-                       uint8_t proto;
+                       from_port = end->from_port;
+                       to_port = end->to_port;
+                       proto = end->protocol;
 
-                       enumerator = enumerator_create_token(end->subnets, ",", " ");
-                       while (enumerator->enumerate(enumerator, &subnet))
+                       pos = strchr(subnet, '[');
+                       if (pos)
                        {
-                               from_port = end->from_port;
-                               to_port = end->to_port;
-                               proto = end->protocol;
-
-                               pos = strchr(subnet, '[');
-                               if (pos)
+                               *(pos++) = '\0';
+                               if (!parse_protoport(pos, &from_port, &to_port, &proto))
                                {
-                                       *(pos++) = '\0';
-                                       if (!parse_protoport(pos, &from_port, &to_port, &proto))
-                                       {
-                                               DBG1(DBG_CFG, "invalid proto/port: %s, skipped subnet",
-                                                        pos);
-                                               continue;
-                                       }
-                               }
-                               if (streq(subnet, "%dynamic"))
-                               {
-                                       ts = traffic_selector_create_dynamic(proto,
-                                                                                                                from_port, to_port);
-                               }
-                               else
-                               {
-                                       ts = traffic_selector_create_from_cidr(subnet, proto,
-                                                                                                                  from_port, to_port);
-                               }
-                               if (ts)
-                               {
-                                       child_cfg->add_traffic_selector(child_cfg, local, ts);
-                               }
-                               else
-                               {
-                                       DBG1(DBG_CFG, "invalid subnet: %s, skipped", subnet);
+                                       DBG1(DBG_CFG, "invalid proto/port: %s, skipped subnet",
+                                                pos);
+                                       continue;
                                }
                        }
-                       enumerator->destroy(enumerator);
+                       if (streq(subnet, "%dynamic"))
+                       {
+                               ts = traffic_selector_create_dynamic(proto,
+                                                                                                        from_port, to_port);
+                       }
+                       else
+                       {
+                               ts = traffic_selector_create_from_cidr(subnet, proto,
+                                                                                                          from_port, to_port);
+                       }
+                       if (ts)
+                       {
+                               child_cfg->add_traffic_selector(child_cfg, local, ts);
+                               ts_added = TRUE;
+                       }
+                       else
+                       {
+                               DBG1(DBG_CFG, "invalid subnet: %s, skipped", subnet);
+                       }
                }
+               enumerator->destroy(enumerator);
+       }
+       if (!ts_added)
+       {
+               ts = traffic_selector_create_dynamic(end->protocol,
+                                                                                        end->from_port, end->to_port);
+               child_cfg->add_traffic_selector(child_cfg, local, ts);
        }
 }