starter: Don't resolve any addresses in starter.
authorTobias Brunner <tobias@strongswan.org>
Tue, 15 May 2012 11:51:59 +0000 (13:51 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 11 Jun 2012 15:33:31 +0000 (17:33 +0200)
Also removed remains of some unknown iface option.

src/starter/args.c
src/starter/cmp.c
src/starter/confread.c
src/starter/confread.h
src/starter/keywords.h
src/starter/starterstroke.c

index 2f3e48b..6dc8f8d 100644 (file)
@@ -253,7 +253,7 @@ static const token_info_t token_info[] =
        /* end keywords */
        { ARG_STR,  offsetof(starter_end_t, host), NULL                                },
        { ARG_UINT, offsetof(starter_end_t, ikeport), NULL                             },
-       { ARG_STR, offsetof(starter_end_t, subnet), NULL                               },
+       { ARG_STR,  offsetof(starter_end_t, subnet), NULL                              },
        { ARG_MISC, 0, NULL  /* KW_SUBNETWITHIN */                                     },
        { ARG_MISC, 0, NULL  /* KW_PROTOPORT */                                        },
        { ARG_STR,  offsetof(starter_end_t, sourceip), NULL                            },
@@ -274,7 +274,6 @@ static const token_info_t token_info[] =
        { ARG_STR,  offsetof(starter_end_t, ca), NULL                                  },
        { ARG_STR,  offsetof(starter_end_t, ca2), NULL                                 },
        { ARG_STR,  offsetof(starter_end_t, groups), NULL                              },
-       { ARG_STR,  offsetof(starter_end_t, iface), NULL                               }
 };
 
 static void free_list(char **list)
index f13314e..200f42e 100644 (file)
@@ -34,14 +34,6 @@ starter_cmp_end(starter_end_t *c1, starter_end_t *c2)
        if ((c1 == NULL) || (c2 == NULL))
                return FALSE;
 
-       if (c2->dns_failed)
-       {
-               c2->addr = c1->addr;
-       }
-       else
-       {
-               ADDCMP(addr);
-       }
        VARCMP(ikeport);
        VARCMP(has_client);
        VARCMP(has_client_wildcard);
@@ -53,7 +45,7 @@ starter_cmp_end(starter_end_t *c1, starter_end_t *c2)
        VARCMP(protocol);
 
        return cmp_args(KW_END_FIRST, KW_END_LAST, (char *)c1, (char *)c2);
- }
+}
 
 bool
 starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2)
@@ -62,7 +54,6 @@ starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2)
                return FALSE;
 
        VARCMP(policy);
-       VARCMP(addr_family);
        VARCMP(tunnel_addr_family);
        VARCMP(mark_in.value);
        VARCMP(mark_in.mask);
index a003a14..0235af4 100644 (file)
@@ -93,7 +93,6 @@ static void default_values(starter_config_t *cfg)
        cfg->conn_default.sa_rekey_margin       = SA_REPLACEMENT_MARGIN_DEFAULT;
        cfg->conn_default.sa_rekey_fuzz         = SA_REPLACEMENT_FUZZ_DEFAULT;
        cfg->conn_default.sa_keying_tries       = SA_REPLACEMENT_RETRIES_DEFAULT;
-       cfg->conn_default.addr_family           = AF_INET;
        cfg->conn_default.tunnel_addr_family    = AF_INET;
        cfg->conn_default.install_policy        = TRUE;
        cfg->conn_default.dpd_delay             =  30; /* seconds */
@@ -105,8 +104,6 @@ static void default_values(starter_config_t *cfg)
        cfg->conn_default.left.sendcert  = CERT_SEND_IF_ASKED;
        cfg->conn_default.right.sendcert = CERT_SEND_IF_ASKED;
 
-       anyaddr(AF_INET, &cfg->conn_default.left.addr);
-       anyaddr(AF_INET, &cfg->conn_default.right.addr);
        cfg->conn_default.left.ikeport = 500;
        cfg->conn_default.right.ikeport = 500;
 
@@ -179,51 +176,13 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
        switch (token)
        {
        case KW_HOST:
-               free(end->host);
-               end->host = NULL;
-               if (streq(value, "%any") || streq(value, "%any4"))
-               {
-                       anyaddr(conn->addr_family, &end->addr);
-               }
-               else if (streq(value, "%any6"))
-               {
-                       conn->addr_family = AF_INET6;
-                       anyaddr(conn->addr_family, &end->addr);
-               }
-               else if (streq(value, "%group"))
-               {
-                       ip_address any;
-
-                       conn->policy |= POLICY_GROUP | POLICY_TUNNEL;
-                       anyaddr(conn->addr_family, &end->addr);
-                       anyaddr(conn->tunnel_addr_family, &any);
-                       end->has_client = TRUE;
-               }
-               else
-               {
-                       /* check for allow_any prefix */
-                       if (value[0] == '%')
-                       {
-                               end->allow_any = TRUE;
-                               value++;
-                       }
-                       conn->addr_family = ip_version(value);
-                       ugh = ttoaddr(value, 0, conn->addr_family, &end->addr);
-                       if (ugh != NULL)
-                       {
-                               DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh);
-                               if (streq(ugh, "does not look numeric and name lookup failed"))
-                               {
-                                       end->dns_failed = TRUE;
-                                       anyaddr(conn->addr_family, &end->addr);
-                               }
-                               else
-                               {
-                                       goto err;
-                               }
-                       }
-                       end->host = strdupnull(value);
+               if (value && strlen(value) > 0 && value[0] == '%')
+               {       /* allow_any prefix */
+                       end->allow_any = TRUE;
+                       value++;
                }
+               free(end->host);
+               end->host = strdupnull(value);
                break;
        case KW_SUBNET:
                if ((strlen(value) >= 6 && strncmp(value,"vhost:",6) == 0)
@@ -388,27 +347,6 @@ err:
 }
 
 /*
- * handles left|right=<FQDN> DNS resolution failure
- */
-static void handle_dns_failure(const char *label, starter_end_t *end,
-                                                          starter_config_t *cfg, starter_conn_t *conn)
-{
-       if (end->dns_failed)
-       {
-               if (end->allow_any)
-               {
-                       DBG1(DBG_APP, "# fallback to %s=%%any due to '%%' prefix or %sallowany=yes",
-                                label, label);
-               }
-               else if (!end->host)
-               {
-                       /* declare an error */
-                       cfg->err++;
-               }
-       }
-}
-
-/*
  * handles left|rightfirewall and left|rightupdown parameters
  */
 static void handle_firewall(const char *label, starter_end_t *end,
@@ -646,8 +584,6 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
                }
        }
 
-       handle_dns_failure("left", &conn->left, cfg, conn);
-       handle_dns_failure("right", &conn->right, cfg, conn);
        handle_firewall("left", &conn->left, cfg);
        handle_firewall("right", &conn->right, cfg);
 }
index 0aa6bd5..7aadd45 100644 (file)
@@ -70,9 +70,7 @@ struct starter_end {
                char            *ca2;
                char            *groups;
                char            *cert_policy;
-               char            *iface;
                char            *host;
-               ip_address      addr;
                u_int           ikeport;
                char            *subnet;
                bool            has_client;
@@ -85,7 +83,6 @@ struct starter_end {
                bool            firewall;
                bool            hostaccess;
                bool            allow_any;
-               bool            dns_failed;
                char            *updown;
                u_int16_t       port;
                u_int8_t        protocol;
@@ -133,7 +130,6 @@ struct starter_conn {
                mark_t          mark_in;
                mark_t          mark_out;
                u_int32_t       tfc;
-               sa_family_t     addr_family;
                sa_family_t     tunnel_addr_family;
                bool            install_policy;
                bool            aggressive;
index 3af235f..59c71a3 100644 (file)
@@ -145,10 +145,9 @@ typedef enum {
        KW_CA,
        KW_CA2,
        KW_GROUPS,
-       KW_IFACE,
 
 #define KW_END_FIRST    KW_HOST
-#define KW_END_LAST     KW_IFACE
+#define KW_END_LAST     KW_GROUPS
 
    /* left end keywords */
        KW_LEFT,
index 4161630..e39581c 100644 (file)
@@ -117,47 +117,8 @@ static char* connection_name(starter_conn_t *conn)
        return conn->name;
 }
 
-static void ip_address2string(ip_address *addr, char *buffer, size_t len)
-{
-       switch (((struct sockaddr*)addr)->sa_family)
-       {
-               case AF_INET6:
-               {
-                       struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr;
-                       u_int8_t zeroes[IPV6_LEN];
-
-                       memset(zeroes, 0, IPV6_LEN);
-                       if (memcmp(zeroes, &(sin6->sin6_addr.s6_addr), IPV6_LEN) &&
-                               inet_ntop(AF_INET6, &sin6->sin6_addr, buffer, len))
-                       {
-                               return;
-                       }
-                       snprintf(buffer, len, "%%any6");
-                       break;
-               }
-               case AF_INET:
-               {
-                       struct sockaddr_in* sin = (struct sockaddr_in*)addr;
-                       u_int8_t zeroes[IPV4_LEN];
-
-                       memset(zeroes, 0, IPV4_LEN);
-                       if (memcmp(zeroes, &(sin->sin_addr.s_addr), IPV4_LEN) &&
-                               inet_ntop(AF_INET, &sin->sin_addr, buffer, len))
-                       {
-                               return;
-                       }
-                       /* fall through to default */
-               }
-               default:
-                       snprintf(buffer, len, "%%any");
-                       break;
-       }
-}
-
 static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, starter_end_t *conn_end)
 {
-       char buffer[INET6_ADDRSTRLEN];
-
        msg_end->auth = push_string(msg, conn_end->auth);
        msg_end->auth2 = push_string(msg, conn_end->auth2);
        msg_end->id = push_string(msg, conn_end->id);
@@ -176,8 +137,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
        }
        else
        {
-               ip_address2string(&conn_end->addr, buffer, sizeof(buffer));
-               msg_end->address = push_string(msg, buffer);
+               msg_end->address = push_string(msg, "%any");
        }
        msg_end->ikeport = conn_end->ikeport;
        msg_end->subnets = push_string(msg, conn_end->subnet);