Use a complete port range in traffic_selector_create_from_{subnet,cidr}
authorMartin Willi <martin@revosec.ch>
Thu, 21 Feb 2013 10:04:35 +0000 (11:04 +0100)
committerMartin Willi <martin@revosec.ch>
Thu, 21 Feb 2013 10:52:33 +0000 (11:52 +0100)
src/conftest/config.c
src/libcharon/plugins/load_tester/load_tester_config.c
src/libcharon/plugins/medcli/medcli_config.c
src/libcharon/plugins/stroke/stroke_config.c
src/libcharon/plugins/uci/uci_config.c
src/libcharon/plugins/unity/unity_handler.c
src/libcharon/sa/ikev1/tasks/quick_mode.c
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
src/libstrongswan/selectors/traffic_selector.c
src/libstrongswan/selectors/traffic_selector.h

index ae0d934..5c078d2 100644 (file)
@@ -188,7 +188,7 @@ static child_cfg_t *load_child_config(private_config_t *this,
                enumerator = enumerator_create_token(token, ",", " ");
                while (enumerator->enumerate(enumerator, &token))
                {
-                       ts = traffic_selector_create_from_cidr(token, 0, 0);
+                       ts = traffic_selector_create_from_cidr(token, 0, 0, 65535);
                        if (ts)
                        {
                                child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
@@ -212,7 +212,7 @@ static child_cfg_t *load_child_config(private_config_t *this,
                enumerator = enumerator_create_token(token, ",", " ");
                while (enumerator->enumerate(enumerator, &token))
                {
-                       ts = traffic_selector_create_from_cidr(token, 0, 0);
+                       ts = traffic_selector_create_from_cidr(token, 0, 0, 65535);
                        if (ts)
                        {
                                child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
index c6288c5..1033eb5 100644 (file)
@@ -369,7 +369,7 @@ static void add_ts(char *string, child_cfg_t *cfg, bool local)
 
        if (string)
        {
-               ts = traffic_selector_create_from_cidr(string, 0, 0);
+               ts = traffic_selector_create_from_cidr(string, 0, 0, 65535);
                if (!ts)
                {
                        DBG1(DBG_CFG, "parsing TS string '%s' failed", string);
index 4be3dea..73e128a 100644 (file)
@@ -63,7 +63,7 @@ static traffic_selector_t *ts_from_string(char *str)
        {
                traffic_selector_t *ts;
 
-               ts = traffic_selector_create_from_cidr(str, 0, 0);
+               ts = traffic_selector_create_from_cidr(str, 0, 0, 65535);
                if (ts)
                {
                        return ts;
@@ -389,4 +389,3 @@ medcli_config_t *medcli_config_create(database_t *db)
 
        return &this->public;
 }
-
index 9f6124d..70d6ce5 100644 (file)
@@ -873,11 +873,21 @@ static void add_ts(private_stroke_config_t *this,
                                   stroke_end_t *end, child_cfg_t *child_cfg, bool local)
 {
        traffic_selector_t *ts;
+       u_int16_t from_port, to_port;
+
+       if (end->port)
+       {
+               from_port = to_port = end->port;
+       }
+       else
+       {
+               from_port = 0;
+               to_port = 65535;
+       }
 
        if (end->tohost)
        {
-               ts = traffic_selector_create_dynamic(end->protocol,
-                                       end->port ? end->port : 0, end->port ? end->port : 65535);
+               ts = traffic_selector_create_dynamic(end->protocol, from_port, to_port);
                child_cfg->add_traffic_selector(child_cfg, local, ts);
        }
        else
@@ -890,7 +900,7 @@ static void add_ts(private_stroke_config_t *this,
                        if (net)
                        {
                                ts = traffic_selector_create_from_subnet(net, 0, end->protocol,
-                                                                                                                end->port);
+                                                                                                                from_port, to_port);
                                child_cfg->add_traffic_selector(child_cfg, local, ts);
                        }
                }
@@ -902,8 +912,8 @@ static void add_ts(private_stroke_config_t *this,
                        enumerator = enumerator_create_token(end->subnets, ",", " ");
                        while (enumerator->enumerate(enumerator, &subnet))
                        {
-                               ts = traffic_selector_create_from_cidr(subnet,
-                                                                                                       end->protocol, end->port);
+                               ts = traffic_selector_create_from_cidr(subnet, end->protocol,
+                                                                                                          from_port, to_port);
                                if (ts)
                                {
                                        child_cfg->add_traffic_selector(child_cfg, local, ts);
index de0bf91..b7df65d 100644 (file)
@@ -89,7 +89,7 @@ static traffic_selector_t *create_ts(char *string)
        {
                traffic_selector_t *ts;
 
-               ts = traffic_selector_create_from_cidr(string, 0, 0);
+               ts = traffic_selector_create_from_cidr(string, 0, 0, 65535);
                if (ts)
                {
                        return ts;
@@ -343,4 +343,3 @@ uci_config_t *uci_config_create(uci_parser_t *parser)
 
        return &this->public;
 }
-
index 31d13ad..39dd5f0 100644 (file)
@@ -192,7 +192,8 @@ static job_requeue_t add_exclude_async(entry_t *entry)
                {
                        has_vip = TRUE;
                        child_cfg->add_traffic_selector(child_cfg, TRUE,
-                               traffic_selector_create_from_subnet(host->clone(host), 32, 0, 0));
+                               traffic_selector_create_from_subnet(host->clone(host),
+                                                                                                       32, 0, 0, 65535));
                }
                enumerator->destroy(enumerator);
 
@@ -200,7 +201,8 @@ static job_requeue_t add_exclude_async(entry_t *entry)
                {
                        host = ike_sa->get_my_host(ike_sa);
                        child_cfg->add_traffic_selector(child_cfg, TRUE,
-                               traffic_selector_create_from_subnet(host->clone(host), 32, 0, 0));
+                               traffic_selector_create_from_subnet(host->clone(host), 32, 0,
+                                                                                                       0, 65535));
                }
                charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
 
index 1eae6aa..16c4763 100644 (file)
@@ -576,12 +576,12 @@ static bool get_ts(private_quick_mode_t *this, message_t *message)
        if (!tsi)
        {
                tsi = traffic_selector_create_from_subnet(hsi->clone(hsi),
-                                                       hsi->get_family(hsi) == AF_INET ? 32 : 128, 0, 0);
+                                       hsi->get_family(hsi) == AF_INET ? 32 : 128, 0, 0, 65535);
        }
        if (!tsr)
        {
                tsr = traffic_selector_create_from_subnet(hsr->clone(hsr),
-                                                       hsr->get_family(hsr) == AF_INET ? 32 : 128, 0, 0);
+                                       hsr->get_family(hsr) == AF_INET ? 32 : 128, 0, 0, 65535);
        }
        if (this->mode == MODE_TRANSPORT && this->udp &&
           (!tsi->is_host(tsi, hsi) || !tsr->is_host(tsr, hsr)))
index f9b2634..6c4e711 100644 (file)
@@ -787,7 +787,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
        if (host)
        {
                return traffic_selector_create_from_subnet(host, prefixlen,
-                                                                                                  sel->proto, port);
+                                                                                       sel->proto, port, port ?: 65535);
        }
        return NULL;
 }
@@ -2822,4 +2822,3 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
 
        return &this->public;
 }
-
index 71bdbbe..88b0284 100644 (file)
@@ -953,7 +953,8 @@ static traffic_selector_t* sadb_address2ts(struct sadb_address *address)
        ts = traffic_selector_create_from_subnet(host,
                                                                                         address->sadb_address_prefixlen,
                                                                                         address->sadb_address_proto,
-                                                                                        host->get_port(host));
+                                                                                        host->get_port(host),
+                                                                                        host->get_port(host) ?: 65535);
        return ts;
 }
 
@@ -2654,4 +2655,3 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
 
        return &this->public;
 }
-
index fd8bfe1..ff8285f 100644 (file)
@@ -776,12 +776,13 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type,
  * see header
  */
 traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
-                                                       u_int8_t netbits, u_int8_t protocol, u_int16_t port)
+                                                       u_int8_t netbits, u_int8_t protocol,
+                                                       u_int16_t from_port, u_int16_t to_port)
 {
        private_traffic_selector_t *this;
        chunk_t from;
 
-       this = traffic_selector_create(protocol, 0, 0, 65535);
+       this = traffic_selector_create(protocol, 0, from_port, to_port);
 
        switch (net->get_family(net))
        {
@@ -800,11 +801,6 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
        memcpy(this->from, from.ptr, from.len);
        netbits = min(netbits, this->type == TS_IPV4_ADDR_RANGE ? 32 : 128);
        calc_range(this, netbits);
-       if (port)
-       {
-               this->from_port = port;
-               this->to_port = port;
-       }
        net->destroy(net);
 
        return &this->public;
@@ -855,8 +851,9 @@ traffic_selector_t *traffic_selector_create_from_string(
 /*
  * see header
  */
-traffic_selector_t *traffic_selector_create_from_cidr(char *string,
-                                                                       u_int8_t protocol, u_int16_t port)
+traffic_selector_t *traffic_selector_create_from_cidr(
+                                                                               char *string, u_int8_t protocol,
+                                                                               u_int16_t from_port, u_int16_t to_port)
 {
        host_t *net;
        int bits;
@@ -864,7 +861,8 @@ traffic_selector_t *traffic_selector_create_from_cidr(char *string,
        net = host_create_from_subnet(string, &bits);
        if (net)
        {
-               return traffic_selector_create_from_subnet(net, bits, protocol, port);
+               return traffic_selector_create_from_subnet(net, bits, protocol,
+                                                                                                  from_port, to_port);
        }
        return NULL;
 }
index b6da391..0de358b 100644 (file)
@@ -238,11 +238,13 @@ traffic_selector_t *traffic_selector_create_from_string(
  *
  * @param string               CIDR string, such as 10.1.0.0/16
  * @param protocol             protocol for this ts, such as TCP or UDP
- * @param port                 single port for this TS, 0 for any port
+ * @param from_port            start of allowed port range
+ * @param to_port              end of port range
  * @return                             traffic selector, NULL if string invalid
  */
-traffic_selector_t *traffic_selector_create_from_cidr(char *string,
-                                                                       u_int8_t protocol, u_int16_t port);
+traffic_selector_t *traffic_selector_create_from_cidr(
+                                                                               char *string, u_int8_t protocol,
+                                                                               u_int16_t from_port, u_int16_t to_port);
 
 /**
  * Create a new traffic selector using data read from the net.
@@ -288,14 +290,15 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type,
  * @param net                  subnet to use
  * @param netbits              size of the subnet, as used in e.g. 192.168.0.0/24 notation
  * @param protocol             protocol for this ts, such as TCP or UDP
- * @param port                 port number, host order
+ * @param from_port            start of allowed port range
+ * @param to_port              end of port range
  * @return
  *                                             - traffic_selector_t object
  *                                             - NULL if address family of net not supported
  */
 traffic_selector_t *traffic_selector_create_from_subnet(
-                                                                       host_t *net, u_int8_t netbits,
-                                                                       u_int8_t protocol, u_int16_t port);
+                                                       host_t *net, u_int8_t netbits, u_int8_t protocol,
+                                                       u_int16_t from_port, u_int16_t to_port);
 
 /**
  * Create a traffic selector for host-to-host cases.