else
{
DBG2(DBG_CFG, " config: %R, received: %R => no match",
- ts1, ts2);
+ ts1, ts2, selected);
}
}
e2->destroy(e2);
memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) &&
memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16))
{
- written += fprintf(stream, "dynamic/%d",
- this->type == TS_IPV4_ADDR_RANGE ? 32 : 128);
+ written += fprintf(stream, "dynamic");
}
else
{
this->type = host->get_family(host) == AF_INET ?
TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE;
- chunk_t from = host->get_address(host);
- memcpy(this->from, from.ptr, from.len);
- memcpy(this->to, from.ptr, from.len);
+ if (host->is_anyaddr(host))
+ {
+ memset(this->from6, 0x00, sizeof(this->from6));
+ memset(this->to6, 0xFF, sizeof(this->to6));
+ }
+ else
+ {
+ chunk_t from = host->get_address(host);
+ memcpy(this->from, from.ptr, from.len);
+ memcpy(this->to, from.ptr, from.len);
+ }
}
}
/*
* see header
*/
-traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
- ts_type_t type,
+traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
u_int16_t from_port, u_int16_t to_port)
{
private_traffic_selector_t *this = traffic_selector_create(
- protocol, type, from_port, to_port);
+ protocol, TS_IPV4_ADDR_RANGE, from_port, to_port);
memset(this->from6, 0, sizeof(this->from6));
memset(this->to6, 0xFF, sizeof(this->to6));
*
*
* @param protocol upper layer protocl to allow
- * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
* @param from_port start of allowed port range
* @param to_port end of range
* @return
* - NULL if type not supported
*/
traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
- ts_type_t type,
u_int16_t from_port, u_int16_t to_port);
/**
MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
child_cfg->add_proposal(child_cfg, proposal);
- ts = traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
+ ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
- ts = traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
+ ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
return peer_cfg;
return traffic_selector_create_from_subnet(net, netbits, 0, 0);
}
}
- return traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
+ return traffic_selector_create_dynamic(0, 0, 65535);
}
/**
NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
ACTION_NONE, ACTION_RESTART, ipcomp);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
- ts = traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
+ ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
"0.0.0.0", 0,
*local = TRUE;
/* FALL */
case TS_REMOTE_DYNAMIC:
- ts = traffic_selector_create_dynamic(protocol, type,
+ ts = traffic_selector_create_dynamic(protocol,
start_port, end_port);
break;
default:
if (end->tohost)
{
- bool is_ipv6 = strchr(end->address, ':') || streq(end->address, "%any6");
-
ts = traffic_selector_create_dynamic(end->protocol,
- is_ipv6? TS_IPV6_ADDR_RANGE:TS_IPV4_ADDR_RANGE,
end->port ? end->port : 0, end->port ? end->port : 65535);
child_cfg->add_traffic_selector(child_cfg, local, ts);
}
return traffic_selector_create_from_subnet(net, netbits, 0, 0);
}
}
- return traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
+ return traffic_selector_create_dynamic(0, 0, 65535);
}
/**
static status_t build_i(private_child_create_t *this, message_t *message)
{
host_t *me, *other, *vip;
- bool propose_all = FALSE;
peer_cfg_t *peer_cfg;
switch (message->get_exchange_type(message))
}
/* check if we want a virtual IP, but don't have one */
- if (!this->reqid)
+ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+ vip = peer_cfg->get_virtual_ip(peer_cfg);
+ if (!this->reqid && vip)
{
- peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
- vip = peer_cfg->get_virtual_ip(peer_cfg);
- if (vip)
- {
- propose_all = TRUE;
- }
- }
-
- if (propose_all)
- { /* propose a 0.0.0.0/0 subnet when we use virtual ip */
+ /* propose a 0.0.0.0/0 or ::/0 subnet when we use virtual ip */
+ vip = host_create_any(vip->get_family(vip));
this->tsi = this->config->get_traffic_selectors(this->config, TRUE,
- NULL, NULL);
+ NULL, vip);
+ vip->destroy(vip);
}
else
- { /* but shorten a 0.0.0.0/0 subnet for host2host/we already have a vip */
+ { /* but narrow it for host2host / if we already have a vip */
this->tsi = this->config->get_traffic_selectors(this->config, TRUE,
NULL, me);
}
projects / strongswan.git / commitdiff