stroke: Add support for address range definitions of in-memory pools
authorTobias Brunner <tobias@strongswan.org>
Mon, 27 Oct 2014 14:31:46 +0000 (15:31 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 30 Oct 2014 11:32:45 +0000 (12:32 +0100)
man/ipsec.conf.5.in
src/libcharon/plugins/stroke/stroke_config.c

index 32d0b9a..1c5ac00 100644 (file)
@@ -853,13 +853,15 @@ an address of the given address family will be requested explicitly.
 If an IP address is configured, it will be requested from the responder,
 which is free to respond with a different address.
 .TP
-.BR rightsourceip " = %config | <network>/<netmask> | %poolname"
+.BR rightsourceip " = %config | <network>/<netmask> | <from>-<to> | %poolname"
 Comma separated list of internal source IPs to use in a tunnel for the remote
 peer. If the value is
 .B %config
 on the responder side, the initiator must propose an address which is then
 echoed back. Also supported are address pools expressed as
 \fInetwork\fB/\fInetmask\fR
+and
+\fIfrom\fB-\fIto\fR
 or the use of an external IP address pool using %\fIpoolname\fR,
 where \fIpoolname\fR is the name of the IP address pool used for the lookup.
 .TP
index 62967b0..3e40a78 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -667,6 +667,24 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
 }
 
 /**
+ * build a mem_pool_t from an address range
+ */
+static mem_pool_t *create_pool_range(char *str)
+{
+       mem_pool_t *pool;
+       host_t *from, *to;
+
+       if (!host_create_from_range(str, &from, &to))
+       {
+               return NULL;
+       }
+       pool = mem_pool_create_range(str, from, to);
+       from->destroy(from);
+       to->destroy(to);
+       return pool;
+}
+
+/**
  * build a peer_cfg from a stroke msg
  */
 static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
@@ -789,17 +807,25 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
                        }
                        else
                        {
-                               /* in-memory pool, named using CIDR notation */
+                               /* in-memory pool, using range or CIDR notation */
+                               mem_pool_t *pool;
                                host_t *base;
                                int bits;
 
-                               base = host_create_from_subnet(token, &bits);
-                               if (base)
+                               pool = create_pool_range(token);
+                               if (!pool)
+                               {
+                                       base = host_create_from_subnet(token, &bits);
+                                       if (base)
+                                       {
+                                               pool = mem_pool_create(token, base, bits);
+                                               base->destroy(base);
+                                       }
+                               }
+                               if (pool)
                                {
-                                       this->attributes->add_pool(this->attributes,
-                                                                               mem_pool_create(token, base, bits));
+                                       this->attributes->add_pool(this->attributes, pool);
                                        peer_cfg->add_pool(peer_cfg, token);
-                                       base->destroy(base);
                                }
                                else
                                {