else
{
DBG2(DBG_CFG, " config: %R, received: %R => no match",
- ts1, ts2, selected);
+ ts1, ts2);
}
}
e2->destroy(e2);
/*
* see header
*/
-traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
+traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
+ ts_type_t type,
u_int16_t from_port, u_int16_t to_port)
{
private_traffic_selector_t *this = traffic_selector_create(
- protocol, TS_IPV4_ADDR_RANGE, from_port, to_port);
+ protocol, type, from_port, to_port);
memset(this->from6, 0, sizeof(this->from6));
memset(this->to6, 0xFF, sizeof(this->to6));
*
*
* @param protocol upper layer protocl to allow
+ * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
* @param from_port start of allowed port range
* @param to_port end of range
* @return
* - NULL if type not supported
*/
traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
+ ts_type_t type,
u_int16_t from_port, u_int16_t to_port);
/**
MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
child_cfg->add_proposal(child_cfg, proposal);
- ts = traffic_selector_create_dynamic(0, 0, 65535);
+ ts = traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
- ts = traffic_selector_create_dynamic(0, 0, 65535);
+ ts = traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
return peer_cfg;
return traffic_selector_create_from_subnet(net, netbits, 0, 0);
}
}
- return traffic_selector_create_dynamic(0, 0, 65535);
+ return traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
}
/**
NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
ACTION_NONE, ACTION_RESTART, ipcomp);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
- ts = traffic_selector_create_dynamic(0, 0, 65535);
+ ts = traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
"0.0.0.0", 0,
*local = TRUE;
/* FALL */
case TS_REMOTE_DYNAMIC:
- ts = traffic_selector_create_dynamic(protocol,
+ ts = traffic_selector_create_dynamic(protocol, type,
start_port, end_port);
break;
default:
if (end->tohost)
{
+ bool is_ipv6 = strchr(end->address, ':') || streq(end->address, "%any6");
+
ts = traffic_selector_create_dynamic(end->protocol,
+ is_ipv6? TS_IPV6_ADDR_RANGE:TS_IPV4_ADDR_RANGE,
end->port ? end->port : 0, end->port ? end->port : 65535);
child_cfg->add_traffic_selector(child_cfg, local, ts);
}
return traffic_selector_create_from_subnet(net, netbits, 0, 0);
}
}
- return traffic_selector_create_dynamic(0, 0, 65535);
+ return traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
}
/**
{
return host_create_any(af ? af : AF_INET);
}
+ if (streq(string, "%any6"))
+ {
+ return host_create_any(af ? af : AF_INET6);
+ }
else if (strchr(string, ':'))
{
/* gethostbyname does not like IPv6 addresses - fallback */
else if (strchr(string, '@') == NULL)
{
if (streq(string, "%any")
+ || streq(string, "%any6")
|| streq(string, "0.0.0.0")
|| streq(string, "*")
|| streq(string, "::")
{
switch (((struct sockaddr*)addr)->sa_family)
{
- case AF_INET:
- {
- struct sockaddr_in* sin = (struct sockaddr_in*)addr;
- u_int8_t zeroes[IPV4_LEN];
-
- memset(zeroes, 0, IPV4_LEN);
- if (memcmp(zeroes, &(sin->sin_addr.s_addr), IPV4_LEN) &&
- inet_ntop(AF_INET, &sin->sin_addr, buffer, len))
- {
- return;
- }
- break;
- }
case AF_INET6:
{
struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr;
{
return;
}
+ snprintf(buffer, len, "%%any6");
break;
}
+ case AF_INET:
+ {
+ struct sockaddr_in* sin = (struct sockaddr_in*)addr;
+ u_int8_t zeroes[IPV4_LEN];
+
+ memset(zeroes, 0, IPV4_LEN);
+ if (memcmp(zeroes, &(sin->sin_addr.s_addr), IPV4_LEN) &&
+ inet_ntop(AF_INET, &sin->sin_addr, buffer, len))
+ {
+ return;
+ }
+ /* fall through to default */
+ }
default:
+ snprintf(buffer, len, "%%any");
break;
}
- /* default */
- snprintf(buffer, len, "%%any");
}
-
static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, starter_end_t *conn_end)
{
char buffer[INET6_ADDRSTRLEN];