*/
static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_traffic_selector_t *other)
{
- if ((this->type == TS_IPV4_ADDR_RANGE) &&
- (other->type == TS_IPV4_ADDR_RANGE) &&
- (this->protocol == other->protocol))
+ if ((this->type == TS_IPV4_ADDR_RANGE) && (other->type == TS_IPV4_ADDR_RANGE) &&
+ (this->protocol == other->protocol || this->protocol == 0 || other->protocol == 0))
{
u_int32_t from_addr, to_addr;
u_int16_t from_port, to_port;
+ u_int8_t protocol;
private_traffic_selector_t *new_ts;
/* TODO: make output more human readable */
return NULL;
}
+ /* select protocol, which is not zero */
+ protocol = max(this->protocol, other->protocol);
+
/* got a match, return it */
- new_ts = traffic_selector_create(this->protocol, this->type, from_port, to_port);
+ new_ts = traffic_selector_create(protocol, this->type, from_port, to_port);
new_ts->from_addr_ipv4 = from_addr;
new_ts->to_addr_ipv4 = to_addr;
new_ts->type = TS_IPV4_ADDR_RANGE;
/*
* see header
*/
-traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits)
+traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits, u_int8_t protocol, u_int16_t port)
{
- private_traffic_selector_t *this = traffic_selector_create(0, 0, 0, 65535);
+ private_traffic_selector_t *this = traffic_selector_create(protocol, 0, 0, 65535);
switch (net->get_family(net))
{
return NULL;
}
}
+ if (port)
+ {
+ this->from_port = port;
+ this->to_port = port;
+ }
+
return (&this->public);
}
* is sufficient. This constructor creates a traffic selector for
* all protocols, all ports and the address range specified by the
* subnet.
+ * Additionally, a protocol and a port may be specified. Port ranges
+ * are not supported via this constructor.
*
* @param net subnet to use
* @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation
*
* @ingroup config
*/
-traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits);
+traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits, u_int8_t protocol, u_int16_t port);
#endif /* TRAFFIC_SELECTOR_H_ */
goto destroy_ids;
}
- my_ts = traffic_selector_create_from_subnet(my_subnet, msg->add_conn.me.subnet ?
- msg->add_conn.me.subnet_mask : 32);
+ my_ts = traffic_selector_create_from_subnet(my_subnet,
+ msg->add_conn.me.subnet ? msg->add_conn.me.subnet_mask : 32,
+ msg->add_conn.me.protocol, msg->add_conn.me.port);
my_subnet->destroy(my_subnet);
- other_ts = traffic_selector_create_from_subnet(other_subnet, msg->add_conn.other.subnet ?
- msg->add_conn.other.subnet_mask : 32);
+ other_ts = traffic_selector_create_from_subnet(other_subnet,
+ msg->add_conn.other.subnet ? msg->add_conn.other.subnet_mask : 32,
+ msg->add_conn.other.protocol, msg->add_conn.other.port);
other_subnet->destroy(other_subnet);
if (msg->add_conn.me.ca)
msg_end->subnet = push_string(msg, inet_ntoa(conn_end->subnet.addr.u.v4.sin_addr));
msg_end->subnet_mask = conn_end->subnet.maskbits;
msg_end->sendcert = conn_end->sendcert;
+ msg_end->protocol = conn_end->protocol;
+ msg_end->port = conn_end->port;
}
int starter_stroke_add_conn(starter_conn_t *conn)
msg.add_conn.me.cert = NULL;
msg.add_conn.me.ca = NULL;
msg.add_conn.me.sendcert = 1;
+ msg.add_conn.me.protocol = 0;
+ msg.add_conn.me.port = 0;
msg.add_conn.other.id = push_string(&msg, other_id);
msg.add_conn.other.address = push_string(&msg, other_addr);
msg.add_conn.other.cert = NULL;
msg.add_conn.other.ca = NULL;
msg.add_conn.other.sendcert = 1;
+ msg.add_conn.other.protocol = 0;
+ msg.add_conn.other.port = 0;
return send_stroke_msg(&msg);
}
char *subnet;
int subnet_mask;
int sendcert;
+ u_int8_t protocol;
+ u_int16_t port;
};
typedef struct stroke_msg_t stroke_msg_t;
projects / strongswan.git / commitdiff