support of dynamic/128 and %any6
This commit is contained in:
Andreas Steffen
parent
49971c4ce5
commit
c59825fbfc
|
|
@ -301,7 +301,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
DBG2(DBG_CFG, " config: %R, received: %R => no match",
|
DBG2(DBG_CFG, " config: %R, received: %R => no match",
|
||||||
ts1, ts2, selected);
|
ts1, ts2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
e2->destroy(e2);
|
e2->destroy(e2);
|
||||||
|
|
|
||||||
|
|
@ -823,11 +823,12 @@ traffic_selector_t *traffic_selector_create_from_string(
|
||||||
/*
|
/*
|
||||||
* see header
|
* see header
|
||||||
*/
|
*/
|
||||||
traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
|
traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
|
||||||
|
ts_type_t type,
|
||||||
u_int16_t from_port, u_int16_t to_port)
|
u_int16_t from_port, u_int16_t to_port)
|
||||||
{
|
{
|
||||||
private_traffic_selector_t *this = traffic_selector_create(
|
private_traffic_selector_t *this = traffic_selector_create(
|
||||||
protocol, TS_IPV4_ADDR_RANGE, from_port, to_port);
|
protocol, type, from_port, to_port);
|
||||||
|
|
||||||
memset(this->from6, 0, sizeof(this->from6));
|
memset(this->from6, 0, sizeof(this->from6));
|
||||||
memset(this->to6, 0xFF, sizeof(this->to6));
|
memset(this->to6, 0xFF, sizeof(this->to6));
|
||||||
|
|
|
||||||
|
|
@ -281,6 +281,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* @param protocol upper layer protocl to allow
|
* @param protocol upper layer protocl to allow
|
||||||
|
* @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
|
||||||
* @param from_port start of allowed port range
|
* @param from_port start of allowed port range
|
||||||
* @param to_port end of range
|
* @param to_port end of range
|
||||||
* @return
|
* @return
|
||||||
|
|
@ -288,6 +289,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(
|
||||||
* - NULL if type not supported
|
* - NULL if type not supported
|
||||||
*/
|
*/
|
||||||
traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
|
traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
|
||||||
|
ts_type_t type,
|
||||||
u_int16_t from_port, u_int16_t to_port);
|
u_int16_t from_port, u_int16_t to_port);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -109,9 +109,9 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
|
||||||
MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
|
MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
|
||||||
proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
|
proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
|
||||||
child_cfg->add_proposal(child_cfg, proposal);
|
child_cfg->add_proposal(child_cfg, proposal);
|
||||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
ts = traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
|
||||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
ts = traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
|
||||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
|
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
|
||||||
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
||||||
return peer_cfg;
|
return peer_cfg;
|
||||||
|
|
|
||||||
|
|
@ -87,7 +87,7 @@ static traffic_selector_t *ts_from_string(char *str)
|
||||||
return traffic_selector_create_from_subnet(net, netbits, 0, 0);
|
return traffic_selector_create_from_subnet(net, netbits, 0, 0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return traffic_selector_create_dynamic(0, 0, 65535);
|
return traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -319,7 +319,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
|
||||||
NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
|
NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
|
||||||
ACTION_NONE, ACTION_RESTART, ipcomp);
|
ACTION_NONE, ACTION_RESTART, ipcomp);
|
||||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
ts = traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
|
||||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||||
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
|
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
|
||||||
"0.0.0.0", 0,
|
"0.0.0.0", 0,
|
||||||
|
|
|
||||||
|
|
@ -78,7 +78,7 @@ static traffic_selector_t *build_traffic_selector(private_sql_config_t *this,
|
||||||
*local = TRUE;
|
*local = TRUE;
|
||||||
/* FALL */
|
/* FALL */
|
||||||
case TS_REMOTE_DYNAMIC:
|
case TS_REMOTE_DYNAMIC:
|
||||||
ts = traffic_selector_create_dynamic(protocol,
|
ts = traffic_selector_create_dynamic(protocol, type,
|
||||||
start_port, end_port);
|
start_port, end_port);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
|
||||||
|
|
@ -691,7 +691,10 @@ static void add_ts(private_stroke_config_t *this,
|
||||||
|
|
||||||
if (end->tohost)
|
if (end->tohost)
|
||||||
{
|
{
|
||||||
|
bool is_ipv6 = strchr(end->address, ':') || streq(end->address, "%any6");
|
||||||
|
|
||||||
ts = traffic_selector_create_dynamic(end->protocol,
|
ts = traffic_selector_create_dynamic(end->protocol,
|
||||||
|
is_ipv6? TS_IPV6_ADDR_RANGE:TS_IPV4_ADDR_RANGE,
|
||||||
end->port ? end->port : 0, end->port ? end->port : 65535);
|
end->port ? end->port : 0, end->port ? end->port : 65535);
|
||||||
child_cfg->add_traffic_selector(child_cfg, local, ts);
|
child_cfg->add_traffic_selector(child_cfg, local, ts);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -131,7 +131,7 @@ static traffic_selector_t *create_ts(char *string)
|
||||||
return traffic_selector_create_from_subnet(net, netbits, 0, 0);
|
return traffic_selector_create_from_subnet(net, netbits, 0, 0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return traffic_selector_create_dynamic(0, 0, 65535);
|
return traffic_selector_create_dynamic(0, TS_IPV4_ADDR_RANGE, 0, 65535);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -453,6 +453,10 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port)
|
||||||
{
|
{
|
||||||
return host_create_any(af ? af : AF_INET);
|
return host_create_any(af ? af : AF_INET);
|
||||||
}
|
}
|
||||||
|
if (streq(string, "%any6"))
|
||||||
|
{
|
||||||
|
return host_create_any(af ? af : AF_INET6);
|
||||||
|
}
|
||||||
else if (strchr(string, ':'))
|
else if (strchr(string, ':'))
|
||||||
{
|
{
|
||||||
/* gethostbyname does not like IPv6 addresses - fallback */
|
/* gethostbyname does not like IPv6 addresses - fallback */
|
||||||
|
|
|
||||||
|
|
@ -1046,6 +1046,7 @@ identification_t *identification_create_from_string(char *string)
|
||||||
else if (strchr(string, '@') == NULL)
|
else if (strchr(string, '@') == NULL)
|
||||||
{
|
{
|
||||||
if (streq(string, "%any")
|
if (streq(string, "%any")
|
||||||
|
|| streq(string, "%any6")
|
||||||
|| streq(string, "0.0.0.0")
|
|| streq(string, "0.0.0.0")
|
||||||
|| streq(string, "*")
|
|| streq(string, "*")
|
||||||
|| streq(string, "::")
|
|| streq(string, "::")
|
||||||
|
|
|
||||||
|
|
@ -127,19 +127,6 @@ static void ip_address2string(ip_address *addr, char *buffer, size_t len)
|
||||||
{
|
{
|
||||||
switch (((struct sockaddr*)addr)->sa_family)
|
switch (((struct sockaddr*)addr)->sa_family)
|
||||||
{
|
{
|
||||||
case AF_INET:
|
|
||||||
{
|
|
||||||
struct sockaddr_in* sin = (struct sockaddr_in*)addr;
|
|
||||||
u_int8_t zeroes[IPV4_LEN];
|
|
||||||
|
|
||||||
memset(zeroes, 0, IPV4_LEN);
|
|
||||||
if (memcmp(zeroes, &(sin->sin_addr.s_addr), IPV4_LEN) &&
|
|
||||||
inet_ntop(AF_INET, &sin->sin_addr, buffer, len))
|
|
||||||
{
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
case AF_INET6:
|
case AF_INET6:
|
||||||
{
|
{
|
||||||
struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr;
|
struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr;
|
||||||
|
|
@ -151,16 +138,28 @@ static void ip_address2string(ip_address *addr, char *buffer, size_t len)
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
snprintf(buffer, len, "%%any6");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
case AF_INET:
|
||||||
|
{
|
||||||
|
struct sockaddr_in* sin = (struct sockaddr_in*)addr;
|
||||||
|
u_int8_t zeroes[IPV4_LEN];
|
||||||
|
|
||||||
|
memset(zeroes, 0, IPV4_LEN);
|
||||||
|
if (memcmp(zeroes, &(sin->sin_addr.s_addr), IPV4_LEN) &&
|
||||||
|
inet_ntop(AF_INET, &sin->sin_addr, buffer, len))
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/* fall through to default */
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
|
snprintf(buffer, len, "%%any");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
/* default */
|
|
||||||
snprintf(buffer, len, "%%any");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, starter_end_t *conn_end)
|
static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, starter_end_t *conn_end)
|
||||||
{
|
{
|
||||||
char buffer[INET6_ADDRSTRLEN];
|
char buffer[INET6_ADDRSTRLEN];
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue