From: Tobias Brunner Date: Wed, 18 Jan 2017 13:51:57 +0000 (+0100) Subject: stroke: Default to %dynamic if no valid TS are specified in left|rightsubnet X-Git-Tag: 5.5.2dr5~45 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=69b58e347ee09fa3adf60552f5410dbb346d6f4f;p=thirdparty%2Fstrongswan.git stroke: Default to %dynamic if no valid TS are specified in left|rightsubnet Otherwise, we'd end up with an empty TS list, which is not valid. Because end->tohost is set to !end->subnets in starter the removed branch was never used. --- diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index f2d1104343..49bf3ab60b 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -982,73 +982,60 @@ static void add_ts(private_stroke_config_t *this, stroke_end_t *end, child_cfg_t *child_cfg, bool local) { traffic_selector_t *ts; + bool ts_added = FALSE; - if (end->tohost) + if (end->subnets) { - ts = traffic_selector_create_dynamic(end->protocol, - end->from_port, end->to_port); - child_cfg->add_traffic_selector(child_cfg, local, ts); - } - else - { - if (!end->subnets) - { - host_t *net; + enumerator_t *enumerator; + char *subnet, *pos; + uint16_t from_port, to_port; + uint8_t proto; - net = host_create_from_string(end->address, 0); - if (net) - { - ts = traffic_selector_create_from_subnet(net, 0, end->protocol, - end->from_port, end->to_port); - child_cfg->add_traffic_selector(child_cfg, local, ts); - } - } - else + enumerator = enumerator_create_token(end->subnets, ",", " "); + while (enumerator->enumerate(enumerator, &subnet)) { - enumerator_t *enumerator; - char *subnet, *pos; - uint16_t from_port, to_port; - uint8_t proto; + from_port = end->from_port; + to_port = end->to_port; + proto = end->protocol; - enumerator = enumerator_create_token(end->subnets, ",", " "); - while (enumerator->enumerate(enumerator, &subnet)) + pos = strchr(subnet, '['); + if (pos) { - from_port = end->from_port; - to_port = end->to_port; - proto = end->protocol; - - pos = strchr(subnet, '['); - if (pos) + *(pos++) = '\0'; + if (!parse_protoport(pos, &from_port, &to_port, &proto)) { - *(pos++) = '\0'; - if (!parse_protoport(pos, &from_port, &to_port, &proto)) - { - DBG1(DBG_CFG, "invalid proto/port: %s, skipped subnet", - pos); - continue; - } - } - if (streq(subnet, "%dynamic")) - { - ts = traffic_selector_create_dynamic(proto, - from_port, to_port); - } - else - { - ts = traffic_selector_create_from_cidr(subnet, proto, - from_port, to_port); - } - if (ts) - { - child_cfg->add_traffic_selector(child_cfg, local, ts); - } - else - { - DBG1(DBG_CFG, "invalid subnet: %s, skipped", subnet); + DBG1(DBG_CFG, "invalid proto/port: %s, skipped subnet", + pos); + continue; } } - enumerator->destroy(enumerator); + if (streq(subnet, "%dynamic")) + { + ts = traffic_selector_create_dynamic(proto, + from_port, to_port); + } + else + { + ts = traffic_selector_create_from_cidr(subnet, proto, + from_port, to_port); + } + if (ts) + { + child_cfg->add_traffic_selector(child_cfg, local, ts); + ts_added = TRUE; + } + else + { + DBG1(DBG_CFG, "invalid subnet: %s, skipped", subnet); + } } + enumerator->destroy(enumerator); + } + if (!ts_added) + { + ts = traffic_selector_create_dynamic(end->protocol, + end->from_port, end->to_port); + child_cfg->add_traffic_selector(child_cfg, local, ts); } }