From: Martin Willi <martin@revosec.ch>
Date: Wed, 5 Jun 2013 09:43:19 +0000 (+0200)
Subject: stroke: support %dynamic in left/rightsubnet for dynamic selectors
X-Git-Tag: 5.1.0dr1~106^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=483a258ad81c65e85a44b98691d9d29efb23e5da;p=thirdparty%2Fstrongswan.git

stroke: support %dynamic in left/rightsubnet for dynamic selectors

This has the same meaning as omitting left/rightsubnet, i.e. replace it
by the IKE address. Supporting %dynamic allows configurations with multiple
dynamic selectors in a left/rightsubnet, each with potentially different
proto/port selectors.
---

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 9db9e01fda..64af5bb9cb 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -1020,8 +1020,16 @@ static void add_ts(private_stroke_config_t *this,
 						continue;
 					}
 				}
-				ts = traffic_selector_create_from_cidr(subnet, proto,
-													   from_port, to_port);
+				if (streq(subnet, "%dynamic"))
+				{
+					ts = traffic_selector_create_dynamic(proto,
+														 from_port, to_port);
+				}
+				else
+				{
+					ts = traffic_selector_create_from_cidr(subnet, proto,
+														   from_port, to_port);
+				}
 				if (ts)
 				{
 					child_cfg->add_traffic_selector(child_cfg, local, ts);