From b7b5432ff8cfdcc56a395ffccd899029a6ca676f Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 28 Jun 2013 10:29:42 +0200 Subject: [PATCH] stroke: Changed how proto/port are specified in left|rightsubnet Using a colon as separator conflicts with IPv6 addresses. --- man/ipsec.conf.5.in | 13 +++++++------ src/libcharon/plugins/stroke/stroke_config.c | 9 ++++++++- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 22efa49086..07472b2929 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -788,7 +788,7 @@ echoed back. Also supported are address pools expressed as or the use of an external IP address pool using %\fIpoolname\fR, where \fIpoolname\fR is the name of the IP address pool used for the lookup. .TP -.BR leftsubnet " = [:][,...]" +.BR leftsubnet " = [[]][,...]" private subnet behind the left participant, expressed as \fInetwork\fB/\fInetmask\fR; if omitted, essentially assumed to be \fIleft\fB/32\fR, @@ -800,15 +800,16 @@ configurations. IKEv2 supports multiple subnets separated by commas. IKEv1 only interprets the first subnet of such a definition, unless the Cisco Unity extension plugin is enabled. -The part in each subnet following an optional colon specifies a protocol/port -to restrict the selector for that subnet. +The optional part after each subnet enclosed in square brackets specifies a +protocol/port to restrict the selector for that subnet. -Example: -.BR leftsubnet=10.0.0.1:tcp/http,10.0.0.2:6/80,10.0.0.3:udp,10.0.0.0/16:/53 . +Examples: +.BR leftsubnet=10.0.0.1[tcp/http],10.0.0.2[6/80] " or" +.BR leftsubnet=fec1::1[udp],10.0.0.0/16[/53] . Instead of omitting either value .B %any can be used to the same effect, e.g. -.BR leftsubnet=10.0.0.3:udp/%any,10.0.0.0/16=%any/53 . +.BR leftsubnet=fec1::1[udp/%any],10.0.0.0/16[%any/53] . The port value can alternatively take the value .B %opaque diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 64af5bb9cb..da8d35c40a 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -895,6 +895,13 @@ static bool parse_protoport(char *token, u_int16_t *from_port, struct servent *svc; long int p; + sep = strrchr(token, ']'); + if (!sep) + { + return FALSE; + } + *sep = '\0'; + sep = strchr(token, '/'); if (sep) { /* protocol/port */ @@ -1009,7 +1016,7 @@ static void add_ts(private_stroke_config_t *this, to_port = end->to_port; proto = end->protocol; - pos = strchr(subnet, ':'); + pos = strchr(subnet, '['); if (pos) { *(pos++) = '\0'; -- 2.47.3