Imported Upstream version 5.4.0

3 files changed, 50 insertions, 24 deletions

diff --git a/src/libcharon/plugins/updown/Makefile.am b/src/libcharon/plugins/updown/Makefile.am
index f03f4744c..f8738adee 100644
--- a/src/libcharon/plugins/updown/Makefile.am
+++ b/src/libcharon/plugins/updown/Makefile.am
@@ -1,6 +1,5 @@
 AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan \
-	-I$(top_srcdir)/src/libhydra \
 	-I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = \
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 619d17a0e..863e14430 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
 swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
 systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
 systemd_daemon_LIBS = @systemd_daemon_LIBS@
 systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
@@ -431,7 +433,6 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan \
-	-I$(top_srcdir)/src/libhydra \
 	-I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = \
diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c
index 96282bee0..e51caab10 100644
--- a/src/libcharon/plugins/updown/updown_listener.c
+++ b/src/libcharon/plugins/updown/updown_listener.c
@@ -1,7 +1,8 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -21,7 +22,6 @@
 #include "updown_listener.h"
 
 #include <utils/process.h>
-#include <hydra.h>
 #include <daemon.h>
 #include <config/child_cfg.h>
 
@@ -205,25 +205,47 @@ static void push_vip_env(private_updown_listener_t *this, ike_sa_t *ike_sa,
 	enumerator->destroy(enumerator);
 }
 
+#define	PORT_BUF_LEN	12
+
 /**
  * Determine proper values for port env variable
  */
-static u_int16_t get_port(traffic_selector_t *me,
-						  traffic_selector_t *other, bool local)
+static char* get_port(traffic_selector_t *me, traffic_selector_t *other,
+					  char *port_buf, bool local)
 {
+	uint16_t port, to, from;
+
 	switch (max(me->get_protocol(me), other->get_protocol(other)))
 	{
 		case IPPROTO_ICMP:
 		case IPPROTO_ICMPV6:
 		{
-			u_int16_t port = me->get_from_port(me);
-
-			port = max(port, other->get_from_port(other));
-			return local ? traffic_selector_icmp_type(port)
-						 : traffic_selector_icmp_code(port);
+			port = max(me->get_from_port(me), other->get_from_port(other));
+			snprintf(port_buf, PORT_BUF_LEN, "%u",
+					 local ? traffic_selector_icmp_type(port)
+						   : traffic_selector_icmp_code(port));
+			return port_buf;
 		}
 	}
-	return local ? me->get_from_port(me) : other->get_from_port(other);
+	if (local)
+	{
+		from = me->get_from_port(me);
+		to   = me->get_to_port(me);
+	}
+	else
+	{
+		from = other->get_from_port(other);
+		to   = other->get_to_port(other);
+	}
+	if (from == to || (from == 0 && to == 65535))
+	{
+		snprintf(port_buf, PORT_BUF_LEN, "%u", from);
+	}
+	else
+	{
+		snprintf(port_buf, PORT_BUF_LEN, "%u:%u", from, to);
+	}
+	return port_buf;
 }
 
 /**
@@ -241,6 +263,7 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa,
 	int out;
 	FILE *shell;
 	process_t *process;
+	char port_buf[PORT_BUF_LEN];
 	char *envp[128] = {};
 
 	me = ike_sa->get_my_host(ike_sa);
@@ -265,8 +288,7 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa,
 			 config->get_name(config));
 	if (up)
 	{
-		if (hydra->kernel_interface->get_interface(hydra->kernel_interface,
-												   me, &iface))
+		if (charon->kernel->get_interface(charon->kernel, me, &iface))
 		{
 			cache_iface(this, child_sa->get_reqid(child_sa), iface);
 		}
@@ -289,25 +311,29 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa,
 			 ike_sa->get_unique_id(ike_sa));
 	push_env(envp, countof(envp), "PLUTO_ME=%H", me);
 	push_env(envp, countof(envp), "PLUTO_MY_ID=%Y", ike_sa->get_my_id(ike_sa));
-	if (my_ts->to_subnet(my_ts, &host, &mask))
+	if (!my_ts->to_subnet(my_ts, &host, &mask))
 	{
-		push_env(envp, countof(envp), "PLUTO_MY_CLIENT=%+H/%u", host, mask);
-		host->destroy(host);
+		DBG1(DBG_CHD, "updown approximates local TS %R "
+					  "by next larger subnet", my_ts);
 	}
-	push_env(envp, countof(envp), "PLUTO_MY_PORT=%u",
-			 get_port(my_ts, other_ts, TRUE));
+	push_env(envp, countof(envp), "PLUTO_MY_CLIENT=%+H/%u", host, mask);
+	host->destroy(host);
+	push_env(envp, countof(envp), "PLUTO_MY_PORT=%s",
+			 get_port(my_ts, other_ts, port_buf, TRUE));
 	push_env(envp, countof(envp), "PLUTO_MY_PROTOCOL=%u",
 			 my_ts->get_protocol(my_ts));
 	push_env(envp, countof(envp), "PLUTO_PEER=%H", other);
 	push_env(envp, countof(envp), "PLUTO_PEER_ID=%Y",
 			 ike_sa->get_other_id(ike_sa));
-	if (other_ts->to_subnet(other_ts, &host, &mask))
+	if (!other_ts->to_subnet(other_ts, &host, &mask))
 	{
-		push_env(envp, countof(envp), "PLUTO_PEER_CLIENT=%+H/%u", host, mask);
-		host->destroy(host);
+		DBG1(DBG_CHD, "updown approximates remote TS %R "
+					  "by next larger subnet", other_ts);
 	}
-	push_env(envp, countof(envp), "PLUTO_PEER_PORT=%u",
-			 get_port(my_ts, other_ts, FALSE));
+	push_env(envp, countof(envp), "PLUTO_PEER_CLIENT=%+H/%u", host, mask);
+	host->destroy(host);
+	push_env(envp, countof(envp), "PLUTO_PEER_PORT=%s",
+			 get_port(my_ts, other_ts, port_buf, FALSE));
 	push_env(envp, countof(envp), "PLUTO_PEER_PROTOCOL=%u",
 			 other_ts->get_protocol(other_ts));
 	if (ike_sa->has_condition(ike_sa, COND_EAP_AUTHENTICATED) ||