summaryrefslogtreecommitdiff
path: root/src/starter/starterstroke.c
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2008-12-05 16:15:54 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2008-12-05 16:15:54 +0000
commitc7f1b0530b85bc7654e68992f25ed8ced5d0a80d (patch)
tree861798cd7da646014ed6919766b053099646710d /src/starter/starterstroke.c
parent8b80ab5a6950ce6515f477624794defd7531642a (diff)
downloadvyos-strongswan-c7f1b0530b85bc7654e68992f25ed8ced5d0a80d.tar.gz
vyos-strongswan-c7f1b0530b85bc7654e68992f25ed8ced5d0a80d.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.2.9)
Diffstat (limited to 'src/starter/starterstroke.c')
-rw-r--r--src/starter/starterstroke.c36
1 files changed, 27 insertions, 9 deletions
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 4ee73128b..481b7de34 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: starterstroke.c 4276 2008-08-22 10:44:51Z martin $
+ * RCSID $Id: starterstroke.c 4614 2008-11-11 07:28:52Z andreas $
*/
#include <sys/types.h>
@@ -24,6 +24,7 @@
#include <errno.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <linux/xfrm.h>
#include <freeswan.h>
@@ -37,6 +38,9 @@
#include "confread.h"
#include "files.h"
+#define IPV4_LEN 4
+#define IPV6_LEN 16
+
/**
* Authentication methods, must be the same as in charons authenticator.h
*/
@@ -126,7 +130,11 @@ static void ip_address2string(ip_address *addr, char *buffer, size_t len)
case AF_INET:
{
struct sockaddr_in* sin = (struct sockaddr_in*)addr;
- if (inet_ntop(AF_INET, &sin->sin_addr, buffer, len))
+ u_int8_t zeroes[IPV4_LEN];
+
+ memset(zeroes, 0, IPV4_LEN);
+ if (memcmp(zeroes, &(sin->sin_addr.s_addr), IPV4_LEN) &&
+ inet_ntop(AF_INET, &sin->sin_addr, buffer, len))
{
return;
}
@@ -135,7 +143,11 @@ static void ip_address2string(ip_address *addr, char *buffer, size_t len)
case AF_INET6:
{
struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr;
- if (inet_ntop(AF_INET6, &sin6->sin6_addr, buffer, len))
+ u_int8_t zeroes[IPV6_LEN];
+
+ memset(zeroes, 0, IPV6_LEN);
+ if (memcmp(zeroes, &(sin6->sin6_addr.s6_addr), IPV6_LEN) &&
+ inet_ntop(AF_INET6, &sin6->sin6_addr, buffer, len))
{
return;
}
@@ -144,8 +156,8 @@ static void ip_address2string(ip_address *addr, char *buffer, size_t len)
default:
break;
}
- /* failed */
- snprintf(buffer, len, "0.0.0.0");
+ /* default */
+ snprintf(buffer, len, "%%any");
}
@@ -231,17 +243,22 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
if (conn->policy & POLICY_TUNNEL)
{
- msg.add_conn.mode = 1; /* XFRM_MODE_TRANSPORT */
+ msg.add_conn.mode = XFRM_MODE_TUNNEL;
}
else if (conn->policy & POLICY_BEET)
{
- msg.add_conn.mode = 4; /* XFRM_MODE_BEET */
+ msg.add_conn.mode = XFRM_MODE_BEET;
}
+ else if (conn->policy & POLICY_PROXY)
+ {
+ msg.add_conn.mode = XFRM_MODE_TRANSPORT;
+ msg.add_conn.proxy_mode = TRUE;
+ }
else
{
- msg.add_conn.mode = 0; /* XFRM_MODE_TUNNEL */
+ msg.add_conn.mode = XFRM_MODE_TRANSPORT;
}
-
+
if (!(conn->policy & POLICY_DONT_REKEY))
{
msg.add_conn.rekey.reauth = (conn->policy & POLICY_DONT_REAUTH) == LEMPTY;
@@ -254,6 +271,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
msg.add_conn.mobike = conn->policy & POLICY_MOBIKE;
msg.add_conn.force_encap = conn->policy & POLICY_FORCE_ENCAP;
msg.add_conn.ipcomp = conn->policy & POLICY_COMPRESS;
+ msg.add_conn.install_policy = conn->install_policy;
msg.add_conn.crl_policy = cfg->setup.strictcrlpolicy;
msg.add_conn.unique = cfg->setup.uniqueids;
msg.add_conn.algorithms.ike = push_string(&msg, conn->ike);