1 files changed, 31 insertions, 26 deletions

diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index f1edde255..691d223a3 100644
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -41,28 +41,30 @@ struct ike_cfg_t {
 	/**
 	 * Get own address.
 	 *
-	 * @return		string of address/DNS name
+	 * @param allow_any		allow any address to match
+	 * @return				string of address/DNS name
 	 */
-	char* (*get_my_addr) (ike_cfg_t *this);
+	char* (*get_my_addr) (ike_cfg_t *this, bool *allow_any);
 
 	/**
-	 * Get peers address.
+	 * Get peer's address.
 	 *
-	 * @return		string of address/DNS name
+	 * @param allow_any		allow any address to match
+	 * @return				string of address/DNS name
 	 */
-	char* (*get_other_addr) (ike_cfg_t *this);
+	char* (*get_other_addr) (ike_cfg_t *this, bool *allow_any);
 
 	/**
 	 * Get the port to use as our source port.
 	 *
-	 * @return		source address port, host order
+	 * @return				source address port, host order
 	 */
 	u_int16_t (*get_my_port)(ike_cfg_t *this);
 
 	/**
 	 * Get the port to use as destination port.
 	 *
-	 * @return		destination address, host order
+	 * @return				destination address, host order
 	 */
 	u_int16_t (*get_other_port)(ike_cfg_t *this);
 
@@ -72,7 +74,7 @@ struct ike_cfg_t {
 	 * The first added proposal has the highest priority, the last
 	 * added the lowest.
 	 *
-	 * @param proposal	proposal to add
+	 * @param proposal		proposal to add
 	 */
 	void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
 
@@ -81,7 +83,7 @@ struct ike_cfg_t {
 	 *
 	 * Returned list and its proposals must be destroyed after use.
 	 *
-	 * @return 			list containing all the proposals
+	 * @return 				list containing all the proposals
 	 */
 	linked_list_t* (*get_proposals) (ike_cfg_t *this);
 
@@ -90,9 +92,9 @@ struct ike_cfg_t {
 	 *
 	 * Returned proposal must be destroyed after use.
 	 *
-	 * @param proposals	list of proposals to select from
-	 * @param private	accept algorithms from a private range
-	 * @return			selected proposal, or NULL if none matches.
+	 * @param proposals		list of proposals to select from
+	 * @param private		accept algorithms from a private range
+	 * @return				selected proposal, or NULL if none matches.
 	 */
 	proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals,
 									bool private);
@@ -100,36 +102,36 @@ struct ike_cfg_t {
 	/**
 	 * Should we send a certificate request in IKE_SA_INIT?
 	 *
-	 * @return			certificate request sending policy
+	 * @return				certificate request sending policy
 	 */
 	bool (*send_certreq) (ike_cfg_t *this);
 
 	/**
 	 * Enforce UDP encapsulation by faking NATD notifies?
 	 *
-	 * @return			TRUE to enfoce UDP encapsulation
+	 * @return				TRUE to enfoce UDP encapsulation
 	 */
 	bool (*force_encap) (ike_cfg_t *this);
 
 	/**
 	 * Get the DH group to use for IKE_SA setup.
 	 *
-	 * @return			dh group to use for initialization
+	 * @return				dh group to use for initialization
 	 */
 	diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
 
 	/**
 	 * Check if two IKE configs are equal.
 	 *
-	 * @param other		other to check for equality
-	 * @return			TRUE if other equal to this
+	 * @param other			other to check for equality
+	 * @return				TRUE if other equal to this
 	 */
 	bool (*equals)(ike_cfg_t *this, ike_cfg_t *other);
 
 	/**
 	 * Increase reference count.
 	 *
-	 * @return			reference to this
+	 * @return				reference to this
 	 */
 	ike_cfg_t* (*get_ref) (ike_cfg_t *this);
 
@@ -147,15 +149,18 @@ struct ike_cfg_t {
  *
  * Supplied hosts become owned by ike_cfg, the name gets cloned.
  *
- * @param certreq		TRUE to send a certificate request
- * @param force_encap	enforce UDP encapsulation by faking NATD notify
- * @param me			address/DNS name of local peer
- * @param my_port		IKE port to use as source, 500 uses IKEv2 port floating
- * @param other			address/DNS name of remote peer
- * @param other_port	IKE port to use as dest, 500 uses IKEv2 port floating
- * @return 				ike_cfg_t object.
+ * @param certreq			TRUE to send a certificate request
+ * @param force_encap		enforce UDP encapsulation by faking NATD notify
+ * @param me				address/DNS name of local peer
+ * @param my_allow_any		allow override of local address by any address
+ * @param my_port			IKE port to use as source, 500 uses IKEv2 port floating
+ * @param other				address/DNS name of remote peer
+ * @param other_allow_any	allow override of remote address by any address
+ * @param other_port		IKE port to use as dest, 500 uses IKEv2 port floating
+ * @return 					ike_cfg_t object.
  */
 ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
-				char *me, u_int16_t my_port, char *other, u_int16_t other_port);
+						  char *me, bool my_allow_any, u_int16_t my_port,
+						  char *other, bool other_allow_any, u_int16_t other_port);
 
 #endif /** IKE_CFG_H_ @}*/