diff options
Diffstat (limited to 'src/libstrongswan/selectors')
-rw-r--r-- | src/libstrongswan/selectors/traffic_selector.c | 94 | ||||
-rw-r--r-- | src/libstrongswan/selectors/traffic_selector.h | 7 |
2 files changed, 39 insertions, 62 deletions
diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index b1bcf1b2d..b19b962e6 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -179,8 +179,8 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts /** * Described in header. */ -int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, - const void *const *args) +int traffic_selector_printf_hook(printf_hook_data_t *data, + printf_hook_spec_t *spec, const void *const *args) { private_traffic_selector_t *this = *((private_traffic_selector_t**)(args[0])); linked_list_t *list = *((linked_list_t**)(args[0])); @@ -195,7 +195,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec if (this == NULL) { - return print_in_hook(dst, len, "(null)"); + return print_in_hook(data, "(null)"); } if (spec->hash) @@ -204,7 +204,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec while (enumerator->enumerate(enumerator, (void**)&this)) { /* call recursivly */ - written += print_in_hook(dst, len, "%R ", this); + written += print_in_hook(data, "%R ", this); } enumerator->destroy(enumerator); return written; @@ -216,7 +216,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) && memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16)) { - written += print_in_hook(dst, len, "dynamic"); + written += print_in_hook(data, "dynamic"); } else { @@ -238,11 +238,11 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec { inet_ntop(AF_INET6, &this->to6, to_str, sizeof(to_str)); } - written += print_in_hook(dst, len, "%s..%s", from_str, to_str); + written += print_in_hook(data, "%s..%s", from_str, to_str); } else { - written += print_in_hook(dst, len, "%s/%d", from_str, this->netbits); + written += print_in_hook(data, "%s/%d", from_str, this->netbits); } } @@ -255,7 +255,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec return written; } - written += print_in_hook(dst, len, "["); + written += print_in_hook(data, "["); /* build protocol string */ if (has_proto) @@ -264,18 +264,18 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec if (proto) { - written += print_in_hook(dst, len, "%s", proto->p_name); + written += print_in_hook(data, "%s", proto->p_name); serv_proto = proto->p_name; } else { - written += print_in_hook(dst, len, "%d", this->protocol); + written += print_in_hook(data, "%d", this->protocol); } } if (has_proto && has_ports) { - written += print_in_hook(dst, len, "/"); + written += print_in_hook(data, "/"); } /* build port string */ @@ -287,20 +287,20 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec if (serv) { - written += print_in_hook(dst, len, "%s", serv->s_name); + written += print_in_hook(data, "%s", serv->s_name); } else { - written += print_in_hook(dst, len, "%d", this->from_port); + written += print_in_hook(data, "%d", this->from_port); } } else { - written += print_in_hook(dst, len, "%d-%d", this->from_port, this->to_port); + written += print_in_hook(data, "%d-%d", this->from_port, this->to_port); } } - written += print_in_hook(dst, len, "]"); + written += print_in_hook(data, "]"); return written; } @@ -310,6 +310,10 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec */ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_traffic_selector_t *other) { + if (this->dynamic || other->dynamic) + { /* no set_address() applied, TS has no subset */ + return NULL; + } if (this->type == other->type && (this->protocol == other->protocol || this->protocol == 0 || other->protocol == 0)) { @@ -367,7 +371,6 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_ /* we have a match in protocol, port, and address: return it... */ new_ts = traffic_selector_create(protocol, this->type, from_port, to_port); - new_ts->dynamic = this->dynamic || other->dynamic; memcpy(new_ts->from, from, size); memcpy(new_ts->to, to, size); calc_netbits(new_ts); @@ -510,7 +513,7 @@ METHOD(traffic_selector_t, is_dynamic, bool, METHOD(traffic_selector_t, set_address, void, private_traffic_selector_t *this, host_t *host) { - if (this->dynamic) + if (is_host(this, NULL)) { this->type = host->get_family(host) == AF_INET ? TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE; @@ -528,6 +531,7 @@ METHOD(traffic_selector_t, set_address, void, memcpy(this->to, from.ptr, from.len); this->netbits = from.len * 8; } + this->dynamic = FALSE; } } @@ -571,7 +575,7 @@ METHOD(traffic_selector_t, includes, bool, return FALSE; } -METHOD(traffic_selector_t, to_subnet, void, +METHOD(traffic_selector_t, to_subnet, bool, private_traffic_selector_t *this, host_t **net, u_int8_t *mask) { /* there is no way to do this cleanly, as the address range may @@ -597,7 +601,7 @@ METHOD(traffic_selector_t, to_subnet, void, break; default: /* unreachable */ - return; + return FALSE; } net_chunk.ptr = malloc(net_chunk.len); @@ -616,6 +620,8 @@ METHOD(traffic_selector_t, to_subnet, void, *net = host_create_from_chunk(family, net_chunk, port); chunk_free(&net_chunk); + + return this->netbits != NON_SUBNET_ADDRESS_RANGE; } METHOD(traffic_selector_t, clone_, traffic_selector_t*, @@ -735,66 +741,36 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type, traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits, u_int8_t protocol, u_int16_t port) { - private_traffic_selector_t *this = traffic_selector_create(protocol, 0, 0, 65535); + private_traffic_selector_t *this; + chunk_t from; + + this = traffic_selector_create(protocol, 0, 0, 65535); switch (net->get_family(net)) { case AF_INET: - { - chunk_t from; - this->type = TS_IPV4_ADDR_RANGE; - from = net->get_address(net); - memcpy(this->from, from.ptr, from.len); - if (this->from4[0] == 0) - { - /* use /0 for 0.0.0.0 */ - this->to4[0] = ~0; - this->netbits = 0; - } - else - { - calc_range(this, netbits); - } break; - } case AF_INET6: - { - chunk_t from; - this->type = TS_IPV6_ADDR_RANGE; - from = net->get_address(net); - memcpy(this->from, from.ptr, from.len); - if (this->from6[0] == 0 && this->from6[1] == 0 && - this->from6[2] == 0 && this->from6[3] == 0) - { - /* use /0 for ::0 */ - this->to6[0] = ~0; - this->to6[1] = ~0; - this->to6[2] = ~0; - this->to6[3] = ~0; - this->netbits = 0; - } - else - { - calc_range(this, netbits); - } break; - } default: - { net->destroy(net); free(this); return NULL; - } } + from = net->get_address(net); + memcpy(this->from, from.ptr, from.len); + netbits = min(netbits, this->type == TS_IPV4_ADDR_RANGE ? 32 : 128); + calc_range(this, netbits); if (port) { this->from_port = port; this->to_port = port; } net->destroy(net); - return (&this->public); + + return &this->public; } /* diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h index 257da3f24..7a81521e9 100644 --- a/src/libstrongswan/selectors/traffic_selector.h +++ b/src/libstrongswan/selectors/traffic_selector.h @@ -203,8 +203,9 @@ struct traffic_selector_t { * * @param net converted subnet (has to be freed) * @param mask converted net mask + * @return TRUE if traffic selector matches exactly to the subnet */ - void (*to_subnet) (traffic_selector_t *this, host_t **net, u_int8_t *mask); + bool (*to_subnet) (traffic_selector_t *this, host_t **net, u_int8_t *mask); /** * Destroys the ts object @@ -309,7 +310,7 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, * With the #-specifier, arguments are: * linked_list_t *list containing traffic_selector_t* */ -int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, - const void *const *args); +int traffic_selector_printf_hook(printf_hook_data_t *data, + printf_hook_spec_t *spec, const void *const *args); #endif /** TRAFFIC_SELECTOR_H_ @}*/ |