summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2008-07-01 14:31:38 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2008-07-01 14:31:38 +0000
commit9c78cb2146f35e6ffd5b0e0a09831b3f586c8f15 (patch)
tree574825d1578b0c5a9c96e131f520f1ea7c9c1b74
parent72033ed7feeaabc7fd5e2c6fed9ac62a26c7f333 (diff)
If a rules contains a hostname instead of an address, use the list
of all possible addresses from DNS and not only the first one. So during expansion, the right address family can be chosen and regression test ike56 passes again. There localhost resolves to 127.0.0.1 and ::1. ok hshoexer
-rw-r--r--sbin/ipsecctl/parse.y13
1 files changed, 9 insertions, 4 deletions
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index a53667f07bd..9bf95d429a4 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.137 2008/07/01 14:08:39 bluhm Exp $ */
+/* $OpenBSD: parse.y,v 1.138 2008/07/01 14:31:37 bluhm Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -1583,7 +1583,7 @@ host_v4(const char *s, int mask)
struct ipsec_addr_wrap *
host_dns(const char *s, int mask)
{
- struct ipsec_addr_wrap *ipa = NULL;
+ struct ipsec_addr_wrap *ipa = NULL, *head = NULL;
struct addrinfo hints, *res0, *res;
int error;
char hbuf[NI_MAXHOST];
@@ -1629,6 +1629,12 @@ host_dns(const char *s, int mask)
ipa->af = res->ai_family;
ipa->next = NULL;
ipa->tail = ipa;
+ if (head == NULL)
+ head = ipa;
+ else {
+ head->tail->next = ipa;
+ head->tail = ipa;
+ }
/*
* XXX for now, no netmask support for IPv6.
@@ -1642,11 +1648,10 @@ host_dns(const char *s, int mask)
if (mask != -1)
err(1, "host_dns: cannot apply netmask "
"on non-IPv4 address");
- break;
}
freeaddrinfo(res0);
- return (ipa);
+ return (head);
}
struct ipsec_addr_wrap *