diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-12-14 10:17:29 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-12-14 10:17:29 +0000 |
| commit | 1ab553d24519e0dfba8905c63f981e6757231552 (patch) | |
| tree | b50c2061406d11c5e3a5dc13a468c68357f64a4b /sbin/isakmpd/ipsec.c | |
| parent | 7bd191da600d6d33c1d70abf3d41c55537ed9646 (diff) | |
Allow the Address, Network, or Netmask values of the <IPsec-ID> to be
specified with an interface name (in which case the first address is used)
or the keyword 'default' (in which case the address is selected based on the
default route). eg:
[roadwarrior-ip]
ID-type= IPV4_ADDR
Address= default
ok ho@ hshoexer@
Diffstat (limited to 'sbin/isakmpd/ipsec.c')
| -rw-r--r-- | sbin/isakmpd/ipsec.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index 1eda79a6f40..080de6f6e8d 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.104 2004/09/17 13:53:08 ho Exp $ */ +/* $OpenBSD: ipsec.c,v 1.105 2004/12/14 10:17:28 mcbride Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -1838,6 +1838,7 @@ ipsec_get_id(char *section, int *id, struct sockaddr **addr, struct sockaddr **mask, u_int8_t *tproto, u_int16_t *port) { char *type, *address, *netmask; + sa_family_t af = 0; type = conf_get_str(section, "ID-type"); if (!type) { @@ -1848,6 +1849,16 @@ ipsec_get_id(char *section, int *id, struct sockaddr **addr, *id = constant_value(ipsec_id_cst, type); switch (*id) { case IPSEC_ID_IPV4_ADDR: + case IPSEC_ID_IPV4_ADDR_SUBNET: + af = AF_INET; + break; + case IPSEC_ID_IPV6_ADDR: + case IPSEC_ID_IPV6_ADDR_SUBNET: + af = AF_INET6; + break; + } + switch (*id) { + case IPSEC_ID_IPV4_ADDR: case IPSEC_ID_IPV6_ADDR: { int ret; @@ -1857,7 +1868,7 @@ ipsec_get_id(char *section, int *id, struct sockaddr **addr, "\"Address\" tag", section); return -1; } - if (text2sockaddr(address, NULL, addr)) { + if (text2sockaddr(address, NULL, addr, af, 0)) { log_print("ipsec_get_id: invalid address %s in " "section %s", address, section); return -1; @@ -1887,7 +1898,7 @@ ipsec_get_id(char *section, int *id, struct sockaddr **addr, "\"Network\" tag", section); return -1; } - if (text2sockaddr(address, NULL, addr)) { + if (text2sockaddr(address, NULL, addr, af, 0)) { log_print("ipsec_get_id: invalid section %s " "network %s", section, address); return -1; @@ -1899,7 +1910,7 @@ ipsec_get_id(char *section, int *id, struct sockaddr **addr, free(*addr); return -1; } - if (text2sockaddr(netmask, NULL, mask)) { + if (text2sockaddr(netmask, NULL, mask, af, 1)) { log_print("ipsec_id_build: invalid section %s " "network %s", section, netmask); free(*addr); |