ipsec-tools: back-port SPLIT_*_CIDR from 0.8.0 to 0.7.3.
Change-Id: I39e8db5bd67ca208d77fde846075d2ab808b682b
diff --git a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
index ddf57c0..a9aa609 100644
--- a/src/racoon/isakmp_cfg.c
+++ b/src/racoon/isakmp_cfg.c
@@ -1871,6 +1871,7 @@
char addrstr[IP_MAX];
char addrlist[IP_MAX * MAXNS + MAXNS];
char *splitlist = addrlist;
+ char *splitlist_cidr;
char defdom[MAXPATHLEN + 1];
int cidr, tmp;
char cidrstr[4];
@@ -2011,10 +2012,14 @@
}
/* Split networks */
- if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE)
- splitlist = splitnet_list_2str(iph1->mode_cfg->split_include);
- else {
+ if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE) {
+ splitlist =
+ splitnet_list_2str(iph1->mode_cfg->split_include, NETMASK);
+ splitlist_cidr =
+ splitnet_list_2str(iph1->mode_cfg->split_include, CIDR);
+ } else {
splitlist = addrlist;
+ splitlist_cidr = addrlist;
addrlist[0] = '\0';
}
@@ -2022,13 +2027,25 @@
plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_INCLUDE\n");
return -1;
}
+ if (script_env_append(envp, envc,
+ "SPLIT_INCLUDE_CIDR", splitlist_cidr) != 0) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "Cannot set SPLIT_INCLUDE_CIDR\n");
+ return -1;
+ }
if (splitlist != addrlist)
racoon_free(splitlist);
+ if (splitlist_cidr != addrlist)
+ racoon_free(splitlist_cidr);
- if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL)
- splitlist = splitnet_list_2str(iph1->mode_cfg->split_local);
- else {
+ if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL) {
+ splitlist =
+ splitnet_list_2str(iph1->mode_cfg->split_local, NETMASK);
+ splitlist_cidr =
+ splitnet_list_2str(iph1->mode_cfg->split_local, CIDR);
+ } else {
splitlist = addrlist;
+ splitlist_cidr = addrlist;
addrlist[0] = '\0';
}
@@ -2036,9 +2053,17 @@
plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_LOCAL\n");
return -1;
}
+ if (script_env_append(envp, envc,
+ "SPLIT_LOCAL_CIDR", splitlist_cidr) != 0) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "Cannot set SPLIT_LOCAL_CIDR\n");
+ return -1;
+ }
if (splitlist != addrlist)
racoon_free(splitlist);
-
+ if (splitlist_cidr != addrlist)
+ racoon_free(splitlist_cidr);
+
return 0;
}
diff --git a/src/racoon/isakmp_cfg.h b/src/racoon/isakmp_cfg.h
index 253a17f..dcffb74 100644
--- a/src/racoon/isakmp_cfg.h
+++ b/src/racoon/isakmp_cfg.h
@@ -38,7 +38,7 @@
#ifdef ANDROID_PATCHED
#include <arpa/inet.h>
#ifndef MAXNS
-#define MAXNS 2
+#define MAXNS 16
#endif
#endif
diff --git a/src/racoon/isakmp_unity.c b/src/racoon/isakmp_unity.c
index 9873f59..99e3f3e 100644
--- a/src/racoon/isakmp_unity.c
+++ b/src/racoon/isakmp_unity.c
@@ -354,8 +354,9 @@
}
}
-char * splitnet_list_2str(list)
+char * splitnet_list_2str(list, splitnet_ipaddr)
struct unity_netentry * list;
+ enum splinet_ipaddr splitnet_ipaddr;
{
struct unity_netentry * netentry;
char tmp1[40];
@@ -389,8 +390,17 @@
inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);
+ if (splitnet_ipaddr == CIDR) {
+ uint32_t tmp3;
+ int cidrmask;
- len += sprintf(str+len, "%s/%s ", tmp1, tmp2);
+ tmp3 = ntohl(netentry->network.mask4.s_addr);
+ for (cidrmask = 0; tmp3 != 0; cidrmask++)
+ tmp3 <<= 1;
+ len += sprintf(str+len, "%s/%d ", tmp1, cidrmask);
+ } else {
+ len += sprintf(str+len, "%s/%s ", tmp1, tmp2);
+ }
netentry = netentry->next;
}
diff --git a/src/racoon/isakmp_unity.h b/src/racoon/isakmp_unity.h
index b52f02c..f564197 100644
--- a/src/racoon/isakmp_unity.h
+++ b/src/racoon/isakmp_unity.h
@@ -31,6 +31,8 @@
* SUCH DAMAGE.
*/
+enum splinet_ipaddr { NETMASK, CIDR };
+
/* ISAKMP notifies specific to the Unity vendor Id */
/* Sent during xauth if the user types his password too slowly */
#define ISAKMP_NTYPE_UNITY_HEARTBEAT 40500
@@ -66,7 +68,7 @@
int splitnet_list_add(struct unity_netentry **, struct unity_network *, int *);
void splitnet_list_free(struct unity_netentry *, int *);
-char * splitnet_list_2str(struct unity_netentry *);
+char * splitnet_list_2str(struct unity_netentry *, enum splinet_ipaddr);
vchar_t *isakmp_unity_req(struct ph1handle *, struct isakmp_data *);
void isakmp_unity_reply(struct ph1handle *, struct isakmp_data *);