- st->netlink_to_tunnel=
- netlink_init(&st->nl,st,loc,dict,
- "netlink-tun",tun_deliver_to_kernel);
-
- st->device_path=dict_read_string(dict,"device",False,"tun-netlink",loc);
- st->interface_name=dict_read_string(dict,"interface",False,
- "tun-netlink",loc);
- search_for_if=dict_read_bool(dict,"interface-search",False,"tun-netlink",
- loc,st->device_path==NULL);
- st->ifconfig_path=dict_read_string(dict,"ifconfig-path",False,
- "tun-netlink",loc);
- st->route_path=dict_read_string(dict,"route-path",False,"tun-netlink",loc);
-
- if (!st->device_path) st->device_path="/dev/tun";
- if (!st->ifconfig_path) st->ifconfig_path="ifconfig";
- if (!st->route_path) st->route_path="route";
- st->buff=find_cl_if(dict,"buffer",CL_BUFFER,True,"tun-netlink",loc);
-
- /* Old TUN interface: the network interface name depends on which
- /dev/tunX file we open. If 'interface-search' is set to true, treat
- 'device' as the prefix and try numbers from 0--255. If it's set
- to false, treat 'device' as the whole name, and require than an
- appropriate interface name be specified. */
- if (search_for_if) {
- string_t dname;
- int i;
-
- if (st->interface_name) {
- cfgfatal(loc,"tun-old","you may not specify an interface name "
- "in interface-search mode\n");
- }
- dname=safe_malloc(strlen(st->device_path)+4,"tun_old_apply");
- st->interface_name=safe_malloc(8,"tun_old_apply");
-
- for (i=0; i<255; i++) {
- sprintf(dname,"%s%d",st->device_path,i);
- if ((st->fd=open(dname,O_RDWR))>0) {
- sprintf(st->interface_name,"tun%d",i);
- Message(M_INFO,"%s: allocated network interface %s "
- "through %s\n",st->nl.name,st->interface_name,dname);
- break;
- }
- }
- if (st->fd==-1) {
- fatal("%s: unable to open any TUN device (%s...)\n",
- st->nl.name,st->device_path);
- }
+ st->name=dict_read_string(dict,"name",False,description,loc);
+ if (!st->name) st->name=description;
+ l=dict_lookup(dict,"networks");
+ if (l)
+ st->networks=string_list_to_ipset(l,loc,st->name,"networks");
+ else {
+ struct ipset *empty;
+ empty=ipset_new();
+ st->networks=ipset_complement(empty);
+ ipset_free(empty);
+ }
+ l=dict_lookup(dict,"remote-networks");
+ if (l) {
+ st->remote_networks=string_list_to_ipset(l,loc,st->name,
+ "remote-networks");