emit a single assig_vips bus message for all VIPs

8 files changed, 57 insertions, 62 deletions

diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index f87371c3a..0db5a8a9c 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -759,8 +759,8 @@ METHOD(bus_t, narrow, void,
 	this->mutex->unlock(this->mutex);
 }
 
-METHOD(bus_t, assign_vip, void,
-	private_bus_t *this, ike_sa_t *ike_sa, host_t *vip, bool assign)
+METHOD(bus_t, assign_vips, void,
+	private_bus_t *this, ike_sa_t *ike_sa, bool assign)
 {
 	enumerator_t *enumerator;
 	entry_t *entry;
@@ -770,13 +770,12 @@ METHOD(bus_t, assign_vip, void,
 	enumerator = this->listeners->create_enumerator(this->listeners);
 	while (enumerator->enumerate(enumerator, &entry))
 	{
-		if (entry->calling || !entry->listener->assign_vip)
+		if (entry->calling || !entry->listener->assign_vips)
 		{
 			continue;
 		}
 		entry->calling++;
-		keep = entry->listener->assign_vip(entry->listener, ike_sa,
-											vip, assign);
+		keep = entry->listener->assign_vips(entry->listener, ike_sa, assign);
 		entry->calling--;
 		if (!keep)
 		{
@@ -835,7 +834,7 @@ bus_t *bus_create()
 			.child_rekey = _child_rekey,
 			.authorize = _authorize,
 			.narrow = _narrow,
-			.assign_vip = _assign_vip,
+			.assign_vips = _assign_vips,
 			.destroy = _destroy,
 		},
 		.listeners = linked_list_create(),
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 961981609..75244d6bf 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -388,11 +388,10 @@ struct bus_t {
 	/**
 	 * Virtual IP assignment hook.
 	 *
-	 * @param ike_sa	IKE_SA the VIP is assigned to
-	 * @param vip		Virtual IPv4 or IV6 address
+	 * @param ike_sa	IKE_SA the VIPs are assigned to
 	 * @param assign	TRUE if assigned to IKE_SA, FALSE if released
 	 */
-	void (*assign_vip)(bus_t *this, ike_sa_t *ike_sa, host_t *vip, bool assign);
+	void (*assign_vips)(bus_t *this, ike_sa_t *ike_sa, bool assign);
 
 	/**
 	 * Destroy the event bus.
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index 274701012..ef4daced2 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -197,13 +197,11 @@ struct listener_t {
 	 * This hook gets invoked when a a Virtual IP address is assigned to an
 	 * IKE_SA (assign = TRUE) and again when it is released (assign = FALSE)
 	 *
-	 * @param ike_sa	IKE_SA the VIP is assigned to
-	 * @param vip		Virtual IPv4 or IV6 address
+	 * @param ike_sa	IKE_SA the VIPs are assigned to
 	 * @param assign	TRUE if assigned to IKE_SA, FALSE if released
 	 * @return			TRUE to stay registered, FALSE to unregister
 	 */
-	bool (*assign_vip)(listener_t *this, ike_sa_t *ike_sa, host_t *vip,
-					   bool assign);
+	bool (*assign_vips)(listener_t *this, ike_sa_t *ike_sa, bool assign);
 
 };
 
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
index 1603c9323..4ad19c530 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
@@ -71,9 +71,8 @@ static bool publish_device_ip_addresses(private_tnc_ifmap_listener_t *this)
  */
 static bool reload_metadata(private_tnc_ifmap_listener_t *this)
 {
-	enumerator_t *enumerator, *evips;
 	ike_sa_t *ike_sa;
-	host_t *vip;
+	enumerator_t *enumerator;
 	bool success = TRUE;
 
 	enumerator = charon->controller->create_ike_sa_enumerator(
@@ -84,21 +83,12 @@ static bool reload_metadata(private_tnc_ifmap_listener_t *this)
 		{
 			continue;
 		}
-		if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE))
+		if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE) ||
+			!this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, TRUE))
 		{
 			success = FALSE;
 			break;
 		}
-		evips = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
-		while (evips->enumerate(evips, &vip))
-		{
-			if (!this->ifmap->publish_virtual_ip(this->ifmap, ike_sa, vip, TRUE))
-			{
-				success = FALSE;
-				break;
-			}
-		}
-		evips->destroy(evips);
 	}
 	enumerator->destroy(enumerator);
 
@@ -115,11 +105,10 @@ METHOD(listener_t, ike_updown, bool,
 	return TRUE;
 }
 
-METHOD(listener_t, assign_vip, bool,
-	private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, host_t *vip,
-	bool assign)
+METHOD(listener_t, assign_vips, bool,
+	private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, bool assign)
 {
-	this->ifmap->publish_virtual_ip(this->ifmap, ike_sa, vip, assign);
+	this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, assign);
 	return TRUE;
 }
 
@@ -163,7 +152,7 @@ tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload)
 		.public = {
 			.listener = {
 				.ike_updown = _ike_updown,
-				.assign_vip = _assign_vip,
+				.assign_vips = _assign_vips,
 				.alert = _alert,
 			},
 			.destroy = _destroy,
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
index fb97a6d2d..df7d2e2a1 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
@@ -579,12 +579,14 @@ METHOD(tnc_ifmap_soap_t, publish_device_ip, bool,
 	return success;
 }
 
-METHOD(tnc_ifmap_soap_t, publish_virtual_ip, bool,
-	private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, host_t *vip, bool assign)
+METHOD(tnc_ifmap_soap_t, publish_virtual_ips, bool,
+	private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, bool assign)
 {
 	tnc_ifmap_soap_msg_t *soap_msg;
 	xmlNodePtr request, node;
 	u_int32_t ike_sa_id;
+	enumerator_t *enumerator;
+	host_t *vip;
 	bool success;
 
 	/* extract relevant data from IKE_SA*/
@@ -593,26 +595,31 @@ METHOD(tnc_ifmap_soap_t, publish_virtual_ip, bool,
 	/* build publish request */
 	request = create_publish_request(this);
 
-	/**
-	 * update or delete access-request-ip metadata for a virtual IP address
-	 */
-	if (assign)
-	{
-		node = xmlNewNode(NULL, "update");
-	}
-	else
+	enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
+	while (enumerator->enumerate(enumerator, &vip))
 	{
-		node = create_delete_filter(this, "access-request-ip");
-	}
-	xmlAddChild(request, node);
+		/**
+		 * update or delete access-request-ip metadata for a virtual IP address
+		 */
+		if (assign)
+		{
+			node = xmlNewNode(NULL, "update");
+		}
+		else
+		{
+			node = create_delete_filter(this, "access-request-ip");
+		}
+		xmlAddChild(request, node);
 
-	/* add access-request, virtual ip-address and [if assign] metadata */
-	xmlAddChild(node, create_access_request(this, ike_sa_id));
-	xmlAddChild(node, create_ip_address(this, vip));
-	if (assign)
-	{
-		xmlAddChild(node, create_metadata(this, "access-request-ip"));
+		/* add access-request, virtual ip-address and [if assign] metadata */
+			xmlAddChild(node, create_access_request(this, ike_sa_id));
+			xmlAddChild(node, create_ip_address(this, vip));
+			if (assign)
+		{
+			xmlAddChild(node, create_metadata(this, "access-request-ip"));
+		}
 	}
+	enumerator->destroy(enumerator);
 
 	soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
 	success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
@@ -893,7 +900,7 @@ tnc_ifmap_soap_t *tnc_ifmap_soap_create()
 			.purgePublisher = _purgePublisher,
 			.publish_ike_sa = _publish_ike_sa,
 			.publish_device_ip = _publish_device_ip,
-			.publish_virtual_ip = _publish_virtual_ip,
+			.publish_virtual_ips = _publish_virtual_ips,
 			.publish_enforcement_report = _publish_enforcement_report,
 			.endSession = _endSession,
 			.get_session_id = _get_session_id,
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
index d193f7e2e..fbc65a2b1 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
@@ -71,15 +71,14 @@ struct tnc_ifmap_soap_t {
 	bool (*publish_device_ip)(tnc_ifmap_soap_t *this, host_t *host);
 
 	/**
-	 * Publish Virtual IP  access-request-ip metadata
+	 * Publish Virtual IP access-request-ip metadata
 	 *
-	 * @param ike_sa		IKE_SA for which metadata is published
-	 * @param vip			Virtual IP address of peer
+	 * @param ike_sa		IKE_SA for which Virtual IP metadata is published
 	 * @param assign		TRUE if assigned, FALSE if removed
 	 * @return				TRUE if command was successful
 	 */
-	bool (*publish_virtual_ip)(tnc_ifmap_soap_t *this, ike_sa_t *ike_sa,
-							   host_t *vip, bool assign);
+	bool (*publish_virtual_ips)(tnc_ifmap_soap_t *this, ike_sa_t *ike_sa,
+								bool assign);
 
 	/**
 	 * Publish enforcement-report metadata
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 050279a49..63c04d9c0 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -766,7 +766,6 @@ METHOD(ike_sa_t, add_virtual_ip, void,
 	else
 	{
 		this->other_vips->insert_last(this->other_vips, ip->clone(ip));
-		charon->bus->assign_vip(charon->bus, &this->public, ip, TRUE);
 	}
 }
 
@@ -777,6 +776,10 @@ METHOD(ike_sa_t, clear_virtual_ips, void,
 	linked_list_t *vips = local ? this->my_vips : this->other_vips;
 	host_t *vip;
 
+	if (!local && vips->get_count(vips))
+	{
+		charon->bus->assign_vips(charon->bus, &this->public, FALSE);
+	}
 	while (vips->remove_first(vips, (void**)&vip) == SUCCESS)
 	{
 		if (local)
@@ -784,10 +787,6 @@ METHOD(ike_sa_t, clear_virtual_ips, void,
 			hydra->kernel_interface->del_ip(hydra->kernel_interface,
 											vip, -1, TRUE);
 		}
-		else
-		{
-			charon->bus->assign_vip(charon->bus, &this->public, vip, FALSE);
-		}
 		vip->destroy(vip);
 	}
 }
@@ -2110,6 +2109,10 @@ METHOD(ike_sa_t, destroy, void,
 		vip->destroy(vip);
 	}
 	this->my_vips->destroy(this->my_vips);
+	if (this->other_vips->get_count(this->other_vips))
+	{
+		charon->bus->assign_vips(charon->bus, &this->public, FALSE);
+	}
 	while (this->other_vips->remove_last(this->other_vips,
 										 (void**)&vip) == SUCCESS)
 	{
@@ -2124,7 +2127,6 @@ METHOD(ike_sa_t, destroy, void,
 			hydra->attributes->release_address(hydra->attributes, pools, vip, id);
 			pools->destroy(pools);
 		}
-		charon->bus->assign_vip(charon->bus, &this->public, vip, FALSE);
 		vip->destroy(vip);
 	}
 	this->other_vips->destroy(this->other_vips);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c
index d637c26fe..17132feee 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_config.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_config.c
@@ -387,6 +387,8 @@ METHOD(task_t, build_r, status_t,
 			pools->destroy(pools);
 			return SUCCESS;
 		}
+		charon->bus->assign_vips(charon->bus, this->ike_sa, TRUE);
+
 		if (pools->get_count(pools) && !this->vips->get_count(this->vips))
 		{
 			DBG1(DBG_IKE, "expected a virtual IP request, sending %N",