Support multiple virtual IPs on peer_cfg and ike_sa classes

author: Martin Willi <martin@revosec.ch> 2012-08-21 13:50:32 +0200
committer: Martin Willi <martin@revosec.ch> 2012-08-30 16:43:42 +0200
commit: 101d26babeae0a6444bf7a355cbd3fb2e7497fae (patch)
tree: a6b6d2e9561d7a43c79203d69c11cac77a44f76e /src/libcharon/plugins/stroke
parent: d8eec395b22cc890c6f38236392753c6c80b5cc6 (diff)
download: strongswan-101d26babeae0a6444bf7a355cbd3fb2e7497fae.tar.bz2
strongswan-101d26babeae0a6444bf7a355cbd3fb2e7497fae.tar.xz
2 files changed, 33 insertions, 22 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index bf93f2c34..e3ea5428a 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -778,9 +778,13 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
 		msg->add_conn.rekey.tries, rekey, reauth, jitter, over,
 		msg->add_conn.mobike, msg->add_conn.aggressive,
 		msg->add_conn.dpd.delay, msg->add_conn.dpd.timeout,
-		vip, msg->add_conn.other.sourceip_mask ?
+		msg->add_conn.other.sourceip_mask ?
 							msg->add_conn.name : msg->add_conn.other.sourceip,
 		msg->add_conn.ikeme.mediation, mediated_by, peer_id);
+	if (vip)
+	{
+		peer_cfg->add_virtual_ip(peer_cfg, vip);
+	}
 
 	/* build leftauth= */
 	auth_cfg = build_auth_cfg(this, msg, TRUE, TRUE);
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index 163a2a750..233d4088f 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -407,10 +407,10 @@ METHOD(stroke_control_t, rekey, void,
 METHOD(stroke_control_t, terminate_srcip, void,
 	private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
 {
-	enumerator_t *enumerator;
+	enumerator_t *enumerator, *vips;
 	ike_sa_t *ike_sa;
 	host_t *start = NULL, *end = NULL, *vip;
-	chunk_t chunk_start, chunk_end = chunk_empty, chunk_vip;
+	chunk_t chunk_start, chunk_end = chunk_empty, chunk;
 
 	if (msg->terminate_srcip.start)
 	{
@@ -438,33 +438,40 @@ METHOD(stroke_control_t, terminate_srcip, void,
 													charon->controller, TRUE);
 	while (enumerator->enumerate(enumerator, &ike_sa))
 	{
-		vip = ike_sa->get_virtual_ip(ike_sa, FALSE);
-		if (!vip)
-		{
-			continue;
-		}
-		if (!end)
+		bool match = FALSE;
+
+		vips = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
+		while (vips->enumerate(vips, &vip))
 		{
-			if (!vip->ip_equals(vip, start))
+			if (!end)
 			{
-				continue;
+				if (vip->ip_equals(vip, start))
+				{
+					match = TRUE;
+					break;
+				}
 			}
-		}
-		else
-		{
-			chunk_vip = vip->get_address(vip);
-			if (chunk_vip.len != chunk_start.len ||
-				chunk_vip.len != chunk_end.len ||
-				memcmp(chunk_vip.ptr, chunk_start.ptr, chunk_vip.len) < 0 ||
-				memcmp(chunk_vip.ptr, chunk_end.ptr, chunk_vip.len) > 0)
+			else
 			{
-				continue;
+				chunk = vip->get_address(vip);
+				if (chunk.len == chunk_start.len &&
+					chunk.len == chunk_end.len &&
+					memcmp(chunk.ptr, chunk_start.ptr, chunk.len) >= 0 &&
+					memcmp(chunk.ptr, chunk_end.ptr, chunk.len) <= 0)
+				{
+					match = TRUE;
+					break;
+				}
 			}
 		}
+		vips->destroy(vips);
 
-		/* schedule delete asynchronously */
-		lib->processor->queue_job(lib->processor, (job_t*)
+		if (match)
+		{
+			/* schedule delete asynchronously */
+			lib->processor->queue_job(lib->processor, (job_t*)
 						delete_ike_sa_job_create(ike_sa->get_id(ike_sa), TRUE));
+		}
 	}
 	enumerator->destroy(enumerator);
 	start->destroy(start);
author	Martin Willi <martin@revosec.ch>	2012-08-21 13:50:32 +0200
committer	Martin Willi <martin@revosec.ch>	2012-08-30 16:43:42 +0200
commit	101d26babeae0a6444bf7a355cbd3fb2e7497fae (patch)
tree	a6b6d2e9561d7a43c79203d69c11cac77a44f76e /src/libcharon/plugins/stroke
parent	d8eec395b22cc890c6f38236392753c6c80b5cc6 (diff)
download	strongswan-101d26babeae0a6444bf7a355cbd3fb2e7497fae.tar.bz2 strongswan-101d26babeae0a6444bf7a355cbd3fb2e7497fae.tar.xz