Request and acquire multiple virtual IPs in IKEv1 Mode Config

1 files changed, 61 insertions, 47 deletions

diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c
index ecf2e627a..ef1b35c17 100644
--- a/src/libcharon/sa/ikev1/tasks/mode_config.c
+++ b/src/libcharon/sa/ikev1/tasks/mode_config.c
@@ -42,9 +42,9 @@ struct private_mode_config_t {
 	bool initiator;
 
 	/**
-	 * virtual ip
+	 * Received list of virtual IPs, host_t*
 	 */
-	host_t *virtual_ip;
+	linked_list_t *vips;
 
 	/**
 	 * list of attributes requested and its handler, entry_t
@@ -174,8 +174,7 @@ static void process_attribute(private_mode_config_t *this,
 			}
 			if (ip)
 			{
-				DESTROY_IF(this->virtual_ip);
-				this->virtual_ip = ip;
+				this->vips->insert_last(this->vips, ip);
 			}
 			break;
 		}
@@ -322,55 +321,62 @@ METHOD(task_t, build_r, status_t,
 	enumerator_t *enumerator;
 	configuration_attribute_type_t type;
 	chunk_t value;
-	host_t *vip = NULL;
 	cp_payload_t *cp = NULL;
 	peer_cfg_t *config;
 	identification_t *id;
 	linked_list_t *vips, *pools;
-	char *pool;
+	host_t *requested;
 
 	id = this->ike_sa->get_other_eap_id(this->ike_sa);
-
 	config = this->ike_sa->get_peer_cfg(this->ike_sa);
-	enumerator = config->create_pool_enumerator(config);
-	if (!enumerator->enumerate(enumerator, &pool))
-	{	/* TODO: currently we query the first pool, only */
-		pool = NULL;
-	}
-	enumerator->destroy(enumerator);
-	if (this->virtual_ip)
+	vips = linked_list_create();
+	pools = linked_list_create();
+
+	enumerator = this->vips->create_enumerator(this->vips);
+	while (enumerator->enumerate(enumerator, &requested))
 	{
-		DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip);
-		if (pool)
-		{
-			vip = hydra->attributes->acquire_address(hydra->attributes,
-												pool, id, this->virtual_ip);
-		}
-		cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY);
-		if (vip)
+		enumerator_t *poolenum;
+		char *pool;
+		host_t *found = NULL;
+
+		/* query all pools until we get an address */
+		DBG1(DBG_IKE, "peer requested virtual IP %H", requested);
+
+		poolenum = config->create_pool_enumerator(config);
+		while (poolenum->enumerate(poolenum, &pool))
 		{
-			DBG1(DBG_IKE, "assigning virtual IP %H to peer '%Y'", vip, id);
-			this->ike_sa->add_virtual_ip(this->ike_sa, FALSE, vip);
-			cp->add_attribute(cp, build_vip(vip));
+			found = hydra->attributes->acquire_address(hydra->attributes,
+													   pool, id, requested);
+			if (!found)
+			{
+				continue;
+			}
+			DBG1(DBG_IKE, "assigning virtual IP %H to peer '%Y'", found, id);
+			this->ike_sa->add_virtual_ip(this->ike_sa, FALSE, found);
+			if (!cp)
+			{
+				cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY);
+			}
+			cp->add_attribute(cp, build_vip(found));
+			/* use pool to request other attributes */
+			if (pools->find_first(pools, NULL, (void**)&pool) == NOT_FOUND)
+			{
+				pools->insert_last(pools, pool);
+			}
+			vips->insert_last(vips, found);
+			break;
 		}
-		else
+		poolenum->destroy(poolenum);
+
+		if (!found)
 		{
-			DBG1(DBG_IKE, "no virtual IP found, sending empty config payload");
+			DBG1(DBG_IKE, "no virtual IP found for %H requested by '%Y'",
+				 requested, id);
 		}
 	}
+	enumerator->destroy(enumerator);
+
 	/* query registered providers for additional attributes to include */
-	vips = linked_list_create();
-	/* TODO: use list with all assigned VIPs */
-	if (vip)
-	{
-		vips->insert_last(vips, vip);
-	}
-	pools = linked_list_create();
-	/* TODO: use list of all pools */
-	if (pool)
-	{
-		pools->insert_last(pools, pool);
-	}
 	enumerator = hydra->attributes->create_responder_enumerator(
 											hydra->attributes, pools, id, vips);
 	while (enumerator->enumerate(enumerator, &type, &value))
@@ -386,27 +392,35 @@ METHOD(task_t, build_r, status_t,
 												 type, value));
 	}
 	enumerator->destroy(enumerator);
+	vips->destroy_offset(vips, offsetof(host_t, destroy));
 	vips->destroy(vips);
-	pools->destroy(pools);
 
 	if (cp)
 	{
 		cp->set_identifier(cp, this->identifier);
 		message->add_payload(message, (payload_t*)cp);
 	}
-	DESTROY_IF(vip);
 	return SUCCESS;
 }
 
 METHOD(task_t, process_i, status_t,
 	private_mode_config_t *this, message_t *message)
 {
+	enumerator_t *enumerator;
+	host_t *host;
+
 	process_payloads(this, message);
 
-	if (this->virtual_ip)
+	enumerator = this->vips->create_enumerator(this->vips);
+	while (enumerator->enumerate(enumerator, &host))
 	{
-		this->ike_sa->add_virtual_ip(this->ike_sa, TRUE, this->virtual_ip);
+		if (!host->is_anyaddr(host))
+		{
+			this->ike_sa->add_virtual_ip(this->ike_sa, TRUE, host);
+		}
 	}
+	enumerator->destroy(enumerator);
+
 	return SUCCESS;
 }
 
@@ -419,10 +433,9 @@ METHOD(task_t, get_type, task_type_t,
 METHOD(task_t, migrate, void,
 	private_mode_config_t *this, ike_sa_t *ike_sa)
 {
-	DESTROY_IF(this->virtual_ip);
-
 	this->ike_sa = ike_sa;
-	this->virtual_ip = NULL;
+	this->vips->destroy_offset(this->vips, offsetof(host_t, destroy));
+	this->vips = linked_list_create();
 	this->requested->destroy_function(this->requested, free);
 	this->requested = linked_list_create();
 }
@@ -430,7 +443,7 @@ METHOD(task_t, migrate, void,
 METHOD(task_t, destroy, void,
 	private_mode_config_t *this)
 {
-	DESTROY_IF(this->virtual_ip);
+	this->vips->destroy_offset(this->vips, offsetof(host_t, destroy));
 	this->requested->destroy_function(this->requested, free);
 	free(this);
 }
@@ -453,6 +466,7 @@ mode_config_t *mode_config_create(ike_sa_t *ike_sa, bool initiator)
 		.initiator = initiator,
 		.ike_sa = ike_sa,
 		.requested = linked_list_create(),
+		.vips = linked_list_create(),
 	);
 
 	if (initiator)