diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2013-07-10 15:29:38 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-07-17 17:45:18 +0200 |
| commit | e9c1ca0278a0f512545c8b3aa6be0983e57412ec (patch) | |
| tree | f1932456d4199033f1064c63f1dc06b25c090ba8 /src/libhydra | |
| parent | cb082d15eff3948f9bfbb4d43d48cdf8e4ee993e (diff) | |
| download | strongswan-e9c1ca0278a0f512545c8b3aa6be0983e57412ec.tar.bz2 strongswan-e9c1ca0278a0f512545c8b3aa6be0983e57412ec.tar.xz | |
kernel-pfroute: Ignore virtual IPs in address map
As the virtual flag is set after the address has been added to the map,
we make sure we ignore virtual IPs when doing lookups.
Diffstat (limited to 'src/libhydra')
| -rw-r--r-- | src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c index c1224cc98..d4a595762 100644 --- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -136,6 +136,9 @@ struct addr_map_entry_t { /** The IP address */ host_t *ip; + /** The address entry for this IP address */ + addr_entry_t *addr; + /** The interface this address is installed on */ iface_entry_t *iface; }; @@ -166,8 +169,8 @@ static bool addr_map_entry_equals(addr_map_entry_t *a, addr_map_entry_t *b) static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a, addr_map_entry_t *b) { - return iface_entry_up_and_usable(b->iface) && - a->ip->ip_equals(a->ip, b->ip); + return !b->addr->virtual && iface_entry_up_and_usable(b->iface) && + a->ip->ip_equals(a->ip, b->ip); } /** @@ -176,7 +179,8 @@ static bool addr_map_entry_match_up_and_usable(addr_map_entry_t *a, */ static bool addr_map_entry_match_up(addr_map_entry_t *a, addr_map_entry_t *b) { - return iface_entry_up(b->iface) && a->ip->ip_equals(a->ip, b->ip); + return !b->addr->virtual && iface_entry_up(b->iface) && + a->ip->ip_equals(a->ip, b->ip); } typedef struct route_entry_t route_entry_t; @@ -489,13 +493,9 @@ static void addr_map_entry_add(private_kernel_pfroute_net_t *this, { addr_map_entry_t *entry; - if (addr->virtual) - { /* don't map virtual IPs */ - return; - } - INIT(entry, .ip = addr->ip, + .addr = addr, .iface = iface, ); entry = this->addrs->put(this->addrs, entry, entry); @@ -511,14 +511,10 @@ static void addr_map_entry_remove(addr_entry_t *addr, iface_entry_t *iface, { addr_map_entry_t *entry, lookup = { .ip = addr->ip, + .addr = addr, .iface = iface, }; - if (addr->virtual) - { /* these are never mapped, but this check avoid problems if a virtual IP - * equals a regular one */ - return; - } entry = this->addrs->remove(this->addrs, &lookup); free(entry); } |