diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-04-11 00:26:49 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-04-11 00:27:04 +0200 |
| commit | b3127b42f913af6a2b0e764d07ee25a4e7b9295e (patch) | |
| tree | badf09f98dab19d91a6e696b07c803ef8ec1234f /src | |
| parent | 9f4b02e31ded8108fb5705e1f9581db36995470a (diff) | |
| download | strongswan-b3127b42f913af6a2b0e764d07ee25a4e7b9295e.tar.bz2 strongswan-b3127b42f913af6a2b0e764d07ee25a4e7b9295e.tar.xz | |
support in-memory pools in swapped connection definitions
Diffstat (limited to 'src')
| -rw-r--r-- | src/pluto/connections.c | 37 | ||||
| -rw-r--r-- | src/pluto/connections.h | 1 |
2 files changed, 19 insertions, 19 deletions
diff --git a/src/pluto/connections.c b/src/pluto/connections.c index b6ba57c4c..349d4b722 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -860,10 +860,11 @@ static void load_end_certificate(char *filename, struct end *dst) } static bool extract_end(struct end *dst, const whack_end_t *src, - const char *name, const char *which) + const char *name, bool is_left) { bool same_ca = FALSE; + dst->is_left = is_left; dst->id = identification_create_from_string(src->id); dst->ca = NULL; @@ -917,22 +918,10 @@ static bool extract_end(struct end *dst, const whack_end_t *src, dst->updown = clone_str(src->updown); dst->host_port = src->host_port; - if (streq(which, "right")) + /* if the sourceip netmask is zero a named pool exists */ + if (src->sourceip_mask == 0) { - /* if the sourceip netmask is zero a named pool exists */ - if (src->sourceip_mask == 0) - { - dst->pool = clone_str(src->sourceip); - } - else if (whack_attr->add_pool(whack_attr, name, src)) - { /* otherwise we try to add a new in-memory pool, which in case of - * %config (sourceip == NULL, sourceip_maks == 1) just returns - * the requested address */ - dst->pool = clone_str(name); - dst->modecfg = TRUE; - /* reset the host sourceip so it gets assigned in modecfg */ - anyaddr(AF_INET, &dst->host_srcip); - } + dst->pool = clone_str(src->sourceip); } /* if host sourceip is defined but no client is present @@ -1136,9 +1125,8 @@ void add_connection(const whack_message_t *wm) c->tunnel_addr_family = wm->tunnel_addr_family; c->requested_ca = NULL; - - same_leftca = extract_end(&c->spd.this, &wm->left, wm->name, "left"); - same_rightca = extract_end(&c->spd.that, &wm->right, wm->name, "right"); + same_leftca = extract_end(&c->spd.this, &wm->left, wm->name, TRUE); + same_rightca = extract_end(&c->spd.that, &wm->right, wm->name, FALSE); if (same_rightca && c->spd.this.ca) { @@ -1215,6 +1203,17 @@ void add_connection(const whack_message_t *wm) (void)orient(c); + /* if rightsourceip defines a subnet then create an in-memory pool */ + if (whack_attr->add_pool(whack_attr, c->name, + c->spd.this.is_left ? &wm->right : &wm->left)) + { + c->spd.that.pool = clone_str(c->name); + c->spd.that.modecfg = TRUE; + c->spd.that.has_client = FALSE; + /* reset the host_srcip so that it gets assigned in modecfg */ + anyaddr(AF_INET, &c->spd.that.host_srcip); + } + if (c->ikev1) { connect_to_host_pair(c); diff --git a/src/pluto/connections.h b/src/pluto/connections.h index ee2e00da6..66aea1541 100644 --- a/src/pluto/connections.h +++ b/src/pluto/connections.h @@ -137,6 +137,7 @@ struct end { host_srcip; ip_subnet client; + bool is_left; bool key_from_DNS_on_demand; bool has_client; bool has_client_wildcard; |