Use whack_attribute in pluto to provide in-memory IP address pools.

The pools are configured by setting rightsourceip in ipsec.conf to a
network in CIDR notation.

3 files changed, 23 insertions, 7 deletions

diff --git a/src/pluto/connections.c b/src/pluto/connections.c
index 421dd79b4..38803ea65 100644
--- a/src/pluto/connections.c
+++ b/src/pluto/connections.c
@@ -62,6 +62,7 @@
 #include "kernel_alg.h"
 #include "nat_traversal.h"
 #include "virtual.h"
+#include "whack_attribute.h"
 
 static void flush_pending_by_connection(connection_t *c);  /* forward */
 
@@ -854,7 +855,7 @@ static void load_end_certificate(char *filename, struct end *dst)
 }
 
 static bool extract_end(struct end *dst, const whack_end_t *src,
-						const char *which)
+						const char *name, const char *which)
 {
 	bool same_ca = FALSE;
 
@@ -911,10 +912,22 @@ static bool extract_end(struct end *dst, const whack_end_t *src,
 	dst->updown = clone_str(src->updown);
 	dst->host_port = src->host_port;
 
-	/* if the sourceip netmask is zero a named pool exists */
-	if (src->sourceip_mask == 0)
+	if (streq(which, "right"))
 	{
-		dst->pool = clone_str(src->sourceip);
+		/* if the sourceip netmask is zero a named pool exists */
+		if (src->sourceip_mask == 0)
+		{
+			dst->pool = clone_str(src->sourceip);
+		}
+		else if (whack_attr->add_pool(whack_attr, name, src))
+		{	/* otherwise we try to add a new in-memory pool, which in case of
+			 * %config (sourceip == NULL, sourceip_maks == 1) just returns
+			 * the requested address */
+			dst->pool = clone_str(name);
+			dst->modecfg = TRUE;
+			/* reset the host sourceip so it gets assigned in modecfg */
+			anyaddr(AF_INET, &dst->host_srcip);
+		}
 	}
 
 	/* if host sourceip is defined but no client is present
@@ -1119,8 +1132,8 @@ void add_connection(const whack_message_t *wm)
 
 		c->requested_ca = NULL;
 
-		same_leftca  = extract_end(&c->spd.this, &wm->left, "left");
-		same_rightca = extract_end(&c->spd.that, &wm->right, "right");
+		same_leftca  = extract_end(&c->spd.this, &wm->left, wm->name, "left");
+		same_rightca = extract_end(&c->spd.that, &wm->right, wm->name, "right");
 
 		if (same_rightca && c->spd.this.ca)
 		{
diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c
index 5622dc964..dcb8b3c8a 100644
--- a/src/pluto/modecfg.c
+++ b/src/pluto/modecfg.c
@@ -151,7 +151,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
 	{
 		ia->ipaddr = c->spd.that.host_srcip;
 		vip = host_create_from_sockaddr((sockaddr_t*)&ia->ipaddr);
-		plog("assigning virtual IP  %H to peer", vip);
+		plog("assigning virtual IP %H to peer", vip);
 	}
 
 	if (!isanyaddr(&ia->ipaddr))        /* We got an IP address, send it */
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index 98195ca2f..9c1cb77e4 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -75,6 +75,7 @@
 #include "timer.h"
 #include "vendor.h"
 #include "builder.h"
+#include "whack_attribute.h"
 
 static void usage(const char *mess)
 {
@@ -684,6 +685,7 @@ int main(int argc, char **argv)
 	init_myid();
 	fetch_initialize();
 	ac_initialize();
+	whack_attribute_initialize();
 
 	/* drop unneeded capabilities and change UID/GID */
 	prctl(PR_SET_KEEPCAPS, 1);
@@ -758,6 +760,7 @@ void exit_pluto(int status)
 	free_preshared_secrets();
 	free_remembered_public_keys();
 	delete_every_connection();
+	whack_attribute_finalize(); /* free in-memory pools */
 	fetch_finalize();           /* stop fetching thread */
 	free_crl_fetch();           /* free chain of crl fetch requests */
 	free_ocsp_fetch();          /* free chain of ocsp fetch requests */