aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2010-03-30 19:10:05 +0200
committerTobias Brunner <tobias@strongswan.org>2010-04-06 12:47:39 +0200
commitbd228233584b03615d3c3b9be0823b86d0526244 (patch)
tree4bb3fcafa5fe5feb7ab7b33f865ecf5ecf28c3e7 /src
parent89715bd7902c313b174bfc529da608d42dfcc229 (diff)
downloadstrongswan-bd228233584b03615d3c3b9be0823b86d0526244.tar.bz2
strongswan-bd228233584b03615d3c3b9be0823b86d0526244.tar.xz
Use whack_attribute in pluto to provide in-memory IP address pools.
The pools are configured by setting rightsourceip in ipsec.conf to a network in CIDR notation.
Diffstat (limited to 'src')
-rw-r--r--src/pluto/connections.c25
-rw-r--r--src/pluto/modecfg.c2
-rw-r--r--src/pluto/plutomain.c3
3 files changed, 23 insertions, 7 deletions
diff --git a/src/pluto/connections.c b/src/pluto/connections.c
index 421dd79b4..38803ea65 100644
--- a/src/pluto/connections.c
+++ b/src/pluto/connections.c
@@ -62,6 +62,7 @@
#include "kernel_alg.h"
#include "nat_traversal.h"
#include "virtual.h"
+#include "whack_attribute.h"
static void flush_pending_by_connection(connection_t *c); /* forward */
@@ -854,7 +855,7 @@ static void load_end_certificate(char *filename, struct end *dst)
}
static bool extract_end(struct end *dst, const whack_end_t *src,
- const char *which)
+ const char *name, const char *which)
{
bool same_ca = FALSE;
@@ -911,10 +912,22 @@ static bool extract_end(struct end *dst, const whack_end_t *src,
dst->updown = clone_str(src->updown);
dst->host_port = src->host_port;
- /* if the sourceip netmask is zero a named pool exists */
- if (src->sourceip_mask == 0)
+ if (streq(which, "right"))
{
- dst->pool = clone_str(src->sourceip);
+ /* if the sourceip netmask is zero a named pool exists */
+ if (src->sourceip_mask == 0)
+ {
+ dst->pool = clone_str(src->sourceip);
+ }
+ else if (whack_attr->add_pool(whack_attr, name, src))
+ { /* otherwise we try to add a new in-memory pool, which in case of
+ * %config (sourceip == NULL, sourceip_maks == 1) just returns
+ * the requested address */
+ dst->pool = clone_str(name);
+ dst->modecfg = TRUE;
+ /* reset the host sourceip so it gets assigned in modecfg */
+ anyaddr(AF_INET, &dst->host_srcip);
+ }
}
/* if host sourceip is defined but no client is present
@@ -1119,8 +1132,8 @@ void add_connection(const whack_message_t *wm)
c->requested_ca = NULL;
- same_leftca = extract_end(&c->spd.this, &wm->left, "left");
- same_rightca = extract_end(&c->spd.that, &wm->right, "right");
+ same_leftca = extract_end(&c->spd.this, &wm->left, wm->name, "left");
+ same_rightca = extract_end(&c->spd.that, &wm->right, wm->name, "right");
if (same_rightca && c->spd.this.ca)
{
diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c
index 5622dc964..dcb8b3c8a 100644
--- a/src/pluto/modecfg.c
+++ b/src/pluto/modecfg.c
@@ -151,7 +151,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
{
ia->ipaddr = c->spd.that.host_srcip;
vip = host_create_from_sockaddr((sockaddr_t*)&ia->ipaddr);
- plog("assigning virtual IP %H to peer", vip);
+ plog("assigning virtual IP %H to peer", vip);
}
if (!isanyaddr(&ia->ipaddr)) /* We got an IP address, send it */
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index 98195ca2f..9c1cb77e4 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -75,6 +75,7 @@
#include "timer.h"
#include "vendor.h"
#include "builder.h"
+#include "whack_attribute.h"
static void usage(const char *mess)
{
@@ -684,6 +685,7 @@ int main(int argc, char **argv)
init_myid();
fetch_initialize();
ac_initialize();
+ whack_attribute_initialize();
/* drop unneeded capabilities and change UID/GID */
prctl(PR_SET_KEEPCAPS, 1);
@@ -758,6 +760,7 @@ void exit_pluto(int status)
free_preshared_secrets();
free_remembered_public_keys();
delete_every_connection();
+ whack_attribute_finalize(); /* free in-memory pools */
fetch_finalize(); /* stop fetching thread */
free_crl_fetch(); /* free chain of crl fetch requests */
free_ocsp_fetch(); /* free chain of ocsp fetch requests */