diff options
author | Tobias Brunner <tobias@strongswan.org> | 2010-03-30 19:10:05 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2010-04-06 12:47:39 +0200 |
commit | bd228233584b03615d3c3b9be0823b86d0526244 (patch) | |
tree | 4bb3fcafa5fe5feb7ab7b33f865ecf5ecf28c3e7 /src | |
parent | 89715bd7902c313b174bfc529da608d42dfcc229 (diff) | |
download | strongswan-bd228233584b03615d3c3b9be0823b86d0526244.tar.bz2 strongswan-bd228233584b03615d3c3b9be0823b86d0526244.tar.xz |
Use whack_attribute in pluto to provide in-memory IP address pools.
The pools are configured by setting rightsourceip in ipsec.conf to a
network in CIDR notation.
Diffstat (limited to 'src')
-rw-r--r-- | src/pluto/connections.c | 25 | ||||
-rw-r--r-- | src/pluto/modecfg.c | 2 | ||||
-rw-r--r-- | src/pluto/plutomain.c | 3 |
3 files changed, 23 insertions, 7 deletions
diff --git a/src/pluto/connections.c b/src/pluto/connections.c index 421dd79b4..38803ea65 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -62,6 +62,7 @@ #include "kernel_alg.h" #include "nat_traversal.h" #include "virtual.h" +#include "whack_attribute.h" static void flush_pending_by_connection(connection_t *c); /* forward */ @@ -854,7 +855,7 @@ static void load_end_certificate(char *filename, struct end *dst) } static bool extract_end(struct end *dst, const whack_end_t *src, - const char *which) + const char *name, const char *which) { bool same_ca = FALSE; @@ -911,10 +912,22 @@ static bool extract_end(struct end *dst, const whack_end_t *src, dst->updown = clone_str(src->updown); dst->host_port = src->host_port; - /* if the sourceip netmask is zero a named pool exists */ - if (src->sourceip_mask == 0) + if (streq(which, "right")) { - dst->pool = clone_str(src->sourceip); + /* if the sourceip netmask is zero a named pool exists */ + if (src->sourceip_mask == 0) + { + dst->pool = clone_str(src->sourceip); + } + else if (whack_attr->add_pool(whack_attr, name, src)) + { /* otherwise we try to add a new in-memory pool, which in case of + * %config (sourceip == NULL, sourceip_maks == 1) just returns + * the requested address */ + dst->pool = clone_str(name); + dst->modecfg = TRUE; + /* reset the host sourceip so it gets assigned in modecfg */ + anyaddr(AF_INET, &dst->host_srcip); + } } /* if host sourceip is defined but no client is present @@ -1119,8 +1132,8 @@ void add_connection(const whack_message_t *wm) c->requested_ca = NULL; - same_leftca = extract_end(&c->spd.this, &wm->left, "left"); - same_rightca = extract_end(&c->spd.that, &wm->right, "right"); + same_leftca = extract_end(&c->spd.this, &wm->left, wm->name, "left"); + same_rightca = extract_end(&c->spd.that, &wm->right, wm->name, "right"); if (same_rightca && c->spd.this.ca) { diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c index 5622dc964..dcb8b3c8a 100644 --- a/src/pluto/modecfg.c +++ b/src/pluto/modecfg.c @@ -151,7 +151,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip, { ia->ipaddr = c->spd.that.host_srcip; vip = host_create_from_sockaddr((sockaddr_t*)&ia->ipaddr); - plog("assigning virtual IP %H to peer", vip); + plog("assigning virtual IP %H to peer", vip); } if (!isanyaddr(&ia->ipaddr)) /* We got an IP address, send it */ diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c index 98195ca2f..9c1cb77e4 100644 --- a/src/pluto/plutomain.c +++ b/src/pluto/plutomain.c @@ -75,6 +75,7 @@ #include "timer.h" #include "vendor.h" #include "builder.h" +#include "whack_attribute.h" static void usage(const char *mess) { @@ -684,6 +685,7 @@ int main(int argc, char **argv) init_myid(); fetch_initialize(); ac_initialize(); + whack_attribute_initialize(); /* drop unneeded capabilities and change UID/GID */ prctl(PR_SET_KEEPCAPS, 1); @@ -758,6 +760,7 @@ void exit_pluto(int status) free_preshared_secrets(); free_remembered_public_keys(); delete_every_connection(); + whack_attribute_finalize(); /* free in-memory pools */ fetch_finalize(); /* stop fetching thread */ free_crl_fetch(); /* free chain of crl fetch requests */ free_ocsp_fetch(); /* free chain of ocsp fetch requests */ |