diff options
| author | Martin Willi <martin@revosec.ch> | 2012-09-11 12:56:29 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-09-11 16:18:29 +0200 |
| commit | c4acf375027ce7750a03b3674639d3d8d94a286d (patch) | |
| tree | 5cc4fc20eead340b6602a7855aa214de592520f5 /src | |
| parent | 7d82aaea8d6f721577ec3922dc6d5a1a55cf7779 (diff) | |
| download | strongswan-c4acf375027ce7750a03b3674639d3d8d94a286d.tar.bz2 strongswan-c4acf375027ce7750a03b3674639d3d8d94a286d.tar.xz | |
Don't use host address for dynamic TS in IKEv1 if a virtual IP was expected
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/quick_mode.c | 97 |
1 files changed, 57 insertions, 40 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 8f2d192a0..34cf09356 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -175,6 +175,62 @@ static void schedule_inactivity_timeout(private_quick_mode_t *this) } /** + * Check if we have a an address pool configured + */ +static bool have_pool(ike_sa_t *ike_sa) +{ + enumerator_t *enumerator; + peer_cfg_t *peer_cfg; + char *pool; + bool found = FALSE; + + peer_cfg = ike_sa->get_peer_cfg(ike_sa); + if (peer_cfg) + { + enumerator = peer_cfg->create_pool_enumerator(peer_cfg); + if (enumerator->enumerate(enumerator, &pool)) + { + found = TRUE; + } + enumerator->destroy(enumerator); + } + return found; +} + +/** + * Get host to use for dynamic traffic selectors + */ +static host_t *get_dynamic_host(ike_sa_t *ike_sa, bool local) +{ + enumerator_t *enumerator; + host_t *host; + + enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, local); + if (!enumerator->enumerate(enumerator, &host)) + { + if (local) + { + host = ike_sa->get_my_host(ike_sa); + } + else + { + if (have_pool(ike_sa)) + { + /* we have an IP address pool, but didn't negotiate a + * virtual IP. */ + host = NULL; + } + else + { + host = ike_sa->get_other_host(ike_sa); + } + } + } + enumerator->destroy(enumerator); + return host; +} + +/** * Install negotiated CHILD_SA */ static bool install(private_quick_mode_t *this) @@ -398,25 +454,10 @@ static traffic_selector_t* select_ts(private_quick_mode_t *this, bool local, linked_list_t *supplied) { traffic_selector_t *ts; - enumerator_t *enumerator; linked_list_t *list; - host_t *host; - enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, local); - if (!enumerator->enumerate(enumerator, &host)) - { - if (local) - { - host = this->ike_sa->get_my_host(this->ike_sa); - } - else - { - host = this->ike_sa->get_other_host(this->ike_sa); - } - } - enumerator->destroy(enumerator); list = this->config->get_traffic_selectors(this->config, local, - supplied, host); + supplied, get_dynamic_host(this->ike_sa, local)); if (list->get_first(list, (void**)&ts) == SUCCESS) { if (this->initiator && list->get_count(list) > 1) @@ -833,30 +874,6 @@ static void check_for_rekeyed_child(private_quick_mode_t *this) enumerator->destroy(enumerator); } -/** - * Get host to use for dynamic traffic selectors - */ -static host_t *get_dynamic_host(ike_sa_t *ike_sa, bool local) -{ - enumerator_t *enumerator; - host_t *host; - - enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, local); - if (!enumerator->enumerate(enumerator, &host)) - { - if (local) - { - host = ike_sa->get_my_host(ike_sa); - } - else - { - host = ike_sa->get_other_host(ike_sa); - } - } - enumerator->destroy(enumerator); - return host; -} - METHOD(task_t, process_r, status_t, private_quick_mode_t *this, message_t *message) { |