aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libcharon/bus/bus.c11
-rw-r--r--src/libcharon/bus/bus.h5
-rw-r--r--src/libcharon/bus/listeners/listener.h6
-rw-r--r--src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c25
-rw-r--r--src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c47
-rw-r--r--src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h9
-rw-r--r--src/libcharon/sa/ike_sa.c14
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_config.c2
8 files changed, 57 insertions, 62 deletions
diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index f87371c3a..0db5a8a9c 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -759,8 +759,8 @@ METHOD(bus_t, narrow, void,
this->mutex->unlock(this->mutex);
}
-METHOD(bus_t, assign_vip, void,
- private_bus_t *this, ike_sa_t *ike_sa, host_t *vip, bool assign)
+METHOD(bus_t, assign_vips, void,
+ private_bus_t *this, ike_sa_t *ike_sa, bool assign)
{
enumerator_t *enumerator;
entry_t *entry;
@@ -770,13 +770,12 @@ METHOD(bus_t, assign_vip, void,
enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->calling || !entry->listener->assign_vip)
+ if (entry->calling || !entry->listener->assign_vips)
{
continue;
}
entry->calling++;
- keep = entry->listener->assign_vip(entry->listener, ike_sa,
- vip, assign);
+ keep = entry->listener->assign_vips(entry->listener, ike_sa, assign);
entry->calling--;
if (!keep)
{
@@ -835,7 +834,7 @@ bus_t *bus_create()
.child_rekey = _child_rekey,
.authorize = _authorize,
.narrow = _narrow,
- .assign_vip = _assign_vip,
+ .assign_vips = _assign_vips,
.destroy = _destroy,
},
.listeners = linked_list_create(),
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 961981609..75244d6bf 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -388,11 +388,10 @@ struct bus_t {
/**
* Virtual IP assignment hook.
*
- * @param ike_sa IKE_SA the VIP is assigned to
- * @param vip Virtual IPv4 or IV6 address
+ * @param ike_sa IKE_SA the VIPs are assigned to
* @param assign TRUE if assigned to IKE_SA, FALSE if released
*/
- void (*assign_vip)(bus_t *this, ike_sa_t *ike_sa, host_t *vip, bool assign);
+ void (*assign_vips)(bus_t *this, ike_sa_t *ike_sa, bool assign);
/**
* Destroy the event bus.
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index 274701012..ef4daced2 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -197,13 +197,11 @@ struct listener_t {
* This hook gets invoked when a a Virtual IP address is assigned to an
* IKE_SA (assign = TRUE) and again when it is released (assign = FALSE)
*
- * @param ike_sa IKE_SA the VIP is assigned to
- * @param vip Virtual IPv4 or IV6 address
+ * @param ike_sa IKE_SA the VIPs are assigned to
* @param assign TRUE if assigned to IKE_SA, FALSE if released
* @return TRUE to stay registered, FALSE to unregister
*/
- bool (*assign_vip)(listener_t *this, ike_sa_t *ike_sa, host_t *vip,
- bool assign);
+ bool (*assign_vips)(listener_t *this, ike_sa_t *ike_sa, bool assign);
};
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
index 1603c9323..4ad19c530 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
@@ -71,9 +71,8 @@ static bool publish_device_ip_addresses(private_tnc_ifmap_listener_t *this)
*/
static bool reload_metadata(private_tnc_ifmap_listener_t *this)
{
- enumerator_t *enumerator, *evips;
ike_sa_t *ike_sa;
- host_t *vip;
+ enumerator_t *enumerator;
bool success = TRUE;
enumerator = charon->controller->create_ike_sa_enumerator(
@@ -84,21 +83,12 @@ static bool reload_metadata(private_tnc_ifmap_listener_t *this)
{
continue;
}
- if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE))
+ if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE) ||
+ !this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, TRUE))
{
success = FALSE;
break;
}
- evips = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
- while (evips->enumerate(evips, &vip))
- {
- if (!this->ifmap->publish_virtual_ip(this->ifmap, ike_sa, vip, TRUE))
- {
- success = FALSE;
- break;
- }
- }
- evips->destroy(evips);
}
enumerator->destroy(enumerator);
@@ -115,11 +105,10 @@ METHOD(listener_t, ike_updown, bool,
return TRUE;
}
-METHOD(listener_t, assign_vip, bool,
- private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, host_t *vip,
- bool assign)
+METHOD(listener_t, assign_vips, bool,
+ private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, bool assign)
{
- this->ifmap->publish_virtual_ip(this->ifmap, ike_sa, vip, assign);
+ this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, assign);
return TRUE;
}
@@ -163,7 +152,7 @@ tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload)
.public = {
.listener = {
.ike_updown = _ike_updown,
- .assign_vip = _assign_vip,
+ .assign_vips = _assign_vips,
.alert = _alert,
},
.destroy = _destroy,
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
index fb97a6d2d..df7d2e2a1 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
@@ -579,12 +579,14 @@ METHOD(tnc_ifmap_soap_t, publish_device_ip, bool,
return success;
}
-METHOD(tnc_ifmap_soap_t, publish_virtual_ip, bool,
- private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, host_t *vip, bool assign)
+METHOD(tnc_ifmap_soap_t, publish_virtual_ips, bool,
+ private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, bool assign)
{
tnc_ifmap_soap_msg_t *soap_msg;
xmlNodePtr request, node;
u_int32_t ike_sa_id;
+ enumerator_t *enumerator;
+ host_t *vip;
bool success;
/* extract relevant data from IKE_SA*/
@@ -593,26 +595,31 @@ METHOD(tnc_ifmap_soap_t, publish_virtual_ip, bool,
/* build publish request */
request = create_publish_request(this);
- /**
- * update or delete access-request-ip metadata for a virtual IP address
- */
- if (assign)
- {
- node = xmlNewNode(NULL, "update");
- }
- else
+ enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
+ while (enumerator->enumerate(enumerator, &vip))
{
- node = create_delete_filter(this, "access-request-ip");
- }
- xmlAddChild(request, node);
+ /**
+ * update or delete access-request-ip metadata for a virtual IP address
+ */
+ if (assign)
+ {
+ node = xmlNewNode(NULL, "update");
+ }
+ else
+ {
+ node = create_delete_filter(this, "access-request-ip");
+ }
+ xmlAddChild(request, node);
- /* add access-request, virtual ip-address and [if assign] metadata */
- xmlAddChild(node, create_access_request(this, ike_sa_id));
- xmlAddChild(node, create_ip_address(this, vip));
- if (assign)
- {
- xmlAddChild(node, create_metadata(this, "access-request-ip"));
+ /* add access-request, virtual ip-address and [if assign] metadata */
+ xmlAddChild(node, create_access_request(this, ike_sa_id));
+ xmlAddChild(node, create_ip_address(this, vip));
+ if (assign)
+ {
+ xmlAddChild(node, create_metadata(this, "access-request-ip"));
+ }
}
+ enumerator->destroy(enumerator);
soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
@@ -893,7 +900,7 @@ tnc_ifmap_soap_t *tnc_ifmap_soap_create()
.purgePublisher = _purgePublisher,
.publish_ike_sa = _publish_ike_sa,
.publish_device_ip = _publish_device_ip,
- .publish_virtual_ip = _publish_virtual_ip,
+ .publish_virtual_ips = _publish_virtual_ips,
.publish_enforcement_report = _publish_enforcement_report,
.endSession = _endSession,
.get_session_id = _get_session_id,
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
index d193f7e2e..fbc65a2b1 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
@@ -71,15 +71,14 @@ struct tnc_ifmap_soap_t {
bool (*publish_device_ip)(tnc_ifmap_soap_t *this, host_t *host);
/**
- * Publish Virtual IP access-request-ip metadata
+ * Publish Virtual IP access-request-ip metadata
*
- * @param ike_sa IKE_SA for which metadata is published
- * @param vip Virtual IP address of peer
+ * @param ike_sa IKE_SA for which Virtual IP metadata is published
* @param assign TRUE if assigned, FALSE if removed
* @return TRUE if command was successful
*/
- bool (*publish_virtual_ip)(tnc_ifmap_soap_t *this, ike_sa_t *ike_sa,
- host_t *vip, bool assign);
+ bool (*publish_virtual_ips)(tnc_ifmap_soap_t *this, ike_sa_t *ike_sa,
+ bool assign);
/**
* Publish enforcement-report metadata
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 050279a49..63c04d9c0 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -766,7 +766,6 @@ METHOD(ike_sa_t, add_virtual_ip, void,
else
{
this->other_vips->insert_last(this->other_vips, ip->clone(ip));
- charon->bus->assign_vip(charon->bus, &this->public, ip, TRUE);
}
}
@@ -777,6 +776,10 @@ METHOD(ike_sa_t, clear_virtual_ips, void,
linked_list_t *vips = local ? this->my_vips : this->other_vips;
host_t *vip;
+ if (!local && vips->get_count(vips))
+ {
+ charon->bus->assign_vips(charon->bus, &this->public, FALSE);
+ }
while (vips->remove_first(vips, (void**)&vip) == SUCCESS)
{
if (local)
@@ -784,10 +787,6 @@ METHOD(ike_sa_t, clear_virtual_ips, void,
hydra->kernel_interface->del_ip(hydra->kernel_interface,
vip, -1, TRUE);
}
- else
- {
- charon->bus->assign_vip(charon->bus, &this->public, vip, FALSE);
- }
vip->destroy(vip);
}
}
@@ -2110,6 +2109,10 @@ METHOD(ike_sa_t, destroy, void,
vip->destroy(vip);
}
this->my_vips->destroy(this->my_vips);
+ if (this->other_vips->get_count(this->other_vips))
+ {
+ charon->bus->assign_vips(charon->bus, &this->public, FALSE);
+ }
while (this->other_vips->remove_last(this->other_vips,
(void**)&vip) == SUCCESS)
{
@@ -2124,7 +2127,6 @@ METHOD(ike_sa_t, destroy, void,
hydra->attributes->release_address(hydra->attributes, pools, vip, id);
pools->destroy(pools);
}
- charon->bus->assign_vip(charon->bus, &this->public, vip, FALSE);
vip->destroy(vip);
}
this->other_vips->destroy(this->other_vips);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c
index d637c26fe..17132feee 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_config.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_config.c
@@ -387,6 +387,8 @@ METHOD(task_t, build_r, status_t,
pools->destroy(pools);
return SUCCESS;
}
+ charon->bus->assign_vips(charon->bus, this->ike_sa, TRUE);
+
if (pools->get_count(pools) && !this->vips->get_count(this->vips))
{
DBG1(DBG_IKE, "expected a virtual IP request, sending %N",
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-27 19:35:41 +0000