diff options
| -rw-r--r-- | src/charon/plugins/stroke/stroke_attribute.c | 100 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_config.c | 2 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_config.c | 7 |
3 files changed, 67 insertions, 42 deletions
diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c index 9fdd68a50..71b56bc8a 100644 --- a/src/charon/plugins/stroke/stroke_attribute.c +++ b/src/charon/plugins/stroke/stroke_attribute.c @@ -62,7 +62,7 @@ typedef struct { */ static void pool_destroy(pool_t *this) { - this->base->destroy(this->base); + DESTROY_IF(this->base); free(this->name); free(this->in_use); free(this); @@ -168,12 +168,19 @@ static host_t* acquire_address(private_stroke_attribute_t *this, { if (requested && !requested->is_anyaddr(requested)) { - i = host2offset(pool, requested); - if (i >= 0 && !pool->in_use[i]) - { - pool->in_use[i] = TRUE; + if (pool->count == 0) + { /* %config, give any */ host = requested->clone(requested); } + else + { + i = host2offset(pool, requested); + if (i >= 0 && !pool->in_use[i]) + { + pool->in_use[i] = TRUE; + host = requested->clone(requested); + } + } } if (!host) { @@ -206,11 +213,14 @@ static bool release_address(private_stroke_attribute_t *this, pool = find_pool(this, name); if (pool) { - i = host2offset(pool, address); - if (i >= 0 && pool->in_use[i]) + if (pool->count != 0) { - pool->in_use[i] = FALSE; - found =TRUE; + i = host2offset(pool, address); + if (i >= 0 && pool->in_use[i]) + { + pool->in_use[i] = FALSE; + found = TRUE; + } } } this->mutex->unlock(this->mutex); @@ -222,41 +232,53 @@ static bool release_address(private_stroke_attribute_t *this, */ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) { - if (msg->add_conn.other.sourceip && msg->add_conn.other.sourceip_size) + if (msg->add_conn.other.sourceip_size) { pool_t *pool; - u_int32_t bits; - int family; - DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", - msg->add_conn.name, msg->add_conn.other.sourceip, - msg->add_conn.other.sourceip_size); - - pool = malloc_thing(pool_t); - pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0); - if (!pool->base) - { - free(pool); - DBG1(DBG_CFG, "virtual IP address invalid, discarded"); - return; - } - pool->name = strdup(msg->add_conn.name); - family = pool->base->get_family(pool->base); - bits = (family == AF_INET ? 32 : 128) - msg->add_conn.other.sourceip_size; - if (bits > POOL_LIMIT) + if (msg->add_conn.other.sourceip) { - bits = POOL_LIMIT; - DBG1(DBG_CFG, "virtual IP pool to large, limiting to %s/%d", - msg->add_conn.other.sourceip, - (family == AF_INET ? 32 : 128) - bits); - } - pool->count = 1 << (bits); - pool->in_use = calloc(pool->count, sizeof(u_int8_t)); + u_int32_t bits; + int family; + + DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", + msg->add_conn.name, msg->add_conn.other.sourceip, + msg->add_conn.other.sourceip_size); + + pool = malloc_thing(pool_t); + pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0); + if (!pool->base) + { + free(pool); + DBG1(DBG_CFG, "virtual IP address invalid, discarded"); + return; + } + pool->name = strdup(msg->add_conn.name); + family = pool->base->get_family(pool->base); + bits = (family == AF_INET ? 32 : 128) - msg->add_conn.other.sourceip_size; + if (bits > POOL_LIMIT) + { + bits = POOL_LIMIT; + DBG1(DBG_CFG, "virtual IP pool to large, limiting to %s/%d", + msg->add_conn.other.sourceip, + (family == AF_INET ? 32 : 128) - bits); + } + pool->count = 1 << (bits); + pool->in_use = calloc(pool->count, sizeof(u_int8_t)); - if (pool->count > 2) - { /* do not use first and last addresses of a block */ - pool->in_use[0] = TRUE; - pool->in_use[pool->count-1] = TRUE; + if (pool->count > 2) + { /* do not use first and last addresses of a block */ + pool->in_use[0] = TRUE; + pool->in_use[pool->count-1] = TRUE; + } + } + else + { /* %config, add an empty pool */ + pool = malloc_thing(pool_t); + pool->name = strdup(msg->add_conn.name); + pool->base = NULL; + pool->count = 0; + pool->in_use = NULL; } this->mutex->lock(this->mutex); this->pools->insert_last(this->pools, pool); diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c index a7a723258..8834a7fc1 100644 --- a/src/charon/plugins/stroke/stroke_config.c +++ b/src/charon/plugins/stroke/stroke_config.c @@ -492,7 +492,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, msg->add_conn.eap_type, msg->add_conn.eap_vendor, msg->add_conn.rekey.tries, rekey, reauth, jitter, over, msg->add_conn.mobike, msg->add_conn.dpd.delay, - vip, msg->add_conn.other.sourceip ? msg->add_conn.name : NULL, + vip, msg->add_conn.other.sourceip_size ? msg->add_conn.name : NULL, msg->add_conn.ikeme.mediation, mediated_by, peer_id); } diff --git a/src/charon/sa/tasks/ike_config.c b/src/charon/sa/tasks/ike_config.c index 7bd214f01..22c4f0cd7 100644 --- a/src/charon/sa/tasks/ike_config.c +++ b/src/charon/sa/tasks/ike_config.c @@ -302,14 +302,17 @@ static status_t build_r(private_ike_config_t *this, message_t *message) if (config && this->virtual_ip) { - host_t *ip; + host_t *ip = NULL; DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip); - ip = charon->attributes->acquire_address(charon->attributes, + if (config->get_pool(config)) + { + ip = charon->attributes->acquire_address(charon->attributes, config->get_pool(config), this->ike_sa->get_other_id(this->ike_sa), this->ike_sa->get_other_auth(this->ike_sa), this->virtual_ip); + } if (ip == NULL) { DBG1(DBG_IKE, "not assigning a virtual IP to peer"); |