diff options
| -rw-r--r-- | src/libcharon/sa/ikev2/tasks/ike_config.c | 116 |
1 files changed, 67 insertions, 49 deletions
diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c index d0e0285c2..e788bb5f9 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_config.c +++ b/src/libcharon/sa/ikev2/tasks/ike_config.c @@ -43,9 +43,9 @@ struct private_ike_config_t { bool initiator; /** - * virtual ip + * Received list of virtual IPs, host_t* */ - host_t *virtual_ip; + linked_list_t *vips; /** * list of attributes requested and its handler, entry_t @@ -170,8 +170,7 @@ static void process_attribute(private_ike_config_t *this, } if (ip) { - DESTROY_IF(this->virtual_ip); - this->virtual_ip = ip; + this->vips->insert_last(this->vips, ip); } break; } @@ -334,59 +333,73 @@ METHOD(task_t, build_r, status_t, enumerator_t *enumerator; configuration_attribute_type_t type; chunk_t value; - host_t *vip = NULL; cp_payload_t *cp = NULL; peer_cfg_t *config; identification_t *id; linked_list_t *vips, *pools; - char *pool; + host_t *requested; id = this->ike_sa->get_other_eap_id(this->ike_sa); - config = this->ike_sa->get_peer_cfg(this->ike_sa); - enumerator = config->create_pool_enumerator(config); - if (!enumerator->enumerate(enumerator, &pool)) - { /* TODO: currently we query the first pool, only */ - pool = NULL; - } - enumerator->destroy(enumerator); + vips = linked_list_create(); + pools = linked_list_create(); - if (this->virtual_ip) + enumerator = this->vips->create_enumerator(this->vips); + while (enumerator->enumerate(enumerator, &requested)) { - DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip); - if (pool) + enumerator_t *poolenum; + char *pool; + host_t *found = NULL; + + /* query all pools until we get an address */ + DBG1(DBG_IKE, "peer requested virtual IP %H", requested); + + poolenum = config->create_pool_enumerator(config); + while (poolenum->enumerate(poolenum, &pool)) { - vip = hydra->attributes->acquire_address(hydra->attributes, - pool, id, this->virtual_ip); + found = hydra->attributes->acquire_address(hydra->attributes, + pool, id, requested); + if (!found) + { + continue; + } + DBG1(DBG_IKE, "assigning virtual IP %H to peer '%Y'", found, id); + this->ike_sa->add_virtual_ip(this->ike_sa, FALSE, found); + if (!cp) + { + cp = cp_payload_create_type(CONFIGURATION, CFG_REPLY); + } + cp->add_attribute(cp, build_vip(found)); + /* use pool to request other attributes */ + if (pools->find_first(pools, NULL, (void**)&pool) == NOT_FOUND) + { + pools->insert_last(pools, pool); + } + vips->insert_last(vips, found); + break; } - if (vip == NULL) + poolenum->destroy(poolenum); + + if (!found) { - DBG1(DBG_IKE, "no virtual IP found, sending %N", - notify_type_names, INTERNAL_ADDRESS_FAILURE); - message->add_notify(message, FALSE, INTERNAL_ADDRESS_FAILURE, - chunk_empty); - return SUCCESS; + DBG1(DBG_IKE, "no virtual IP found for %H requested by '%Y'", + requested, id); } - DBG1(DBG_IKE, "assigning virtual IP %H to peer '%Y'", vip, id); - this->ike_sa->add_virtual_ip(this->ike_sa, FALSE, vip); - - cp = cp_payload_create_type(CONFIGURATION, CFG_REPLY); - cp->add_attribute(cp, build_vip(vip)); } + enumerator->destroy(enumerator); - /* query registered providers for additional attributes to include */ - vips = linked_list_create(); - /* TODO: use list with all assigned VIPs */ - if (vip) - { - vips->insert_last(vips, vip); - } - pools = linked_list_create(); - /* TODO: use list of all pools */ - if (pool) + if (this->vips->get_count(this->vips) && !vips->get_count(vips)) { - pools->insert_last(pools, pool); + DBG1(DBG_IKE, "no virtual IP found, sending %N", + notify_type_names, INTERNAL_ADDRESS_FAILURE); + message->add_notify(message, FALSE, INTERNAL_ADDRESS_FAILURE, + chunk_empty); + vips->destroy_offset(vips, offsetof(host_t, destroy)); + pools->destroy(pools); + return SUCCESS; } + + /* query registered providers for additional attributes to include */ enumerator = hydra->attributes->create_responder_enumerator( hydra->attributes, pools, id, vips); while (enumerator->enumerate(enumerator, &type, &value)) @@ -402,14 +415,13 @@ METHOD(task_t, build_r, status_t, type, value)); } enumerator->destroy(enumerator); - vips->destroy(vips); + vips->destroy_offset(vips, offsetof(host_t, destroy)); pools->destroy(pools); if (cp) { message->add_payload(message, (payload_t*)cp); } - DESTROY_IF(vip); return SUCCESS; } return NEED_MORE; @@ -420,14 +432,20 @@ METHOD(task_t, process_i, status_t, { if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) { /* in last IKE_AUTH exchange */ + enumerator_t *enumerator; + host_t *host; process_payloads(this, message); - if (this->virtual_ip && - !this->virtual_ip->is_anyaddr(this->virtual_ip)) + enumerator = this->vips->create_enumerator(this->vips); + while (enumerator->enumerate(enumerator, &host)) { - this->ike_sa->add_virtual_ip(this->ike_sa, TRUE, this->virtual_ip); + if (!host->is_anyaddr(host)) + { + this->ike_sa->add_virtual_ip(this->ike_sa, TRUE, host); + } } + enumerator->destroy(enumerator); return SUCCESS; } return NEED_MORE; @@ -442,10 +460,9 @@ METHOD(task_t, get_type, task_type_t, METHOD(task_t, migrate, void, private_ike_config_t *this, ike_sa_t *ike_sa) { - DESTROY_IF(this->virtual_ip); - this->ike_sa = ike_sa; - this->virtual_ip = NULL; + this->vips->destroy_offset(this->vips, offsetof(host_t, destroy)); + this->vips = linked_list_create(); this->requested->destroy_function(this->requested, free); this->requested = linked_list_create(); } @@ -453,7 +470,7 @@ METHOD(task_t, migrate, void, METHOD(task_t, destroy, void, private_ike_config_t *this) { - DESTROY_IF(this->virtual_ip); + this->vips->destroy_offset(this->vips, offsetof(host_t, destroy)); this->requested->destroy_function(this->requested, free); free(this); } @@ -475,6 +492,7 @@ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator) }, .initiator = initiator, .ike_sa = ike_sa, + .vips = linked_list_create(), .requested = linked_list_create(), ); |