aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/sa')
-rw-r--r--src/libcharon/sa/ike_sa.c18
-rw-r--r--src/libcharon/sa/ikev1/phase1.c15
-rw-r--r--src/libcharon/sa/ikev1/phase1.h8
-rw-r--r--src/libcharon/sa/ikev1/task_manager_v1.c11
-rw-r--r--src/libcharon/sa/ikev1/tasks/aggressive_mode.c2
-rw-r--r--src/libcharon/sa/ikev1/tasks/main_mode.c2
-rw-r--r--src/libcharon/sa/ikev1/tasks/mode_config.c13
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_config.c14
8 files changed, 70 insertions, 13 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 26e65b2bb..7672accc4 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2055,11 +2055,21 @@ METHOD(ike_sa_t, destroy, void,
while (this->other_vips->remove_last(this->other_vips,
(void**)&vip) == SUCCESS)
{
- if (this->peer_cfg && this->peer_cfg->get_pool(this->peer_cfg))
+ if (this->peer_cfg)
{
- hydra->attributes->release_address(hydra->attributes,
- this->peer_cfg->get_pool(this->peer_cfg),
- vip, get_other_eap_id(this));
+ enumerator_t *enumerator;
+ char *pool;
+
+ enumerator = this->peer_cfg->create_pool_enumerator(this->peer_cfg);
+ while (enumerator->enumerate(enumerator, &pool))
+ {
+ if (hydra->attributes->release_address(hydra->attributes, pool,
+ vip, get_other_eap_id(this)))
+ {
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
}
vip->destroy(vip);
}
diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c
index 791f72827..fea2f2c60 100644
--- a/src/libcharon/sa/ikev1/phase1.c
+++ b/src/libcharon/sa/ikev1/phase1.c
@@ -611,6 +611,20 @@ METHOD(phase1_t, has_virtual_ip, bool,
return found;
}
+METHOD(phase1_t, has_pool, bool,
+ private_phase1_t *this, peer_cfg_t *peer_cfg)
+{
+ enumerator_t *enumerator;
+ bool found = FALSE;
+ char *pool;
+
+ enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
+ found = enumerator->enumerate(enumerator, &pool);
+ enumerator->destroy(enumerator);
+
+ return found;
+}
+
METHOD(phase1_t, save_sa_payload, bool,
private_phase1_t *this, message_t *message)
{
@@ -751,6 +765,7 @@ phase1_t *phase1_create(ike_sa_t *ike_sa, bool initiator)
.get_id = _get_id,
.select_config = _select_config,
.has_virtual_ip = _has_virtual_ip,
+ .has_pool = _has_pool,
.verify_auth = _verify_auth,
.build_auth = _build_auth,
.save_sa_payload = _save_sa_payload,
diff --git a/src/libcharon/sa/ikev1/phase1.h b/src/libcharon/sa/ikev1/phase1.h
index 2f0a5f196..eaf8908e7 100644
--- a/src/libcharon/sa/ikev1/phase1.h
+++ b/src/libcharon/sa/ikev1/phase1.h
@@ -109,6 +109,14 @@ struct phase1_t {
identification_t* (*get_id)(phase1_t *this, peer_cfg_t *peer_cfg, bool local);
/**
+ * Check if peer config has virtual IPs pool assigned.
+ *
+ * @param peer_cfg peer_config to check
+ * @return TRUE if peer config contains at least one pool
+ */
+ bool (*has_pool)(phase1_t *this, peer_cfg_t *peer_cfg);
+
+ /**
* Check if peer config has virtual IPs to request
*
* @param peer_cfg peer_config to check
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index e0dcf731d..ea836b76e 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -348,11 +348,20 @@ static bool mode_config_expected(private_task_manager_t *this)
{
enumerator_t *enumerator;
peer_cfg_t *peer_cfg;
+ char *pool;
host_t *host;
peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
- if (peer_cfg && peer_cfg->get_pool(peer_cfg))
+ if (peer_cfg)
{
+ enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
+ if (!enumerator->enumerate(enumerator, &pool))
+ { /* no pool configured */
+ enumerator->destroy(enumerator);
+ return FALSE;
+ }
+ enumerator->destroy(enumerator);
+
enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa,
FALSE);
if (!enumerator->enumerate(enumerator, &host))
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index eb9b09e3f..954dea880 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -497,7 +497,7 @@ METHOD(task_t, process_r, status_t,
this->ike_sa->get_id(this->ike_sa)));
break;
}
- if (this->peer_cfg->get_pool(this->peer_cfg) == NULL &&
+ if (!this->ph1->has_pool(this->ph1, this->peer_cfg) &&
this->ph1->has_virtual_ip(this->ph1, this->peer_cfg))
{
this->ike_sa->queue_task(this->ike_sa,
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 6f7753676..9ccf9abf5 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -524,7 +524,7 @@ METHOD(task_t, build_r, status_t,
this->ike_sa->get_id(this->ike_sa)));
break;
}
- if (this->peer_cfg->get_pool(this->peer_cfg) == NULL &&
+ if (!this->ph1->has_pool(this->ph1, this->peer_cfg) &&
this->ph1->has_virtual_ip(this->ph1, this->peer_cfg))
{
this->ike_sa->queue_task(this->ike_sa,
diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c
index 6ba3e6768..bad599b83 100644
--- a/src/libcharon/sa/ikev1/tasks/mode_config.c
+++ b/src/libcharon/sa/ikev1/tasks/mode_config.c
@@ -310,17 +310,24 @@ METHOD(task_t, build_r, status_t,
cp_payload_t *cp = NULL;
peer_cfg_t *config;
identification_t *id;
+ char *pool;
id = this->ike_sa->get_other_eap_id(this->ike_sa);
config = this->ike_sa->get_peer_cfg(this->ike_sa);
+ enumerator = config->create_pool_enumerator(config);
+ if (!enumerator->enumerate(enumerator, &pool))
+ { /* TODO: currently we query the first pool, only */
+ pool = NULL;
+ }
+ enumerator->destroy(enumerator);
if (this->virtual_ip)
{
DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip);
- if (config->get_pool(config))
+ if (pool)
{
vip = hydra->attributes->acquire_address(hydra->attributes,
- config->get_pool(config), id, this->virtual_ip);
+ pool, id, this->virtual_ip);
}
cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY);
if (vip)
@@ -336,7 +343,7 @@ METHOD(task_t, build_r, status_t,
}
/* query registered providers for additional attributes to include */
enumerator = hydra->attributes->create_responder_enumerator(
- hydra->attributes, config->get_pool(config), id, vip);
+ hydra->attributes, pool, id, vip);
while (enumerator->enumerate(enumerator, &type, &value))
{
if (!cp)
diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c
index 63d35ec09..5b0871fca 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_config.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_config.c
@@ -321,17 +321,25 @@ METHOD(task_t, build_r, status_t,
cp_payload_t *cp = NULL;
peer_cfg_t *config;
identification_t *id;
+ char *pool;
id = this->ike_sa->get_other_eap_id(this->ike_sa);
config = this->ike_sa->get_peer_cfg(this->ike_sa);
+ enumerator = config->create_pool_enumerator(config);
+ if (!enumerator->enumerate(enumerator, &pool))
+ { /* TODO: currently we query the first pool, only */
+ pool = NULL;
+ }
+ enumerator->destroy(enumerator);
+
if (this->virtual_ip)
{
DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip);
- if (config->get_pool(config))
+ if (pool)
{
vip = hydra->attributes->acquire_address(hydra->attributes,
- config->get_pool(config), id, this->virtual_ip);
+ pool, id, this->virtual_ip);
}
if (vip == NULL)
{
@@ -350,7 +358,7 @@ METHOD(task_t, build_r, status_t,
/* query registered providers for additional attributes to include */
enumerator = hydra->attributes->create_responder_enumerator(
- hydra->attributes, config->get_pool(config), id, vip);
+ hydra->attributes, pool, id, vip);
while (enumerator->enumerate(enumerator, &type, &value))
{
if (!cp)
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 11:22:28 +0000