diff options
Diffstat (limited to 'src')
25 files changed, 151 insertions, 55 deletions
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index 2eef51acc..461837c0c 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -507,7 +507,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, 600, 600, /* jitter, over 10min */ TRUE, FALSE, /* mobike, aggressive */ 0, 0, /* DPD delay, timeout */ - NULL, FALSE, NULL, NULL); /* pool, mediation */ + FALSE, NULL, NULL); /* mediation */ if (virtual) { peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); diff --git a/src/conftest/config.c b/src/conftest/config.c index 61f3760f0..cbc6ac05f 100644 --- a/src/conftest/config.c +++ b/src/conftest/config.c @@ -253,7 +253,7 @@ static peer_cfg_t *load_peer_config(private_config_t *this, ike_cfg = load_ike_config(this, settings, config); peer_cfg = peer_cfg_create(config, IKEV2, ike_cfg, CERT_ALWAYS_SEND, UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, 0, 0, - NULL, FALSE, NULL, NULL); + FALSE, NULL, NULL); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c index d472301db..d1769a99a 100644 --- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c @@ -442,7 +442,7 @@ static job_requeue_t initiate(private_android_service_t *this) 600, 600, /* jitter, over 10min */ TRUE, FALSE, /* mobike, aggressive */ 0, 0, /* DPD delay, timeout */ - NULL, FALSE, NULL, NULL); /* pool, mediation */ + FALSE, NULL, NULL); /* mediation */ peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); auth = auth_cfg_create(); diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index 091176a25..59869eab2 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -146,9 +146,9 @@ struct private_peer_cfg_t { linked_list_t *vips; /** - * pool to acquire configuration attributes from + * List of pool names to use for virtual IP lookup */ - char *pool; + linked_list_t *pools; /** * local authentication configs (rulesets) @@ -421,10 +421,16 @@ METHOD(peer_cfg_t, create_virtual_ip_enumerator, enumerator_t*, return this->vips->create_enumerator(this->vips); } -METHOD(peer_cfg_t, get_pool, char*, +METHOD(peer_cfg_t, add_pool, void, + private_peer_cfg_t *this, char *name) +{ + this->pools->insert_last(this->pools, strdup(name)); +} + +METHOD(peer_cfg_t, create_pool_enumerator, enumerator_t*, private_peer_cfg_t *this) { - return this->pool; + return this->pools->create_enumerator(this->pools); } METHOD(peer_cfg_t, add_auth_cfg, void, @@ -529,6 +535,7 @@ METHOD(peer_cfg_t, equals, bool, { enumerator_t *e1, *e2; host_t *vip1, *vip2; + char *pool1, *pool2; if (this == other) { @@ -557,6 +564,25 @@ METHOD(peer_cfg_t, equals, bool, e1->destroy(e1); e2->destroy(e2); + if (this->pools->get_count(this->pools) != + other->pools->get_count(other->pools)) + { + return FALSE; + } + e1 = create_pool_enumerator(this); + e2 = create_pool_enumerator(other); + if (e1->enumerate(e1, &pool1) && e2->enumerate(e2, &pool2)) + { + if (!streq(pool1, pool2)) + { + e1->destroy(e1); + e2->destroy(e2); + return FALSE; + } + } + e1->destroy(e1); + e2->destroy(e2); + return ( this->ike_version == other->ike_version && this->cert_policy == other->cert_policy && @@ -568,8 +594,6 @@ METHOD(peer_cfg_t, equals, bool, this->jitter_time == other->jitter_time && this->over_time == other->over_time && this->dpd == other->dpd && - (this->pool == other->pool || - (this->pool && other->pool && streq(this->pool, other->pool))) && auth_cfg_equal(this, other) #ifdef ME && this->mediation == other->mediation && @@ -601,13 +625,13 @@ METHOD(peer_cfg_t, destroy, void, this->remote_auth->destroy_offset(this->remote_auth, offsetof(auth_cfg_t, destroy)); this->vips->destroy_offset(this->vips, offsetof(host_t, destroy)); + this->pools->destroy_function(this->pools, free); #ifdef ME DESTROY_IF(this->mediated_by); DESTROY_IF(this->peer_id); #endif /* ME */ this->mutex->destroy(this->mutex); free(this->name); - free(this->pool); free(this); } } @@ -621,7 +645,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, u_int32_t rekey_time, u_int32_t reauth_time, u_int32_t jitter_time, u_int32_t over_time, bool mobike, bool aggressive, u_int32_t dpd, - u_int32_t dpd_timeout, char *pool, + u_int32_t dpd_timeout, bool mediation, peer_cfg_t *mediated_by, identification_t *peer_id) { @@ -657,7 +681,8 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, .get_dpd_timeout = _get_dpd_timeout, .add_virtual_ip = _add_virtual_ip, .create_virtual_ip_enumerator = _create_virtual_ip_enumerator, - .get_pool = _get_pool, + .add_pool = _add_pool, + .create_pool_enumerator = _create_pool_enumerator, .add_auth_cfg = _add_auth_cfg, .create_auth_cfg_enumerator = _create_auth_cfg_enumerator, .equals = (void*)_equals, @@ -686,7 +711,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, .dpd = dpd, .dpd_timeout = dpd_timeout, .vips = linked_list_create(), - .pool = strdupnull(pool), + .pools = linked_list_create(), .local_auth = linked_list_create(), .remote_auth = linked_list_create(), .refcount = 1, diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h index fd924dc2c..f65b91258 100644 --- a/src/libcharon/config/peer_cfg.h +++ b/src/libcharon/config/peer_cfg.h @@ -294,11 +294,18 @@ struct peer_cfg_t { enumerator_t* (*create_virtual_ip_enumerator)(peer_cfg_t *this); /** - * Get the name of the pool to acquire configuration attributes from. + * Add a pool name this configuration uses to select virtual IPs. * - * @return pool name, NULL if none defined + * @param name pool name to use for virtual IP lookup */ - char* (*get_pool)(peer_cfg_t *this); + void (*add_pool)(peer_cfg_t *this, char *name); + + /** + * Create an enumerator over pool names of this config. + * + * @return enumerator over char* + */ + enumerator_t* (*create_pool_enumerator)(peer_cfg_t *this); #ifdef ME /** @@ -378,7 +385,6 @@ struct peer_cfg_t { * @param aggressive use/accept aggressive mode with IKEv1 * @param dpd DPD check interval, 0 to disable * @param dpd_timeout DPD timeout interval (IKEv1 only), if 0 default applies - * @param pool pool name to get configuration attributes from, or NULL * @param mediation TRUE if this is a mediation connection * @param mediated_by peer_cfg_t of the mediation connection to mediate through * @param peer_id ID that identifies our peer at the mediation server @@ -390,7 +396,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, u_int32_t rekey_time, u_int32_t reauth_time, u_int32_t jitter_time, u_int32_t over_time, bool mobike, bool aggressive, u_int32_t dpd, - u_int32_t dpd_timeout, char *pool, + u_int32_t dpd_timeout, bool mediation, peer_cfg_t *mediated_by, identification_t *peer_id); diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c index 1236e4534..81628b80a 100644 --- a/src/libcharon/plugins/android/android_service.c +++ b/src/libcharon/plugins/android/android_service.c @@ -275,7 +275,7 @@ static job_requeue_t initiate(private_android_service_t *this) 600, 600, /* jitter, over 10min */ TRUE, FALSE, /* mobike, aggressive */ 0, 0, /* DPD delay, timeout */ - NULL, FALSE, NULL, NULL); /* pool, mediation */ + FALSE, NULL, NULL); /* mediation */ peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); auth = auth_cfg_create(); diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index 8516f4f3e..f07b4ea21 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -413,23 +413,24 @@ static void process_ike_update(private_ha_dispatcher_t *this, } if (received_vip) { + enumerator_t *pools, *vips; host_t *vip; char *pool; peer_cfg = ike_sa->get_peer_cfg(ike_sa); if (peer_cfg) { - pool = peer_cfg->get_pool(peer_cfg); - if (pool) + pools = peer_cfg->create_pool_enumerator(peer_cfg); + while (pools->enumerate(pools, &pool)) { - enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, - FALSE); - while (enumerator->enumerate(enumerator, &vip)) + vips = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE); + while (vips->enumerate(vips, &vip)) { this->attr->reserve(this->attr, pool, vip); } - enumerator->destroy(enumerator); + vips->destroy(vips); } + pools->destroy(pools); } } if (ike_sa->get_version(ike_sa) == IKEV1) diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index 15ba28e1d..541dd9313 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -209,7 +209,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create("ha", IKEV2, ike_cfg, CERT_NEVER_SEND, UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30, - 0, NULL, FALSE, NULL, NULL); + 0, FALSE, NULL, NULL); auth_cfg = auth_cfg_create(); auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 09e220b2d..735f17985 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -268,11 +268,15 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) FALSE, FALSE, /* mobike, aggressive mode */ this->dpd_delay, /* dpd_delay */ this->dpd_timeout, /* dpd_timeout */ - this->pool, FALSE, NULL, NULL); + FALSE, NULL, NULL); if (this->vip) { peer_cfg->add_virtual_ip(peer_cfg, this->vip->clone(this->vip)); } + if (this->pool) + { + peer_cfg->add_pool(peer_cfg, this->pool); + } if (num) { /* initiator */ generate_auth_cfg(this, this->initiator_auth, peer_cfg, TRUE, num); diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index e8718b954..cb2fc9ebb 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -335,7 +335,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, 600, 600, /* jitter, over 10min */ TRUE, FALSE, /* mobike, aggressive */ 0, 0, /* DPD delay, timeout */ - NULL, FALSE, NULL, NULL); /* pool, mediation */ + FALSE, NULL, NULL); /* mediation */ peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); auth = auth_cfg_create(); diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index f44ff39fe..a1825effc 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -129,7 +129,6 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, FALSE, /* mobike, aggressive */ this->dpd, 0, /* DPD delay, timeout */ - NULL, /* pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); @@ -167,7 +166,6 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, FALSE, /* mobike, aggressive */ this->dpd, 0, /* DPD delay, timeout */ - NULL, /* pool */ FALSE, med_cfg, /* mediation, med by */ identification_create_from_encoding(ID_KEY_ID, other)); @@ -243,7 +241,6 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, FALSE, /* mobike, aggressive */ this->dpd, 0, /* DPD delay, timeout */ - NULL, /* pool */ FALSE, NULL, NULL); /* mediation, med by, peer id */ auth = auth_cfg_create(); diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c index edbf9cc88..ff33c53e1 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.c +++ b/src/libcharon/plugins/medsrv/medsrv_config.c @@ -94,7 +94,6 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, FALSE, /* mobike, aggressiv */ this->dpd, 0, /* DPD delay, timeout */ - NULL, /* pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 343d6e40c..e215b39b8 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -371,12 +371,16 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, peer_cfg = peer_cfg_create( name, IKEV2, ike, cert_policy, uniqueid, keyingtries, rekeytime, reauthtime, jitter, overtime, - mobike, FALSE, dpd_delay, 0, pool, + mobike, FALSE, dpd_delay, 0, mediation, mediated_cfg, peer_id); if (vip) { peer_cfg->add_virtual_ip(peer_cfg, vip); } + if (pool) + { + peer_cfg->add_pool(peer_cfg, pool); + } auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, auth_method); auth->add(auth, AUTH_RULE_IDENTITY, local_id); diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index e3ea5428a..5f32072ce 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -778,13 +778,19 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, msg->add_conn.rekey.tries, rekey, reauth, jitter, over, msg->add_conn.mobike, msg->add_conn.aggressive, msg->add_conn.dpd.delay, msg->add_conn.dpd.timeout, - msg->add_conn.other.sourceip_mask ? - msg->add_conn.name : msg->add_conn.other.sourceip, msg->add_conn.ikeme.mediation, mediated_by, peer_id); if (vip) { peer_cfg->add_virtual_ip(peer_cfg, vip); } + if (msg->add_conn.other.sourceip_mask) + { + peer_cfg->add_pool(peer_cfg, msg->add_conn.name); + } + else if (msg->add_conn.other.sourceip) + { + peer_cfg->add_pool(peer_cfg, msg->add_conn.other.sourceip); + } /* build leftauth= */ auth_cfg = build_auth_cfg(this, msg, TRUE, TRUE); diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index 140cbea60..1201f568e 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -178,7 +178,6 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, 1800, 900, /* jitter, overtime */ TRUE, FALSE, /* mobike, aggressive */ 60, 0, /* DPD delay, timeout */ - NULL, /* pool */ FALSE, NULL, NULL); /* mediation, med by, peer id */ auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 26e65b2bb..7672accc4 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -2055,11 +2055,21 @@ METHOD(ike_sa_t, destroy, void, while (this->other_vips->remove_last(this->other_vips, (void**)&vip) == SUCCESS) { - if (this->peer_cfg && this->peer_cfg->get_pool(this->peer_cfg)) + if (this->peer_cfg) { - hydra->attributes->release_address(hydra->attributes, - this->peer_cfg->get_pool(this->peer_cfg), - vip, get_other_eap_id(this)); + enumerator_t *enumerator; + char *pool; + + enumerator = this->peer_cfg->create_pool_enumerator(this->peer_cfg); + while (enumerator->enumerate(enumerator, &pool)) + { + if (hydra->attributes->release_address(hydra->attributes, pool, + vip, get_other_eap_id(this))) + { + break; + } + } + enumerator->destroy(enumerator); } vip->destroy(vip); } diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c index 791f72827..fea2f2c60 100644 --- a/src/libcharon/sa/ikev1/phase1.c +++ b/src/libcharon/sa/ikev1/phase1.c @@ -611,6 +611,20 @@ METHOD(phase1_t, has_virtual_ip, bool, return found; } +METHOD(phase1_t, has_pool, bool, + private_phase1_t *this, peer_cfg_t *peer_cfg) +{ + enumerator_t *enumerator; + bool found = FALSE; + char *pool; + + enumerator = peer_cfg->create_pool_enumerator(peer_cfg); + found = enumerator->enumerate(enumerator, &pool); + enumerator->destroy(enumerator); + + return found; +} + METHOD(phase1_t, save_sa_payload, bool, private_phase1_t *this, message_t *message) { @@ -751,6 +765,7 @@ phase1_t *phase1_create(ike_sa_t *ike_sa, bool initiator) .get_id = _get_id, .select_config = _select_config, .has_virtual_ip = _has_virtual_ip, + .has_pool = _has_pool, .verify_auth = _verify_auth, .build_auth = _build_auth, .save_sa_payload = _save_sa_payload, diff --git a/src/libcharon/sa/ikev1/phase1.h b/src/libcharon/sa/ikev1/phase1.h index 2f0a5f196..eaf8908e7 100644 --- a/src/libcharon/sa/ikev1/phase1.h +++ b/src/libcharon/sa/ikev1/phase1.h @@ -109,6 +109,14 @@ struct phase1_t { identification_t* (*get_id)(phase1_t *this, peer_cfg_t *peer_cfg, bool local); /** + * Check if peer config has virtual IPs pool assigned. + * + * @param peer_cfg peer_config to check + * @return TRUE if peer config contains at least one pool + */ + bool (*has_pool)(phase1_t *this, peer_cfg_t *peer_cfg); + + /** * Check if peer config has virtual IPs to request * * @param peer_cfg peer_config to check diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index e0dcf731d..ea836b76e 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -348,11 +348,20 @@ static bool mode_config_expected(private_task_manager_t *this) { enumerator_t *enumerator; peer_cfg_t *peer_cfg; + char *pool; host_t *host; peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); - if (peer_cfg && peer_cfg->get_pool(peer_cfg)) + if (peer_cfg) { + enumerator = peer_cfg->create_pool_enumerator(peer_cfg); + if (!enumerator->enumerate(enumerator, &pool)) + { /* no pool configured */ + enumerator->destroy(enumerator); + return FALSE; + } + enumerator->destroy(enumerator); + enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, FALSE); if (!enumerator->enumerate(enumerator, &host)) diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index eb9b09e3f..954dea880 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -497,7 +497,7 @@ METHOD(task_t, process_r, status_t, this->ike_sa->get_id(this->ike_sa))); break; } - if (this->peer_cfg->get_pool(this->peer_cfg) == NULL && + if (!this->ph1->has_pool(this->ph1, this->peer_cfg) && this->ph1->has_virtual_ip(this->ph1, this->peer_cfg)) { this->ike_sa->queue_task(this->ike_sa, diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 6f7753676..9ccf9abf5 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -524,7 +524,7 @@ METHOD(task_t, build_r, status_t, this->ike_sa->get_id(this->ike_sa))); break; } - if (this->peer_cfg->get_pool(this->peer_cfg) == NULL && + if (!this->ph1->has_pool(this->ph1, this->peer_cfg) && this->ph1->has_virtual_ip(this->ph1, this->peer_cfg)) { this->ike_sa->queue_task(this->ike_sa, diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c index 6ba3e6768..bad599b83 100644 --- a/src/libcharon/sa/ikev1/tasks/mode_config.c +++ b/src/libcharon/sa/ikev1/tasks/mode_config.c @@ -310,17 +310,24 @@ METHOD(task_t, build_r, status_t, cp_payload_t *cp = NULL; peer_cfg_t *config; identification_t *id; + char *pool; id = this->ike_sa->get_other_eap_id(this->ike_sa); config = this->ike_sa->get_peer_cfg(this->ike_sa); + enumerator = config->create_pool_enumerator(config); + if (!enumerator->enumerate(enumerator, &pool)) + { /* TODO: currently we query the first pool, only */ + pool = NULL; + } + enumerator->destroy(enumerator); if (this->virtual_ip) { DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip); - if (config->get_pool(config)) + if (pool) { vip = hydra->attributes->acquire_address(hydra->attributes, - config->get_pool(config), id, this->virtual_ip); + pool, id, this->virtual_ip); } cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY); if (vip) @@ -336,7 +343,7 @@ METHOD(task_t, build_r, status_t, } /* query registered providers for additional attributes to include */ enumerator = hydra->attributes->create_responder_enumerator( - hydra->attributes, config->get_pool(config), id, vip); + hydra->attributes, pool, id, vip); while (enumerator->enumerate(enumerator, &type, &value)) { if (!cp) diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c index 63d35ec09..5b0871fca 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_config.c +++ b/src/libcharon/sa/ikev2/tasks/ike_config.c @@ -321,17 +321,25 @@ METHOD(task_t, build_r, status_t, cp_payload_t *cp = NULL; peer_cfg_t *config; identification_t *id; + char *pool; id = this->ike_sa->get_other_eap_id(this->ike_sa); config = this->ike_sa->get_peer_cfg(this->ike_sa); + enumerator = config->create_pool_enumerator(config); + if (!enumerator->enumerate(enumerator, &pool)) + { /* TODO: currently we query the first pool, only */ + pool = NULL; + } + enumerator->destroy(enumerator); + if (this->virtual_ip) { DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip); - if (config->get_pool(config)) + if (pool) { vip = hydra->attributes->acquire_address(hydra->attributes, - config->get_pool(config), id, this->virtual_ip); + pool, id, this->virtual_ip); } if (vip == NULL) { @@ -350,7 +358,7 @@ METHOD(task_t, build_r, status_t, /* query registered providers for additional attributes to include */ enumerator = hydra->attributes->create_responder_enumerator( - hydra->attributes, config->get_pool(config), id, vip); + hydra->attributes, pool, id, vip); while (enumerator->enumerate(enumerator, &type, &value)) { if (!cp) diff --git a/src/libhydra/attributes/attribute_manager.c b/src/libhydra/attributes/attribute_manager.c index 95520531e..250302356 100644 --- a/src/libhydra/attributes/attribute_manager.c +++ b/src/libhydra/attributes/attribute_manager.c @@ -87,7 +87,7 @@ METHOD(attribute_manager_t, acquire_address, host_t*, return host; } -METHOD(attribute_manager_t, release_address, void, +METHOD(attribute_manager_t, release_address, bool, private_attribute_manager_t *this, char *pool, host_t *address, identification_t *id) { @@ -108,10 +108,7 @@ METHOD(attribute_manager_t, release_address, void, enumerator->destroy(enumerator); this->lock->unlock(this->lock); - if (!found) - { - DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool); - } + return found; } /** diff --git a/src/libhydra/attributes/attribute_manager.h b/src/libhydra/attributes/attribute_manager.h index 56afef7c6..37e872a10 100644 --- a/src/libhydra/attributes/attribute_manager.h +++ b/src/libhydra/attributes/attribute_manager.h @@ -54,8 +54,9 @@ struct attribute_manager_t { * @param pool pool name from which the address was acquired * @param address address to release * @param id peer identity to get address for + * @return TRUE if address released to pool */ - void (*release_address)(attribute_manager_t *this, + bool (*release_address)(attribute_manager_t *this, char *pool, host_t *address, identification_t *id); /** |