From 79b6ead1e494853f41c5845d55d4a6dd6ec71588 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 15 Jul 2013 15:17:06 +0200 Subject: unity: Replicate default behavior if no UNITY_SPLIT_INCLUDE attributes were received --- src/libcharon/plugins/unity/unity_narrow.c | 43 ++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 11 deletions(-) (limited to 'src/libcharon/plugins/unity/unity_narrow.c') diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c index 56de0028f..edff51a08 100644 --- a/src/libcharon/plugins/unity/unity_narrow.c +++ b/src/libcharon/plugins/unity/unity_narrow.c @@ -35,6 +35,26 @@ struct private_unity_narrow_t { unity_handler_t *handler; }; +/** + * Narrow the given received traffic selector with the child configuration and + * put them into the given list of TS + */ +static void narrow_ts(child_cfg_t *cfg, traffic_selector_t *ts, + linked_list_t *list) +{ + linked_list_t *received, *selected; + + received = linked_list_create(); + received->insert_last(received, ts); + selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL); + while (selected->remove_first(selected, (void**)&ts) == SUCCESS) + { + list->insert_last(list, ts); + } + selected->destroy(selected); + received->destroy(received); +} + /** * Narrow TS as initiator to Unity Split-Include/Local-LAN */ @@ -42,7 +62,6 @@ static void narrow_initiator(private_unity_narrow_t *this, ike_sa_t *ike_sa, child_cfg_t *cfg, linked_list_t *remote) { traffic_selector_t *current, *orig = NULL; - linked_list_t *received, *selected; enumerator_t *enumerator; enumerator = this->handler->create_include_enumerator(this->handler, @@ -56,16 +75,7 @@ static void narrow_initiator(private_unity_narrow_t *this, ike_sa_t *ike_sa, break; } } - /* narrow received Unity TS with the child configuration */ - received = linked_list_create(); - received->insert_last(received, current); - selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL); - while (selected->remove_first(selected, (void**)¤t) == SUCCESS) - { - remote->insert_last(remote, current); - } - selected->destroy(selected); - received->destroy(received); + narrow_ts(cfg, current, remote); } enumerator->destroy(enumerator); if (orig) @@ -75,6 +85,15 @@ static void narrow_initiator(private_unity_narrow_t *this, ike_sa_t *ike_sa, UNITY_SPLIT_INCLUDE, remote); orig->destroy(orig); } + else + { /* since we originally changed the traffic selector to 0.0.0.0/0 local + * narrowing is not applied if no Split-Include attrs are received */ + if (remote->remove_first(remote, (void**)&orig) == SUCCESS) + { + narrow_ts(cfg, orig, remote); + orig->destroy(orig); + } + } } /** @@ -93,6 +112,8 @@ static void narrow_initiator_pre(linked_list_t *list) "255.255.255.255", 65535); if (ts) { + DBG2(DBG_CFG, "changing proposed traffic selectors for other:"); + DBG2(DBG_CFG, " %R", ts); list->insert_last(list, ts); } } -- cgit v1.2.3