As Unity responder, don't change the proposed TS at all, racoon doesn't like that
[strongswan.git] / src / libcharon / plugins / unity / unity_narrow.c
1 /*
2 * Copyright (C) 2012 Martin Willi
3 * Copyright (C) 2012 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "unity_narrow.h"
17
18 #include <daemon.h>
19
20 typedef struct private_unity_narrow_t private_unity_narrow_t;
21
22 /**
23 * Private data of an unity_narrow_t object.
24 */
25 struct private_unity_narrow_t {
26
27 /**
28 * Public unity_narrow_t interface.
29 */
30 unity_narrow_t public;
31
32 /**
33 * Unity attribute handler
34 */
35 unity_handler_t *handler;
36 };
37
38 /**
39 * Narrow TS as initiator to Unity Split-Include/Local-LAN
40 */
41 static void narrow_initiator(private_unity_narrow_t *this, ike_sa_t *ike_sa,
42 child_cfg_t *cfg, linked_list_t *remote)
43 {
44 traffic_selector_t *current, *orig = NULL;
45 linked_list_t *received, *selected;
46 enumerator_t *enumerator;
47
48 enumerator = this->handler->create_include_enumerator(this->handler,
49 ike_sa->get_unique_id(ike_sa));
50 while (enumerator->enumerate(enumerator, &current))
51 {
52 if (orig == NULL)
53 { /* got one, replace original TS */
54 if (remote->remove_first(remote, (void**)&orig) != SUCCESS)
55 {
56 break;
57 }
58 }
59 /* narrow received Unity TS with the child configuration */
60 received = linked_list_create();
61 received->insert_last(received, current);
62 selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL);
63 while (selected->remove_first(selected, (void**)&current) == SUCCESS)
64 {
65 remote->insert_last(remote, current);
66 }
67 selected->destroy(selected);
68 received->destroy(received);
69 }
70 enumerator->destroy(enumerator);
71 if (orig)
72 {
73 DBG1(DBG_CFG, "narrowed CHILD_SA to %N %#R",
74 configuration_attribute_type_names,
75 UNITY_SPLIT_INCLUDE, remote);
76 orig->destroy(orig);
77 }
78 }
79
80 /**
81 * As initiator, bump up TS to 0.0.0.0/0 for on-the-wire bits
82 */
83 static void narrow_initiator_pre(linked_list_t *list)
84 {
85 traffic_selector_t *ts;
86
87 while (list->remove_first(list, (void**)&ts) == SUCCESS)
88 {
89 ts->destroy(ts);
90 }
91 ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
92 "0.0.0.0", 0,
93 "255.255.255.255", 65535);
94 if (ts)
95 {
96 list->insert_last(list, ts);
97 }
98 }
99
100 /**
101 * As responder, narrow down TS to configuration for installation
102 */
103 static void narrow_responder_post(child_cfg_t *child_cfg, linked_list_t *local)
104 {
105 traffic_selector_t *ts;
106 linked_list_t *configured;
107
108 while (local->remove_first(local, (void**)&ts) == SUCCESS)
109 {
110 ts->destroy(ts);
111 }
112 configured = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
113
114 while (configured->remove_first(configured, (void**)&ts) == SUCCESS)
115 {
116 local->insert_last(local, ts);
117 }
118 configured->destroy(configured);
119 }
120
121 METHOD(listener_t, narrow, bool,
122 private_unity_narrow_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
123 narrow_hook_t type, linked_list_t *local, linked_list_t *remote)
124 {
125 if (ike_sa->get_version(ike_sa) == IKEV1 &&
126 ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY))
127 {
128 switch (type)
129 {
130 case NARROW_INITIATOR_PRE_AUTH:
131 narrow_initiator_pre(remote);
132 break;
133 case NARROW_INITIATOR_POST_AUTH:
134 narrow_initiator(this, ike_sa,
135 child_sa->get_config(child_sa), remote);
136 break;
137 case NARROW_RESPONDER_POST:
138 narrow_responder_post(child_sa->get_config(child_sa), local);
139 break;
140 default:
141 break;
142 }
143 }
144 return TRUE;
145 }
146
147 METHOD(unity_narrow_t, destroy, void,
148 private_unity_narrow_t *this)
149 {
150 free(this);
151 }
152
153 /**
154 * See header
155 */
156 unity_narrow_t *unity_narrow_create(unity_handler_t *handler)
157 {
158 private_unity_narrow_t *this;
159
160 INIT(this,
161 .public = {
162 .listener = {
163 .narrow = _narrow,
164 },
165 .destroy = _destroy,
166 },
167 .handler = handler,
168 );
169
170 return &this->public;
171 }