projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Support multiple virtual IPs on peer_cfg and ike_sa classes
[strongswan.git] / src / libcharon / processing / jobs / migrate_job.c
1 /*
2 * Copyright (C) 2008 Andreas Steffen
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "migrate_job.h"
17
18 #include <daemon.h>
19
20 #include <config/child_cfg.h>
21
22
23 typedef struct private_migrate_job_t private_migrate_job_t;
24
25 /**
26 * Private data of a migrate_job_t object.
27 */
28 struct private_migrate_job_t {
29 /**
30 * Public migrate_job_t interface.
31 */
32 migrate_job_t public;
33
34 /**
35 * reqid of the CHILD_SA if it already exists
36 */
37 u_int32_t reqid;
38
39 /**
40 * source traffic selector
41 */
42 traffic_selector_t *src_ts;
43
44 /**
45 * destination traffic selector
46 */
47 traffic_selector_t *dst_ts;
48
49 /**
50 * local host address to be used for IKE
51 */
52 host_t *local;
53
54 /**
55 * remote host address to be used for IKE
56 */
57 host_t *remote;
58 };
59
60 METHOD(job_t, destroy, void,
61 private_migrate_job_t *this)
62 {
63 DESTROY_IF(this->src_ts);
64 DESTROY_IF(this->dst_ts);
65 DESTROY_IF(this->local);
66 DESTROY_IF(this->remote);
67 free(this);
68 }
69
70 METHOD(job_t, execute, job_requeue_t,
71 private_migrate_job_t *this)
72 {
73 ike_sa_t *ike_sa = NULL;
74
75 if (this->reqid)
76 {
77 ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
78 this->reqid, TRUE);
79 }
80 if (ike_sa)
81 {
82 enumerator_t *children, *enumerator;
83 child_sa_t *child_sa;
84 host_t *host;
85 linked_list_t *vips;
86
87 children = ike_sa->create_child_sa_enumerator(ike_sa);
88 while (children->enumerate(children, (void**)&child_sa))
89 {
90 if (child_sa->get_reqid(child_sa) == this->reqid)
91 {
92 break;
93 }
94 }
95 children->destroy(children);
96 DBG2(DBG_JOB, "found CHILD_SA with reqid {%d}", this->reqid);
97
98 ike_sa->set_kmaddress(ike_sa, this->local, this->remote);
99
100 host = this->local->clone(this->local);
101 host->set_port(host, charon->socket->get_port(charon->socket, FALSE));
102 ike_sa->set_my_host(ike_sa, host);
103
104 host = this->remote->clone(this->remote);
105 host->set_port(host, IKEV2_UDP_PORT);
106 ike_sa->set_other_host(ike_sa, host);
107
108 vips = linked_list_create();
109 enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE);
110 while (enumerator->enumerate(enumerator, &host))
111 {
112 vips->insert_last(vips, host);
113 }
114 enumerator->destroy(enumerator);
115
116 if (child_sa->update(child_sa, this->local, this->remote, vips,
117 ike_sa->has_condition(ike_sa, COND_NAT_ANY)) == NOT_SUPPORTED)
118 {
119 ike_sa->rekey_child_sa(ike_sa, child_sa->get_protocol(child_sa),
120 child_sa->get_spi(child_sa, TRUE));
121 }
122 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
123 vips->destroy(vips);
124 }
125 else
126 {
127 DBG1(DBG_JOB, "no CHILD_SA found with reqid {%d}", this->reqid);
128 }
129 return JOB_REQUEUE_NONE;
130 }
131
132 METHOD(job_t, get_priority, job_priority_t,
133 private_migrate_job_t *this)
134 {
135 return JOB_PRIO_MEDIUM;
136 }
137
138 /*
139 * Described in header
140 */
141 migrate_job_t *migrate_job_create(u_int32_t reqid,
142 traffic_selector_t *src_ts,
143 traffic_selector_t *dst_ts,
144 policy_dir_t dir,
145 host_t *local, host_t *remote)
146 {
147 private_migrate_job_t *this;
148
149 INIT(this,
150 .public = {
151 .job_interface = {
152 .execute = _execute,
153 .get_priority = _get_priority,
154 .destroy = _destroy,
155 },
156 },
157 .reqid = reqid,
158 .src_ts = (dir == POLICY_OUT) ? src_ts : dst_ts,
159 .dst_ts = (dir == POLICY_OUT) ? dst_ts : src_ts,
160 .local = local,
161 .remote = remote,
162 );
163
164 return &this->public;
165 }
strongSwan - IPsec VPN