mem-pool: Pass the remote IKE address, to re-acquire() an address during reauth
authorMartin Willi <martin@revosec.ch>
Tue, 4 Nov 2014 15:32:33 +0000 (16:32 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 20 Feb 2015 12:34:57 +0000 (13:34 +0100)
commit22e6a06b8c2d12374156a9559bbc7edd183a9040
treec39ec384ddc6e22d7fe1e98bb03233d1517b9cf7
parent3676023e54c75bab3d2787c78f8024704d4bb4c3
mem-pool: Pass the remote IKE address, to re-acquire() an address during reauth

With make-before-break IKEv2 re-authentication, virtual IP addresses must be
assigned overlapping to the same peer. With the remote IKE address, the backend
can detect re-authentication attempts by comparing the remote host address and
port. This allows proper reassignment of the virtual IP if it is re-requested.

This change removes the mem-pool.reassign_online option, as it is obsolete now.
IPs get automatically reassigned if a peer re-requests the same address, and
additionally connects from the same address and port.
conf/options/charon.opt
src/libcharon/attributes/mem_pool.c
src/libcharon/attributes/mem_pool.h
src/libcharon/plugins/load_tester/load_tester_config.c
src/libcharon/plugins/stroke/stroke_attribute.c
src/libcharon/plugins/vici/vici_attribute.c
src/libcharon/tests/suites/test_mem_pool.c