unity: Send all traffic selectors in a single UNITY_SPLIT_INCLUDE attribute
authorTobias Brunner <tobias@strongswan.org>
Fri, 15 Nov 2013 15:45:59 +0000 (16:45 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 23 Jan 2014 09:35:21 +0000 (10:35 +0100)
Cisco clients only handle the first such attribute.

src/libcharon/plugins/unity/unity_provider.c

index 30b2034..86f81fc 100644 (file)
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2012 Martin Willi
  * Copyright (C) 2012 revosec AG
  *
@@ -16,6 +19,7 @@
 #include "unity_provider.h"
 
 #include <daemon.h>
+#include <bio/bio_writer.h>
 
 typedef struct private_unity_provider_t private_unity_provider_t;
 
@@ -31,63 +35,70 @@ struct private_unity_provider_t {
 };
 
 /**
- * Attribute enumerator for traffic selector list
+ * Attribute enumerator for UNITY_SPLIT_INCLUDE attribute
  */
 typedef struct {
        /** Implements enumerator_t */
        enumerator_t public;
        /** list of traffic selectors to enumerate */
        linked_list_t *list;
-       /** currently enumerating attribute data */
-       struct __attribute__((packed)) {
-               u_char net[4];
-               u_char mask[4];
-               /* the Cisco client parses this as protocol, src and dst port, the first
-                * two in network order the last in host order - no other clients seem
-                * to support these fields so we don't use them either */
-               u_char padding[6];
-       } attr;
+       /** attribute value */
+       chunk_t attr;
 } attribute_enumerator_t;
 
+/**
+ * Append data from the given traffic selector to the attribute data
+ */
+static void append_ts(bio_writer_t *writer, traffic_selector_t *ts)
+{
+       host_t *net, *mask;
+       chunk_t padding;
+       u_int8_t bits;
+
+       if (!ts->to_subnet(ts, &net, &bits))
+       {
+               return;
+       }
+       mask = host_create_netmask(AF_INET, bits);
+       if (!mask)
+       {
+               net->destroy(net);
+               return;
+       }
+       writer->write_data(writer, net->get_address(net));
+       writer->write_data(writer, mask->get_address(mask));
+       /* the Cisco client parses the "padding" as protocol, src and dst port, the
+        * first two in network order the last in host order - no other clients seem
+        * to support these fields so we don't use them either */
+       padding = writer->skip(writer, 6);
+       memset(padding.ptr, 0, padding.len);
+       mask->destroy(mask);
+       net->destroy(net);
+}
+
 METHOD(enumerator_t, attribute_enumerate, bool,
        attribute_enumerator_t *this, configuration_attribute_type_t *type,
        chunk_t *attr)
 {
        traffic_selector_t *ts;
-       u_int8_t i, mask;
-       host_t *net;
+       bio_writer_t *writer;
 
-       while (TRUE)
+       if (this->list->get_count(this->list) == 0)
        {
-               if (this->list->remove_first(this->list, (void**)&ts) != SUCCESS)
-               {
-                       return FALSE;
-               }
-               if (ts->to_subnet(ts, &net, &mask))
-               {
-                       ts->destroy(ts);
-                       break;
-               }
-               ts->destroy(ts);
+               return FALSE;
        }
-       memcpy(this->attr.net, net->get_address(net).ptr, sizeof(this->attr.net));
-       net->destroy(net);
 
-       memset(this->attr.mask, 0, sizeof(this->attr.mask));
-       for (i = 0; i < sizeof(this->attr.mask); i++)
+       writer = bio_writer_create(14);
+       while (this->list->remove_first(this->list, (void**)&ts) == SUCCESS)
        {
-               if (mask < 8)
-               {
-                       this->attr.mask[i] = 0xFF << (8 - mask);
-                       break;
-               }
-               this->attr.mask[i] = 0xFF;
-               mask -= 8;
+               append_ts(writer, ts);
+               ts->destroy(ts);
        }
 
        *type = UNITY_SPLIT_INCLUDE;
-       *attr = chunk_create(this->attr.net, sizeof(this->attr));
+       *attr = this->attr = writer->extract_buf(writer);
 
+       writer->destroy(writer);
        return TRUE;
 }
 
@@ -95,6 +106,7 @@ METHOD(enumerator_t, attribute_destroy, void,
        attribute_enumerator_t *this)
 {
        this->list->destroy_offset(this->list, offsetof(traffic_selector_t, destroy));
+       chunk_free(&this->attr);
        free(this);
 }