fixed rightsourceip=%config scenarios
authorMartin Willi <martin@strongswan.org>
Mon, 14 Apr 2008 07:18:16 +0000 (07:18 -0000)
committerMartin Willi <martin@strongswan.org>
Mon, 14 Apr 2008 07:18:16 +0000 (07:18 -0000)
src/charon/plugins/stroke/stroke_attribute.c
src/charon/plugins/stroke/stroke_config.c
src/charon/sa/tasks/ike_config.c

index 9fdd68a..71b56bc 100644 (file)
@@ -62,7 +62,7 @@ typedef struct {
  */
 static void pool_destroy(pool_t *this)
 {
-       this->base->destroy(this->base);
+       DESTROY_IF(this->base);
        free(this->name);
        free(this->in_use);
        free(this);
@@ -168,12 +168,19 @@ static host_t* acquire_address(private_stroke_attribute_t *this,
        {
                if (requested && !requested->is_anyaddr(requested))
                {
-                       i = host2offset(pool, requested);
-                       if (i >= 0 && !pool->in_use[i])
-                       {
-                               pool->in_use[i] = TRUE;
+                       if (pool->count == 0)
+                       {       /* %config, give any */
                                host = requested->clone(requested);
                        }
+                       else
+                       {
+                               i = host2offset(pool, requested);
+                               if (i >= 0 && !pool->in_use[i])
+                               {
+                                       pool->in_use[i] = TRUE;
+                                       host = requested->clone(requested);
+                               }
+                       }
                }
                if (!host)
                {
@@ -206,11 +213,14 @@ static bool release_address(private_stroke_attribute_t *this,
        pool = find_pool(this, name);
        if (pool)
        {
-               i = host2offset(pool, address);
-               if (i >= 0 && pool->in_use[i])
+               if (pool->count != 0)
                {
-                       pool->in_use[i] = FALSE;
-                       found =TRUE;
+                       i = host2offset(pool, address);
+                       if (i >= 0 && pool->in_use[i])
+                       {
+                               pool->in_use[i] = FALSE;
+                               found = TRUE;
+                       }
                }
        }
        this->mutex->unlock(this->mutex);
@@ -222,41 +232,53 @@ static bool release_address(private_stroke_attribute_t *this,
  */
 static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg)
 {
-       if (msg->add_conn.other.sourceip && msg->add_conn.other.sourceip_size)
+       if (msg->add_conn.other.sourceip_size)
        {
                pool_t *pool;
-               u_int32_t bits;
-               int family;
                
-               DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", 
-                        msg->add_conn.name, msg->add_conn.other.sourceip, 
-                        msg->add_conn.other.sourceip_size);
-               
-               pool = malloc_thing(pool_t);
-               pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0);
-               if (!pool->base)
-               {
-                       free(pool);
-                       DBG1(DBG_CFG, "virtual IP address invalid, discarded");
-                       return;
-               }
-               pool->name = strdup(msg->add_conn.name);
-               family = pool->base->get_family(pool->base);
-               bits = (family == AF_INET ? 32 : 128) - msg->add_conn.other.sourceip_size;
-               if (bits > POOL_LIMIT)
+               if (msg->add_conn.other.sourceip)
                {
-                       bits = POOL_LIMIT;
-                       DBG1(DBG_CFG, "virtual IP pool to large, limiting to %s/%d",
-                                msg->add_conn.other.sourceip,
-                                (family == AF_INET ? 32 : 128) - bits);
-               }
-               pool->count = 1 << (bits);
-               pool->in_use = calloc(pool->count, sizeof(u_int8_t));
+                       u_int32_t bits;
+                       int family;
+               
+                       DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", 
+                                msg->add_conn.name, msg->add_conn.other.sourceip, 
+                                msg->add_conn.other.sourceip_size);
+               
+                       pool = malloc_thing(pool_t);
+                       pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0);
+                       if (!pool->base)
+                       {
+                               free(pool);
+                               DBG1(DBG_CFG, "virtual IP address invalid, discarded");
+                               return;
+                       }
+                       pool->name = strdup(msg->add_conn.name);
+                       family = pool->base->get_family(pool->base);
+                       bits = (family == AF_INET ? 32 : 128) - msg->add_conn.other.sourceip_size;
+                       if (bits > POOL_LIMIT)
+                       {
+                               bits = POOL_LIMIT;
+                               DBG1(DBG_CFG, "virtual IP pool to large, limiting to %s/%d",
+                                        msg->add_conn.other.sourceip,
+                                        (family == AF_INET ? 32 : 128) - bits);
+                       }
+                       pool->count = 1 << (bits);
+                       pool->in_use = calloc(pool->count, sizeof(u_int8_t));
                
-               if (pool->count > 2)
-               {       /* do not use first and last addresses of a block */
-                       pool->in_use[0] = TRUE;
-                       pool->in_use[pool->count-1] = TRUE;
+                       if (pool->count > 2)
+                       {       /* do not use first and last addresses of a block */
+                               pool->in_use[0] = TRUE;
+                               pool->in_use[pool->count-1] = TRUE;
+                       }
+               }
+               else
+               {       /* %config, add an empty pool */
+                       pool = malloc_thing(pool_t);
+                       pool->name = strdup(msg->add_conn.name);
+                       pool->base = NULL;
+                       pool->count = 0;
+                       pool->in_use = NULL;
                }
                this->mutex->lock(this->mutex);
                this->pools->insert_last(this->pools, pool);
index a7a7232..8834a7f 100644 (file)
@@ -492,7 +492,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
                msg->add_conn.eap_type, msg->add_conn.eap_vendor,
                msg->add_conn.rekey.tries, rekey, reauth, jitter, over,
                msg->add_conn.mobike, msg->add_conn.dpd.delay,
-               vip, msg->add_conn.other.sourceip ? msg->add_conn.name : NULL,
+               vip, msg->add_conn.other.sourceip_size ? msg->add_conn.name : NULL,
                msg->add_conn.ikeme.mediation, mediated_by, peer_id);
 }
 
index 7bd214f..22c4f0c 100644 (file)
@@ -302,14 +302,17 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
                
                if (config && this->virtual_ip)
                {
-                       host_t *ip;
+                       host_t *ip = NULL;
                        
                        DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip);
-                       ip = charon->attributes->acquire_address(charon->attributes, 
+                       if (config->get_pool(config))
+                       {
+                               ip = charon->attributes->acquire_address(charon->attributes, 
                                                                        config->get_pool(config),
                                                                        this->ike_sa->get_other_id(this->ike_sa),
                                                                        this->ike_sa->get_other_auth(this->ike_sa),
                                                                        this->virtual_ip);
+                       }
                        if (ip == NULL)
                        {
                                DBG1(DBG_IKE, "not assigning a virtual IP to peer");