Support multiple address pools configured on a peer_cfg
authorMartin Willi <martin@revosec.ch>
Fri, 24 Aug 2012 12:31:24 +0000 (12:31 +0000)
committerMartin Willi <martin@revosec.ch>
Thu, 30 Aug 2012 14:43:42 +0000 (16:43 +0200)
25 files changed:
src/charon-nm/nm/nm_service.c
src/conftest/config.c
src/frontends/android/jni/libandroidbridge/backend/android_service.c
src/libcharon/config/peer_cfg.c
src/libcharon/config/peer_cfg.h
src/libcharon/plugins/android/android_service.c
src/libcharon/plugins/ha/ha_dispatcher.c
src/libcharon/plugins/ha/ha_tunnel.c
src/libcharon/plugins/load_tester/load_tester_config.c
src/libcharon/plugins/maemo/maemo_service.c
src/libcharon/plugins/medcli/medcli_config.c
src/libcharon/plugins/medsrv/medsrv_config.c
src/libcharon/plugins/sql/sql_config.c
src/libcharon/plugins/stroke/stroke_config.c
src/libcharon/plugins/uci/uci_config.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/ikev1/phase1.c
src/libcharon/sa/ikev1/phase1.h
src/libcharon/sa/ikev1/task_manager_v1.c
src/libcharon/sa/ikev1/tasks/aggressive_mode.c
src/libcharon/sa/ikev1/tasks/main_mode.c
src/libcharon/sa/ikev1/tasks/mode_config.c
src/libcharon/sa/ikev2/tasks/ike_config.c
src/libhydra/attributes/attribute_manager.c
src/libhydra/attributes/attribute_manager.h

index 2eef51a..461837c 100644 (file)
@@ -507,7 +507,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
                                        600, 600, /* jitter, over 10min */
                                        TRUE, FALSE, /* mobike, aggressive */
                                        0, 0, /* DPD delay, timeout */
-                                       NULL, FALSE, NULL, NULL); /* pool, mediation */
+                                       FALSE, NULL, NULL); /* mediation */
        if (virtual)
        {
                peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
index 61f3760..cbc6ac0 100644 (file)
@@ -253,7 +253,7 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
        ike_cfg = load_ike_config(this, settings, config);
        peer_cfg = peer_cfg_create(config, IKEV2, ike_cfg, CERT_ALWAYS_SEND,
                                                           UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, 0, 0,
-                                                          NULL, FALSE, NULL, NULL);
+                                                          FALSE, NULL, NULL);
 
        auth = auth_cfg_create();
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
index d472301..d1769a9 100644 (file)
@@ -442,7 +442,7 @@ static job_requeue_t initiate(private_android_service_t *this)
                                                           600, 600, /* jitter, over 10min */
                                                           TRUE, FALSE, /* mobike, aggressive */
                                                           0, 0, /* DPD delay, timeout */
-                                                          NULL, FALSE, NULL, NULL); /* pool, mediation */
+                                                          FALSE, NULL, NULL); /* mediation */
        peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
 
        auth = auth_cfg_create();
index 091176a..59869ea 100644 (file)
@@ -146,9 +146,9 @@ struct private_peer_cfg_t {
        linked_list_t *vips;
 
        /**
-        * pool to acquire configuration attributes from
+        * List of pool names to use for virtual IP lookup
         */
-       char *pool;
+       linked_list_t *pools;
 
        /**
         * local authentication configs (rulesets)
@@ -421,10 +421,16 @@ METHOD(peer_cfg_t, create_virtual_ip_enumerator, enumerator_t*,
        return this->vips->create_enumerator(this->vips);
 }
 
-METHOD(peer_cfg_t, get_pool, char*,
+METHOD(peer_cfg_t, add_pool, void,
+       private_peer_cfg_t *this, char *name)
+{
+       this->pools->insert_last(this->pools, strdup(name));
+}
+
+METHOD(peer_cfg_t, create_pool_enumerator, enumerator_t*,
        private_peer_cfg_t *this)
 {
-       return this->pool;
+       return this->pools->create_enumerator(this->pools);
 }
 
 METHOD(peer_cfg_t, add_auth_cfg, void,
@@ -529,6 +535,7 @@ METHOD(peer_cfg_t, equals, bool,
 {
        enumerator_t *e1, *e2;
        host_t *vip1, *vip2;
+       char *pool1, *pool2;
 
        if (this == other)
        {
@@ -557,6 +564,25 @@ METHOD(peer_cfg_t, equals, bool,
        e1->destroy(e1);
        e2->destroy(e2);
 
+       if (this->pools->get_count(this->pools) !=
+               other->pools->get_count(other->pools))
+       {
+               return FALSE;
+       }
+       e1 = create_pool_enumerator(this);
+       e2 = create_pool_enumerator(other);
+       if (e1->enumerate(e1, &pool1) && e2->enumerate(e2, &pool2))
+       {
+               if (!streq(pool1, pool2))
+               {
+                       e1->destroy(e1);
+                       e2->destroy(e2);
+                       return FALSE;
+               }
+       }
+       e1->destroy(e1);
+       e2->destroy(e2);
+
        return (
                this->ike_version == other->ike_version &&
                this->cert_policy == other->cert_policy &&
@@ -568,8 +594,6 @@ METHOD(peer_cfg_t, equals, bool,
                this->jitter_time == other->jitter_time &&
                this->over_time == other->over_time &&
                this->dpd == other->dpd &&
-               (this->pool == other->pool ||
-                (this->pool && other->pool && streq(this->pool, other->pool))) &&
                auth_cfg_equal(this, other)
 #ifdef ME
                && this->mediation == other->mediation &&
@@ -601,13 +625,13 @@ METHOD(peer_cfg_t, destroy, void,
                this->remote_auth->destroy_offset(this->remote_auth,
                                                                                offsetof(auth_cfg_t, destroy));
                this->vips->destroy_offset(this->vips, offsetof(host_t, destroy));
+               this->pools->destroy_function(this->pools, free);
 #ifdef ME
                DESTROY_IF(this->mediated_by);
                DESTROY_IF(this->peer_id);
 #endif /* ME */
                this->mutex->destroy(this->mutex);
                free(this->name);
-               free(this->pool);
                free(this);
        }
 }
@@ -621,7 +645,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version,
                                                        u_int32_t rekey_time, u_int32_t reauth_time,
                                                        u_int32_t jitter_time, u_int32_t over_time,
                                                        bool mobike, bool aggressive, u_int32_t dpd,
-                                                       u_int32_t dpd_timeout, char *pool,
+                                                       u_int32_t dpd_timeout,
                                                        bool mediation, peer_cfg_t *mediated_by,
                                                        identification_t *peer_id)
 {
@@ -657,7 +681,8 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version,
                        .get_dpd_timeout = _get_dpd_timeout,
                        .add_virtual_ip = _add_virtual_ip,
                        .create_virtual_ip_enumerator = _create_virtual_ip_enumerator,
-                       .get_pool = _get_pool,
+                       .add_pool = _add_pool,
+                       .create_pool_enumerator = _create_pool_enumerator,
                        .add_auth_cfg = _add_auth_cfg,
                        .create_auth_cfg_enumerator = _create_auth_cfg_enumerator,
                        .equals = (void*)_equals,
@@ -686,7 +711,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version,
                .dpd = dpd,
                .dpd_timeout = dpd_timeout,
                .vips = linked_list_create(),
-               .pool = strdupnull(pool),
+               .pools = linked_list_create(),
                .local_auth = linked_list_create(),
                .remote_auth = linked_list_create(),
                .refcount = 1,
index fd924dc..f65b912 100644 (file)
@@ -294,11 +294,18 @@ struct peer_cfg_t {
        enumerator_t* (*create_virtual_ip_enumerator)(peer_cfg_t *this);
 
        /**
-        * Get the name of the pool to acquire configuration attributes from.
+        * Add a pool name this configuration uses to select virtual IPs.
         *
-        * @return                              pool name, NULL if none defined
+        * @param name                  pool name to use for virtual IP lookup
         */
-       char* (*get_pool)(peer_cfg_t *this);
+       void (*add_pool)(peer_cfg_t *this, char *name);
+
+       /**
+        * Create an enumerator over pool names of this config.
+        *
+        * @return                              enumerator over char*
+        */
+       enumerator_t* (*create_pool_enumerator)(peer_cfg_t *this);
 
 #ifdef ME
        /**
@@ -378,7 +385,6 @@ struct peer_cfg_t {
  * @param aggressive           use/accept aggressive mode with IKEv1
  * @param dpd                          DPD check interval, 0 to disable
  * @param dpd_timeout          DPD timeout interval (IKEv1 only), if 0 default applies
- * @param pool                         pool name to get configuration attributes from, or NULL
  * @param mediation                    TRUE if this is a mediation connection
  * @param mediated_by          peer_cfg_t of the mediation connection to mediate through
  * @param peer_id                      ID that identifies our peer at the mediation server
@@ -390,7 +396,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version,
                                                        u_int32_t rekey_time, u_int32_t reauth_time,
                                                        u_int32_t jitter_time, u_int32_t over_time,
                                                        bool mobike, bool aggressive, u_int32_t dpd,
-                                                       u_int32_t dpd_timeout, char *pool,
+                                                       u_int32_t dpd_timeout,
                                                        bool mediation, peer_cfg_t *mediated_by,
                                                        identification_t *peer_id);
 
index 1236e45..81628b8 100644 (file)
@@ -275,7 +275,7 @@ static job_requeue_t initiate(private_android_service_t *this)
                                                           600, 600, /* jitter, over 10min */
                                                           TRUE, FALSE, /* mobike, aggressive */
                                                           0, 0, /* DPD delay, timeout */
-                                                          NULL, FALSE, NULL, NULL); /* pool, mediation */
+                                                          FALSE, NULL, NULL); /* mediation */
        peer_cfg->add_virtual_ip(peer_cfg,  host_create_from_string("0.0.0.0", 0));
 
        auth = auth_cfg_create();
index 8516f4f..f07b4ea 100644 (file)
@@ -413,23 +413,24 @@ static void process_ike_update(private_ha_dispatcher_t *this,
                }
                if (received_vip)
                {
+                       enumerator_t *pools, *vips;
                        host_t *vip;
                        char *pool;
 
                        peer_cfg = ike_sa->get_peer_cfg(ike_sa);
                        if (peer_cfg)
                        {
-                               pool = peer_cfg->get_pool(peer_cfg);
-                               if (pool)
+                               pools = peer_cfg->create_pool_enumerator(peer_cfg);
+                               while (pools->enumerate(pools, &pool))
                                {
-                                       enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa,
-                                                                                                                                         FALSE);
-                                       while (enumerator->enumerate(enumerator, &vip))
+                                       vips = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
+                                       while (vips->enumerate(vips, &vip))
                                        {
                                                this->attr->reserve(this->attr, pool, vip);
                                        }
-                                       enumerator->destroy(enumerator);
+                                       vips->destroy(vips);
                                }
+                               pools->destroy(pools);
                        }
                }
                if (ike_sa->get_version(ike_sa) == IKEV1)
index 15ba28e..541dd93 100644 (file)
@@ -209,7 +209,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        peer_cfg = peer_cfg_create("ha", IKEV2, ike_cfg, CERT_NEVER_SEND,
                                                UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30,
-                                               0, NULL, FALSE, NULL, NULL);
+                                               0, FALSE, NULL, NULL);
 
        auth_cfg = auth_cfg_create();
        auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
index 09e220b..735f179 100644 (file)
@@ -268,11 +268,15 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
                                                           FALSE, FALSE, /* mobike, aggressive mode */
                                                           this->dpd_delay,   /* dpd_delay */
                                                           this->dpd_timeout, /* dpd_timeout */
-                                                          this->pool, FALSE, NULL, NULL);
+                                                          FALSE, NULL, NULL);
        if (this->vip)
        {
                peer_cfg->add_virtual_ip(peer_cfg, this->vip->clone(this->vip));
        }
+       if (this->pool)
+       {
+               peer_cfg->add_pool(peer_cfg, this->pool);
+       }
        if (num)
        {       /* initiator */
                generate_auth_cfg(this, this->initiator_auth, peer_cfg, TRUE, num);
index e8718b9..cb2fc9e 100644 (file)
@@ -335,7 +335,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
                                                           600, 600, /* jitter, over 10min */
                                                           TRUE, FALSE, /* mobike, aggressive */
                                                           0, 0, /* DPD delay, timeout */
-                                                          NULL, FALSE, NULL, NULL); /* pool, mediation */
+                                                          FALSE, NULL, NULL); /* mediation */
        peer_cfg->add_virtual_ip(peer_cfg,  host_create_from_string("0.0.0.0", 0));
 
        auth = auth_cfg_create();
index f44ff39..a1825ef 100644 (file)
@@ -129,7 +129,6 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                TRUE, FALSE,                                    /* mobike, aggressive */
                this->dpd, 0,                                   /* DPD delay, timeout */
-               NULL,                                                   /* pool */
                TRUE, NULL, NULL);                              /* mediation, med by, peer id */
        e->destroy(e);
 
@@ -167,7 +166,6 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                TRUE, FALSE,                                    /* mobike, aggressive */
                this->dpd, 0,                                   /* DPD delay, timeout */
-               NULL,                                                   /* pool */
                FALSE, med_cfg,                                 /* mediation, med by */
                identification_create_from_encoding(ID_KEY_ID, other));
 
@@ -243,7 +241,6 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                                TRUE, FALSE,                                    /* mobike, aggressive */
                                this->dpd, 0,                                   /* DPD delay, timeout */
-                               NULL,                                                   /* pool */
                                FALSE, NULL, NULL);                             /* mediation, med by, peer id */
 
        auth = auth_cfg_create();
index edbf9cc..ff33c53 100644 (file)
@@ -94,7 +94,6 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                                TRUE, FALSE,                                    /* mobike, aggressiv */
                                this->dpd, 0,                                   /* DPD delay, timeout */
-                               NULL,                                                   /* pool */
                                TRUE, NULL, NULL);                              /* mediation, med by, peer id */
                        e->destroy(e);
 
index 343d6e4..e215b39 100644 (file)
@@ -371,12 +371,16 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
                        peer_cfg = peer_cfg_create(
                                        name, IKEV2, ike, cert_policy, uniqueid,
                                        keyingtries, rekeytime, reauthtime, jitter, overtime,
-                                       mobike, FALSE, dpd_delay, 0, pool,
+                                       mobike, FALSE, dpd_delay, 0,
                                        mediation, mediated_cfg, peer_id);
                        if (vip)
                        {
                                peer_cfg->add_virtual_ip(peer_cfg, vip);
                        }
+                       if (pool)
+                       {
+                               peer_cfg->add_pool(peer_cfg, pool);
+                       }
                        auth = auth_cfg_create();
                        auth->add(auth, AUTH_RULE_AUTH_CLASS, auth_method);
                        auth->add(auth, AUTH_RULE_IDENTITY, local_id);
index e3ea542..5f32072 100644 (file)
@@ -778,13 +778,19 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
                msg->add_conn.rekey.tries, rekey, reauth, jitter, over,
                msg->add_conn.mobike, msg->add_conn.aggressive,
                msg->add_conn.dpd.delay, msg->add_conn.dpd.timeout,
-               msg->add_conn.other.sourceip_mask ?
-                                                       msg->add_conn.name : msg->add_conn.other.sourceip,
                msg->add_conn.ikeme.mediation, mediated_by, peer_id);
        if (vip)
        {
                peer_cfg->add_virtual_ip(peer_cfg, vip);
        }
+       if (msg->add_conn.other.sourceip_mask)
+       {
+               peer_cfg->add_pool(peer_cfg, msg->add_conn.name);
+       }
+       else if (msg->add_conn.other.sourceip)
+       {
+               peer_cfg->add_pool(peer_cfg, msg->add_conn.other.sourceip);
+       }
 
        /* build leftauth= */
        auth_cfg = build_auth_cfg(this, msg, TRUE, TRUE);
index 140cbea..1201f56 100644 (file)
@@ -178,7 +178,6 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
                                        1800, 900,                                              /* jitter, overtime */
                                        TRUE, FALSE,                            /* mobike, aggressive */
                                        60, 0,                                          /* DPD delay, timeout */
-                                       NULL,                                           /* pool */
                                        FALSE, NULL, NULL);                     /* mediation, med by, peer id */
                auth = auth_cfg_create();
                auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
index 26e65b2..7672acc 100644 (file)
@@ -2055,11 +2055,21 @@ METHOD(ike_sa_t, destroy, void,
        while (this->other_vips->remove_last(this->other_vips,
                                                                                 (void**)&vip) == SUCCESS)
        {
-               if (this->peer_cfg && this->peer_cfg->get_pool(this->peer_cfg))
+               if (this->peer_cfg)
                {
-                       hydra->attributes->release_address(hydra->attributes,
-                                                       this->peer_cfg->get_pool(this->peer_cfg),
-                                                       vip, get_other_eap_id(this));
+                       enumerator_t *enumerator;
+                       char *pool;
+
+                       enumerator = this->peer_cfg->create_pool_enumerator(this->peer_cfg);
+                       while (enumerator->enumerate(enumerator, &pool))
+                       {
+                               if (hydra->attributes->release_address(hydra->attributes, pool,
+                                                                                               vip, get_other_eap_id(this)))
+                               {
+                                       break;
+                               }
+                       }
+                       enumerator->destroy(enumerator);
                }
                vip->destroy(vip);
        }
index 791f728..fea2f2c 100644 (file)
@@ -611,6 +611,20 @@ METHOD(phase1_t, has_virtual_ip, bool,
        return found;
 }
 
+METHOD(phase1_t, has_pool, bool,
+       private_phase1_t *this, peer_cfg_t *peer_cfg)
+{
+       enumerator_t *enumerator;
+       bool found = FALSE;
+       char *pool;
+
+       enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
+       found = enumerator->enumerate(enumerator, &pool);
+       enumerator->destroy(enumerator);
+
+       return found;
+}
+
 METHOD(phase1_t, save_sa_payload, bool,
        private_phase1_t *this, message_t *message)
 {
@@ -751,6 +765,7 @@ phase1_t *phase1_create(ike_sa_t *ike_sa, bool initiator)
                        .get_id = _get_id,
                        .select_config = _select_config,
                        .has_virtual_ip = _has_virtual_ip,
+                       .has_pool = _has_pool,
                        .verify_auth = _verify_auth,
                        .build_auth = _build_auth,
                        .save_sa_payload = _save_sa_payload,
index 2f0a5f1..eaf8908 100644 (file)
@@ -109,6 +109,14 @@ struct phase1_t {
        identification_t* (*get_id)(phase1_t *this, peer_cfg_t *peer_cfg, bool local);
 
        /**
+        * Check if peer config has virtual IPs pool assigned.
+        *
+        * @param peer_cfg              peer_config to check
+        * @return                              TRUE if peer config contains at least one pool
+        */
+       bool (*has_pool)(phase1_t *this, peer_cfg_t *peer_cfg);
+
+       /**
         * Check if peer config has virtual IPs to request
         *
         * @param peer_cfg              peer_config to check
index e0dcf73..ea836b7 100644 (file)
@@ -348,11 +348,20 @@ static bool mode_config_expected(private_task_manager_t *this)
 {
        enumerator_t *enumerator;
        peer_cfg_t *peer_cfg;
+       char *pool;
        host_t *host;
 
        peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
-       if (peer_cfg && peer_cfg->get_pool(peer_cfg))
+       if (peer_cfg)
        {
+               enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
+               if (!enumerator->enumerate(enumerator, &pool))
+               {       /* no pool configured */
+                       enumerator->destroy(enumerator);
+                       return FALSE;
+               }
+               enumerator->destroy(enumerator);
+
                enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa,
                                                                                                                                FALSE);
                if (!enumerator->enumerate(enumerator, &host))
index eb9b09e..954dea8 100644 (file)
@@ -497,7 +497,7 @@ METHOD(task_t, process_r, status_t,
                                                                                this->ike_sa->get_id(this->ike_sa)));
                                        break;
                        }
-                       if (this->peer_cfg->get_pool(this->peer_cfg) == NULL &&
+                       if (!this->ph1->has_pool(this->ph1, this->peer_cfg) &&
                                this->ph1->has_virtual_ip(this->ph1, this->peer_cfg))
                        {
                                this->ike_sa->queue_task(this->ike_sa,
index 6f77536..9ccf9ab 100644 (file)
@@ -524,7 +524,7 @@ METHOD(task_t, build_r, status_t,
                                                                                this->ike_sa->get_id(this->ike_sa)));
                                        break;
                        }
-                       if (this->peer_cfg->get_pool(this->peer_cfg) == NULL &&
+                       if (!this->ph1->has_pool(this->ph1, this->peer_cfg) &&
                                this->ph1->has_virtual_ip(this->ph1, this->peer_cfg))
                        {
                                this->ike_sa->queue_task(this->ike_sa,
index 6ba3e67..bad599b 100644 (file)
@@ -310,17 +310,24 @@ METHOD(task_t, build_r, status_t,
        cp_payload_t *cp = NULL;
        peer_cfg_t *config;
        identification_t *id;
+       char *pool;
 
        id = this->ike_sa->get_other_eap_id(this->ike_sa);
 
        config = this->ike_sa->get_peer_cfg(this->ike_sa);
+       enumerator = config->create_pool_enumerator(config);
+       if (!enumerator->enumerate(enumerator, &pool))
+       {       /* TODO: currently we query the first pool, only */
+               pool = NULL;
+       }
+       enumerator->destroy(enumerator);
        if (this->virtual_ip)
        {
                DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip);
-               if (config->get_pool(config))
+               if (pool)
                {
                        vip = hydra->attributes->acquire_address(hydra->attributes,
-                                               config->get_pool(config), id, this->virtual_ip);
+                                                                                               pool, id, this->virtual_ip);
                }
                cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY);
                if (vip)
@@ -336,7 +343,7 @@ METHOD(task_t, build_r, status_t,
        }
        /* query registered providers for additional attributes to include */
        enumerator = hydra->attributes->create_responder_enumerator(
-                                               hydra->attributes, config->get_pool(config), id, vip);
+                                                                                       hydra->attributes, pool, id, vip);
        while (enumerator->enumerate(enumerator, &type, &value))
        {
                if (!cp)
index 63d35ec..5b0871f 100644 (file)
@@ -321,17 +321,25 @@ METHOD(task_t, build_r, status_t,
                cp_payload_t *cp = NULL;
                peer_cfg_t *config;
                identification_t *id;
+               char *pool;
 
                id = this->ike_sa->get_other_eap_id(this->ike_sa);
 
                config = this->ike_sa->get_peer_cfg(this->ike_sa);
+               enumerator = config->create_pool_enumerator(config);
+               if (!enumerator->enumerate(enumerator, &pool))
+               {       /* TODO: currently we query the first pool, only */
+                       pool = NULL;
+               }
+               enumerator->destroy(enumerator);
+
                if (this->virtual_ip)
                {
                        DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip);
-                       if (config->get_pool(config))
+                       if (pool)
                        {
                                vip = hydra->attributes->acquire_address(hydra->attributes,
-                                                       config->get_pool(config), id, this->virtual_ip);
+                                                                                               pool, id, this->virtual_ip);
                        }
                        if (vip == NULL)
                        {
@@ -350,7 +358,7 @@ METHOD(task_t, build_r, status_t,
 
                /* query registered providers for additional attributes to include */
                enumerator = hydra->attributes->create_responder_enumerator(
-                                               hydra->attributes, config->get_pool(config), id, vip);
+                                                                                       hydra->attributes, pool, id, vip);
                while (enumerator->enumerate(enumerator, &type, &value))
                {
                        if (!cp)
index 9552053..2503023 100644 (file)
@@ -87,7 +87,7 @@ METHOD(attribute_manager_t, acquire_address, host_t*,
        return host;
 }
 
-METHOD(attribute_manager_t, release_address, void,
+METHOD(attribute_manager_t, release_address, bool,
        private_attribute_manager_t *this, char *pool, host_t *address,
        identification_t *id)
 {
@@ -108,10 +108,7 @@ METHOD(attribute_manager_t, release_address, void,
        enumerator->destroy(enumerator);
        this->lock->unlock(this->lock);
 
-       if (!found)
-       {
-               DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool);
-       }
+       return found;
 }
 
 /**
index 56afef7..37e872a 100644 (file)
@@ -54,8 +54,9 @@ struct attribute_manager_t {
         * @param pool                  pool name from which the address was acquired
         * @param address               address to release
         * @param id                    peer identity to get address for
+        * @return                              TRUE if address released to pool
         */
-       void (*release_address)(attribute_manager_t *this,
+       bool (*release_address)(attribute_manager_t *this,
                                                        char *pool, host_t *address, identification_t *id);
 
        /**