Don't use host address for dynamic TS in IKEv2 if a virtual IP was expected
authorMartin Willi <martin@revosec.ch>
Tue, 11 Sep 2012 10:38:45 +0000 (12:38 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 11 Sep 2012 14:18:28 +0000 (16:18 +0200)
src/libcharon/sa/ikev2/tasks/child_create.c

index 3520760..9901187 100644 (file)
@@ -285,6 +285,29 @@ static void schedule_inactivity_timeout(private_child_create_t *this)
 }
 
 /**
+ * Check if we have a an address pool configured
+ */
+static bool have_pool(ike_sa_t *ike_sa)
+{
+       enumerator_t *enumerator;
+       peer_cfg_t *peer_cfg;
+       char *pool;
+       bool found = FALSE;
+
+       peer_cfg = ike_sa->get_peer_cfg(ike_sa);
+       if (peer_cfg)
+       {
+               enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
+               if (enumerator->enumerate(enumerator, &pool))
+               {
+                       found = TRUE;
+               }
+               enumerator->destroy(enumerator);
+       }
+       return found;
+}
+
+/**
  * Get host to use for dynamic traffic selectors
  */
 static host_t *get_dynamic_host(ike_sa_t *ike_sa, bool local)
@@ -301,7 +324,16 @@ static host_t *get_dynamic_host(ike_sa_t *ike_sa, bool local)
                }
                else
                {
-                       host = ike_sa->get_other_host(ike_sa);
+                       if (have_pool(ike_sa))
+                       {
+                               /* we have an IP address pool, but didn't negotiate a
+                                * virtual IP. */
+                               host = NULL;
+                       }
+                       else
+                       {
+                               host = ike_sa->get_other_host(ike_sa);
+                       }
                }
        }
        enumerator->destroy(enumerator);