eap-radius: add an option to disable accounting for tunnels without virtual IP
authorMartin Willi <martin@revosec.ch>
Wed, 17 Apr 2013 09:34:33 +0000 (11:34 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 6 May 2013 12:56:01 +0000 (14:56 +0200)
src/libcharon/plugins/eap_radius/eap_radius_accounting.c

index e984347..e004589 100644 (file)
@@ -56,6 +56,11 @@ struct private_eap_radius_accounting_t {
         * Format string we use for Called/Calling-Station-Id for a host
         */
        char *station_id_fmt;
+
+       /**
+        * Disable accounting unless IKE_SA has at least one virtual IP
+        */
+       bool acct_req_vip;
 };
 
 /**
@@ -438,6 +443,22 @@ static void schedule_interim(private_eap_radius_accounting_t *this,
 }
 
 /**
+ * Check if an IKE_SA has assigned a virtual IP (to peer)
+ */
+static bool has_vip(ike_sa_t *ike_sa)
+{
+       enumerator_t *enumerator;
+       host_t *host;
+       bool found;
+
+       enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
+       found = enumerator->enumerate(enumerator, &host);
+       enumerator->destroy(enumerator);
+
+       return found;
+}
+
+/**
  * Send an accounting start message
  */
 static void send_start(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
@@ -446,6 +467,11 @@ static void send_start(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
        entry_t *entry;
        u_int32_t value;
 
+       if (this->acct_req_vip && !has_vip(ike_sa))
+       {
+               return;
+       }
+
        this->mutex->lock(this->mutex);
 
        entry = get_or_create_entry(this, ike_sa);
@@ -700,6 +726,10 @@ eap_radius_accounting_t *eap_radius_accounting_create()
                singleton = this;
                charon->bus->add_listener(charon->bus, &this->public.listener);
        }
+       this->acct_req_vip = lib->settings->get_bool(lib->settings,
+                                                       "%s.plugins.eap-radius.accounting_requires_vip",
+                                                       FALSE, charon->name);
+
        return &this->public;
 }