added support for xfrm remote kmaddress
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 3 Nov 2008 23:29:34 +0000 (23:29 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 3 Nov 2008 23:29:34 +0000 (23:29 -0000)
src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
src/charon/processing/jobs/migrate_job.c
src/charon/processing/jobs/migrate_job.h

index cdf9c1e..5dffe2b 100644 (file)
@@ -586,7 +586,7 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this, struct nlmsghd
                        local  = xfrm2host(kmaddress->family, &kmaddress->local, 0);
                        remote = xfrm2host(kmaddress->family, &kmaddress->remote, 0);
                        DBG2(DBG_KNL, "  %H...%H", local, remote);
-                       DESTROY_IF(remote);             }
+               }
                else if (rta->rta_type == XFRMA_MIGRATE)
                {
                        struct xfrm_user_migrate *migrate;
@@ -612,10 +612,10 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this, struct nlmsghd
 
        if (src_ts && dst_ts)
        {
-               DBG1(DBG_KNL, "creating migrate job for policy %R === %R %N "
-                                         "with reqid {%u}, kmaddress = %H",
+               DBG1(DBG_KNL, "creating migrate job for policy %R === %R %N with reqid {%u}",
                                           src_ts, dst_ts, policy_dir_names, dir, reqid, local);
-               job = (job_t*)migrate_job_create(reqid, src_ts, dst_ts, dir, local);
+               job = (job_t*)migrate_job_create(reqid, src_ts, dst_ts, dir,
+                                                                                local, remote);
                charon->processor->queue_job(charon->processor, job);
        }
        else
@@ -623,6 +623,7 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this, struct nlmsghd
                DESTROY_IF(src_ts);
                DESTROY_IF(dst_ts);
                DESTROY_IF(local);
+               DESTROY_IF(remote);
        }
 }
 
index f7c6954..4d2a97b 100644 (file)
@@ -858,10 +858,10 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this, struct sadb_msg*
        
        if (src_ts && dst_ts)
        {
-               DBG1(DBG_KNL, "creating migrate job for policy %R === %R %N "
-                                         "with reqid {%u}, kmaddress = %H",
+               DBG1(DBG_KNL, "creating migrate job for policy %R === %R %N with reqid {%u}",
                                           src_ts, dst_ts, policy_dir_names, dir, reqid, local);
-               job = (job_t*)migrate_job_create(reqid, src_ts, dst_ts, dir, local);
+               job = (job_t*)migrate_job_create(reqid, src_ts, dst_ts, dir,
+                                                                                local, NULL);
                charon->processor->queue_job(charon->processor, job);
        }
        else
index f7ec576..100158a 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006 Martin Willi
+ * Copyright (C) 2008 Andreas Steffen
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -12,7 +12,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * $Id: acquire_job.c 4535 2008-10-31 01:43:23Z andreas $
+ * $Id$
  */
 
 #include "migrate_job.h"
@@ -49,9 +49,14 @@ struct private_migrate_job_t {
        traffic_selector_t *dst_ts;
 
        /**
-        * local host address to be used
+        * local host address to be used for IKE
         */
        host_t *local;
+
+       /**
+        * remote host address to be used for IKE
+        */
+       host_t *remote;
 };
 
 /**
@@ -62,6 +67,7 @@ static void destroy(private_migrate_job_t *this)
        DESTROY_IF(this->src_ts);
        DESTROY_IF(this->dst_ts);
        DESTROY_IF(this->local);
+       DESTROY_IF(this->remote);
        free(this);
 }
 
@@ -140,6 +146,10 @@ static void execute(private_migrate_job_t *this)
                {
                        ike_sa->set_my_host(ike_sa, this->local->clone(this->local));
                }
+               if (this->remote)
+               {
+                       ike_sa->set_other_host(ike_sa, this->remote->clone(this->remote));
+               }
                /* add a CHILD_SA for 'found_cfg' with a policy that has already been
          * installed in the kernel
          */
@@ -151,6 +161,10 @@ static void execute(private_migrate_job_t *this)
                {
                        ike_sa->set_my_host(ike_sa, this->local);
                }
+               if (this->remote)
+               {
+                       ike_sa->set_other_host(ike_sa, this->remote->clone(this->remote));
+               }
        }
        charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
        destroy(this);
@@ -163,7 +177,7 @@ migrate_job_t *migrate_job_create(u_int32_t reqid,
                                                                  traffic_selector_t *src_ts,
                                                                  traffic_selector_t *dst_ts,
                                                                  policy_dir_t dir,
-                                                                 host_t *local)
+                                                                 host_t *local, host_t *remote)
 {
        private_migrate_job_t *this = malloc_thing(private_migrate_job_t);
        
@@ -176,6 +190,7 @@ migrate_job_t *migrate_job_create(u_int32_t reqid,
        this->src_ts = (dir == POLICY_OUT) ? src_ts : dst_ts;
        this->dst_ts = (dir == POLICY_OUT) ? dst_ts : src_ts;
        this->local = local;
+       this->remote = remote;
        
        return &this->public;
 }
index d23236b..ecd2d6f 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006 Martin Willi
+ * Copyright (C) 2008 Andreas Steffen
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -12,7 +12,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * $Id: acquire_job.h 4535 2008-10-31 01:43:23Z andreas $
+ * $Id$
  */
 
 /**
@@ -49,15 +49,16 @@ struct migrate_job_t {
  * We use the reqid or the traffic selectors to find a matching CHILD_SA.
  *
  * @param reqid                reqid of the CHILD_SA to acquire
- * @param src_ts       source traffic selector
- * @param dst_ts       destination traffic selector
+ * @param src_ts       source traffic selector to be used in the policy
+ * @param dst_ts       destination traffic selector to be used in the policy
  * @param local     local host address to be used in the IKE_SA
+ * @param remote    remote host address to be used in the IKE_SA
  * @return                     migrate_job_t object
  */
 migrate_job_t *migrate_job_create(u_int32_t reqid,
                                                                  traffic_selector_t *src_ts,
                                                                  traffic_selector_t *dst_ts,
                                                                  policy_dir_t dir,
-                                                                 host_t *local);
+                                                                 host_t *local, host_t *remote);
 
 #endif /* MIGRATE_JOB_H_ @} */