- fixed host-host tunnel traffic selection, host-host works now
authorMartin Willi <martin@strongswan.org>
Wed, 31 May 2006 06:52:27 +0000 (06:52 -0000)
committerMartin Willi <martin@strongswan.org>
Wed, 31 May 2006 06:52:27 +0000 (06:52 -0000)
src/charon/config/traffic_selector.c
src/charon/sa/states/ike_auth_requested.c
src/charon/sa/states/ike_sa_init_requested.c
src/charon/sa/states/ike_sa_init_responded.c

index 8127265..27a5fcf 100644 (file)
@@ -24,6 +24,7 @@
 
 #include <utils/linked_list.h>
 #include <utils/identification.h>
+#include <utils/logger_manager.h>
 #include <arpa/inet.h>
 #include <string.h>
 
@@ -72,6 +73,11 @@ struct private_traffic_selector_t {
         * end of port range 
         */
        u_int16_t to_port;
+       
+       /**
+        * Logger reference
+        */
+       logger_t *logger;
 };
 
 /**
@@ -92,12 +98,18 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
                u_int16_t from_port, to_port;
                private_traffic_selector_t *new_ts;
                
+               /* TODO: make output more human readable */
+               this->logger->log(this->logger, CONTROL|LEVEL2,
+                                                 "matching traffic selector ranges %x:%d-%x:%d <=> %x:%d-%x:%d",
+                                                 this->from_addr_ipv4, this->from_port, this->to_addr_ipv4, this->to_port,
+                                                 other->from_addr_ipv4, other->from_port, other->to_addr_ipv4, other->to_port);
                /* calculate the maximum address range allowed for both */
                from_addr = max(this->from_addr_ipv4, other->from_addr_ipv4);
                to_addr = min(this->to_addr_ipv4, other->to_addr_ipv4);
                if (from_addr > to_addr)
                {
-                       /* no match */
+                       this->logger->log(this->logger, CONTROL|LEVEL2,
+                                                         "no match in address range");
                        return NULL;    
                }
                
@@ -106,7 +118,8 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
                to_port = min(this->to_port, other->to_port);
                if (from_port > to_port)
                {
-                       /* no match */
+                       this->logger->log(this->logger, CONTROL|LEVEL2,
+                                                         "no match in port range");
                        return NULL;    
                }
                
@@ -115,6 +128,10 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
                new_ts->from_addr_ipv4 = from_addr;
                new_ts->to_addr_ipv4 = to_addr;
                new_ts->type = TS_IPV4_ADDR_RANGE;
+               
+               this->logger->log(this->logger, CONTROL|LEVEL2,
+                                                 "got a match: %x:%d-%x:%d",
+                                                 new_ts->from_addr_ipv4, new_ts->from_port, new_ts->to_addr_ipv4, new_ts->to_port);
                return &(new_ts->public);
        }
        return NULL;
@@ -256,7 +273,7 @@ static void update_address_range(private_traffic_selector_t *this, host_t *host)
 /**
  * Implements traffic_selector_t.clone.
  */
-static traffic_selector_t *clone(private_traffic_selector_t *this)
+static traffic_selector_t *clone_(private_traffic_selector_t *this)
 {
        private_traffic_selector_t *clone = traffic_selector_create(this->protocol, this->type, this->from_port, this->to_port);
        clone->type = this->type;
@@ -335,8 +352,8 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t ne
                        this->from_addr_ipv4 = ntohl(*((u_int32_t*)from.ptr));
                        if (this->from_addr_ipv4 == 0)
                        {
-                               /* use /32 for 0.0.0.0 */
-                               this->to_addr_ipv4 = 0xFFFFFF;
+                               /* use /0 for 0.0.0.0 */
+                               this->to_addr_ipv4 = ~0;
                        }
                        else
                        {
@@ -413,13 +430,14 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
        this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol;
        this->public.get_netmask = (u_int8_t(*)(traffic_selector_t*))get_netmask;
        this->public.update_address_range = (void(*)(traffic_selector_t*,host_t*))update_address_range;
-       this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone;
+       this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_;
        this->public.destroy = (void(*)(traffic_selector_t*))destroy;
        
        this->from_port = from_port;
        this->to_port = to_port;
        this->protocol = protocol;
        this->type = type;
+       this->logger = logger_manager->get_logger(logger_manager, CONFIG);
        
        return this;
 }
index 0ceecf1..5e5fcda 100644 (file)
@@ -318,7 +318,7 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i
        {
                this->logger->log(this->logger, CONTROL, "No CHILD_SA requested, no CHILD_SA built");
        }
-       if (!this->proposal)
+       else if (!this->proposal)
        {
                this->logger->log(this->logger, CONTROL, "Proposal negotiation failed, no CHILD_SA built");
                this->child_sa->destroy(this->child_sa);
index 6befa96..a2ba3d3 100644 (file)
@@ -225,7 +225,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
        u_int64_t responder_spi;
        ike_sa_id_t *ike_sa_id;
        iterator_t *payloads;
-       host_t *me;
+       host_t *me, *other;
        connection_t *connection;
        policy_t *policy;
 
@@ -357,9 +357,12 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
        /* apply the address on wich we really received the packet */
        connection = this->ike_sa->get_connection(this->ike_sa);
        me = ike_sa_init_reply->get_destination(ike_sa_init_reply);
+       other = ike_sa_init_reply->get_source(ike_sa_init_reply);
        connection->update_my_host(connection, me->clone(me));
+       connection->update_other_host(connection, other->clone(other));
        policy = this->ike_sa->get_policy(this->ike_sa);
        policy->update_my_ts(policy, me);
+       policy->update_other_ts(policy, other);
        
        /*  build empty message */
        this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &request);
index ab63a86..79d9252 100644 (file)
@@ -411,6 +411,7 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl
        my_id = this->policy->get_my_id(this->policy);
        
        /* update others traffic selectors with actually used address */
+       this->policy->update_my_ts(this->policy, response->get_source(response));
        this->policy->update_other_ts(this->policy, response->get_destination(response));
        
        /* set policy in ike_sa for other states */