implemented inheritance of virtual IP assigned by Mode Config on the responder side
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 11 Apr 2010 17:19:20 +0000 (19:19 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 11 Apr 2010 17:19:20 +0000 (19:19 +0200)
src/pluto/connections.c
src/pluto/ipsec_doi.c

index 349d4b7..dd19304 100644 (file)
@@ -3693,7 +3693,8 @@ static connection_t *fc_try(const connection_t *c, struct host_pair *hp,
                        }
                        else
                        {
                        }
                        else
                        {
-                               if (!peer_net_is_host)
+                               if (!peer_net_is_host && !(sr->that.modecfg && c->spd.that.modecfg &&
+                                               subnetisaddr(peer_net, &c->spd.that.host_srcip)))
                                {
                                        continue;
                                }
                                {
                                        continue;
                                }
index 797ac6d..3026ab0 100644 (file)
@@ -4872,6 +4872,21 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b,
                                         */
                                        p = rw_instantiate(p, &c->spd.that.host_addr, md->sender_port
                                                                , his_net, c->spd.that.id);
                                         */
                                        p = rw_instantiate(p, &c->spd.that.host_addr, md->sender_port
                                                                , his_net, c->spd.that.id);
+
+                                       /* inherit any virtual IP assigned by a Mode Config exchange */ 
+                                       if (p->spd.that.modecfg && c->spd.that.modecfg &&
+                                               subnetisaddr(his_net, &c->spd.that.host_srcip))
+                                       {
+                                               char srcip[ADDRTOT_BUF];
+
+                                               DBG(DBG_CONTROL,
+                                                       addrtot(&c->spd.that.host_srcip, 0, srcip, sizeof(srcip));
+                                                       DBG_log("inheriting virtual IP source address %s from ModeCfg", srcip)
+                                               )
+                                               p->spd.that.host_srcip = c->spd.that.host_srcip;
+                                               p->spd.that.client = c->spd.that.client;
+                                               p->spd.that.has_client = TRUE;
+                                       }
                                }
                        }
 #ifdef DEBUG
                                }
                        }
 #ifdef DEBUG