struct nlmsghdr *hdr;
struct rtmsg *msg;
chunk_t chunk;
-
+
+#if IPSEC_ROUTING_TABLE == 0
/* if route is 0.0.0.0/0, we can't install it, as it would
* overwrite the default route. Instead, we add two routes:
- * 0.0.0.0/1 and 128.0.0.0/1
- * TODO: use metrics instead */
+ * 0.0.0.0/1 and 128.0.0.0/1 */
if (route->prefixlen == 0)
{
route_entry_t half;
status = manage_srcroute(this, nlmsg_type, flags, &half);
return status;
}
+#endif
memset(&request, 0, sizeof(request));
pthread_mutex_unlock(&this->mutex);
return SUCCESS;
}
- DBG2(DBG_KNL, "adding virtual IP %H failed", virtual_ip);
+ DBG1(DBG_KNL, "adding virtual IP %H failed", virtual_ip);
return FAILED;
}
}
ifaces->destroy(ifaces);
- DBG2(DBG_KNL, "interface address %H not found, unable to install"
+ DBG1(DBG_KNL, "interface address %H not found, unable to install"
"virtual IP %H", iface_ip, virtual_ip);
return FAILED;
}
{
policy->other_ts->set_address(policy->other_ts, other);
}
+
+ /* we reinstall the virtual IP to handle interface romaing
+ * correctly */
+ if (this->virtual_ip)
+ {
+ charon->kernel_interface->del_ip(charon->kernel_interface,
+ this->virtual_ip);
+ charon->kernel_interface->add_ip(charon->kernel_interface,
+ this->virtual_ip, me);
+ }
/* reinstall updated policies */
charon->kernel_interface->add_policy(charon->kernel_interface,
{
if (local)
{
- DBG1(DBG_IKE, "installing new virtual IP %H", ip);
if (this->my_virtual_ip)
- {
+ {
DBG1(DBG_IKE, "removing old virtual IP %H", this->my_virtual_ip);
charon->kernel_interface->del_ip(charon->kernel_interface,
this->my_virtual_ip);
this->my_virtual_ip->destroy(this->my_virtual_ip);
}
+ DBG1(DBG_IKE, "installing new virtual IP %H", ip);
if (charon->kernel_interface->add_ip(charon->kernel_interface, ip,
this->my_host) == SUCCESS)
{
}
else if ((mid == this->responding.mid - 1) && this->responding.packet)
{
+ packet_t *clone;
+ host_t *me, *other;
+
DBG1(DBG_IKE, "received retransmit of request with ID %d, "
"retransmitting response", mid);
- charon->sender->send(charon->sender,
- this->responding.packet->clone(this->responding.packet));
+ clone = this->responding.packet->clone(this->responding.packet);
+ me = msg->get_destination(msg);
+ other = msg->get_source(msg);
+ clone->set_source(clone, me->clone(me));
+ clone->set_destination(clone, other->clone(other));
+ charon->sender->send(charon->sender, clone);
}
else
{
{
iterator_t *iterator;
child_sa_t *child_sa;
- host_t *ip;
-
- /* additionally, we reinstall the virtual IP as we may have changed
- * our interface */
- ip = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE);
- if (ip)
- {
- ip = ip->clone(ip);
- this->ike_sa->set_virtual_ip(this->ike_sa, TRUE, ip);
- ip->destroy(ip);
- }
iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
while (iterator->iterate(iterator, (void**)&child_sa))
other = other->clone(other);
other->set_port(other, other->ip_equals(other, other_old) ?
other_old->get_port(other_old) : IKEV2_NATT_PORT);
+ DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
copy = packet->clone(packet);
copy->set_source(copy, me);
copy->set_destination(copy, other);
}
}
iterator->destroy(iterator);
+ me = packet->get_source(packet);
+ other = packet->get_destination(packet);
+ DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
}
/**
projects / strongswan.git / commitdiff