}
return &this->public;
}
+
+/**
+ * Check if we have a an address pool configured.
+ */
+static bool have_pool(private_ike_sa_t *this)
+{
+ enumerator_t *enumerator;
+ bool found = FALSE;
+
+ if (this->peer_cfg)
+ {
+ enumerator = this->peer_cfg->create_pool_enumerator(this->peer_cfg);
+ found = enumerator->enumerate(enumerator, NULL);
+ enumerator->destroy(enumerator);
+ }
+ return found;
+}
+
+/*
+ * Described in header
+ */
+linked_list_t *ike_sa_get_dynamic_hosts(ike_sa_t *ike_sa, bool local)
+{
+ private_ike_sa_t *this = (private_ike_sa_t*)ike_sa;
+ enumerator_t *enumerator;
+ linked_list_t *list;
+ host_t *host;
+
+ list = linked_list_create();
+ enumerator = create_virtual_ip_enumerator(this, local);
+ while (enumerator->enumerate(enumerator, &host))
+ {
+ list->insert_last(list, host);
+ }
+ enumerator->destroy(enumerator);
+
+ if (!list->get_count(list))
+ { /* no virtual IPs assigned */
+ if (local)
+ {
+ list->insert_last(list, this->my_host);
+ }
+ else if (!have_pool(this))
+ { /* use remote host only if we don't have a pool configured */
+ list->insert_last(list, this->other_host);
+ }
+ }
+ return list;
+}
* @param ike_sa_id ike_sa_id_t to associate with new IKE_SA/ISAKMP_SA
* @param initiator TRUE to create this IKE_SA as initiator
* @param version IKE version of this SA
- * @return ike_sa_t object
+ * @return ike_sa_t object
*/
ike_sa_t *ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
ike_version_t version);
* Check if the given IKE_SA can be reauthenticated actively or if config
* parameters or the authentication method prevent it.
*
- * @return TRUE if active reauthentication is possible
+ * @param this IKE_SA to check
+ * @return TRUE if active reauthentication is possible
*/
bool ike_sa_can_reauthenticate(ike_sa_t *this);
+/**
+ * Get hosts, virtual or physical, for deriving dynamic traffic selectors.
+ *
+ * @param this IKE_SA to retrieve addresses from
+ * @param local TRUE to get local hosts
+ * @return list of hosts (internal objects)
+ */
+linked_list_t *ike_sa_get_dynamic_hosts(ike_sa_t *this, bool local);
+
#endif /** IKE_SA_H_ @}*/
}
}
-/**
- * Check if we have a an address pool configured
- */
-static bool have_pool(ike_sa_t *ike_sa)
-{
- enumerator_t *enumerator;
- peer_cfg_t *peer_cfg;
- char *pool;
- bool found = FALSE;
-
- peer_cfg = ike_sa->get_peer_cfg(ike_sa);
- if (peer_cfg)
- {
- enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
- if (enumerator->enumerate(enumerator, &pool))
- {
- found = TRUE;
- }
- enumerator->destroy(enumerator);
- }
- return found;
-}
-
-/**
- * Get hosts to use for dynamic traffic selectors
- */
-static linked_list_t *get_dynamic_hosts(ike_sa_t *ike_sa, bool local)
-{
- enumerator_t *enumerator;
- linked_list_t *list;
- host_t *host;
-
- list = linked_list_create();
- enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, local);
- while (enumerator->enumerate(enumerator, &host))
- {
- list->insert_last(list, host);
- }
- enumerator->destroy(enumerator);
-
- if (list->get_count(list) == 0)
- { /* no virtual IPs assigned */
- if (local)
- {
- host = ike_sa->get_my_host(ike_sa);
- list->insert_last(list, host);
- }
- else if (!have_pool(ike_sa))
- { /* use host only if we don't have a pool configured */
- host = ike_sa->get_other_host(ike_sa);
- list->insert_last(list, host);
- }
- }
- return list;
-}
-
/**
* Substitute any host address with NATed address in traffic selector
*/
ike_condition_t cond;
cond = local ? COND_NAT_HERE : COND_NAT_THERE;
- hosts = get_dynamic_hosts(this->ike_sa, local);
+ hosts = ike_sa_get_dynamic_hosts(this->ike_sa, local);
if (this->mode == MODE_TRANSPORT &&
this->ike_sa->has_condition(this->ike_sa, cond))
else
{ /* no virtual IPs configured */
list->destroy(list);
- list = get_dynamic_hosts(this->ike_sa, TRUE);
+ list = ike_sa_get_dynamic_hosts(this->ike_sa, TRUE);
this->tsi = this->config->get_traffic_selectors(this->config,
TRUE, NULL, list, TRUE);
list->destroy(list);
}
- list = get_dynamic_hosts(this->ike_sa, FALSE);
+ list = ike_sa_get_dynamic_hosts(this->ike_sa, FALSE);
this->tsr = this->config->get_traffic_selectors(this->config,
FALSE, NULL, list, TRUE);
list->destroy(list);
tsr = get_ts_if_nat_transport(this, TRUE, this->tsr);
tsi = get_ts_if_nat_transport(this, FALSE, this->tsi);
- listr = get_dynamic_hosts(this->ike_sa, TRUE);
- listi = get_dynamic_hosts(this->ike_sa, FALSE);
+ listr = ike_sa_get_dynamic_hosts(this->ike_sa, TRUE);
+ listi = ike_sa_get_dynamic_hosts(this->ike_sa, FALSE);
child_cfg = peer_cfg->select_child_cfg(peer_cfg,
tsr ?: this->tsr, tsi ?: this->tsi,
listr, listi, this->labels_r, this->labels_i);
projects / thirdparty / strongswan.git / commitdiff
