updown: Pass virtual IPs assigned to a peer to the updown script

Previously only received virtual IPs were available.

References #1008.

diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in
index 4090fe07478c4e6b6f5d3ebf5eff0ccf60b75795..6e7abca092fe88fc1bc15d1ec8f59c288a248e72 100644 (file)
--- a/src/_updown/_updown.in
+++ b/src/_updown/_updown.in
@@ -71,7 +71,7 @@
 #       PLUTO_MY_SOURCEIP6_$i
 #              contains IPv4/IPv6 virtual IP received from a responder,
 #              $i enumerates from 1 to the number of IP per address family.
-#              PLUTO_MY_SOURCEIP is a legacy variable and equals to the first
+#              PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
 #              virtual IP, IPv4 or IPv6.
 #
 #       PLUTO_MY_PROTOCOL
@@ -94,6 +94,14 @@
 #              the peer's own IP address / max (where  max  is  32
 #              for IPv4 and 128 for IPv6).
 #
+#       PLUTO_PEER_SOURCEIP
+#       PLUTO_PEER_SOURCEIP4_$i
+#       PLUTO_PEER_SOURCEIP6_$i
+#              contains IPv4/IPv6 virtual IP sent to an initiator,
+#              $i enumerates from 1 to the number of IP per address family.
+#              PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
+#              virtual IP, IPv4 or IPv6.
+#
 #       PLUTO_PEER_PROTOCOL
 #              is the IP protocol that will be transported.
 #

diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c
index be65d599f20b31d3f98cabe1bd2e364cbaa759ed..96282bee07eadf2624e25d07ef39e5a43bae06c9 100644 (file)
--- a/src/libcharon/plugins/updown/updown_listener.c
+++ b/src/libcharon/plugins/updown/updown_listener.c
@@ -169,31 +169,34 @@ static void push_dns_env(private_updown_listener_t *this, ike_sa_t *ike_sa,
 }
 
 /**
- * Push variables for local virtual IPs
+ * Push variables for local/remote virtual IPs
  */
 static void push_vip_env(private_updown_listener_t *this, ike_sa_t *ike_sa,
-                                                char *envp[], u_int count)
+                                                char *envp[], u_int count, bool local)
 {
        enumerator_t *enumerator;
        host_t *host;
        int v4 = 0, v6 = 0;
        bool first = TRUE;
 
-       enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE);
+       enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, local);
        while (enumerator->enumerate(enumerator, &host))
        {
                if (first)
                {       /* legacy variable for first VIP */
                        first = FALSE;
-                       push_env(envp, count, "PLUTO_MY_SOURCEIP=%H", host);
+                       push_env(envp, count, "PLUTO_%s_SOURCEIP=%H",
+                                        local ? "MY" : "PEER", host);
                }
                switch (host->get_family(host))
                {
                        case AF_INET:
-                               push_env(envp, count, "PLUTO_MY_SOURCEIP4_%d=%H", ++v4, host);
+                               push_env(envp, count, "PLUTO_%s_SOURCEIP4_%d=%H",
+                                                local ? "MY" : "PEER", ++v4, host);
                                break;
                        case AF_INET6:
-                               push_env(envp, count, "PLUTO_MY_SOURCEIP6_%d=%H", ++v6, host);
+                               push_env(envp, count, "PLUTO_%s_SOURCEIP6_%d=%H",
+                                                local ? "MY" : "PEER", ++v6, host);
                                break;
                        default:
                                continue;
@@ -313,7 +316,8 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa,
                push_env(envp, countof(envp), "PLUTO_XAUTH_ID=%Y",
                                 ike_sa->get_other_eap_id(ike_sa));
        }
-       push_vip_env(this, ike_sa, envp, countof(envp));
+       push_vip_env(this, ike_sa, envp, countof(envp), TRUE);
+       push_vip_env(this, ike_sa, envp, countof(envp), FALSE);
        mark = config->get_mark(config, TRUE);
        if (mark.value)
        {