*/
mode_t mode;
+ /**
+ * virtual IP assinged to local host
+ */
+ host_t *virtual_ip;
+
/**
* policy used to create this child
*/
char command[1024];
char *ifname = NULL;
char *my_client, *other_client, *my_client_mask, *other_client_mask;
- char *virtual_ip;
- char *pos;
+ char *pos, *virtual_ip;
FILE *shell;
/* get subnet/bits from string */
{
*pos = '\0';
}
-
- /* do we have a local virtual IP? */
- {
- host_t *vip = NULL;
- if (vip)
- {
- asprintf(&virtual_ip, "MY_SOURCEIP='%H' ", vip);
- }
- else
- {
- asprintf(&virtual_ip, "");
- }
- }
+ if (this->virtual_ip)
+ {
+ asprintf(&virtual_ip, "PLUTO_MY_SOURCEIP='%H' ",
+ this->virtual_ip);
+ }
+ else
+ {
+ asprintf(&virtual_ip, "");
+ }
charon->socket->is_local_address(charon->socket, this->me.addr, &ifname);
return SUCCESS;
}
+/**
+ * Implementation of child_sa_t.set_virtual_ip.
+ */
+static void set_virtual_ip(private_child_sa_t *this, host_t *ip)
+{
+ this->virtual_ip = ip->clone(ip);
+}
+
/**
* Implementation of child_sa_t.destroy.
*/
this->me.id->destroy(this->me.id);
this->other.id->destroy(this->other.id);
this->policy->destroy(this->policy);
+ DESTROY_IF(this->virtual_ip);
free(this);
}
this->public.set_state = (void(*)(child_sa_t*,child_sa_state_t))set_state;
this->public.get_state = (child_sa_state_t(*)(child_sa_t*))get_state;
this->public.get_policy = (policy_t*(*)(child_sa_t*))get_policy;
+ this->public.set_virtual_ip = (void(*)(child_sa_t*,host_t*))set_virtual_ip;
this->public.destroy = (void(*)(child_sa_t*))destroy;
/* private data */
this->other_ts = linked_list_create();
this->protocol = PROTO_NONE;
this->mode = MODE_TUNNEL;
+ this->virtual_ip = NULL;
this->policy = policy;
policy->get_ref(policy);
*/
policy_t* (*get_policy) (child_sa_t *this);
+ /**
+ * @brief Set the virtual IP used received from IRAS.
+ *
+ * To allow proper setup of firewall rules, the virtual IP is required
+ * for filtering.
+ *
+ * @param this calling object
+ * @param ip own virtual IP
+ */
+ void (*set_virtual_ip) (child_sa_t *this, host_t *ip);
+
/**
* @brief Destroys a child_sa.
*
if (this->initiator && my_vip)
{ /* if we have a virtual IP, shorten our TS to the minimum */
my_ts = this->policy->select_my_traffic_selectors(this->policy, my_ts,
- my_vip);
+ my_vip);
+ /* to setup firewall rules correctly, CHILD_SA needs the virtual IP */
+ this->child_sa->set_virtual_ip(this->child_sa, my_vip);
}
else
{ /* shorten in the host2host case only */
projects / thirdparty / strongswan.git / commitdiff
