this->mutex->unlock(this->mutex);
}
-METHOD(bus_t, assign_vip, void,
- private_bus_t *this, ike_sa_t *ike_sa, host_t *vip, bool assign)
+METHOD(bus_t, assign_vips, void,
+ private_bus_t *this, ike_sa_t *ike_sa, bool assign)
{
enumerator_t *enumerator;
entry_t *entry;
enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->calling || !entry->listener->assign_vip)
+ if (entry->calling || !entry->listener->assign_vips)
{
continue;
}
entry->calling++;
- keep = entry->listener->assign_vip(entry->listener, ike_sa,
- vip, assign);
+ keep = entry->listener->assign_vips(entry->listener, ike_sa, assign);
entry->calling--;
if (!keep)
{
.child_rekey = _child_rekey,
.authorize = _authorize,
.narrow = _narrow,
- .assign_vip = _assign_vip,
+ .assign_vips = _assign_vips,
.destroy = _destroy,
},
.listeners = linked_list_create(),
/**
* Virtual IP assignment hook.
*
- * @param ike_sa IKE_SA the VIP is assigned to
- * @param vip Virtual IPv4 or IV6 address
+ * @param ike_sa IKE_SA the VIPs are assigned to
* @param assign TRUE if assigned to IKE_SA, FALSE if released
*/
- void (*assign_vip)(bus_t *this, ike_sa_t *ike_sa, host_t *vip, bool assign);
+ void (*assign_vips)(bus_t *this, ike_sa_t *ike_sa, bool assign);
/**
* Destroy the event bus.
* This hook gets invoked when a a Virtual IP address is assigned to an
* IKE_SA (assign = TRUE) and again when it is released (assign = FALSE)
*
- * @param ike_sa IKE_SA the VIP is assigned to
- * @param vip Virtual IPv4 or IV6 address
+ * @param ike_sa IKE_SA the VIPs are assigned to
* @param assign TRUE if assigned to IKE_SA, FALSE if released
* @return TRUE to stay registered, FALSE to unregister
*/
- bool (*assign_vip)(listener_t *this, ike_sa_t *ike_sa, host_t *vip,
- bool assign);
+ bool (*assign_vips)(listener_t *this, ike_sa_t *ike_sa, bool assign);
};
*/
static bool reload_metadata(private_tnc_ifmap_listener_t *this)
{
- enumerator_t *enumerator, *evips;
ike_sa_t *ike_sa;
- host_t *vip;
+ enumerator_t *enumerator;
bool success = TRUE;
enumerator = charon->controller->create_ike_sa_enumerator(
{
continue;
}
- if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE))
+ if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE) ||
+ !this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, TRUE))
{
success = FALSE;
break;
}
- evips = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
- while (evips->enumerate(evips, &vip))
- {
- if (!this->ifmap->publish_virtual_ip(this->ifmap, ike_sa, vip, TRUE))
- {
- success = FALSE;
- break;
- }
- }
- evips->destroy(evips);
}
enumerator->destroy(enumerator);
return TRUE;
}
-METHOD(listener_t, assign_vip, bool,
- private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, host_t *vip,
- bool assign)
+METHOD(listener_t, assign_vips, bool,
+ private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, bool assign)
{
- this->ifmap->publish_virtual_ip(this->ifmap, ike_sa, vip, assign);
+ this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, assign);
return TRUE;
}
.public = {
.listener = {
.ike_updown = _ike_updown,
- .assign_vip = _assign_vip,
+ .assign_vips = _assign_vips,
.alert = _alert,
},
.destroy = _destroy,
return success;
}
-METHOD(tnc_ifmap_soap_t, publish_virtual_ip, bool,
- private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, host_t *vip, bool assign)
+METHOD(tnc_ifmap_soap_t, publish_virtual_ips, bool,
+ private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, bool assign)
{
tnc_ifmap_soap_msg_t *soap_msg;
xmlNodePtr request, node;
u_int32_t ike_sa_id;
+ enumerator_t *enumerator;
+ host_t *vip;
bool success;
/* extract relevant data from IKE_SA*/
/* build publish request */
request = create_publish_request(this);
- /**
- * update or delete access-request-ip metadata for a virtual IP address
- */
- if (assign)
- {
- node = xmlNewNode(NULL, "update");
- }
- else
+ enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
+ while (enumerator->enumerate(enumerator, &vip))
{
- node = create_delete_filter(this, "access-request-ip");
- }
- xmlAddChild(request, node);
+ /**
+ * update or delete access-request-ip metadata for a virtual IP address
+ */
+ if (assign)
+ {
+ node = xmlNewNode(NULL, "update");
+ }
+ else
+ {
+ node = create_delete_filter(this, "access-request-ip");
+ }
+ xmlAddChild(request, node);
- /* add access-request, virtual ip-address and [if assign] metadata */
- xmlAddChild(node, create_access_request(this, ike_sa_id));
- xmlAddChild(node, create_ip_address(this, vip));
- if (assign)
- {
- xmlAddChild(node, create_metadata(this, "access-request-ip"));
+ /* add access-request, virtual ip-address and [if assign] metadata */
+ xmlAddChild(node, create_access_request(this, ike_sa_id));
+ xmlAddChild(node, create_ip_address(this, vip));
+ if (assign)
+ {
+ xmlAddChild(node, create_metadata(this, "access-request-ip"));
+ }
}
+ enumerator->destroy(enumerator);
soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
.purgePublisher = _purgePublisher,
.publish_ike_sa = _publish_ike_sa,
.publish_device_ip = _publish_device_ip,
- .publish_virtual_ip = _publish_virtual_ip,
+ .publish_virtual_ips = _publish_virtual_ips,
.publish_enforcement_report = _publish_enforcement_report,
.endSession = _endSession,
.get_session_id = _get_session_id,
bool (*publish_device_ip)(tnc_ifmap_soap_t *this, host_t *host);
/**
- * Publish Virtual IP access-request-ip metadata
+ * Publish Virtual IP access-request-ip metadata
*
- * @param ike_sa IKE_SA for which metadata is published
- * @param vip Virtual IP address of peer
+ * @param ike_sa IKE_SA for which Virtual IP metadata is published
* @param assign TRUE if assigned, FALSE if removed
* @return TRUE if command was successful
*/
- bool (*publish_virtual_ip)(tnc_ifmap_soap_t *this, ike_sa_t *ike_sa,
- host_t *vip, bool assign);
+ bool (*publish_virtual_ips)(tnc_ifmap_soap_t *this, ike_sa_t *ike_sa,
+ bool assign);
/**
* Publish enforcement-report metadata
else
{
this->other_vips->insert_last(this->other_vips, ip->clone(ip));
- charon->bus->assign_vip(charon->bus, &this->public, ip, TRUE);
}
}
linked_list_t *vips = local ? this->my_vips : this->other_vips;
host_t *vip;
+ if (!local && vips->get_count(vips))
+ {
+ charon->bus->assign_vips(charon->bus, &this->public, FALSE);
+ }
while (vips->remove_first(vips, (void**)&vip) == SUCCESS)
{
if (local)
hydra->kernel_interface->del_ip(hydra->kernel_interface,
vip, -1, TRUE);
}
- else
- {
- charon->bus->assign_vip(charon->bus, &this->public, vip, FALSE);
- }
vip->destroy(vip);
}
}
vip->destroy(vip);
}
this->my_vips->destroy(this->my_vips);
+ if (this->other_vips->get_count(this->other_vips))
+ {
+ charon->bus->assign_vips(charon->bus, &this->public, FALSE);
+ }
while (this->other_vips->remove_last(this->other_vips,
(void**)&vip) == SUCCESS)
{
hydra->attributes->release_address(hydra->attributes, pools, vip, id);
pools->destroy(pools);
}
- charon->bus->assign_vip(charon->bus, &this->public, vip, FALSE);
vip->destroy(vip);
}
this->other_vips->destroy(this->other_vips);
pools->destroy(pools);
return SUCCESS;
}
+ charon->bus->assign_vips(charon->bus, this->ike_sa, TRUE);
+
if (pools->get_count(pools) && !this->vips->get_count(this->vips))
{
DBG1(DBG_IKE, "expected a virtual IP request, sending %N",
projects / thirdparty / strongswan.git / commitdiff
