From 379a9c04aa329969b68d92a245d8d647fe0fce58 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 20 Mar 2013 16:51:05 +0100
Subject: [PATCH] Add an option to enable faking of ARP packets only for
 specific CHILD_SAs

---
 man/strongswan.conf.5.in                   |  5 +++
 src/libcharon/plugins/farp/farp_listener.c | 38 ++++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index db19c7ef89..771f440c65 100644
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -542,6 +542,11 @@ Request peer authentication based on a client certificate
 .BR charon.plugins.farp.enable " [yes]"
 Enable faking of ARP responses for remote IP addresses of established CHILD_SAs
 .TP
+.BR charon.plugins.farp.only_for
+A comma-separated list of connection names for which ARP responses should be
+faked.  If not configured ARP responses will be generated for remote IP
+addresses of all established CHILD_SAs.
+.TP
 .BR charon.plugins.ha.fifo_interface " [yes]"
 
 .TP
diff --git a/src/libcharon/plugins/farp/farp_listener.c b/src/libcharon/plugins/farp/farp_listener.c
index 81d5d2405d..ce289f048a 100644
--- a/src/libcharon/plugins/farp/farp_listener.c
+++ b/src/libcharon/plugins/farp/farp_listener.c
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  *
@@ -15,6 +18,7 @@
 
 #include "farp_listener.h"
 
+#include <daemon.h>
 #include <collections/linked_list.h>
 #include <threading/rwlock.h>
 
@@ -35,6 +39,12 @@ struct private_farp_listener_t {
 	 */
 	linked_list_t *entries;
 
+	/**
+	 * List with connection names for which ARP packets should be faked,
+	 * NULL to enable it for all SAs
+	 */
+	linked_list_t *only_for;
+
 	/**
 	 * RWlock for IP list
 	 */
@@ -62,6 +72,13 @@ METHOD(listener_t, child_updown, bool,
 
 	if (up)
 	{
+		if (this->only_for &&
+			this->only_for->find_first(this->only_for, (void*)streq, NULL,
+									   child_sa->get_name(child_sa)) != SUCCESS)
+		{
+			return TRUE;
+		}
+
 		INIT(entry,
 			.local = child_sa->get_traffic_selectors(child_sa, TRUE),
 			.remote = child_sa->get_traffic_selectors(child_sa, FALSE),
@@ -134,6 +151,7 @@ METHOD(farp_listener_t, has_tunnel, bool,
 METHOD(farp_listener_t, destroy, void,
 	private_farp_listener_t *this)
 {
+	DESTROY_FUNCTION_IF(this->only_for, (void*)free);
 	this->entries->destroy(this->entries);
 	this->lock->destroy(this->lock);
 	free(this);
@@ -145,6 +163,7 @@ METHOD(farp_listener_t, destroy, void,
 farp_listener_t *farp_listener_create()
 {
 	private_farp_listener_t *this;
+	char *names;
 
 	INIT(this,
 		.public = {
@@ -158,6 +177,25 @@ farp_listener_t *farp_listener_create()
 		.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
 	);
 
+	names = lib->settings->get_str(lib->settings, "%s.plugins.farp.only_for",
+								   NULL, charon->name);
+	if (names)
+	{
+		enumerator_t *enumerator;
+		char *name;
+
+		enumerator = enumerator_create_token(names, ",", " ");
+		while (enumerator->enumerate(enumerator, &name))
+		{
+			if (!this->only_for)
+			{
+				this->only_for = linked_list_create();
+			}
+			this->only_for->insert_last(this->only_for, strdup(name));
+		}
+		enumerator->destroy(enumerator);
+	}
+
 	return &this->public;
 }
 
-- 
2.47.2