Don't use host address for dynamic TS in IKEv2 if a virtual IP was expected

2012-09-11 12:38:45 +02:00 · 2012-09-11 12:38:45 +02:00 · 7d82aaea8d
parent 4cb0783f3c
commit 7d82aaea8d
1 changed files with 33 additions and 1 deletions
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@ -284,6 +284,29 @@ static void schedule_inactivity_timeout(private_child_create_t *this)
 	}
 }

+/**
+ * Check if we have a an address pool configured
+ */
+static bool have_pool(ike_sa_t *ike_sa)
+{
+	enumerator_t *enumerator;
+	peer_cfg_t *peer_cfg;
+	char *pool;
+	bool found = FALSE;
+
+	peer_cfg = ike_sa->get_peer_cfg(ike_sa);
+	if (peer_cfg)
+	{
+		enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
+		if (enumerator->enumerate(enumerator, &pool))
+		{
+			found = TRUE;
+		}
+		enumerator->destroy(enumerator);
+	}
+	return found;
+}
+
 /**
 * Get host to use for dynamic traffic selectors
 */
@ -301,7 +324,16 @@ static host_t *get_dynamic_host(ike_sa_t *ike_sa, bool local)
 		}
 		else
 		{
-			host = ike_sa->get_other_host(ike_sa);
+			if (have_pool(ike_sa))
+			{
+				/* we have an IP address pool, but didn't negotiate a
+				 * virtual IP. */
+				host = NULL;
+			}
+			else
+			{
+				host = ike_sa->get_other_host(ike_sa);
+			}
 		}
 	}
 	enumerator->destroy(enumerator);