Hello Martin, as of now, it's not possible to configure IPv4 and IPv6 tunnels between the same peers using identical identities. The attached patch takes the address family into consideration when dealing with connected peers.
Cheers, Thomas
>From 2f3290d4f2ed079430d55858ac4c17d9c4e2c72f Mon Sep 17 00:00:00 2001 From: Thomas Egerer <[email protected]> Date: Fri, 12 Nov 2010 11:37:06 +0100 Subject: [PATCH] Extend connected peers by peer family This allows for simultanious IPv4 and IPv6 tunnel for same peers with matching identities. --- src/libcharon/sa/ike_sa_manager.c | 23 ++++++++++++++++++----- 1 files changed, 18 insertions(+), 5 deletions(-) diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index fa94bb8..b278ae2 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -241,6 +241,9 @@ struct connected_peers_t { /** remote identity */ identification_t *other_id; + /** ip address family of peer */ + sa_family_t family; + /** list of ike_sa_id_t objects of IKE_SAs between the two identities */ linked_list_t *sas; }; @@ -257,10 +260,12 @@ static void connected_peers_destroy(connected_peers_t *this) * Function that matches connected_peers_t objects by the given ids. */ static bool connected_peers_match(connected_peers_t *connected_peers, - identification_t *my_id, identification_t *other_id) + identification_t *my_id, identification_t *other_id, + sa_family_t family) { return my_id->equals(my_id, connected_peers->my_id) && - other_id->equals(other_id, connected_peers->other_id); + other_id->equals(other_id, connected_peers->other_id) && + family == connected_peers->family; } typedef struct segment_t segment_t; @@ -786,7 +791,8 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) { connected_peers_t *current; if (list->find_first(list, (linked_list_match_t)connected_peers_match, - (void**)¤t, entry->my_id, entry->other_id) == SUCCESS) + (void**)¤t, entry->my_id, entry->other_id, + entry->other->get_family(entry->other)) == SUCCESS) { connected_peers = current; if (connected_peers->sas->find_first(connected_peers->sas, @@ -804,6 +810,7 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) connected_peers = malloc_thing(connected_peers_t); connected_peers->my_id = entry->my_id->clone(entry->my_id); connected_peers->other_id = entry->other_id->clone(entry->other_id); + connected_peers->family = entry->other->get_family(entry->other); connected_peers->sas = linked_list_create(); list->insert_last(list, connected_peers); } @@ -832,7 +839,8 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr enumerator_t *enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, ¤t)) { - if (connected_peers_match(current, entry->my_id, entry->other_id)) + if (connected_peers_match(current, entry->my_id, entry->other_id, + entry->other->get_family(entry->other))) { ike_sa_id_t *ike_sa_id; enumerator_t *inner = current->sas->create_enumerator(current->sas); @@ -1399,6 +1407,7 @@ static bool check_uniqueness(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) identification_t *me, *other; u_int row, segment; rwlock_t *lock; + sa_family_t family; peer_cfg = ike_sa->get_peer_cfg(ike_sa); policy = peer_cfg->get_unique_policy(peer_cfg); @@ -1409,6 +1418,10 @@ static bool check_uniqueness(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) me = ike_sa->get_my_id(ike_sa); other = ike_sa->get_other_id(ike_sa); + { + host_t *other = ike_sa->get_other_host(ike_sa); + family = other->get_family(other); + } row = chunk_hash_inc(other->get_encoding(other), chunk_hash(me->get_encoding(me))) & this->table_mask; @@ -1421,7 +1434,7 @@ static bool check_uniqueness(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) connected_peers_t *current; if (list->find_first(list, (linked_list_match_t)connected_peers_match, - (void**)¤t, me, other) == SUCCESS) + (void**)¤t, me, other, family) == SUCCESS) { /* clone the list, so we can release the lock */ duplicate_ids = current->sas->clone_offset(current->sas, -- 1.7.2.2
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
