bool _IKED_XCONF_LOCAL::rslt( IDB_TUNNEL * tunnel )
{
tunnel->xconf.opts = tunnel->xconf.rqst;
tunnel->xconf.opts &= config.opts;
if( tunnel->xconf.opts & IPSEC_OPTS_ADDR )
pool4_get( tunnel->xconf.addr );
if( tunnel->xconf.opts & IPSEC_OPTS_MASK )
tunnel->xconf.mask = config.mask;
if( tunnel->xconf.opts & IPSEC_OPTS_DNSS )
{
memcpy( tunnel->xconf.nscfg.dnss_list,
config.nscfg.dnss_list,
sizeof( config.nscfg.dnss_list ) );
tunnel->xconf.nscfg.dnss_count = config.nscfg.dnss_count;
}
if( tunnel->xconf.opts & IPSEC_OPTS_DOMAIN )
memcpy( tunnel->xconf.nscfg.dnss_suffix,
config.nscfg.dnss_suffix, CONF_STRLEN );
if( tunnel->xconf.opts & IPSEC_OPTS_SPLITDNS )
{
BDATA suffix;
long index = 0;
while( domains.get( suffix, index++ ) )
tunnel->domains.add( suffix );
}
if( tunnel->xconf.opts & IPSEC_OPTS_NBNS )
{
memcpy( tunnel->xconf.nscfg.nbns_list,
config.nscfg.nbns_list,
sizeof( config.nscfg.nbns_list ) );
tunnel->xconf.nscfg.nbns_count = config.nscfg.nbns_count;
}
if( tunnel->xconf.opts & IPSEC_OPTS_PFS )
tunnel->xconf.dhgr = config.dhgr;
if( tunnel->xconf.opts & IPSEC_OPTS_BANNER )
tunnel->banner.set( banner );
return true;
}
int add_static_route(struct request_bib *req)
{
struct bib_entry *bib = NULL;
int error;
error = pool4_get(req->l4_proto, &req->add.addr4);
if (error) {
log_err("The IPv4 address and port could not be reserved from the pool. "
"Maybe the IPv4 address you provided does not belong to the pool. "
"Or maybe they're being used by some other BIB entry?");
return error;
}
bib = bib_create(&req->add.addr4, &req->add.addr6, true, req->l4_proto);
if (!bib) {
log_err("Could not allocate the BIB entry.");
error = -ENOMEM;
goto bib_error;
}
error = bibdb_add(bib);
if (error) {
log_err("The BIB entry could not be added to the database. Maybe an entry with the "
"same IPv4 and/or IPv6 transport address already exists?");
bib_kfree(bib);
goto bib_error;
}
/*
* We do not call bib_return(bib) here, because we want the entry to hold a fake user so the
* timer doesn't delete it.
*/
return 0;
bib_error:
pool4_return(req->l4_proto, &req->add.addr4);
return error;
}
int add_static_route(struct request_bib *req)
{
struct bib_entry *bib_by_ipv6, *bib_by_ipv4;
struct bib_entry *bib = NULL;
int error;
if (!pool4_contains(&req->add.ipv4.address)) {
log_err(ERR_POOL6_NOT_FOUND, "The address '%pI4' does not belong to the IPv4 pool.",
&req->add.ipv4.address);
return -EINVAL;
}
spin_lock_bh(&bib_session_lock);
/* Check if the BIB entry exists. */
error = bib_get_by_ipv6(&req->add.ipv6, req->l4_proto, &bib_by_ipv6);
if (!error) {
bib = bib_by_ipv6;
goto already_mapped;
}
if (error != -ENOENT)
goto generic_error;
error = bib_get_by_ipv4(&req->add.ipv4, req->l4_proto, &bib_by_ipv4);
if (!error) {
bib = bib_by_ipv4;
goto already_mapped;
}
if (error != -ENOENT)
goto generic_error;
/* Borrow the address and port from the IPv4 pool. */
if (is_error(pool4_get(req->l4_proto, &req->add.ipv4))) {
/*
* This might happen if Filtering just reserved the address#port, but hasn't yet inserted
* the BIB entry to the table. This is because bib_session_lock doesn't cover the IPv4
* pool.
* Otherwise something's not returning borrowed address#ports to the pool, which is an
* error.
*/
log_err(ERR_BIB_REINSERT, "Port number %u from address %pI4 is taken from the IPv4 pool, "
"but it wasn't found in the BIB. Please try again; if the problem persists, "
"please report.", req->add.ipv4.l4_id, &req->add.ipv4.address);
error = -EEXIST;
goto failure;
}
/* Create and insert the entry. */
bib = bib_create(&req->add.ipv4, &req->add.ipv6, true);
if (!bib) {
log_err(ERR_ALLOC_FAILED, "Could NOT allocate a BIB entry.");
error = -ENOMEM;
goto failure;
}
error = bib_add(bib, req->l4_proto);
if (error) {
log_err(ERR_UNKNOWN_ERROR, "Could NOT add the BIB entry to the table.");
goto failure;
}
spin_unlock_bh(&bib_session_lock);
return 0;
already_mapped:
log_err(ERR_BIB_REINSERT, "%pI6c#%u is already mapped to %pI4#%u.",
&bib->ipv6.address, bib->ipv6.l4_id,
&bib->ipv4.address, bib->ipv4.l4_id);
error = -EEXIST;
bib = NULL;
goto failure;
generic_error:
log_err(ERR_UNKNOWN_ERROR, "Error code %u while trying to interact with the BIB.",
error);
/* Fall through. */
failure:
if (bib)
bib_kfree(bib);
spin_unlock_bh(&bib_session_lock);
return error;
}
