configuration of DNS server assignment via strongswan.conf

2025-10-05 00:00:45 -04:00 · 2009-02-12 09:02:15 +00:00 · 2009-02-12 09:02:15 +00:00 · 48f9a22b57
commit 48f9a22b57
parent 6f1271855b
3 changed files with 33 additions and 6 deletions
--- a/src/charon/sa/tasks/ike_config.c
+++ b/src/charon/sa/tasks/ike_config.c
@ -21,6 +21,9 @@
 #include <daemon.h>
 #include <encoding/payloads/cp_payload.h>

+#define DNS_SERVER_MAX		2
+#define NBNS_SERVER_MAX		2
+
 typedef struct private_ike_config_t private_ike_config_t;

 /**
@ -351,7 +354,7 @@ static status_t process_i(private_ike_config_t *this, message_t *message)
 		process_payloads(this, message);
 		
 		if (this->virtual_ip == NULL)
-		{	/* force a configured virtual IP, even server didn't return one */
+		{	/* force a configured virtual IP, even if server didn't return one */
 			config = this->ike_sa->get_peer_cfg(this->ike_sa);
 			this->virtual_ip = config->get_virtual_ip(config);
 			if (this->virtual_ip)
@ -420,6 +423,11 @@ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator)
 	this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate;
 	this->public.task.destroy = (void(*)(task_t*))destroy;
 	
+	this->initiator = initiator;
+	this->ike_sa = ike_sa;
+	this->virtual_ip = NULL;
+	this->dns = linked_list_create();
+
 	if (initiator)
 	{
 		this->public.task.build = (status_t(*)(task_t*,message_t*))build_i;
@ -427,13 +435,28 @@ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator)
 	}
 	else
 	{
+		int i;
+
+		for (i = 1; i <= DNS_SERVER_MAX; i++)
+		{
+			char dns_key[12], *dns_str;
+
+			snprintf(dns_key, sizeof(dns_key), "charon.dns%d", i);
+			dns_str = lib->settings->get_str(lib->settings, dns_key, NULL);
+			if (dns_str)
+			{
+				host_t *dns = host_create_from_string(dns_str, 0);
+
+				if (dns)
+				{
+					DBG2(DBG_CFG, "assigning DNS server %H to peer", dns);
+					this->dns->insert_last(this->dns, dns);
+				}
+			}
+		}
 		this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
 		this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
 	}
-	this->initiator = initiator;
-	this->ike_sa = ike_sa;
-	this->virtual_ip = NULL;
-	this->dns = linked_list_create();
-	
+
 	return &this->public;
 }
--- a/testing/tests/ikev2/config-payload/evaltest.dat
+++ b/testing/tests/ikev2/config-payload/evaltest.dat
@ -1,6 +1,8 @@
 carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
 carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_BOB::YES
 carol::ipsec status::home.*INSTALLED::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
--- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
@ -2,4 +2,6 @@

 charon {
  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+  dns1 = PH_IP_WINNETOU
+  dns2 = PH_IP_BOB
 }