From 48f9a22b57bd272fa8e01635e6ee720322dcd5c8 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Thu, 12 Feb 2009 09:02:15 +0000 Subject: [PATCH] configuration of DNS server assignment via strongswan.conf --- src/charon/sa/tasks/ike_config.c | 35 +++++++++++++++---- .../tests/ikev2/config-payload/evaltest.dat | 2 ++ .../hosts/moon/etc/strongswan.conf | 2 ++ 3 files changed, 33 insertions(+), 6 deletions(-) diff --git a/src/charon/sa/tasks/ike_config.c b/src/charon/sa/tasks/ike_config.c index 9944ebd71a..40b8c839ad 100644 --- a/src/charon/sa/tasks/ike_config.c +++ b/src/charon/sa/tasks/ike_config.c @@ -21,6 +21,9 @@ #include #include +#define DNS_SERVER_MAX 2 +#define NBNS_SERVER_MAX 2 + typedef struct private_ike_config_t private_ike_config_t; /** @@ -351,7 +354,7 @@ static status_t process_i(private_ike_config_t *this, message_t *message) process_payloads(this, message); if (this->virtual_ip == NULL) - { /* force a configured virtual IP, even server didn't return one */ + { /* force a configured virtual IP, even if server didn't return one */ config = this->ike_sa->get_peer_cfg(this->ike_sa); this->virtual_ip = config->get_virtual_ip(config); if (this->virtual_ip) @@ -420,6 +423,11 @@ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator) this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; + this->initiator = initiator; + this->ike_sa = ike_sa; + this->virtual_ip = NULL; + this->dns = linked_list_create(); + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -427,13 +435,28 @@ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator) } else { + int i; + + for (i = 1; i <= DNS_SERVER_MAX; i++) + { + char dns_key[12], *dns_str; + + snprintf(dns_key, sizeof(dns_key), "charon.dns%d", i); + dns_str = lib->settings->get_str(lib->settings, dns_key, NULL); + if (dns_str) + { + host_t *dns = host_create_from_string(dns_str, 0); + + if (dns) + { + DBG2(DBG_CFG, "assigning DNS server %H to peer", dns); + this->dns->insert_last(this->dns, dns); + } + } + } this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - this->initiator = initiator; - this->ike_sa = ike_sa; - this->virtual_ip = NULL; - this->dns = linked_list_create(); - + return &this->public; } diff --git a/testing/tests/ikev2/config-payload/evaltest.dat b/testing/tests/ikev2/config-payload/evaltest.dat index 73d5ea206d..b8524d3c56 100644 --- a/testing/tests/ikev2/config-payload/evaltest.dat +++ b/testing/tests/ikev2/config-payload/evaltest.dat @@ -1,6 +1,8 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES +carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU::YES +carol::cat /etc/resolv.conf::nameserver PH_IP_BOB::YES carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf index 40eb84b8a4..0709b3aa35 100644 --- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf @@ -2,4 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + dns1 = PH_IP_WINNETOU + dns2 = PH_IP_BOB }