Fixed BEET mode by installing SAs with negotiated address in traffic selector

author: Martin Willi <martin@strongswan.org> 2009-12-17 10:50:37 +0100
committer: Martin Willi <martin@strongswan.org> 2009-12-17 10:52:07 +0100
commit: 6ec949e022a4dd36f19676f0ba825c8b7ffcb2f6 (patch)
tree: dbada4619c15f17d6874b47d749fdfb83378fe78 /src/charon/kernel
parent: f721e0fb5f2cc4aa010a262ab5de228ea48a6357 (diff)
download: strongswan-6ec949e02.tar.bz2
strongswan-6ec949e02.tar.xz
4 files changed, 12 insertions, 7 deletions
diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c
index b1a1d703f..17118f6c6 100644
--- a/src/charon/kernel/kernel_interface.c
+++ b/src/charon/kernel/kernel_interface.c
@@ -77,7 +77,8 @@ static status_t add_sa(private_kernel_interface_t *this, host_t *src, host_t *ds
 				u_int16_t enc_alg, chunk_t enc_key,
 				u_int16_t int_alg, chunk_t int_key,
 				ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap,
-				bool inbound)
+				bool inbound, traffic_selector_t *src_ts,
+				traffic_selector_t *dst_ts)
 {
 	if (!this->ipsec)
 	{
@@ -85,7 +86,7 @@ static status_t add_sa(private_kernel_interface_t *this, host_t *src, host_t *ds
 	}
 	return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
 			lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, cpi,
-			encap, inbound);
+			encap, inbound, src_ts, dst_ts);
 }
 
 /**
@@ -398,7 +399,7 @@ kernel_interface_t *kernel_interface_create()
 
 	this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
 	this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
-	this->public.add_sa  = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa;
+	this->public.add_sa  = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa;
 	this->public.update_sa = (status_t(*)(kernel_interface_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
 	this->public.query_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
 	this->public.del_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
diff --git a/src/charon/kernel/kernel_interface.h b/src/charon/kernel/kernel_interface.h
index da4660bc2..c39246e72 100644
--- a/src/charon/kernel/kernel_interface.h
+++ b/src/charon/kernel/kernel_interface.h
@@ -100,6 +100,8 @@ struct kernel_interface_t {
 	 * @param cpi			CPI for IPComp
 	 * @param encap			enable UDP encapsulation for NAT traversal
 	 * @param inbound		TRUE if this is an inbound SA
+	 * @param src_ts		traffic selector with BEET source address
+	 * @param dst_ts		traffic selector with BEET destination address
 	 * @return				SUCCESS if operation completed
 	 */
 	status_t (*add_sa) (kernel_interface_t *this,
@@ -109,7 +111,8 @@ struct kernel_interface_t {
 						u_int16_t enc_alg, chunk_t enc_key,
 						u_int16_t int_alg, chunk_t int_key,
 						ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-						bool encap, bool inbound);
+						bool encap, bool inbound,
+						traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
 
 	/**
 	 * Update the hosts on an installed SA.
diff --git a/src/charon/kernel/kernel_ipsec.c b/src/charon/kernel/kernel_ipsec.c
index 45eef4907..5b0335b16 100644
--- a/src/charon/kernel/kernel_ipsec.c
+++ b/src/charon/kernel/kernel_ipsec.c
@@ -18,8 +18,6 @@
 ENUM(ipsec_mode_names, MODE_TRANSPORT, MODE_BEET,
 	"TRANSPORT",
 	"TUNNEL",
-	"2",
-	"3",
 	"BEET",
 );
 
diff --git a/src/charon/kernel/kernel_ipsec.h b/src/charon/kernel/kernel_ipsec.h
index 1f5879984..73ad29b0e 100644
--- a/src/charon/kernel/kernel_ipsec.h
+++ b/src/charon/kernel/kernel_ipsec.h
@@ -131,6 +131,8 @@ struct kernel_ipsec_t {
 	 * @param cpi			CPI for IPComp
 	 * @param encap			enable UDP encapsulation for NAT traversal
 	 * @param inbound		TRUE if this is an inbound SA
+	 * @param src_ts		traffic selector with BEET source address
+	 * @param dst_ts		traffic selector with BEET destination address
 	 * @return				SUCCESS if operation completed
 	 */
 	status_t (*add_sa) (kernel_ipsec_t *this,
@@ -140,7 +142,8 @@ struct kernel_ipsec_t {
 						u_int16_t enc_alg, chunk_t enc_key,
 						u_int16_t int_alg, chunk_t int_key,
 						ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-						bool encap, bool inbound);
+						bool encap, bool inbound,
+						traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
 
 	/**
 	 * Update the hosts on an installed SA.
author	Martin Willi <martin@strongswan.org>	2009-12-17 10:50:37 +0100
committer	Martin Willi <martin@strongswan.org>	2009-12-17 10:52:07 +0100
commit	6ec949e022a4dd36f19676f0ba825c8b7ffcb2f6 (patch)
tree	dbada4619c15f17d6874b47d749fdfb83378fe78 /src/charon/kernel
parent	f721e0fb5f2cc4aa010a262ab5de228ea48a6357 (diff)
download	strongswan-6ec949e02.tar.bz2 strongswan-6ec949e02.tar.xz