diff options
| author | Martin Willi <martin@revosec.ch> | 2013-12-16 12:13:39 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2014-06-04 16:32:09 +0200 |
| commit | 1987b709895dbefb7e8c3298b0c5808731f57b93 (patch) | |
| tree | f367cd6e6ac8c12fd82ebd11d45e031a572ce7e4 /src/libcharon/plugins/kernel_wfp | |
| parent | 9b5c95648f2b1a94bf0a9e2b1cf9efe819958dfd (diff) | |
| download | strongswan-1987b709895dbefb7e8c3298b0c5808731f57b93.tar.bz2 strongswan-1987b709895dbefb7e8c3298b0c5808731f57b93.tar.xz | |
kernel-wfp: Configure ports for SAs using UDP encapsulation
Diffstat (limited to 'src/libcharon/plugins/kernel_wfp')
| -rw-r--r-- | src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c index 05798fdee..f26b60a92 100644 --- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c +++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c @@ -894,6 +894,37 @@ static bool install_sas(private_kernel_wfp_ipsec_t *this, entry_t *entry, return FALSE; } + if (entry->encap) + { + IPSEC_V4_UDP_ENCAPSULATION0 encap = { + .localUdpEncapPort = entry->local->get_port(entry->local), + .remoteUdpEncapPort = entry->remote->get_port(entry->remote), + }; + IPSEC_SA_CONTEXT1 *ctx; + + res = IPsecSaContextGetById1(this->handle, entry->sa_id, &ctx); + if (res != ERROR_SUCCESS) + { + DBG1(DBG_KNL, "getting WFP SA for UDP encap failed: 0x%08x", res); + IPsecSaContextDeleteById0(this->handle, entry->sa_id); + entry->sa_id = 0; + return FALSE; + } + ctx->inboundSa->udpEncapsulation = &encap; + ctx->outboundSa->udpEncapsulation = &encap; + + res = IPsecSaContextUpdate0(this->handle, + IPSEC_SA_DETAILS_UPDATE_UDP_ENCAPSULATION, ctx); + FwpmFreeMemory0((void**)&ctx); + if (res != ERROR_SUCCESS) + { + DBG1(DBG_KNL, "enable WFP UDP encap failed: 0x%08x", res); + IPsecSaContextDeleteById0(this->handle, entry->sa_id); + entry->sa_id = 0; + return FALSE; + } + } + return TRUE; } |