diff options
| author | Martin Willi <martin@revosec.ch> | 2015-03-09 18:04:54 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2015-03-09 18:18:20 +0100 |
| commit | 942797a5b5176c43670232ffb8686bc347b8cda9 (patch) | |
| tree | 51c8d0d91cd893145a826c419e8de0e5655e7d61 /src/libcharon/plugins/kernel_wfp | |
| parent | 68e5ada0058a52a402966b616a73a290053a210d (diff) | |
| download | strongswan-942797a5b5176c43670232ffb8686bc347b8cda9.tar.bz2 strongswan-942797a5b5176c43670232ffb8686bc347b8cda9.tar.xz | |
kernel-interface: Add a separate "update" flag to add_sa()
The current "inbound" flag is used for two purposes: To define the actual
direction of the SA, but also to determine the operation used for SA
installation. If an SPI has been allocated, an update operation is required
instead of an add.
While the inbound flag normally defines the kind of operation required, this
is not necessarily true in all cases. On the HA passive node, we install inbound
SAs without prior SPI allocation.
Diffstat (limited to 'src/libcharon/plugins/kernel_wfp')
| -rw-r--r-- | src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c index 86db9e643..b38ded846 100644 --- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c +++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c @@ -2103,7 +2103,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, + bool initiator, bool encap, bool esn, bool inbound, bool update, linked_list_t *src_ts, linked_list_t *dst_ts) { host_t *local, *remote; |