kernel-interface: Add a separate "update" flag to add_sa()

The current "inbound" flag is used for two purposes: To define the actual
direction of the SA, but also to determine the operation used for SA
installation. If an SPI has been allocated, an update operation is required
instead of an add.

While the inbound flag normally defines the kind of operation required, this
is not necessarily true in all cases. On the HA passive node, we install inbound
SAs without prior SPI allocation.

1 files changed, 3 insertions, 2 deletions

diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index 2d484251f..96ce9e26d 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -180,6 +180,7 @@ struct kernel_interface_t {
 	 * @param encap			enable UDP encapsulation for NAT traversal
 	 * @param esn			TRUE to use Extended Sequence Numbers
 	 * @param inbound		TRUE if this is an inbound SA
+	 * @param update		TRUE if an SPI has already been allocated for SA
 	 * @param src_ts		list of source traffic selectors
 	 * @param dst_ts		list of destination traffic selectors
 	 * @return				SUCCESS if operation completed
@@ -191,8 +192,8 @@ struct kernel_interface_t {
 						u_int16_t enc_alg, chunk_t enc_key,
 						u_int16_t int_alg, chunk_t int_key,
 						ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-						u_int32_t replay_window,
-						bool initiator, bool encap, bool esn, bool inbound,
+						u_int32_t replay_window, bool initiator, bool encap,
+						bool esn, bool inbound, bool update,
 						linked_list_t *src_ts, linked_list_t *dst_ts);
 
 	/**