diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2010-08-03 11:49:28 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2010-09-02 19:04:21 +0200 |
| commit | 34cf6def835e9df3b852718845cfbf8ba61efa0f (patch) | |
| tree | a875b242bea6516105dae578d81ea0fe041f6c82 /src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | |
| parent | c3f4d68f0dae9844a80fec65b50670c1a0f53802 (diff) | |
| download | strongswan-34cf6def835e9df3b852718845cfbf8ba61efa0f.tar.bz2 strongswan-34cf6def835e9df3b852718845cfbf8ba61efa0f.tar.xz | |
Fixing installation of trap policies (SPI=0) in kernel interface.
Diffstat (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c')
| -rw-r--r-- | src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 20d1b1205..1b18f6a9c 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1593,9 +1593,8 @@ METHOD(kernel_ipsec_t, del_sa, status_t, METHOD(kernel_ipsec_t, add_policy, status_t, private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, u_int32_t spi, u_int32_t ah_spi, - u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp, - u_int16_t cpi, bool routed) + policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, + mark_t mark, bool routed) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1612,7 +1611,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } /* create a policy */ - policy = create_policy_entry(src_ts, dst_ts, direction, reqid); + policy = create_policy_entry(src_ts, dst_ts, direction, sa->reqid); /* find a matching policy */ this->mutex->lock(this->mutex); @@ -1661,13 +1660,13 @@ METHOD(kernel_ipsec_t, add_policy, status_t, /* one or more sadb_x_ipsecrequest extensions are added to the sadb_x_policy extension */ req = (struct sadb_x_ipsecrequest*)(pol + 1); - req->sadb_x_ipsecrequest_proto = spi ? IPPROTO_ESP : IPPROTO_AH; + req->sadb_x_ipsecrequest_proto = sa->esp.use ? IPPROTO_ESP : IPPROTO_AH; /* !!! the length of this struct MUST be in octets instead of 64 bit words */ req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest); - req->sadb_x_ipsecrequest_mode = mode2kernel(mode); - req->sadb_x_ipsecrequest_reqid = reqid; + req->sadb_x_ipsecrequest_mode = mode2kernel(sa->mode); + req->sadb_x_ipsecrequest_reqid = sa->reqid; req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; - if (mode == MODE_TUNNEL) + if (sa->mode == MODE_TUNNEL) { len = hostcpy(req + 1, src); req->sadb_x_ipsecrequest_len += len; @@ -1741,7 +1740,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, * - routing is not disabled via strongswan.conf */ if (policy->route == NULL && direction == POLICY_FWD && - mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6 && + sa->mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6 && this->install_routes) { route_entry_t *route = malloc_thing(route_entry_t); |