aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2010-08-03 11:49:28 +0200
committerTobias Brunner <tobias@strongswan.org>2010-09-02 19:04:21 +0200
commit34cf6def835e9df3b852718845cfbf8ba61efa0f (patch)
treea875b242bea6516105dae578d81ea0fe041f6c82 /src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
parentc3f4d68f0dae9844a80fec65b50670c1a0f53802 (diff)
downloadstrongswan-34cf6def835e9df3b852718845cfbf8ba61efa0f.tar.bz2
strongswan-34cf6def835e9df3b852718845cfbf8ba61efa0f.tar.xz
Fixing installation of trap policies (SPI=0) in kernel interface.
Diffstat (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c')
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c17
1 files changed, 8 insertions, 9 deletions
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 20d1b1205..1b18f6a9c 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1593,9 +1593,8 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
METHOD(kernel_ipsec_t, add_policy, status_t,
private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, u_int32_t spi, u_int32_t ah_spi,
- u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp,
- u_int16_t cpi, bool routed)
+ policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
+ mark_t mark, bool routed)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
@@ -1612,7 +1611,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
}
/* create a policy */
- policy = create_policy_entry(src_ts, dst_ts, direction, reqid);
+ policy = create_policy_entry(src_ts, dst_ts, direction, sa->reqid);
/* find a matching policy */
this->mutex->lock(this->mutex);
@@ -1661,13 +1660,13 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
/* one or more sadb_x_ipsecrequest extensions are added to the sadb_x_policy extension */
req = (struct sadb_x_ipsecrequest*)(pol + 1);
- req->sadb_x_ipsecrequest_proto = spi ? IPPROTO_ESP : IPPROTO_AH;
+ req->sadb_x_ipsecrequest_proto = sa->esp.use ? IPPROTO_ESP : IPPROTO_AH;
/* !!! the length of this struct MUST be in octets instead of 64 bit words */
req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest);
- req->sadb_x_ipsecrequest_mode = mode2kernel(mode);
- req->sadb_x_ipsecrequest_reqid = reqid;
+ req->sadb_x_ipsecrequest_mode = mode2kernel(sa->mode);
+ req->sadb_x_ipsecrequest_reqid = sa->reqid;
req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
- if (mode == MODE_TUNNEL)
+ if (sa->mode == MODE_TUNNEL)
{
len = hostcpy(req + 1, src);
req->sadb_x_ipsecrequest_len += len;
@@ -1741,7 +1740,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
* - routing is not disabled via strongswan.conf
*/
if (policy->route == NULL && direction == POLICY_FWD &&
- mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6 &&
+ sa->mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6 &&
this->install_routes)
{
route_entry_t *route = malloc_thing(route_entry_t);