diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-02-21 19:21:01 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-03-02 08:52:56 +0100 |
| commit | 6d86d0f51699612ad886b3f1b8773e81324e3b2a (patch) | |
| tree | 5cc6f0ccd3420c2cf6732cb77e6e1c85eeade7c7 /src/libipsec/ipsec_sa_mgr.c | |
| parent | 4b5cbb3db1582fd14d09e55d344e78aa0c6344a0 (diff) | |
| download | strongswan-6d86d0f51699612ad886b3f1b8773e81324e3b2a.tar.bz2 strongswan-6d86d0f51699612ad886b3f1b8773e81324e3b2a.tar.xz | |
kernel: Make range of SPIs for IPsec SAs configurable
Diffstat (limited to 'src/libipsec/ipsec_sa_mgr.c')
| -rw-r--r-- | src/libipsec/ipsec_sa_mgr.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c index ec35c6ea3..031d599a1 100644 --- a/src/libipsec/ipsec_sa_mgr.c +++ b/src/libipsec/ipsec_sa_mgr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2017 Tobias Brunner * Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Ralf Sager * Hochschule fuer Technik Rapperswil @@ -398,7 +398,18 @@ METHOD(ipsec_sa_mgr_t, get_spi, status_t, private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, uint8_t protocol, uint32_t *spi) { - uint32_t spi_new; + uint32_t spi_min, spi_max, spi_new; + + spi_min = lib->settings->get_int(lib->settings, "%s.spi_min", + KERNEL_SPI_MIN, lib->ns); + spi_max = lib->settings->get_int(lib->settings, "%s.spi_max", + KERNEL_SPI_MAX, lib->ns); + if (spi_min > spi_max) + { + spi_new = spi_min; + spi_min = spi_max; + spi_max = spi_new; + } this->mutex->lock(this->mutex); if (!this->rng) @@ -421,6 +432,7 @@ METHOD(ipsec_sa_mgr_t, get_spi, status_t, DBG1(DBG_ESP, "failed to allocate SPI"); return FAILED; } + spi_new = spi_min + spi_new % (spi_max - spi_min + 1); /* make sure the SPI is valid (not in range 0-255) */ spi_new |= 0x00000100; spi_new = htonl(spi_new); |