diff options
| author | Martin Willi <martin@revosec.ch> | 2015-02-19 18:18:51 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2015-02-20 13:34:52 +0100 |
| commit | 94eb09ac354c5dfee033a62c93dabf011e9c9747 (patch) | |
| tree | a8505a4fb50285b2cbcf13ad1de2dd54f8e4cb21 /src/libipsec/ipsec_sa_mgr.h | |
| parent | 970378c557412710c01f3100d6f8ffb380e853a3 (diff) | |
| parent | 246c969d8bc98194c300989d545d8fa40e246399 (diff) | |
| download | strongswan-94eb09ac354c5dfee033a62c93dabf011e9c9747.tar.bz2 strongswan-94eb09ac354c5dfee033a62c93dabf011e9c9747.tar.xz | |
Merge branch 'reqid-alloc'
With these changes, charon dynamically allocates reqids for CHILD_SAs. This
allows the reuse of reqids for identical policies, and basically allows multiple
CHILD_SAs with the same selectors. As reqids do not uniquely define a CHILD_SA,
a new unique identifier for CHILD_SAs is introduced, and the kernel backends
use a proto/dst/SPI tuple to identify CHILD_SAs.
charon-tkm is not yet updated and expires are actually broken with this merge.
As some significant refactorings are required, this is fixed using a separate
merge.
References #422, #431, #463.
Diffstat (limited to 'src/libipsec/ipsec_sa_mgr.h')
| -rw-r--r-- | src/libipsec/ipsec_sa_mgr.h | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/src/libipsec/ipsec_sa_mgr.h b/src/libipsec/ipsec_sa_mgr.h index 8c234cefa..8d3f64fbb 100644 --- a/src/libipsec/ipsec_sa_mgr.h +++ b/src/libipsec/ipsec_sa_mgr.h @@ -45,12 +45,11 @@ struct ipsec_sa_mgr_t { * @param src source address of the SA * @param dst destination address of the SA * @param protocol protocol of the SA (only ESP supported) - * @param reqid reqid for the SA * @param spi the allocated SPI * @return SUCCESS of operation successful */ status_t (*get_spi)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t reqid, u_int32_t *spi); + u_int8_t protocol, u_int32_t *spi); /** * Add a new SA @@ -74,8 +73,6 @@ struct ipsec_sa_mgr_t { * @param encap enable UDP encapsulation (must be TRUE) * @param esn Extended Sequence Numbers (currently not supported) * @param inbound TRUE if this is an inbound SA, FALSE otherwise - * @param src_ts source traffic selector - * @param dst_ts destination traffic selector * @return SUCCESS if operation completed */ status_t (*add_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst, @@ -84,8 +81,7 @@ struct ipsec_sa_mgr_t { u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool initiator, bool encap, bool esn, - bool inbound, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts); + bool inbound); /** * Update the hosts on an installed SA. |