aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/sa
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/sa')
-rw-r--r--src/charon/sa/child_sa.c25
-rw-r--r--src/charon/sa/child_sa.h5
-rw-r--r--src/charon/sa/tasks/child_create.c10
3 files changed, 31 insertions, 9 deletions
diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c
index f2ffdab2f..3fdfb51ad 100644
--- a/src/charon/sa/child_sa.c
+++ b/src/charon/sa/child_sa.c
@@ -544,9 +544,11 @@ static u_int16_t alloc_cpi(private_child_sa_t *this)
* Implementation of child_sa_t.install
*/
static status_t install(private_child_sa_t *this, chunk_t encr, chunk_t integ,
- u_int32_t spi, u_int16_t cpi, bool inbound)
+ u_int32_t spi, u_int16_t cpi, bool inbound,
+ linked_list_t *my_ts, linked_list_t *other_ts)
{
u_int16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size;
+ traffic_selector_t *src_ts = NULL, *dst_ts = NULL;
time_t now;
lifetime_cfg_t *lifetime;
host_t *src, *dst;
@@ -603,10 +605,27 @@ static status_t install(private_child_sa_t *this, chunk_t encr, chunk_t integ,
lifetime->time.rekey = 0;
}
+ if (this->mode == MODE_BEET)
+ {
+ /* BEET requires the bound address from the traffic selectors.
+ * TODO: We add just the first traffic selector for now, as the
+ * kernel accepts a single TS per SA only */
+ if (inbound)
+ {
+ my_ts->get_first(my_ts, (void**)&dst_ts);
+ other_ts->get_first(other_ts, (void**)&src_ts);
+ }
+ else
+ {
+ my_ts->get_first(my_ts, (void**)&src_ts);
+ other_ts->get_first(other_ts, (void**)&dst_ts);
+ }
+ }
+
status = charon->kernel_interface->add_sa(charon->kernel_interface,
src, dst, spi, this->protocol, this->reqid, lifetime,
enc_alg, encr, int_alg, integ, this->mode, this->ipcomp, cpi,
- this->encap, update);
+ this->encap, update, src_ts, dst_ts);
free(lifetime);
@@ -902,7 +921,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
this->public.set_ipcomp = (void(*)(child_sa_t*,ipcomp_transform_t))set_ipcomp;
this->public.alloc_spi = (u_int32_t(*)(child_sa_t*, protocol_id_t protocol))alloc_spi;
this->public.alloc_cpi = (u_int16_t(*)(child_sa_t*))alloc_cpi;
- this->public.install = (status_t(*)(child_sa_t*, chunk_t encr, chunk_t integ, u_int32_t spi, u_int16_t cpi, bool inbound))install;
+ this->public.install = (status_t(*)(child_sa_t*, chunk_t encr, chunk_t integ, u_int32_t spi, u_int16_t cpi, bool inbound, linked_list_t *my_ts_list, linked_list_t *other_ts_list))install;
this->public.update = (status_t (*)(child_sa_t*,host_t*,host_t*,host_t*,bool))update;
this->public.add_policies = (status_t (*)(child_sa_t*, linked_list_t*,linked_list_t*))add_policies;
this->public.get_traffic_selectors = (linked_list_t*(*)(child_sa_t*,bool))get_traffic_selectors;
diff --git a/src/charon/sa/child_sa.h b/src/charon/sa/child_sa.h
index a45b4c3e4..d70bed664 100644
--- a/src/charon/sa/child_sa.h
+++ b/src/charon/sa/child_sa.h
@@ -285,10 +285,13 @@ struct child_sa_t {
* @param spi SPI to use, allocated for inbound
* @param cpi CPI to use, allocated for outbound
* @param inbound TRUE to install an inbound SA, FALSE for outbound
+ * @param my_ts negotiated local traffic selector list
+ * @param other_ts negotiated remote traffic selector list
* @return SUCCESS or FAILED
*/
status_t (*install)(child_sa_t *this, chunk_t encr, chunk_t integ,
- u_int32_t spi, u_int16_t cpi, bool inbound);
+ u_int32_t spi, u_int16_t cpi, bool inbound,
+ linked_list_t *my_ts, linked_list_t *other_ts);
/**
* Install the policies using some traffic selectors.
*
diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c
index f6719aa14..1bf73b8d8 100644
--- a/src/charon/sa/tasks/child_create.c
+++ b/src/charon/sa/tasks/child_create.c
@@ -408,21 +408,21 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
}
status_i = status_o = FAILED;
if (this->keymat->derive_child_keys(this->keymat, this->proposal,
- this->dh, nonce_i, nonce_r, &encr_i, &integ_i, &encr_r, &integ_r))
+ this->dh, nonce_i, nonce_r, &encr_i, &integ_i, &encr_r, &integ_r))
{
if (this->initiator)
{
status_i = this->child_sa->install(this->child_sa, encr_r, integ_r,
- this->my_spi, this->my_cpi, TRUE);
+ this->my_spi, this->my_cpi, TRUE, my_ts, other_ts);
status_o = this->child_sa->install(this->child_sa, encr_i, integ_i,
- this->other_spi, this->other_cpi, FALSE);
+ this->other_spi, this->other_cpi, FALSE, my_ts, other_ts);
}
else
{
status_i = this->child_sa->install(this->child_sa, encr_i, integ_i,
- this->my_spi, this->my_cpi, TRUE);
+ this->my_spi, this->my_cpi, TRUE, my_ts, other_ts);
status_o = this->child_sa->install(this->child_sa, encr_r, integ_r,
- this->other_spi, this->other_cpi, FALSE);
+ this->other_spi, this->other_cpi, FALSE, my_ts, other_ts);
}
}
chunk_clear(&integ_i);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 04:17:34 +0000