diff options
Diffstat (limited to 'src/charon/threads')
| -rw-r--r-- | src/charon/threads/kernel_interface.c | 15 | ||||
| -rw-r--r-- | src/charon/threads/kernel_interface.h | 8 | ||||
| -rwxr-xr-x | src/charon/threads/stroke_interface.c | 2 |
3 files changed, 15 insertions, 10 deletions
diff --git a/src/charon/threads/kernel_interface.c b/src/charon/threads/kernel_interface.c index 092e57ca4..074e7fcc8 100644 --- a/src/charon/threads/kernel_interface.c +++ b/src/charon/threads/kernel_interface.c @@ -503,7 +503,7 @@ static status_t add_sa(private_kernel_interface_t *this, protocol_id_t protocol, u_int32_t reqid, u_int64_t expire_soft, u_int64_t expire_hard, algorithm_t *enc_alg, algorithm_t *int_alg, - prf_plus_t *prf_plus, natt_conf_t *natt, + prf_plus_t *prf_plus, natt_conf_t *natt, mode_t mode, bool replace) { unsigned char request[BUFFER_SIZE]; @@ -529,7 +529,7 @@ static status_t add_sa(private_kernel_interface_t *this, sa->id.spi = spi; sa->id.proto = (protocol == PROTO_ESP) ? KERNEL_ESP : KERNEL_AH; sa->family = src->get_family(src); - sa->mode = TRUE; /* tunnel mode */ + sa->mode = mode; sa->replay_window = 32; sa->reqid = reqid; /* we currently do not expire SAs by volume/packet count */ @@ -970,7 +970,8 @@ static status_t add_policy(private_kernel_interface_t *this, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, protocol_id_t protocol, - u_int32_t reqid, bool high_prio, bool update) + u_int32_t reqid, bool high_prio, mode_t mode, + bool update) { iterator_t *iterator; kernel_policy_t *current, *policy; @@ -992,7 +993,7 @@ static status_t add_policy(private_kernel_interface_t *this, iterator = this->policies->create_iterator(this->policies, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { - if (memcmp(current, policy, sizeof(struct xfrm_selector)) == 0 && + if (memcmp(¤t->sel, &policy->sel, sizeof(struct xfrm_selector)) == 0 && policy->direction == current->direction) { free(policy); @@ -1068,7 +1069,7 @@ static status_t add_policy(private_kernel_interface_t *this, tmpl->reqid = reqid; tmpl->id.proto = (protocol == PROTO_AH) ? KERNEL_AH : KERNEL_ESP; tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0; - tmpl->mode = TRUE; + tmpl->mode = mode; tmpl->family = src->get_family(src); host2xfrm(src, &tmpl->saddr); @@ -1266,11 +1267,11 @@ kernel_interface_t *kernel_interface_create() /* public functions */ this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; - this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,algorithm_t*,algorithm_t*,prf_plus_t*,natt_conf_t*,bool))add_sa; + this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,algorithm_t*,algorithm_t*,prf_plus_t*,natt_conf_t*,mode_t,bool))add_sa; this->public.update_sa = (status_t(*)(kernel_interface_t*,host_t*,u_int32_t,protocol_id_t,host_t*,host_t*,host_diff_t,host_diff_t))update_sa; this->public.query_sa = (status_t(*)(kernel_interface_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t*))query_sa; this->public.del_sa = (status_t(*)(kernel_interface_t*,host_t*,u_int32_t,protocol_id_t))del_sa; - this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,protocol_id_t,u_int32_t,bool,bool))add_policy; + this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,protocol_id_t,u_int32_t,bool,mode_t,bool))add_policy; this->public.query_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.del_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t))del_policy; this->public.destroy = (void(*)(kernel_interface_t*)) destroy; diff --git a/src/charon/threads/kernel_interface.h b/src/charon/threads/kernel_interface.h index 2655745a8..991d8e17c 100644 --- a/src/charon/threads/kernel_interface.h +++ b/src/charon/threads/kernel_interface.h @@ -118,6 +118,7 @@ struct kernel_interface_t { * @param int_alg Algorithm to use for integrity protection * @param prf_plus PRF to derive keys from * @param natt NAT-T Configuration, or NULL of no NAT-T used + * @param mode mode of the SA (tunnel, transport) * @param replace Should an already installed SA be updated? * @return * - SUCCESS @@ -128,7 +129,8 @@ struct kernel_interface_t { protocol_id_t protocol, u_int32_t reqid, u_int64_t expire_soft, u_int64_t expire_hard, algorithm_t *enc_alg, algorithm_t *int_alg, - prf_plus_t *prf_plus, natt_conf_t *natt, bool update); + prf_plus_t *prf_plus, natt_conf_t *natt, + mode_t mode, bool update); /** * @brief Update the hosts on an installed SA. @@ -206,6 +208,7 @@ struct kernel_interface_t { * @param protocol protocol to use to protect traffic (AH/ESP) * @param reqid uniqe ID of an SA to use to enforce policy * @param high_prio if TRUE, uses a higher priority than any with FALSE + * @param mode mode of SA (tunnel, transport) * @param update update an existing policy, if TRUE * @return * - SUCCESS @@ -216,7 +219,8 @@ struct kernel_interface_t { traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, protocol_id_t protocol, - u_int32_t reqid, bool high_prio, bool update); + u_int32_t reqid, bool high_prio, + mode_t mode, bool update); /** * @brief Query the use time of a policy. diff --git a/src/charon/threads/stroke_interface.c b/src/charon/threads/stroke_interface.c index dd646aa85..a98284509 100755 --- a/src/charon/threads/stroke_interface.c +++ b/src/charon/threads/stroke_interface.c @@ -398,7 +398,7 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin, msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, - msg->add_conn.dpd.action); + msg->add_conn.mode, msg->add_conn.dpd.action); policy->add_my_traffic_selector(policy, my_ts); policy->add_other_traffic_selector(policy, other_ts); policy->add_authorities(policy, my_ca, other_ca); |