aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/charon/plugins/stroke/stroke_list.c12
-rw-r--r--src/charon/sa/child_sa.c18
-rw-r--r--src/charon/sa/child_sa.h14
3 files changed, 37 insertions, 7 deletions
diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c
index 9ce89dc1c..962286ae4 100644
--- a/src/charon/plugins/stroke/stroke_list.c
+++ b/src/charon/plugins/stroke/stroke_list.c
@@ -135,19 +135,17 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
if (child_sa->get_state(child_sa) == CHILD_INSTALLED)
{
- u_int16_t my_cpi = child_sa->get_cpi(child_sa, TRUE);
- u_int16_t other_cpi = child_sa->get_cpi(child_sa, FALSE);
-
- fprintf(out, ", %N SPIs: %.8x_i %.8x_o",
+ fprintf(out, ", %N%s SPIs: %.8x_i %.8x_o",
protocol_id_names, child_sa->get_protocol(child_sa),
+ child_sa->has_encap(child_sa) ? " in UDP": "",
ntohl(child_sa->get_spi(child_sa, TRUE)),
ntohl(child_sa->get_spi(child_sa, FALSE)));
- /* Is IPCOMP activated ? */
- if (my_cpi && other_cpi)
+ if (child_sa->get_ipcomp(child_sa) != IPCOMP_NONE)
{
fprintf(out, ", IPCOMP CPIs: %.4x_i %.4x_o",
- ntohs(my_cpi), ntohs(other_cpi));
+ ntohs(child_sa->get_cpi(child_sa, TRUE)),
+ ntohs(child_sa->get_cpi(child_sa, FALSE)));
}
if (all)
diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c
index 03a028257..4bc2c2cd4 100644
--- a/src/charon/sa/child_sa.c
+++ b/src/charon/sa/child_sa.c
@@ -248,6 +248,22 @@ protocol_id_t get_protocol(private_child_sa_t *this)
}
/**
+ * Implementation of child_sa_t.has_encap
+ */
+static bool has_encap(private_child_sa_t *this)
+{
+ return this->encap;
+}
+
+/**
+ * Implementation of child_sa_t.get_ipcomp
+ */
+static ipcomp_transform_t get_ipcomp(private_child_sa_t *this)
+{
+ return this->ipcomp;
+}
+
+/**
* Implements child_sa_t.get_state
*/
static child_sa_state_t get_state(private_child_sa_t *this)
@@ -989,6 +1005,8 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
this->public.get_cpi = (u_int16_t(*)(child_sa_t*, bool))get_cpi;
this->public.get_protocol = (protocol_id_t(*)(child_sa_t*))get_protocol;
this->public.get_mode = (ipsec_mode_t(*)(child_sa_t*))get_mode;
+ this->public.get_ipcomp = (ipcomp_transform_t(*)(child_sa_t*))get_ipcomp;
+ this->public.has_encap = (bool(*)(child_sa_t*))has_encap;
this->public.get_encryption = (encryption_algorithm_t(*)(child_sa_t*, bool, chunk_t*))get_encryption;
this->public.get_integrity = (integrity_algorithm_t(*)(child_sa_t*, bool, chunk_t*))get_integrity;
this->public.get_lifetime = (u_int32_t(*)(child_sa_t*, bool))get_lifetime;
diff --git a/src/charon/sa/child_sa.h b/src/charon/sa/child_sa.h
index 3e9998649..d76e23af7 100644
--- a/src/charon/sa/child_sa.h
+++ b/src/charon/sa/child_sa.h
@@ -155,6 +155,20 @@ struct child_sa_t {
ipsec_mode_t (*get_mode)(child_sa_t *this);
/**
+ * Get the used IPComp algorithm.
+ *
+ * @return IPComp compression algorithm.
+ */
+ ipcomp_transform_t (*get_ipcomp)(child_sa_t *this);
+
+ /**
+ * Check if this CHILD_SA uses UDP encapsulation.
+ *
+ * @return TRUE if SA encapsulates ESP packets
+ */
+ bool (*has_encap)(child_sa_t *this);
+
+ /**
* Get the IPsec encryption key.
*
* @param inbound TRUE for inbound, FALSE for outbound key