From 3e779ff555f9ce27c23425162233ba0b8761ac5c Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 15 Oct 2014 17:19:56 +0200 Subject: libipsec: Remove unused reqid parameter from ipsec_sa_mgr_t.get_spi() --- src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c') diff --git a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c index 24640a07d..84b3b600d 100644 --- a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c +++ b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c @@ -50,7 +50,7 @@ METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_android_ipsec_t *this, host_t *src, host_t *dst, u_int8_t protocol, u_int32_t reqid, u_int32_t *spi) { - return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, reqid, spi); + return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, spi); } METHOD(kernel_ipsec_t, get_cpi, status_t, -- cgit v1.2.3 From 2a1c9e20bd38572ba32ba57436d7064192680729 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 15 Oct 2014 17:22:55 +0200 Subject: kernel-interface: Remove reqid parameter from get_spi/get_cpi() methods The reqid is not strictly required, as we set the reqid with the update call when installing the negotiated SA. If we don't need a reqid at this stage, we can later allocate the reqid in the kernel backend once the SA parameters have been fully negotaited. This allows us to assign the same reqid for the same selectors to avoid conflicts on backends this is necessary. --- src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c') diff --git a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c index 84b3b600d..d2a45da82 100644 --- a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c +++ b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c @@ -48,14 +48,14 @@ void expire(u_int32_t reqid, u_int8_t protocol, u_int32_t spi, bool hard) METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_android_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t reqid, u_int32_t *spi) + u_int8_t protocol, u_int32_t *spi) { return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, spi); } METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_android_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t reqid, u_int16_t *cpi) + u_int16_t *cpi) { return NOT_SUPPORTED; } -- cgit v1.2.3 From fd9417607c05ebd8dcb1e7394550b4129aa096e9 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 15 Oct 2014 18:02:46 +0200 Subject: libipsec: Remove unused src/dst_ts parameters from ipsec_sa_mgr_t.add_sa() --- src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c') diff --git a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c index d2a45da82..4ed5a426a 100644 --- a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c +++ b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c @@ -71,8 +71,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, - mode, ipcomp, cpi, initiator, encap, esn, inbound, - src_ts, dst_ts); + mode, ipcomp, cpi, initiator, encap, esn, inbound); } METHOD(kernel_ipsec_t, update_sa, status_t, -- cgit v1.2.3 From d05d85fe658321aff8d859eaf50704a21299b683 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 15 Oct 2014 18:03:31 +0200 Subject: kernel-interface: Pass full list of traffic selectors to add_sa() While we can handle the first selector only in BEET mode in kernel-netlink, passing the full list gives the backend more flexibility how to handle this information. --- src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c') diff --git a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c index 4ed5a426a..65166077e 100644 --- a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c +++ b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c @@ -67,7 +67,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, bool initiator, bool encap, bool esn, bool inbound, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts) + linked_list_t *src_ts, linked_list_t *dst_ts) { return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, -- cgit v1.2.3 From f81a9497483a7282c11adf5705d9ea3e83f6fffd Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 27 Oct 2014 15:07:05 +0100 Subject: kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqid --- src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c') diff --git a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c index 65166077e..a0aefaa4e 100644 --- a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c +++ b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c @@ -40,10 +40,10 @@ struct private_kernel_android_ipsec_t { /** * Callback registrered with libipsec. */ -void expire(u_int32_t reqid, u_int8_t protocol, u_int32_t spi, bool hard) +static void expire(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard) { - hydra->kernel_interface->expire(hydra->kernel_interface, reqid, protocol, - spi, hard); + hydra->kernel_interface->expire(hydra->kernel_interface, protocol, + spi, dst, hard); } METHOD(kernel_ipsec_t, get_spi, status_t, -- cgit v1.2.3