From 60ed88b2c7283a871ca80d8ed60f218d9731fa90 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 12 Apr 2013 13:19:59 +0200 Subject: child-sa: pass traffic selector to add_sa() regardless of IPsec mode This lets the kernel backend decide what to do with it, and in fact all kernel interfaces already handle this correctly. --- src/libcharon/sa/child_sa.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) (limited to 'src/libcharon') diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 463ad2e22..a8c246bfb 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -668,21 +668,18 @@ METHOD(child_sa_t, install, status_t, lifetime->time.rekey = 0; } - if (this->mode == MODE_BEET || this->mode == MODE_TRANSPORT) + /* BEET requires the bound address from the traffic selectors. + * TODO: We add just the first traffic selector for now, as the + * kernel accepts a single TS per SA only */ + if (inbound) { - /* BEET requires the bound address from the traffic selectors. - * TODO: We add just the first traffic selector for now, as the - * kernel accepts a single TS per SA only */ - if (inbound) - { - my_ts->get_first(my_ts, (void**)&dst_ts); - other_ts->get_first(other_ts, (void**)&src_ts); - } - else - { - my_ts->get_first(my_ts, (void**)&src_ts); - other_ts->get_first(other_ts, (void**)&dst_ts); - } + my_ts->get_first(my_ts, (void**)&dst_ts); + other_ts->get_first(other_ts, (void**)&src_ts); + } + else + { + my_ts->get_first(my_ts, (void**)&src_ts); + other_ts->get_first(other_ts, (void**)&dst_ts); } status = hydra->kernel_interface->add_sa(hydra->kernel_interface, -- cgit v1.2.3