kernel-wfp: Configure ports for SAs using UDP encapsulation
authorMartin Willi <martin@revosec.ch>
Mon, 16 Dec 2013 11:13:39 +0000 (12:13 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 4 Jun 2014 14:32:09 +0000 (16:32 +0200)
src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c

index 05798fd..f26b60a 100644 (file)
@@ -894,6 +894,37 @@ static bool install_sas(private_kernel_wfp_ipsec_t *this, entry_t *entry,
                return FALSE;
        }
 
+       if (entry->encap)
+       {
+               IPSEC_V4_UDP_ENCAPSULATION0 encap = {
+                       .localUdpEncapPort = entry->local->get_port(entry->local),
+                       .remoteUdpEncapPort = entry->remote->get_port(entry->remote),
+               };
+               IPSEC_SA_CONTEXT1 *ctx;
+
+               res = IPsecSaContextGetById1(this->handle, entry->sa_id, &ctx);
+               if (res != ERROR_SUCCESS)
+               {
+                       DBG1(DBG_KNL, "getting WFP SA for UDP encap failed: 0x%08x", res);
+                       IPsecSaContextDeleteById0(this->handle, entry->sa_id);
+                       entry->sa_id = 0;
+                       return FALSE;
+               }
+               ctx->inboundSa->udpEncapsulation = &encap;
+               ctx->outboundSa->udpEncapsulation = &encap;
+
+               res = IPsecSaContextUpdate0(this->handle,
+                                                               IPSEC_SA_DETAILS_UPDATE_UDP_ENCAPSULATION, ctx);
+               FwpmFreeMemory0((void**)&ctx);
+               if (res != ERROR_SUCCESS)
+               {
+                       DBG1(DBG_KNL, "enable WFP UDP encap failed: 0x%08x", res);
+                       IPsecSaContextDeleteById0(this->handle, entry->sa_id);
+                       entry->sa_id = 0;
+                       return FALSE;
+               }
+       }
+
        return TRUE;
 }