Added an esn parameter to the kernel interface add_sa functions
authorMartin Willi <martin@revosec.ch>
Mon, 18 Apr 2011 13:16:23 +0000 (15:16 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 20 Apr 2011 10:26:57 +0000 (12:26 +0200)
src/libcharon/plugins/load_tester/load_tester_ipsec.c
src/libcharon/sa/child_sa.c
src/libhydra/kernel/kernel_interface.c
src/libhydra/kernel/kernel_interface.h
src/libhydra/kernel/kernel_ipsec.h
src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
src/pluto/kernel.c

index ef9d7f9..fdec530 100644 (file)
@@ -54,8 +54,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
           u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
           u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
           u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
-          u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts,
-          traffic_selector_t *dst_ts)
+          u_int16_t cpi, bool encap, bool esn, bool inbound,
+          traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
        return SUCCESS;
 }
index 4959299..b27392d 100644 (file)
@@ -647,7 +647,7 @@ METHOD(child_sa_t, install, status_t,
                                src, dst, spi, proto_ike2ip(this->protocol), this->reqid,
                                inbound ? this->mark_in : this->mark_out, tfc,
                                lifetime, enc_alg, encr, int_alg, integ, this->mode,
-                               this->ipcomp, cpi, this->encap, update, src_ts, dst_ts);
+                               this->ipcomp, cpi, this->encap, FALSE, update, src_ts, dst_ts);
 
        free(lifetime);
 
index 4fd5a75..4b5b41f 100644 (file)
@@ -81,8 +81,8 @@ METHOD(kernel_interface_t, add_sa, status_t,
        u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
        u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
        u_int16_t int_alg, chunk_t int_key,     ipsec_mode_t mode, u_int16_t ipcomp,
-       u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts,
-       traffic_selector_t *dst_ts)
+       u_int16_t cpi, bool encap, bool esn, bool inbound,
+       traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
        if (!this->ipsec)
        {
@@ -90,7 +90,7 @@ METHOD(kernel_interface_t, add_sa, status_t,
        }
        return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
                        mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode,
-                       ipcomp, cpi, encap, inbound, src_ts, dst_ts);
+                       ipcomp, cpi, encap, esn, inbound, src_ts, dst_ts);
 }
 
 METHOD(kernel_interface_t, update_sa, status_t,
index ec73fa1..471a1d5 100644 (file)
@@ -101,6 +101,7 @@ struct kernel_interface_t {
         * @param ipcomp                IPComp transform to use
         * @param cpi                   CPI for IPComp
         * @param encap                 enable UDP encapsulation for NAT traversal
+        * @param esn                   TRUE to use Extended Sequence Numbers
         * @param inbound               TRUE if this is an inbound SA
         * @param src_ts                traffic selector with BEET source address
         * @param dst_ts                traffic selector with BEET destination address
@@ -113,7 +114,7 @@ struct kernel_interface_t {
                                                u_int16_t enc_alg, chunk_t enc_key,
                                                u_int16_t int_alg, chunk_t int_key,
                                                ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-                                               bool encap, bool inbound,
+                                               bool encap, bool esn, bool inbound,
                                                traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
 
        /**
index 3e2d8b9..ef36efd 100644 (file)
@@ -214,6 +214,7 @@ struct kernel_ipsec_t {
         * @param ipcomp                IPComp transform to use
         * @param cpi                   CPI for IPComp
         * @param encap                 enable UDP encapsulation for NAT traversal
+        * @param esn                   TRUE to use Extended Sequence Numbers
         * @param inbound               TRUE if this is an inbound SA
         * @param src_ts                traffic selector with BEET source address
         * @param dst_ts                traffic selector with BEET destination address
@@ -226,7 +227,7 @@ struct kernel_ipsec_t {
                                                u_int16_t enc_alg, chunk_t enc_key,
                                                u_int16_t int_alg, chunk_t int_key,
                                                ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-                                               bool encap, bool inbound,
+                                               bool encap, bool esn, bool inbound,
                                                traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
 
        /**
index cf9a3e1..ff4f0ed 100644 (file)
@@ -1671,7 +1671,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
        u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
        lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
        u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
-       u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound,
+       u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound,
        traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
index 4f1ee2a..1484fcc 100644 (file)
@@ -868,7 +868,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
        u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
        u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
        u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
-       u_int16_t cpi, bool encap, bool inbound,
+       u_int16_t cpi, bool encap, bool esn, bool inbound,
        traffic_selector_t* src_ts, traffic_selector_t* dst_ts)
 {
        netlink_buf_t request;
@@ -884,7 +884,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
                lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}};
                add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, tfc,
                           &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty,
-                          mode, ipcomp, 0, FALSE, inbound, NULL, NULL);
+                          mode, ipcomp, 0, FALSE, FALSE, inbound, NULL, NULL);
                ipcomp = IPCOMP_NONE;
                /* use transport mode ESP SA, IPComp uses tunnel mode */
                mode = MODE_TRANSPORT;
index 6818115..b252b70 100644 (file)
@@ -1209,7 +1209,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
        u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
        lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
        u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
-       u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound,
+       u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound,
        traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
index 104b6c2..8bed1fc 100644 (file)
@@ -1185,7 +1185,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
                                                host_dst, ipcomp_spi, said_next->proto, c->spd.reqid,
                                                mark, 0, &lt_none, ENCR_UNDEFINED, chunk_empty,
                                                AUTH_UNDEFINED, chunk_empty, mode,
-                                               st->st_ipcomp.attrs.transid, 0 /* cpi */, FALSE,
+                                               st->st_ipcomp.attrs.transid, 0 /* cpi */, FALSE, FALSE,
                                                inbound, NULL, NULL) != SUCCESS)
                {
                        goto fail;
@@ -1294,7 +1294,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
                                                host_dst, esp_spi, said_next->proto, c->spd.reqid,
                                                mark, 0, &lt_none, enc_alg, enc_key,
                                                auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */,
-                                               encap, inbound, NULL, NULL) != SUCCESS)
+                                               encap, FALSE, inbound, NULL, NULL) != SUCCESS)
                {
                        goto fail;
                }
@@ -1327,7 +1327,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
                                                host_dst, ah_spi, said_next->proto, c->spd.reqid,
                                                mark, 0, &lt_none, ENCR_UNDEFINED, chunk_empty,
                                                auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */,
-                                               FALSE, inbound, NULL, NULL) != SUCCESS)
+                                               FALSE, FALSE, inbound, NULL, NULL) != SUCCESS)
                {
                        goto fail;
                }