Similar to other kernel interfaces, the libipsec backends uses the flag for
different purposes, and therefore should get separate flags.
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
linked_list_t *src_ts, linked_list_t *dst_ts)
{
return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark,
tfc, lifetime, enc_alg, enc_key, int_alg, int_key,
linked_list_t *src_ts, linked_list_t *dst_ts)
{
return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark,
tfc, lifetime, enc_alg, enc_key, int_alg, int_key,
- mode, ipcomp, cpi, initiator, encap, esn, inbound);
+ mode, ipcomp, cpi, initiator, encap, esn,
+ inbound, update);
}
METHOD(kernel_ipsec_t, update_sa, status_t,
}
METHOD(kernel_ipsec_t, update_sa, status_t,
{
return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark,
tfc, lifetime, enc_alg, enc_key, int_alg, int_key,
{
return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark,
tfc, lifetime, enc_alg, enc_key, int_alg, int_key,
- mode, ipcomp, cpi, initiator, encap, esn, inbound);
+ mode, ipcomp, cpi, initiator, encap, esn,
+ inbound, update);
}
METHOD(kernel_ipsec_t, update_sa, status_t,
}
METHOD(kernel_ipsec_t, update_sa, status_t,
u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
- u_int16_t cpi, bool initiator, bool encap, bool esn, bool inbound)
+ u_int16_t cpi, bool initiator, bool encap, bool esn, bool inbound,
+ bool update)
{
ipsec_sa_entry_t *entry;
ipsec_sa_t *sa_new;
{
ipsec_sa_entry_t *entry;
ipsec_sa_t *sa_new;
this->mutex->lock(this->mutex);
this->mutex->lock(this->mutex);
{ /* remove any pre-allocated SPIs */
u_int32_t *spi_alloc;
{ /* remove any pre-allocated SPIs */
u_int32_t *spi_alloc;
* @param encap enable UDP encapsulation (must be TRUE)
* @param esn Extended Sequence Numbers (currently not supported)
* @param inbound TRUE if this is an inbound SA, FALSE otherwise
* @param encap enable UDP encapsulation (must be TRUE)
* @param esn Extended Sequence Numbers (currently not supported)
* @param inbound TRUE if this is an inbound SA, FALSE otherwise
+ * @param update TRUE if an SPI has already been allocated for SA
* @return SUCCESS if operation completed
*/
status_t (*add_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst,
* @return SUCCESS if operation completed
*/
status_t (*add_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst,
u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg,
chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
u_int16_t cpi, bool initiator, bool encap, bool esn,
u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg,
chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
u_int16_t cpi, bool initiator, bool encap, bool esn,
+ bool inbound, bool update);
/**
* Update the hosts on an installed SA.
/**
* Update the hosts on an installed SA.
projects / strongswan.git / commitdiff