child-sa: pass traffic selector to add_sa() regardless of IPsec mode
authorMartin Willi <martin@revosec.ch>
Fri, 12 Apr 2013 11:19:59 +0000 (13:19 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 6 May 2013 14:10:11 +0000 (16:10 +0200)
This lets the kernel backend decide what to do with it, and in fact all kernel
interfaces already handle this correctly.

src/libcharon/sa/child_sa.c

index 463ad2e..a8c246b 100644 (file)
@@ -668,21 +668,18 @@ METHOD(child_sa_t, install, status_t,
                lifetime->time.rekey = 0;
        }
 
-       if (this->mode == MODE_BEET || this->mode == MODE_TRANSPORT)
+       /* BEET requires the bound address from the traffic selectors.
+        * TODO: We add just the first traffic selector for now, as the
+        * kernel accepts a single TS per SA only */
+       if (inbound)
        {
-               /* BEET requires the bound address from the traffic selectors.
-                * TODO: We add just the first traffic selector for now, as the
-                * kernel accepts a single TS per SA only */
-               if (inbound)
-               {
-                       my_ts->get_first(my_ts, (void**)&dst_ts);
-                       other_ts->get_first(other_ts, (void**)&src_ts);
-               }
-               else
-               {
-                       my_ts->get_first(my_ts, (void**)&src_ts);
-                       other_ts->get_first(other_ts, (void**)&dst_ts);
-               }
+               my_ts->get_first(my_ts, (void**)&dst_ts);
+               other_ts->get_first(other_ts, (void**)&src_ts);
+       }
+       else
+       {
+               my_ts->get_first(my_ts, (void**)&src_ts);
+               other_ts->get_first(other_ts, (void**)&dst_ts);
        }
 
        status = hydra->kernel_interface->add_sa(hydra->kernel_interface,