ipsec status lists IPCOMP CPIs
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 22 Jul 2008 12:03:58 +0000 (12:03 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 22 Jul 2008 12:03:58 +0000 (12:03 -0000)
src/charon/kernel/kernel_interface.c
src/charon/plugins/stroke/stroke_list.c
src/charon/sa/child_sa.c
src/charon/sa/child_sa.h
src/charon/sa/tasks/child_create.c

index 9d9aaac..44b79cc 100644 (file)
@@ -2014,6 +2014,7 @@ static status_t get_cpi(private_kernel_interface_t *this,
                                                u_int32_t reqid, u_int16_t *cpi)
 {
        u_int32_t received_spi = 0;
+
        DBG2(DBG_KNL, "getting CPI for reqid {%d}", reqid);
        
        if (get_spi_internal(this, src, dst,
index 138e24e..8f67b2c 100644 (file)
@@ -127,11 +127,21 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
        
        if (child_sa->get_state(child_sa) == CHILD_INSTALLED)
        {
+               u_int16_t my_cpi    = child_sa->get_cpi(child_sa, TRUE);
+               u_int16_t other_cpi = child_sa->get_cpi(child_sa, FALSE);               
+
                fprintf(out, ", %N SPIs: %.8x_i %.8x_o",
                                protocol_id_names, child_sa->get_protocol(child_sa),
                                ntohl(child_sa->get_spi(child_sa, TRUE)),
                                ntohl(child_sa->get_spi(child_sa, FALSE)));
-               
+
+               /* Is IPcomp installed ? */
+               if (my_cpi && other_cpi)
+               {
+                       fprintf(out, ", IPCOMP CPIs: %.4x_i %.4x_o",
+                                       ntohs(my_cpi), ntohs(other_cpi));
+               }
+
                if (all)
                {
                        fprintf(out, "\n%12s{%d}:  ", child_sa->get_name(child_sa), 
index 57595e1..baab1d5 100644 (file)
@@ -210,6 +210,18 @@ u_int32_t get_spi(private_child_sa_t *this, bool inbound)
 }
 
 /**
+ * Implements child_sa_t.get_cpi
+ */
+u_int16_t get_cpi(private_child_sa_t *this, bool inbound)
+{
+       if (inbound)
+       {
+               return this->me.cpi;
+       }
+       return this->other.cpi;
+}
+
+/**
  * Implements child_sa_t.get_protocol
  */
 protocol_id_t get_protocol(private_child_sa_t *this)
@@ -924,9 +936,9 @@ static void activate_ipcomp(private_child_sa_t *this, ipcomp_transform_t ipcomp,
 }
 
 /**
- * Implementation of child_sa_t.get_my_cpi.
+ * Implementation of child_sa_t.allocate_cpi.
  */
-static u_int16_t get_my_cpi(private_child_sa_t *this)
+static u_int16_t allocate_cpi(private_child_sa_t *this)
 {
        if (!this->cpi_allocated)
        {
@@ -1028,6 +1040,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
        this->public.get_name = (char*(*)(child_sa_t*))get_name;
        this->public.get_reqid = (u_int32_t(*)(child_sa_t*))get_reqid;
        this->public.get_spi = (u_int32_t(*)(child_sa_t*, bool))get_spi;
+       this->public.get_cpi = (u_int16_t(*)(child_sa_t*, bool))get_cpi;
        this->public.get_protocol = (protocol_id_t(*)(child_sa_t*))get_protocol;
        this->public.get_stats = (void(*)(child_sa_t*, mode_t*,encryption_algorithm_t*,size_t*,integrity_algorithm_t*,size_t*,u_int32_t*,u_int32_t*,u_int32_t*,u_int32_t*))get_stats;
        this->public.alloc = (status_t(*)(child_sa_t*,linked_list_t*))alloc;
@@ -1041,7 +1054,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
        this->public.get_state = (child_sa_state_t(*)(child_sa_t*))get_state;
        this->public.get_config = (child_cfg_t*(*)(child_sa_t*))get_config;
        this->public.activate_ipcomp = (void(*)(child_sa_t*,ipcomp_transform_t,u_int16_t))activate_ipcomp;
-       this->public.get_my_cpi = (u_int16_t(*)(child_sa_t*))get_my_cpi;
+       this->public.allocate_cpi = (u_int16_t(*)(child_sa_t*))allocate_cpi;
        this->public.set_virtual_ip = (void(*)(child_sa_t*,host_t*))set_virtual_ip;
        this->public.destroy = (void(*)(child_sa_t*))destroy;
 
index c566e56..e4d116a 100644 (file)
@@ -114,11 +114,23 @@ struct child_sa_t {
         * FALSE to get those we use for sending packets.
         *
         * @param inbound       TRUE to get inbound SPI, FALSE for outbound.
-        * @return                      spi of the CHILD SA
+        * @return                      SPI of the CHILD SA
         */
        u_int32_t (*get_spi) (child_sa_t *this, bool inbound);
        
        /**
+        * Get the CPI of this CHILD_SA.
+        * 
+        * Set the boolean parameter inbound to TRUE to
+        * get the SPI for which we receive packets, use
+        * FALSE to get those we use for sending packets.
+        *
+        * @param inbound       TRUE to get inbound CPI, FALSE for outbound.
+        * @return                      CPI of the CHILD SA
+        */
+       u_int16_t (*get_cpi) (child_sa_t *this, bool inbound);
+
+       /**
         * Get the protocol which this CHILD_SA uses to protect traffic.
         *
         * @return                      AH | ESP
@@ -270,7 +282,7 @@ struct child_sa_t {
         * 
         * @return                      allocated CPI
         */
-       u_int16_t (*get_my_cpi) (child_sa_t *this);
+       u_int16_t (*allocate_cpi) (child_sa_t *this);
        
        /**
         * Destroys a child_sa.
index 743cf5b..dcdc853 100644 (file)
@@ -456,7 +456,7 @@ static void build_ipcomp_supported_notify(private_child_create_t *this,
                return;
        }
        
-       cpi = this->child_sa->get_my_cpi(this->child_sa);
+       cpi = this->child_sa->allocate_cpi(this->child_sa);
        tid = this->ipcomp;
        if (cpi)
        {