tkm: Use the inbound flag do determine peer role in CHILD_SA exchange
authorMartin Willi <martin@revosec.ch>
Mon, 9 Mar 2015 16:44:55 +0000 (17:44 +0100)
committerMartin Willi <martin@revosec.ch>
Mon, 9 Mar 2015 17:18:20 +0000 (18:18 +0100)
This was not available during initial implementation, but fits just fine to
avoid reconstructing the peer role.

src/charon-tkm/src/tkm/tkm_kernel_ipsec.c

index a62e2b1..69341a4 100644 (file)
@@ -86,11 +86,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
        u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
        u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
        u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
-       bool _initiator, bool encap, bool esn, bool inbound,
+       bool initiator, bool encap, bool esn, bool inbound,
        linked_list_t* src_ts, linked_list_t* dst_ts)
 {
        esa_info_t esa;
-       bool initiator;
        esp_spi_type spi_loc, spi_rem;
        host_t *local, *peer;
        chunk_t *nonce_loc, *nonce_rem;
@@ -113,9 +112,6 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
                return SUCCESS;
        }
 
-       /* Initiator if encr_r is passed as enc_key to the inbound add_sa call */
-       /* TODO: does the new _initiator parameter have the same meaning? */
-       initiator = esa.is_encr_r && inbound;
        if (initiator)
        {
                spi_loc = spi;