u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
linked_list_t* src_ts, linked_list_t* dst_ts)
{
esa_info_t esa;
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
linked_list_t *src_ts, linked_list_t *dst_ts)
{
return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark,
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
linked_list_t *src_ts, linked_list_t *dst_ts)
{
host_t *local, *remote;
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
linked_list_t *src_ts, linked_list_t *dst_ts)
{
return SUCCESS;
inbound ? this->mark_in : this->mark_out, tfc,
lifetime, enc_alg, encr, int_alg, integ, this->mode,
this->ipcomp, cpi, this->config->get_replay_window(this->config),
- initiator, this->encap, esn, update, src_ts, dst_ts);
+ initiator, this->encap, esn, inbound, update, src_ts, dst_ts);
free(lifetime);
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
linked_list_t *src_ts, linked_list_t *dst_ts)
{
if (!this->ipsec)
return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode,
ipcomp, cpi, replay_window, initiator, encap, esn, inbound,
- src_ts, dst_ts);
+ update, src_ts, dst_ts);
}
METHOD(kernel_interface_t, update_sa, status_t,
* @param encap enable UDP encapsulation for NAT traversal
* @param esn TRUE to use Extended Sequence Numbers
* @param inbound TRUE if this is an inbound SA
+ * @param update TRUE if an SPI has already been allocated for SA
* @param src_ts list of source traffic selectors
* @param dst_ts list of destination traffic selectors
* @return SUCCESS if operation completed
u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key,
ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
+ u_int32_t replay_window, bool initiator, bool encap,
+ bool esn, bool inbound, bool update,
linked_list_t *src_ts, linked_list_t *dst_ts);
/**
* @param encap enable UDP encapsulation for NAT traversal
* @param esn TRUE to use Extended Sequence Numbers
* @param inbound TRUE if this is an inbound SA
+ * @param update TRUE if an SPI has already been allocated for SA
* @param src_ts list of source traffic selectors
* @param dst_ts list of destination traffic selectors
* @return SUCCESS if operation completed
u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key,
ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
+ u_int32_t replay_window, bool initiator, bool encap,
+ bool esn, bool inbound, bool update,
linked_list_t *src_ts, linked_list_t *dst_ts);
/**
u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
linked_list_t* src_ts, linked_list_t* dst_ts)
{
netlink_buf_t request;
add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark,
tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED,
chunk_empty, mode, ipcomp, 0, 0, initiator, FALSE, FALSE,
- inbound, src_ts, dst_ts);
+ inbound, update, src_ts, dst_ts);
ipcomp = IPCOMP_NONE;
/* use transport mode ESP SA, IPComp uses tunnel mode */
mode = MODE_TRANSPORT;
hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
- hdr->nlmsg_type = inbound ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA;
+ hdr->nlmsg_type = update ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info));
sa = NLMSG_DATA(hdr);
lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound,
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
linked_list_t *src_ts, linked_list_t *dst_ts)
{
unsigned char request[PFKEY_BUFFER_SIZE];
add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark,
tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED,
chunk_empty, mode, ipcomp, 0, 0, FALSE, FALSE, FALSE, inbound,
- NULL, NULL);
+ update, NULL, NULL);
ipcomp = IPCOMP_NONE;
/* use transport mode ESP SA, IPComp uses tunnel mode */
mode = MODE_TRANSPORT;
}
- if (inbound)
+ if (update)
{
/* As we didn't know the reqid during SPI allocation, we used reqid
* zero. Unfortunately we can't SADB_UPDATE to the new reqid, hence we