Added an esn parameter to the kernel interface add_sa functions

2011-04-18 15:16:23 +02:00 · 2011-04-18 15:16:23 +02:00 · 4876d4f3b3
parent f7925cad04
commit 4876d4f3b3
9 changed files with 17 additions and 15 deletions
--- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
@ -54,8 +54,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	   u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
 	   u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
 	   u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
-	   u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts,
-	   traffic_selector_t *dst_ts)
+	   u_int16_t cpi, bool encap, bool esn, bool inbound,
+	   traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
 	return SUCCESS;
 }
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@ -647,7 +647,7 @@ METHOD(child_sa_t, install, status_t,
 				src, dst, spi, proto_ike2ip(this->protocol), this->reqid,
 				inbound ? this->mark_in : this->mark_out, tfc,
 				lifetime, enc_alg, encr, int_alg, integ, this->mode,
-				this->ipcomp, cpi, this->encap, update, src_ts, dst_ts);
+				this->ipcomp, cpi, this->encap, FALSE, update, src_ts, dst_ts);

 	free(lifetime);

--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@ -81,8 +81,8 @@ METHOD(kernel_interface_t, add_sa, status_t,
 	u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
 	u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
 	u_int16_t int_alg, chunk_t int_key,	ipsec_mode_t mode, u_int16_t ipcomp,
-	u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts,
-	traffic_selector_t *dst_ts)
+	u_int16_t cpi, bool encap, bool esn, bool inbound,
+	traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
 	if (!this->ipsec)
 	{
@ -90,7 +90,7 @@ METHOD(kernel_interface_t, add_sa, status_t,
 	}
 	return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
 			mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode,
-			ipcomp, cpi, encap, inbound, src_ts, dst_ts);
+			ipcomp, cpi, encap, esn, inbound, src_ts, dst_ts);
 }

 METHOD(kernel_interface_t, update_sa, status_t,
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@ -101,6 +101,7 @@ struct kernel_interface_t {
 	 * @param ipcomp		IPComp transform to use
 	 * @param cpi			CPI for IPComp
 	 * @param encap			enable UDP encapsulation for NAT traversal
+	 * @param esn			TRUE to use Extended Sequence Numbers
 	 * @param inbound		TRUE if this is an inbound SA
 	 * @param src_ts		traffic selector with BEET source address
 	 * @param dst_ts		traffic selector with BEET destination address
@ -113,7 +114,7 @@ struct kernel_interface_t {
 						u_int16_t enc_alg, chunk_t enc_key,
 						u_int16_t int_alg, chunk_t int_key,
 						ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-						bool encap, bool inbound,
+						bool encap, bool esn, bool inbound,
 						traffic_selector_t *src_ts, traffic_selector_t *dst_ts);

 	/**
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@ -214,6 +214,7 @@ struct kernel_ipsec_t {
 	 * @param ipcomp		IPComp transform to use
 	 * @param cpi			CPI for IPComp
 	 * @param encap			enable UDP encapsulation for NAT traversal
+	 * @param esn			TRUE to use Extended Sequence Numbers
 	 * @param inbound		TRUE if this is an inbound SA
 	 * @param src_ts		traffic selector with BEET source address
 	 * @param dst_ts		traffic selector with BEET destination address
@ -226,7 +227,7 @@ struct kernel_ipsec_t {
 						u_int16_t enc_alg, chunk_t enc_key,
 						u_int16_t int_alg, chunk_t int_key,
 						ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-						bool encap, bool inbound,
+						bool encap, bool esn, bool inbound,
 						traffic_selector_t *src_ts, traffic_selector_t *dst_ts);

 	/**
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
@ -1671,7 +1671,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
 	lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
 	u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
-	u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound,
+	u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound,
 	traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@ -868,7 +868,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
 	u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
 	u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
-	u_int16_t cpi, bool encap, bool inbound,
+	u_int16_t cpi, bool encap, bool esn, bool inbound,
 	traffic_selector_t* src_ts, traffic_selector_t* dst_ts)
 {
 	netlink_buf_t request;
@ -884,7 +884,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}};
 		add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, tfc,
 			   &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty,
-			   mode, ipcomp, 0, FALSE, inbound, NULL, NULL);
+			   mode, ipcomp, 0, FALSE, FALSE, inbound, NULL, NULL);
 		ipcomp = IPCOMP_NONE;
 		/* use transport mode ESP SA, IPComp uses tunnel mode */
 		mode = MODE_TRANSPORT;
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@ -1209,7 +1209,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
 	lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
 	u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
-	u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound,
+	u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound,
 	traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
--- a/src/pluto/kernel.c
+++ b/src/pluto/kernel.c
@ -1185,7 +1185,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
 						host_dst, ipcomp_spi, said_next->proto, c->spd.reqid,
 						mark, 0, &lt_none, ENCR_UNDEFINED, chunk_empty,
 						AUTH_UNDEFINED, chunk_empty, mode,
-						st->st_ipcomp.attrs.transid, 0 /* cpi */, FALSE,
+						st->st_ipcomp.attrs.transid, 0 /* cpi */, FALSE, FALSE,
 						inbound, NULL, NULL) != SUCCESS)
 		{
 			goto fail;
@ -1294,7 +1294,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
 						host_dst, esp_spi, said_next->proto, c->spd.reqid,
 						mark, 0, &lt_none, enc_alg, enc_key,
 						auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */,
-						encap, inbound, NULL, NULL) != SUCCESS)
+						encap, FALSE, inbound, NULL, NULL) != SUCCESS)
 		{
 			goto fail;
 		}
@ -1327,7 +1327,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
 						host_dst, ah_spi, said_next->proto, c->spd.reqid,
 						mark, 0, &lt_none, ENCR_UNDEFINED, chunk_empty,
 						auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */,
-						FALSE, inbound, NULL, NULL) != SUCCESS)
+						FALSE, FALSE, inbound, NULL, NULL) != SUCCESS)
 		{
 			goto fail;
 		}