From 4876d4f3b3c62c0203205a3c416a9a36accde3aa Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Mon, 18 Apr 2011 15:16:23 +0200
Subject: [PATCH] Added an esn parameter to the kernel interface add_sa
 functions

---
 src/libcharon/plugins/load_tester/load_tester_ipsec.c      | 4 ++--
 src/libcharon/sa/child_sa.c                                | 2 +-
 src/libhydra/kernel/kernel_interface.c                     | 6 +++---
 src/libhydra/kernel/kernel_interface.h                     | 3 ++-
 src/libhydra/kernel/kernel_ipsec.h                         | 3 ++-
 src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c     | 2 +-
 src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 4 ++--
 src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c     | 2 +-
 src/pluto/kernel.c                                         | 6 +++---
 9 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
index ef9d7f9ef..fdec5300e 100644
--- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
@@ -54,8 +54,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	   u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
 	   u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
 	   u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
-	   u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts,
-	   traffic_selector_t *dst_ts)
+	   u_int16_t cpi, bool encap, bool esn, bool inbound,
+	   traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
 	return SUCCESS;
 }
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 495929965..b27392d8e 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -647,7 +647,7 @@ METHOD(child_sa_t, install, status_t,
 				src, dst, spi, proto_ike2ip(this->protocol), this->reqid,
 				inbound ? this->mark_in : this->mark_out, tfc,
 				lifetime, enc_alg, encr, int_alg, integ, this->mode,
-				this->ipcomp, cpi, this->encap, update, src_ts, dst_ts);
+				this->ipcomp, cpi, this->encap, FALSE, update, src_ts, dst_ts);
 
 	free(lifetime);
 
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index 4fd5a7535..4b5b41f2b 100644
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -81,8 +81,8 @@ METHOD(kernel_interface_t, add_sa, status_t,
 	u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
 	u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
 	u_int16_t int_alg, chunk_t int_key,	ipsec_mode_t mode, u_int16_t ipcomp,
-	u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts,
-	traffic_selector_t *dst_ts)
+	u_int16_t cpi, bool encap, bool esn, bool inbound,
+	traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
 	if (!this->ipsec)
 	{
@@ -90,7 +90,7 @@ METHOD(kernel_interface_t, add_sa, status_t,
 	}
 	return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
 			mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode,
-			ipcomp, cpi, encap, inbound, src_ts, dst_ts);
+			ipcomp, cpi, encap, esn, inbound, src_ts, dst_ts);
 }
 
 METHOD(kernel_interface_t, update_sa, status_t,
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index ec73fa1f7..471a1d5d3 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -101,6 +101,7 @@ struct kernel_interface_t {
 	 * @param ipcomp		IPComp transform to use
 	 * @param cpi			CPI for IPComp
 	 * @param encap			enable UDP encapsulation for NAT traversal
+	 * @param esn			TRUE to use Extended Sequence Numbers
 	 * @param inbound		TRUE if this is an inbound SA
 	 * @param src_ts		traffic selector with BEET source address
 	 * @param dst_ts		traffic selector with BEET destination address
@@ -113,7 +114,7 @@ struct kernel_interface_t {
 						u_int16_t enc_alg, chunk_t enc_key,
 						u_int16_t int_alg, chunk_t int_key,
 						ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-						bool encap, bool inbound,
+						bool encap, bool esn, bool inbound,
 						traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
 
 	/**
diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h
index 3e2d8b9ce..ef36efd11 100644
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@@ -214,6 +214,7 @@ struct kernel_ipsec_t {
 	 * @param ipcomp		IPComp transform to use
 	 * @param cpi			CPI for IPComp
 	 * @param encap			enable UDP encapsulation for NAT traversal
+	 * @param esn			TRUE to use Extended Sequence Numbers
 	 * @param inbound		TRUE if this is an inbound SA
 	 * @param src_ts		traffic selector with BEET source address
 	 * @param dst_ts		traffic selector with BEET destination address
@@ -226,7 +227,7 @@ struct kernel_ipsec_t {
 						u_int16_t enc_alg, chunk_t enc_key,
 						u_int16_t int_alg, chunk_t int_key,
 						ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-						bool encap, bool inbound,
+						bool encap, bool esn, bool inbound,
 						traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
 
 	/**
diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
index cf9a3e1fd..ff4f0ed55 100644
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -1671,7 +1671,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
 	lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
 	u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
-	u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound,
+	u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound,
 	traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 4f1ee2a9c..1484fcce9 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -868,7 +868,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
 	u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
 	u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
-	u_int16_t cpi, bool encap, bool inbound,
+	u_int16_t cpi, bool encap, bool esn, bool inbound,
 	traffic_selector_t* src_ts, traffic_selector_t* dst_ts)
 {
 	netlink_buf_t request;
@@ -884,7 +884,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}};
 		add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, tfc,
 			   &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty,
-			   mode, ipcomp, 0, FALSE, inbound, NULL, NULL);
+			   mode, ipcomp, 0, FALSE, FALSE, inbound, NULL, NULL);
 		ipcomp = IPCOMP_NONE;
 		/* use transport mode ESP SA, IPComp uses tunnel mode */
 		mode = MODE_TRANSPORT;
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 681811528..b252b7092 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1209,7 +1209,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc,
 	lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
 	u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
-	u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound,
+	u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound,
 	traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c
index 104b6c2d4..8bed1fcfc 100644
--- a/src/pluto/kernel.c
+++ b/src/pluto/kernel.c
@@ -1185,7 +1185,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
 						host_dst, ipcomp_spi, said_next->proto, c->spd.reqid,
 						mark, 0, &lt_none, ENCR_UNDEFINED, chunk_empty,
 						AUTH_UNDEFINED, chunk_empty, mode,
-						st->st_ipcomp.attrs.transid, 0 /* cpi */, FALSE,
+						st->st_ipcomp.attrs.transid, 0 /* cpi */, FALSE, FALSE,
 						inbound, NULL, NULL) != SUCCESS)
 		{
 			goto fail;
@@ -1294,7 +1294,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
 						host_dst, esp_spi, said_next->proto, c->spd.reqid,
 						mark, 0, &lt_none, enc_alg, enc_key,
 						auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */,
-						encap, inbound, NULL, NULL) != SUCCESS)
+						encap, FALSE, inbound, NULL, NULL) != SUCCESS)
 		{
 			goto fail;
 		}
@@ -1327,7 +1327,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
 						host_dst, ah_spi, said_next->proto, c->spd.reqid,
 						mark, 0, &lt_none, ENCR_UNDEFINED, chunk_empty,
 						auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */,
-						FALSE, inbound, NULL, NULL) != SUCCESS)
+						FALSE, FALSE, inbound, NULL, NULL) != SUCCESS)
 		{
 			goto fail;
 		}