child-sa: Cache and forward actual initiator flag for outbound SA
Kernel interfaces (e.g. TKM) might rely on this flag to be correct.
This commit is contained in:
parent
32db8aa2b4
commit
7910435983
|
@ -108,6 +108,11 @@ struct private_child_sa_t {
|
|||
*/
|
||||
chunk_t integ_r;
|
||||
|
||||
/**
|
||||
* Whether the registered outbound SA was created as initiator
|
||||
*/
|
||||
bool initiator;
|
||||
|
||||
/**
|
||||
* Whether the outbound SA has only been registered yet during a rekeying
|
||||
*/
|
||||
|
@ -1313,7 +1318,7 @@ METHOD(child_sa_t, install_policies, status_t,
|
|||
|
||||
METHOD(child_sa_t, register_outbound, status_t,
|
||||
private_child_sa_t *this, chunk_t encr, chunk_t integ, uint32_t spi,
|
||||
uint16_t cpi, bool tfcv3)
|
||||
uint16_t cpi, bool initiator, bool tfcv3)
|
||||
{
|
||||
status_t status;
|
||||
|
||||
|
@ -1321,7 +1326,7 @@ METHOD(child_sa_t, register_outbound, status_t,
|
|||
* SA immediately as it will only be used once we update the policies */
|
||||
if (charon->kernel->get_features(charon->kernel) & KERNEL_POLICY_SPI)
|
||||
{
|
||||
status = install_internal(this, encr, integ, spi, cpi, FALSE, FALSE,
|
||||
status = install_internal(this, encr, integ, spi, cpi, initiator, FALSE,
|
||||
tfcv3);
|
||||
}
|
||||
else
|
||||
|
@ -1335,6 +1340,7 @@ METHOD(child_sa_t, register_outbound, status_t,
|
|||
this->other_cpi = cpi;
|
||||
this->encr_r = chunk_clone(encr);
|
||||
this->integ_r = chunk_clone(integ);
|
||||
this->initiator = initiator;
|
||||
this->tfcv3 = tfcv3;
|
||||
status = SUCCESS;
|
||||
}
|
||||
|
@ -1352,8 +1358,8 @@ METHOD(child_sa_t, install_outbound, status_t,
|
|||
if (!(this->outbound_state & CHILD_OUTBOUND_SA))
|
||||
{
|
||||
status = install_internal(this, this->encr_r, this->integ_r,
|
||||
this->other_spi, this->other_cpi, FALSE,
|
||||
FALSE, this->tfcv3);
|
||||
this->other_spi, this->other_cpi,
|
||||
this->initiator, FALSE, this->tfcv3);
|
||||
chunk_clear(&this->encr_r);
|
||||
chunk_clear(&this->integ_r);
|
||||
}
|
||||
|
|
|
@ -433,11 +433,13 @@ struct child_sa_t {
|
|||
* @param integ integrity key (cloned)
|
||||
* @param spi SPI to use, allocated for inbound
|
||||
* @param cpi CPI to use, allocated for outbound
|
||||
* @param initiator TRUE if initiator of exchange resulting in this SA
|
||||
* @param tfcv3 TRUE if peer supports ESPv3 TFC
|
||||
* @return SUCCESS or FAILED
|
||||
*/
|
||||
status_t (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ,
|
||||
uint32_t spi, uint16_t cpi, bool tfcv3);
|
||||
uint32_t spi, uint16_t cpi, bool initiator,
|
||||
bool tfcv3);
|
||||
|
||||
/**
|
||||
* Install the outbound policies and, if not already done, the outbound SA
|
||||
|
|
|
@ -720,13 +720,13 @@ static status_t select_and_install(private_child_create_t *this, bool ike_auth)
|
|||
{
|
||||
status_o = this->child_sa->register_outbound(this->child_sa,
|
||||
encr_i, integ_i, this->other_spi, this->other_cpi,
|
||||
this->tfcv3);
|
||||
this->initiator, this->tfcv3);
|
||||
}
|
||||
else
|
||||
{
|
||||
status_o = this->child_sa->register_outbound(this->child_sa,
|
||||
encr_r, integ_r, this->other_spi, this->other_cpi,
|
||||
this->tfcv3);
|
||||
this->initiator, this->tfcv3);
|
||||
}
|
||||
}
|
||||
else if (this->initiator)
|
||||
|
|
Loading…
Reference in New Issue