diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
| commit | 7585facf05d927eb6df3929ce09ed5e60d905437 (patch) | |
| tree | e4d14b4dc180db20356b6b01ce0112f3a2d7897e /src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | |
| parent | c1343b3278cdf99533b7902744d15969f9d6fdc1 (diff) | |
| download | vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.tar.gz vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.zip | |
Imported Upstream version 5.0.2
Diffstat (limited to 'src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c')
| -rw-r--r-- | src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 47 |
1 files changed, 42 insertions, 5 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index 4f5b6600d..f9b2634a0 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -36,11 +36,11 @@ #include "kernel_netlink_shared.h" #include <hydra.h> -#include <debug.h> +#include <utils/debug.h> #include <threading/thread.h> #include <threading/mutex.h> -#include <utils/hashtable.h> -#include <utils/linked_list.h> +#include <collections/hashtable.h> +#include <collections/linked_list.h> #include <processing/jobs/callback_job.h> /** Required for Linux 2.6.26 kernel and later */ @@ -1537,7 +1537,8 @@ failed: * Allocates into one the replay state structure we get from the kernel. */ static void get_replay_state(private_kernel_netlink_ipsec_t *this, - u_int32_t spi, u_int8_t protocol, host_t *dst, + u_int32_t spi, u_int8_t protocol, + host_t *dst, mark_t mark, struct xfrm_replay_state_esn **replay_esn, struct xfrm_replay_state **replay) { @@ -1566,6 +1567,24 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, aevent_id->sa_id.proto = protocol; aevent_id->sa_id.family = dst->get_family(dst); + if (mark.value) + { + struct xfrm_mark *mrk; + struct rtattr *rthdr = XFRM_RTA(hdr, struct xfrm_aevent_id); + + rthdr->rta_type = XFRMA_MARK; + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark)); + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); + if (hdr->nlmsg_len > sizeof(request)) + { + return; + } + + mrk = (struct xfrm_mark*)RTA_DATA(rthdr); + mrk->v = mark.value; + mrk->m = mark.mask; + } + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1834,6 +1853,24 @@ METHOD(kernel_ipsec_t, update_sa, status_t, sa_id->proto = protocol; sa_id->family = dst->get_family(dst); + if (mark.value) + { + struct xfrm_mark *mrk; + struct rtattr *rthdr = XFRM_RTA(hdr, struct xfrm_usersa_id); + + rthdr->rta_type = XFRMA_MARK; + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark)); + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); + if (hdr->nlmsg_len > sizeof(request)) + { + return FAILED; + } + + mrk = (struct xfrm_mark*)RTA_DATA(rthdr); + mrk->v = mark.value; + mrk->m = mark.mask; + } + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1868,7 +1905,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, goto failed; } - get_replay_state(this, spi, protocol, dst, &replay_esn, &replay); + get_replay_state(this, spi, protocol, dst, mark, &replay_esn, &replay); /* delete the old SA (without affecting the IPComp SA) */ if (del_sa(this, src, dst, spi, protocol, 0, mark) != SUCCESS) |