diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2015-11-18 14:49:27 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2015-11-18 14:49:27 +0100 |
| commit | 1e980d6be0ef0e243c6fe82b5e855454b97e24a4 (patch) | |
| tree | 0d59eec2ce2ed332434ae80fc78a44db9ad293c5 /src/libhydra/plugins/kernel_pfkey | |
| parent | 5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (diff) | |
| download | vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.tar.gz vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.zip | |
Imported Upstream version 5.3.4
Diffstat (limited to 'src/libhydra/plugins/kernel_pfkey')
| -rw-r--r-- | src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 5027e1759..c67366b86 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2012 Tobias Brunner + * Copyright (C) 2008-2015 Tobias Brunner * Copyright (C) 2008 Andreas Steffen * Hochschule fuer Technik Rapperswil * @@ -843,7 +843,9 @@ static kernel_algorithm_t encryption_algs[] = { /* {ENCR_DES_IV32, 0 }, */ {ENCR_NULL, SADB_EALG_NULL }, {ENCR_AES_CBC, SADB_X_EALG_AESCBC }, -/* {ENCR_AES_CTR, SADB_X_EALG_AESCTR }, */ +#ifdef SADB_X_EALG_AESCTR + {ENCR_AES_CTR, SADB_X_EALG_AESCTR }, +#endif /* {ENCR_AES_CCM_ICV8, SADB_X_EALG_AES_CCM_ICV8 }, */ /* {ENCR_AES_CCM_ICV12, SADB_X_EALG_AES_CCM_ICV12 }, */ /* {ENCR_AES_CCM_ICV16, SADB_X_EALG_AES_CCM_ICV16 }, */ @@ -2689,8 +2691,9 @@ METHOD(kernel_ipsec_t, query_policy, status_t, } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, policy_priority_t prio) { unsigned char request[PFKEY_BUFFER_SIZE]; @@ -2702,6 +2705,11 @@ METHOD(kernel_ipsec_t, del_policy, status_t, bool first = TRUE, is_installed = TRUE; u_int32_t priority; size_t len; + ipsec_sa_t assigned_sa = { + .src = src, + .dst = dst, + .cfg = *sa, + }; if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ @@ -2735,7 +2743,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, enumerator = policy->used_by->create_enumerator(policy->used_by); while (enumerator->enumerate(enumerator, (void**)&mapping)) { - if (reqid == mapping->sa->cfg.reqid && priority == mapping->priority) + if (priority == mapping->priority && + ipsec_sa_equals(mapping->sa, &assigned_sa)) { to_remove = mapping; is_installed = first; |