Imported Upstream version 5.0.2

author: Yves-Alexis Perez <corsac@debian.org> 2013-02-07 13:27:27 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2013-02-07 13:27:27 +0100
commit: 7585facf05d927eb6df3929ce09ed5e60d905437 (patch)
tree: e4d14b4dc180db20356b6b01ce0112f3a2d7897e /src/libipsec
parent: c1343b3278cdf99533b7902744d15969f9d6fdc1 (diff)
download: vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.tar.gz
vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.zip
17 files changed, 156 insertions, 50 deletions
diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in
index 6d984d8ab..628857cbe 100644
--- a/src/libipsec/Makefile.in
+++ b/src/libipsec/Makefile.in
@@ -1,9 +1,9 @@
-# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# Makefile.in generated by automake 1.11.3 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
-# Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -73,6 +73,12 @@ am__nobase_list = $(am__nobase_strip_setup); \
 am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
 am__installdirs = "$(DESTDIR)$(ipseclibdir)"
 LTLIBRARIES = $(ipseclib_LTLIBRARIES)
 libipsec_la_DEPENDENCIES =
@@ -156,6 +162,7 @@ CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
 DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
 DSYMUTIL = @DSYMUTIL@
 DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
@@ -183,6 +190,7 @@ LIPO = @LIPO@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
 MYSQLCFLAG = @MYSQLCFLAG@
 MYSQLCONFIG = @MYSQLCONFIG@
@@ -210,6 +218,7 @@ RANLIB = @RANLIB@
 RTLIB = @RTLIB@
 RUBY = @RUBY@
 RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
@@ -222,6 +231,7 @@ abs_builddir = @abs_builddir@
 abs_srcdir = @abs_srcdir@
 abs_top_builddir = @abs_top_builddir@
 abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
@@ -275,7 +285,6 @@ libexecdir = @libexecdir@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
 maemo_CFLAGS = @maemo_CFLAGS@
 maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
@@ -411,7 +420,7 @@ clean-ipseclibLTLIBRARIES:
 	  echo "rm -f \"$${dir}/so_locations\""; \
 	  rm -f "$${dir}/so_locations"; \
 	done
-libipsec.la: $(libipsec_la_OBJECTS) $(libipsec_la_DEPENDENCIES) 
+libipsec.la: $(libipsec_la_OBJECTS) $(libipsec_la_DEPENDENCIES) $(EXTRA_libipsec_la_DEPENDENCIES) 
 	$(LINK) -rpath $(ipseclibdir) $(libipsec_la_OBJECTS) $(libipsec_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
@@ -669,10 +678,15 @@ install-am: all-am
 
 installcheck: installcheck-recursive
 install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
 mostlyclean-generic:
 
 clean-generic:
diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c
index dc3ad3f8b..44b1117d9 100644
--- a/src/libipsec/esp_context.c
+++ b/src/libipsec/esp_context.c
@@ -21,7 +21,7 @@
 #include "esp_context.h"
 
 #include <library.h>
-#include <debug.h>
+#include <utils/debug.h>
 #include <crypto/crypters/crypter.h>
 #include <crypto/signers/signer.h>
 
diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c
index bfcab95eb..16cc687ef 100644
--- a/src/libipsec/esp_packet.c
+++ b/src/libipsec/esp_packet.c
@@ -19,7 +19,7 @@
 #include "esp_packet.h"
 
 #include <library.h>
-#include <debug.h>
+#include <utils/debug.h>
 #include <crypto/crypters/crypter.h>
 #include <crypto/signers/signer.h>
 #include <bio/bio_reader.h>
diff --git a/src/libipsec/esp_packet.h b/src/libipsec/esp_packet.h
index a1d1602c1..ce8645825 100644
--- a/src/libipsec/esp_packet.h
+++ b/src/libipsec/esp_packet.h
@@ -27,8 +27,8 @@
 #include "esp_context.h"
 
 #include <library.h>
-#include <utils/host.h>
-#include <utils/packet.h>
+#include <networking/host.h>
+#include <networking/packet.h>
 
 typedef struct esp_packet_t esp_packet_t;
 
diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c
index 096ca33a8..5c8cc2e3e 100644
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -17,7 +17,7 @@
 #include "ip_packet.h"
 
 #include <library.h>
-#include <debug.h>
+#include <utils/debug.h>
 
 #include <netinet/in.h>
 #include <netinet/ip.h>
diff --git a/src/libipsec/ip_packet.h b/src/libipsec/ip_packet.h
index b4fc298ff..de817e23e 100644
--- a/src/libipsec/ip_packet.h
+++ b/src/libipsec/ip_packet.h
@@ -22,8 +22,8 @@
 #define IP_PACKET_H_
 
 #include <library.h>
-#include <utils/host.h>
-#include <utils/packet.h>
+#include <networking/host.h>
+#include <networking/packet.h>
 
 typedef struct ip_packet_t ip_packet_t;
 
diff --git a/src/libipsec/ipsec.c b/src/libipsec/ipsec.c
index 50d9163ea..6c9a26acf 100644
--- a/src/libipsec/ipsec.c
+++ b/src/libipsec/ipsec.c
@@ -17,7 +17,7 @@
 
 #include "ipsec.h"
 
-#include <debug.h>
+#include <utils/debug.h>
 
 typedef struct private_ipsec_t private_ipsec_t;
 
diff --git a/src/libipsec/ipsec_event_relay.c b/src/libipsec/ipsec_event_relay.c
index 34222258c..d7d7e8276 100644
--- a/src/libipsec/ipsec_event_relay.c
+++ b/src/libipsec/ipsec_event_relay.c
@@ -18,10 +18,10 @@
 #include "ipsec_event_relay.h"
 
 #include <library.h>
-#include <debug.h>
+#include <utils/debug.h>
 #include <threading/rwlock.h>
-#include <utils/linked_list.h>
-#include <utils/blocking_queue.h>
+#include <collections/linked_list.h>
+#include <collections/blocking_queue.h>
 #include <processing/jobs/callback_job.h>
 
 typedef struct private_ipsec_event_relay_t private_ipsec_event_relay_t;
diff --git a/src/libipsec/ipsec_policy.c b/src/libipsec/ipsec_policy.c
index af8ea9f9d..8407921ac 100644
--- a/src/libipsec/ipsec_policy.c
+++ b/src/libipsec/ipsec_policy.c
@@ -17,7 +17,7 @@
 
 #include "ipsec_policy.h"
 
-#include <debug.h>
+#include <utils/debug.h>
 
 typedef struct private_ipsec_policy_t private_ipsec_policy_t;
 
diff --git a/src/libipsec/ipsec_policy.h b/src/libipsec/ipsec_policy.h
index 67ad0b0ed..23a9ea99d 100644
--- a/src/libipsec/ipsec_policy.h
+++ b/src/libipsec/ipsec_policy.h
@@ -26,7 +26,7 @@
 #include "ip_packet.h"
 
 #include <library.h>
-#include <utils/host.h>
+#include <networking/host.h>
 #include <ipsec/ipsec_types.h>
 #include <selectors/traffic_selector.h>
 
diff --git a/src/libipsec/ipsec_policy_mgr.c b/src/libipsec/ipsec_policy_mgr.c
index 41ba792c3..72f94ec20 100644
--- a/src/libipsec/ipsec_policy_mgr.c
+++ b/src/libipsec/ipsec_policy_mgr.c
@@ -17,9 +17,9 @@
 
 #include "ipsec_policy_mgr.h"
 
-#include <debug.h>
+#include <utils/debug.h>
 #include <threading/rwlock.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
 
 /** Base priority for installed policies */
 #define PRIO_BASE 512
diff --git a/src/libipsec/ipsec_policy_mgr.h b/src/libipsec/ipsec_policy_mgr.h
index d3ee1074f..dfa4b12c3 100644
--- a/src/libipsec/ipsec_policy_mgr.h
+++ b/src/libipsec/ipsec_policy_mgr.h
@@ -27,8 +27,8 @@
 #include "ip_packet.h"
 
 #include <library.h>
-#include <utils/host.h>
-#include <utils/linked_list.h>
+#include <networking/host.h>
+#include <collections/linked_list.h>
 #include <ipsec/ipsec_types.h>
 #include <selectors/traffic_selector.h>
 
diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c
index a91d9e074..66f43a408 100644
--- a/src/libipsec/ipsec_processor.c
+++ b/src/libipsec/ipsec_processor.c
@@ -16,10 +16,10 @@
 #include "ipsec.h"
 #include "ipsec_processor.h"
 
-#include <debug.h>
+#include <utils/debug.h>
 #include <library.h>
 #include <threading/rwlock.h>
-#include <utils/blocking_queue.h>
+#include <collections/blocking_queue.h>
 #include <processing/jobs/callback_job.h>
 
 typedef struct private_ipsec_processor_t private_ipsec_processor_t;
@@ -146,7 +146,9 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this)
 				policy->destroy(policy);
 				break;
 			}
-			DBG1(DBG_ESP, "discarding inbound IP packet due to policy");
+			DBG1(DBG_ESP, "discarding inbound IP packet %H == %H due to "
+				 "policy", ip_packet->get_source(ip_packet),
+				 ip_packet->get_destination(ip_packet));
 			/* no matching policy found, fall-through */
 		}
 		case IPPROTO_NONE:
diff --git a/src/libipsec/ipsec_sa.c b/src/libipsec/ipsec_sa.c
index cccd16404..2ff5cff55 100644
--- a/src/libipsec/ipsec_sa.c
+++ b/src/libipsec/ipsec_sa.c
@@ -18,7 +18,7 @@
 #include "ipsec_sa.h"
 
 #include <library.h>
-#include <debug.h>
+#include <utils/debug.h>
 
 typedef struct private_ipsec_sa_t private_ipsec_sa_t;
 
@@ -95,6 +95,20 @@ METHOD(ipsec_sa_t, get_destination, host_t*,
 	return this->dst;
 }
 
+METHOD(ipsec_sa_t, set_source, void,
+	private_ipsec_sa_t *this, host_t *addr)
+{
+	this->src->destroy(this->src);
+	this->src = addr->clone(addr);
+}
+
+METHOD(ipsec_sa_t, set_destination, void,
+	private_ipsec_sa_t *this, host_t *addr)
+{
+	this->dst->destroy(this->dst);
+	this->dst = addr->clone(addr);
+}
+
 METHOD(ipsec_sa_t, get_spi, u_int32_t,
 	private_ipsec_sa_t *this)
 {
@@ -202,6 +216,8 @@ ipsec_sa_t *ipsec_sa_create(u_int32_t spi, host_t *src, host_t *dst,
 			.destroy = _destroy,
 			.get_source = _get_source,
 			.get_destination = _get_destination,
+			.set_source = _set_source,
+			.set_destination = _set_destination,
 			.get_spi = _get_spi,
 			.get_reqid = _get_reqid,
 			.get_protocol = _get_protocol,
diff --git a/src/libipsec/ipsec_sa.h b/src/libipsec/ipsec_sa.h
index 5fd03b6e4..dec688e68 100644
--- a/src/libipsec/ipsec_sa.h
+++ b/src/libipsec/ipsec_sa.h
@@ -26,7 +26,7 @@
 #include "esp_context.h"
 
 #include <library.h>
-#include <utils/host.h>
+#include <networking/host.h>
 #include <selectors/traffic_selector.h>
 #include <ipsec/ipsec_types.h>
 
@@ -52,6 +52,20 @@ struct ipsec_sa_t {
 	host_t *(*get_destination)(ipsec_sa_t *this);
 
 	/**
+	 * Set the source address for this SA
+	 *
+	 * @param addr		source address of this SA (gets cloned)
+	 */
+	void (*set_source)(ipsec_sa_t *this, host_t *addr);
+
+	/**
+	 * Set the destination address for this SA
+	 *
+	 * @param addr		destination address of this SA (gets cloned)
+	 */
+	void (*set_destination)(ipsec_sa_t *this, host_t *addr);
+
+	/**
 	 * Get the SPI for this SA
 	 *
 	 * @return			SPI of this SA
diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c
index e42c77aa5..28748971d 100644
--- a/src/libipsec/ipsec_sa_mgr.c
+++ b/src/libipsec/ipsec_sa_mgr.c
@@ -18,13 +18,13 @@
 #include "ipsec.h"
 #include "ipsec_sa_mgr.h"
 
-#include <debug.h>
+#include <utils/debug.h>
 #include <library.h>
 #include <processing/jobs/callback_job.h>
 #include <threading/condvar.h>
 #include <threading/mutex.h>
-#include <utils/hashtable.h>
-#include <utils/linked_list.h>
+#include <collections/hashtable.h>
+#include <collections/linked_list.h>
 
 typedef struct private_ipsec_sa_mgr_t private_ipsec_sa_mgr_t;
 
@@ -237,29 +237,29 @@ static bool match_entry_by_sa_ptr(ipsec_sa_entry_t *item, ipsec_sa_t *sa)
 	return item->sa == sa;
 }
 
-static bool match_entry_by_spi_inbound(ipsec_sa_entry_t *item, u_int32_t spi,
-									   bool inbound)
+static bool match_entry_by_spi_inbound(ipsec_sa_entry_t *item, u_int32_t *spi,
+									   bool *inbound)
 {
-	return item->sa->get_spi(item->sa) == spi &&
-		   item->sa->is_inbound(item->sa) == inbound;
+	return item->sa->get_spi(item->sa) == *spi &&
+		   item->sa->is_inbound(item->sa) == *inbound;
 }
 
-static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, u_int32_t spi,
+static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, u_int32_t *spi,
 									   host_t *src, host_t *dst)
 {
-	return item->sa->match_by_spi_src_dst(item->sa, spi, src, dst);
+	return item->sa->match_by_spi_src_dst(item->sa, *spi, src, dst);
 }
 
 static bool match_entry_by_reqid_inbound(ipsec_sa_entry_t *item,
-										 u_int32_t reqid, bool inbound)
+										 u_int32_t *reqid, bool *inbound)
 {
-	return item->sa->match_by_reqid(item->sa, reqid, inbound);
+	return item->sa->match_by_reqid(item->sa, *reqid, *inbound);
 }
 
-static bool match_entry_by_spi_dst(ipsec_sa_entry_t *item, u_int32_t spi,
+static bool match_entry_by_spi_dst(ipsec_sa_entry_t *item, u_int32_t *spi,
 								   host_t *dst)
 {
-	return item->sa->match_by_spi_dst(item->sa, spi, dst);
+	return item->sa->match_by_spi_dst(item->sa, *spi, dst);
 }
 
 /**
@@ -381,7 +381,7 @@ static bool allocate_spi(private_ipsec_sa_mgr_t *this, u_int32_t spi)
 
 	if (this->allocated_spis->get(this->allocated_spis, &spi) ||
 		this->sas->find_first(this->sas, (void*)match_entry_by_spi_inbound,
-							  NULL, spi, TRUE) == SUCCESS)
+							  NULL, &spi, TRUE) == SUCCESS)
 	{
 		return FALSE;
 	}
@@ -471,7 +471,7 @@ METHOD(ipsec_sa_mgr_t, add_sa, status_t,
 	}
 
 	if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst,
-							  NULL, spi, src, dst) == SUCCESS)
+							  NULL, &spi, src, dst) == SUCCESS)
 	{
 		this->mutex->unlock(this->mutex);
 		DBG1(DBG_ESP, "failed to install SAD entry: already installed");
@@ -487,6 +487,44 @@ METHOD(ipsec_sa_mgr_t, add_sa, status_t,
 	return SUCCESS;
 }
 
+METHOD(ipsec_sa_mgr_t, update_sa, status_t,
+	private_ipsec_sa_mgr_t *this, u_int32_t spi, u_int8_t protocol,
+	u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+	bool encap, bool new_encap, mark_t mark)
+{
+	ipsec_sa_entry_t *entry = NULL;
+
+	DBG2(DBG_ESP, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H",
+		 ntohl(spi), src, dst, new_src, new_dst);
+
+	if (!new_encap)
+	{
+		DBG1(DBG_ESP, "failed to update SAD entry: can't deactivate UDP "
+			 "encapsulation");
+		return NOT_SUPPORTED;
+	}
+
+	this->mutex->lock(this->mutex);
+	if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst,
+							 (void**)&entry, &spi, src, dst) == SUCCESS &&
+		wait_for_entry(this, entry))
+	{
+		entry->sa->set_source(entry->sa, new_src);
+		entry->sa->set_destination(entry->sa, new_dst);
+		/* checkin the entry */
+		entry->locked = FALSE;
+		entry->condvar->signal(entry->condvar);
+	}
+	this->mutex->unlock(this->mutex);
+
+	if (!entry)
+	{
+		DBG1(DBG_ESP, "failed to update SAD entry: not found");
+		return FAILED;
+	}
+	return SUCCESS;
+}
+
 METHOD(ipsec_sa_mgr_t, del_sa, status_t,
 	private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, u_int32_t spi,
 	u_int8_t protocol, u_int16_t cpi, mark_t mark)
@@ -498,7 +536,7 @@ METHOD(ipsec_sa_mgr_t, del_sa, status_t,
 	enumerator = this->sas->create_enumerator(this->sas);
 	while (enumerator->enumerate(enumerator, (void**)&current))
 	{
-		if (match_entry_by_spi_src_dst(current, spi, src, dst))
+		if (match_entry_by_spi_src_dst(current, &spi, src, dst))
 		{
 			if (wait_remove_entry(this, current))
 			{
@@ -529,7 +567,7 @@ METHOD(ipsec_sa_mgr_t, checkout_by_reqid, ipsec_sa_t*,
 
 	this->mutex->lock(this->mutex);
 	if (this->sas->find_first(this->sas, (void*)match_entry_by_reqid_inbound,
-							 (void**)&entry, reqid, inbound) == SUCCESS &&
+							 (void**)&entry, &reqid, &inbound) == SUCCESS &&
 		wait_for_entry(this, entry))
 	{
 		sa = entry->sa;
@@ -546,7 +584,7 @@ METHOD(ipsec_sa_mgr_t, checkout_by_spi, ipsec_sa_t*,
 
 	this->mutex->lock(this->mutex);
 	if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_dst,
-							 (void**)&entry, spi, dst) == SUCCESS &&
+							 (void**)&entry, &spi, dst) == SUCCESS &&
 		wait_for_entry(this, entry))
 	{
 		sa = entry->sa;
@@ -609,6 +647,7 @@ ipsec_sa_mgr_t *ipsec_sa_mgr_create()
 		.public = {
 			.get_spi = _get_spi,
 			.add_sa = _add_sa,
+			.update_sa = _update_sa,
 			.del_sa = _del_sa,
 			.checkout_by_spi = _checkout_by_spi,
 			.checkout_by_reqid = _checkout_by_reqid,
diff --git a/src/libipsec/ipsec_sa_mgr.h b/src/libipsec/ipsec_sa_mgr.h
index 303b36f0e..3ff092038 100644
--- a/src/libipsec/ipsec_sa_mgr.h
+++ b/src/libipsec/ipsec_sa_mgr.h
@@ -28,7 +28,7 @@
 #include <library.h>
 #include <ipsec/ipsec_types.h>
 #include <selectors/traffic_selector.h>
-#include <utils/host.h>
+#include <networking/host.h>
 
 typedef struct ipsec_sa_mgr_t ipsec_sa_mgr_t;
 
@@ -86,6 +86,27 @@ struct ipsec_sa_mgr_t {
 					   traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
 
 	/**
+	 * Update the hosts on an installed SA.
+	 *
+	 * @param spi			SPI of the SA
+	 * @param protocol		protocol for this SA (ESP/AH)
+	 * @param cpi			CPI for IPComp, 0 if no IPComp is used
+	 * @param src			current source address
+	 * @param dst			current destination address
+	 * @param new_src		new source address
+	 * @param new_dst		new destination address
+	 * @param encap			current use of UDP encapsulation
+	 * @param new_encap		new use of UDP encapsulation
+	 * @param mark			optional mark for this SA
+	 * @return				SUCCESS if operation completed
+	 */
+	status_t (*update_sa)(ipsec_sa_mgr_t *this,
+						  u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
+						  host_t *src, host_t *dst,
+						  host_t *new_src, host_t *new_dst,
+						  bool encap, bool new_encap, mark_t mark);
+
+	/**
 	 * Delete a previously added SA
 	 *
 	 * @param spi			SPI of the SA
author	Yves-Alexis Perez <corsac@debian.org>	2013-02-07 13:27:27 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2013-02-07 13:27:27 +0100
commit	7585facf05d927eb6df3929ce09ed5e60d905437 (patch)
tree	e4d14b4dc180db20356b6b01ce0112f3a2d7897e /src/libipsec
parent	c1343b3278cdf99533b7902744d15969f9d6fdc1 (diff)
download	vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.tar.gz vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.zip