bool encap;
/** TRUE to enable UDP encapsulation */
bool new_encap;
+ /** New reqid, or 0 if unchanged */
+ uint32_t new_reqid;
};
/**
kernel_ipsec_update_sa_t ipcomp = {
.new_src = data->new_src,
.new_dst = data->new_dst,
+ .new_reqid = data->new_reqid,
};
update_sa(this, &ipcomp_id, &ipcomp);
}
sa = NLMSG_DATA(hdr);
memcpy(sa, NLMSG_DATA(out_hdr), sizeof(struct xfrm_usersa_info));
sa->family = data->new_dst->get_family(data->new_dst);
+ if (data->new_reqid)
+ {
+ sa->reqid = data->new_reqid;
+ }
if (!id->src->ip_equals(id->src, data->new_src))
{
size_t len;
status_t status = FAILED;
+ if (data->new_reqid)
+ {
+ DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x: reqid "
+ "change is not supported", ntohl(id->spi));
+ return NOT_SUPPORTED;
+ }
#ifndef SADB_X_EXT_NEW_ADDRESS_SRC
/* we can't update the SA if any of the ip addresses have changed.
* that's because we can't use SADB_UPDATE and by deleting and readding the
key.dst = entry->osa.dst;
this->osas->remove(this->osas, &key);
+ if (data->new_reqid)
+ {
+ entry->reqid = data->new_reqid;
+ }
entry->local->destroy(entry->local);
entry->remote->destroy(entry->remote);
entry->local = data->new_dst->clone(data->new_dst);
projects / thirdparty / strongswan.git / commitdiff
