From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 19 Mar 2025 12:28:12 +0000 (+0100)
Subject: child-sa: Store and propagate optional acquire sequence number
X-Git-Tag: 6.0.2dr1~6^2~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c9bac73d9485d3cf620c934b9c7a31f69b0d19f;p=thirdparty%2Fstrongswan.git

child-sa: Store and propagate optional acquire sequence number
---

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 7262342075..245d87af7f 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -161,6 +161,11 @@ struct private_child_sa_t {
 	 */
 	uint32_t unique_id;
 
+	/**
+	 * Optional sequence number associated with triggering acquire
+	 */
+	uint32_t seq;
+
 	/**
 	 * Whether FWD policies in the outbound direction should be installed
 	 */
@@ -817,6 +822,18 @@ METHOD(child_sa_t, get_label, sec_label_t*,
 	return this->label ?: this->config->get_label(this->config);
 }
 
+METHOD(child_sa_t, get_acquire_seq, uint32_t,
+	private_child_sa_t *this)
+{
+	return this->seq;
+}
+
+METHOD(child_sa_t, set_acquire_seq, void,
+	private_child_sa_t *this, uint32_t seq)
+{
+	this->seq = seq;
+}
+
 METHOD(child_sa_t, get_lifetime, time_t,
 	   private_child_sa_t *this, bool hard)
 {
@@ -1022,6 +1039,7 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr,
 	};
 	sa = (kernel_ipsec_add_sa_t){
 		.reqid = this->reqid,
+		.seq = this->seq,
 		.mode = this->mode,
 		.src_ts = src_ts,
 		.dst_ts = dst_ts,
@@ -2074,6 +2092,8 @@ child_sa_t *child_sa_create(host_t *me, host_t *other, child_cfg_t *config,
 			.get_mark = _get_mark,
 			.get_if_id = _get_if_id,
 			.get_label = _get_label,
+			.get_acquire_seq = _get_acquire_seq,
+			.set_acquire_seq = _set_acquire_seq,
 			.has_encap = _has_encap,
 			.get_ipcomp = _get_ipcomp,
 			.set_ipcomp = _set_ipcomp,
@@ -2112,6 +2132,7 @@ child_sa_t *child_sa_create(host_t *me, host_t *other, child_cfg_t *config,
 		.if_id_in = config->get_if_id(config, TRUE) ?: data->if_id_in_def,
 		.if_id_out = config->get_if_id(config, FALSE) ?: data->if_id_out_def,
 		.label = data->label ? data->label->clone(data->label) : NULL,
+		.seq = data->seq,
 		.install_time = time_monotonic(NULL),
 		.policies_fwd_out = config->has_option(config, OPT_FWD_OUT_POLICIES),
 	);
diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h
index 7c3763b0a9..43f306fe91 100644
--- a/src/libcharon/sa/child_sa.h
+++ b/src/libcharon/sa/child_sa.h
@@ -390,6 +390,22 @@ struct child_sa_t {
 	 */
 	sec_label_t *(*get_label)(child_sa_t *this);
 
+	/**
+	 * Get the optional sequence number associated with the acquire that
+	 * triggered this CHILD_SA.
+	 *
+	 * @return				sequence number associated with the acquire or 0
+	 */
+	uint32_t (*get_acquire_seq)(child_sa_t *this);
+
+	/**
+	 * Set the optional sequence number associated with the acquire that
+	 * triggered this CHILD_SA.
+	 *
+	 * @param seq			sequence number associated with the acquire
+	 */
+	void (*set_acquire_seq)(child_sa_t *this, uint32_t seq);
+
 	/**
 	 * Create an enumerator over traffic selectors of one side.
 	 *
@@ -559,6 +575,9 @@ struct child_sa_create_t {
 	uint32_t if_id_out_def;
 	/** Optional security label to apply on SAs (cloned) */
 	sec_label_t *label;
+	/** Optional sequence number associated with the acquire that triggered
+	 * this SA */
+	uint32_t seq;
 	/** TRUE to enable UDP encapsulation (NAT traversal) */
 	bool encap;
 };