private_kernel_android_ipsec_t *this, kernel_ipsec_sa_id_t *id,
kernel_ipsec_add_sa_t *data)
{
+ if (!data->encap)
+ {
+ DBG1(DBG_ESP, "failed to add SAD entry: only UDP encapsulation is "
+ "supported");
+ return FAILED;
+ }
return ipsec->sas->add_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto,
data->reqid, id->mark, data->tfc, data->lifetime,
data->enc_alg, data->enc_key, data->int_alg, data->int_key,
private_kernel_android_ipsec_t *this, kernel_ipsec_sa_id_t *id,
kernel_ipsec_update_sa_t *data)
{
+ if (!data->new_encap)
+ {
+ DBG1(DBG_ESP, "failed to update SAD entry: can't deactivate UDP "
+ "encapsulation");
+ return NOT_SUPPORTED;
+ }
return ipsec->sas->update_sa(ipsec->sas, id->spi, id->proto, data->cpi,
id->src, id->dst, data->new_src, data->new_dst, data->encap,
data->new_encap, id->mark);
private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id,
kernel_ipsec_add_sa_t *data)
{
+ if (!data->encap)
+ {
+ DBG1(DBG_ESP, "failed to add SAD entry: only UDP encapsulation is "
+ "supported");
+ return FAILED;
+ }
return ipsec->sas->add_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto,
data->reqid, id->mark, data->tfc, data->lifetime,
data->enc_alg, data->enc_key, data->int_alg, data->int_key,
DBG2(DBG_ESP, " using integrity algorithm %N with key size %d",
integrity_algorithm_names, int_alg, int_key.len * 8);
- if (!encap)
- {
- DBG1(DBG_ESP, " IPsec SA: only UDP encapsulation is supported");
- return FAILED;
- }
-
sa_new = ipsec_sa_create(spi, src, dst, protocol, reqid, mark, tfc,
lifetime, enc_alg, enc_key, int_alg, int_key, mode,
ipcomp, cpi, encap, esn, inbound);
DBG2(DBG_ESP, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H",
ntohl(spi), src, dst, new_src, new_dst);
- if (!new_encap)
- {
- DBG1(DBG_ESP, "failed to update SAD entry: can't deactivate UDP "
- "encapsulation");
- return NOT_SUPPORTED;
- }
-
this->mutex->lock(this->mutex);
if (this->sas->find_first(this->sas, match_entry_by_spi_src_dst_cb,
(void**)&entry, spi, src, dst) &&
projects / thirdparty / strongswan.git / commitdiff
