libipsec: Instruct ESP sender whether to use UDP encapsulation

diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
index d01ca73532763c4db2e982aa112186ceed406ba4..f7e6ec34bee587a99fc00cfdc41a45ca6e8a8c83 100644 (file)
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
@@ -86,7 +86,7 @@ struct private_android_service_t {
 };
 
 CALLBACK(send_esp, void,
-       void *data, esp_packet_t *packet)
+       void *data, esp_packet_t *packet, bool encap)
 {
        charon->sender->send_no_marker(charon->sender, (packet_t*)packet);
 }

diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
index 7c6d3c3ba4d3ad521dcf95401bc2408f4379d8c8..07a4da4a306649285318fea3502413c741b98f9d 100644 (file)
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
@@ -95,7 +95,7 @@ static bool tun_entry_equals(tun_entry_t *a, tun_entry_t *b)
 }
 
 CALLBACK(send_esp, void,
-       void *data, esp_packet_t *packet)
+       void *data, esp_packet_t *packet, bool encap)
 {
        charon->sender->send_no_marker(charon->sender, (packet_t*)packet);
 }

diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c
index 11c587c93bc5b91410555bcd0d251897cac98b33..2572b088089ef3928bdfb423b3157f591179072c 100644 (file)
--- a/src/libipsec/ipsec_processor.c
+++ b/src/libipsec/ipsec_processor.c
@@ -169,12 +169,12 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this)
  * Send an ESP packet using the registered outbound callback
  */
 static void send_outbound(private_ipsec_processor_t *this,
-                                                 esp_packet_t *packet)
+                                                 esp_packet_t *packet, bool encap)
 {
        this->lock->read_lock(this->lock);
        if (this->outbound.cb)
        {
-               this->outbound.cb(this->outbound.data, packet);
+               this->outbound.cb(this->outbound.data, packet, encap);
        }
        else
        {
@@ -194,7 +194,7 @@ static job_requeue_t process_outbound(private_ipsec_processor_t *this)
        ip_packet_t *packet;
        ipsec_sa_t *sa;
        host_t *src, *dst;
-       bool acquire = FALSE;
+       bool acquire = FALSE, encap = FALSE;
 
        packet = (ip_packet_t*)this->outbound_queue->dequeue(this->outbound_queue);
 
@@ -242,9 +242,10 @@ static job_requeue_t process_outbound(private_ipsec_processor_t *this)
                return JOB_REQUEUE_DIRECT;
        }
        sa->update_usestats(sa, packet->get_encoding(packet).len);
+       encap = sa->get_encap(sa);
        ipsec->sas->checkin(ipsec->sas, sa);
        policy->destroy(policy);
-       send_outbound(this, esp_packet);
+       send_outbound(this, esp_packet, encap);
        return JOB_REQUEUE_DIRECT;
 }
 

diff --git a/src/libipsec/ipsec_processor.h b/src/libipsec/ipsec_processor.h
index 734e8f53e8d551e536f17b94d0506bf23f4d9407..bc9d1863f0b79e55bb4d6c0bfb3dbcc57f16936d 100644 (file)
--- a/src/libipsec/ipsec_processor.h
+++ b/src/libipsec/ipsec_processor.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2023 Tobias Brunner
  *
  * Copyright (C) secunet Security Networks AG
  *
@@ -43,8 +43,10 @@ typedef void (*ipsec_inbound_cb_t)(void *data, ip_packet_t *packet);
  *
  * @param data                 data supplied during registration of the callback
  * @param packet               ESP packet to send
+ * @param encap                        TRUE to send the packet with UDP encapsulation
  */
-typedef void (*ipsec_outbound_cb_t)(void *data, esp_packet_t *packet);
+typedef void (*ipsec_outbound_cb_t)(void *data, esp_packet_t *packet,
+                                                                       bool encap);
 
 /**
  *  IPsec processor