/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2023 Tobias Brunner
* Copyright (C) 2012 Giuliano Grassi
* Copyright (C) 2012 Ralf Sager
*
*/
ipsec_mode_t mode;
+ /**
+ * TRUE if UDP encapsulation should be used when sending
+ */
+ bool encap;
+
/**
* TRUE if extended sequence numbers are used
*/
this->dst = addr->clone(addr);
}
+METHOD(ipsec_sa_t, get_encap, bool,
+ private_ipsec_sa_t *this)
+{
+ return this->encap;
+}
+
+METHOD(ipsec_sa_t, set_encap, void,
+ private_ipsec_sa_t *this, bool encap)
+{
+ this->encap = encap;
+}
+
METHOD(ipsec_sa_t, get_spi, uint32_t,
private_ipsec_sa_t *this)
{
DBG1(DBG_ESP, " IPsec SA: protocol not supported");
return NULL;
}
- if (!encap)
- {
- DBG1(DBG_ESP, " IPsec SA: only UDP encapsulation is supported");
- return NULL;
- }
if (esn)
{
DBG1(DBG_ESP, " IPsec SA: ESN not supported");
.get_destination = _get_destination,
.set_source = _set_source,
.set_destination = _set_destination,
+ .get_encap = _get_encap,
+ .set_encap = _set_encap,
.get_spi = _get_spi,
.get_reqid = _get_reqid,
.get_protocol = _get_protocol,
.protocol = protocol,
.reqid = reqid,
.mode = mode,
+ .encap = encap,
.esn = esn,
.inbound = inbound,
);
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2023 Tobias Brunner
* Copyright (C) 2012 Giuliano Grassi
* Copyright (C) 2012 Ralf Sager
*
*/
void (*set_destination)(ipsec_sa_t *this, host_t *addr);
+ /**
+ * Get whether UDP encapsulation should be used for this SA
+ *
+ * @return TRUE if encapsulation should be used, FALSE otherwise
+ */
+ bool (*get_encap)(ipsec_sa_t *this);
+
+ /**
+ * Set whether UDP encapsulation should be used for this SA
+ *
+ * @param encap TRUE if encapsulation should be used, FALSE otherwise
+ */
+ void (*set_encap)(ipsec_sa_t *this, bool encap);
+
/**
* Get the SPI for this SA
*
METHOD(ipsec_sa_mgr_t, add_sa, status_t,
private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, uint32_t spi,
- uint8_t protocol, uint32_t reqid, mark_t mark, uint32_t tfc,
+ uint8_t protocol, uint32_t reqid, mark_t mark, uint32_t tfc,
lifetime_cfg_t *lifetime, uint16_t enc_alg, chunk_t enc_key,
uint16_t int_alg, chunk_t int_key, ipsec_mode_t mode, uint16_t ipcomp,
uint16_t cpi, bool initiator, bool encap, bool esn, bool inbound,
DBG2(DBG_ESP, " using integrity algorithm %N with key size %d",
integrity_algorithm_names, int_alg, int_key.len * 8);
+ if (!encap)
+ {
+ DBG1(DBG_ESP, " IPsec SA: only UDP encapsulation is supported");
+ return FAILED;
+ }
+
sa_new = ipsec_sa_create(spi, src, dst, protocol, reqid, mark, tfc,
lifetime, enc_alg, enc_key, int_alg, int_key, mode,
ipcomp, cpi, encap, esn, inbound);
{
entry->sa->set_source(entry->sa, new_src);
entry->sa->set_destination(entry->sa, new_dst);
+ entry->sa->set_encap(entry->sa, new_encap);
/* checkin the entry */
entry->locked = FALSE;
entry->condvar->signal(entry->condvar);
projects / thirdparty / strongswan.git / commitdiff
