From: Tobias Brunner Date: Thu, 11 May 2023 14:56:07 +0000 (+0200) Subject: libipsec: Instruct ESP sender whether to use UDP encapsulation X-Git-Tag: 5.9.11rc1~8^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ddfaf5857e0697713df6ba37206c0dee39366bf;p=thirdparty%2Fstrongswan.git libipsec: Instruct ESP sender whether to use UDP encapsulation --- diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c index d01ca73532..f7e6ec34be 100644 --- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c @@ -86,7 +86,7 @@ struct private_android_service_t { }; CALLBACK(send_esp, void, - void *data, esp_packet_t *packet) + void *data, esp_packet_t *packet, bool encap) { charon->sender->send_no_marker(charon->sender, (packet_t*)packet); } diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c index 7c6d3c3ba4..07a4da4a30 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c @@ -95,7 +95,7 @@ static bool tun_entry_equals(tun_entry_t *a, tun_entry_t *b) } CALLBACK(send_esp, void, - void *data, esp_packet_t *packet) + void *data, esp_packet_t *packet, bool encap) { charon->sender->send_no_marker(charon->sender, (packet_t*)packet); } diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c index 11c587c93b..2572b08808 100644 --- a/src/libipsec/ipsec_processor.c +++ b/src/libipsec/ipsec_processor.c @@ -169,12 +169,12 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this) * Send an ESP packet using the registered outbound callback */ static void send_outbound(private_ipsec_processor_t *this, - esp_packet_t *packet) + esp_packet_t *packet, bool encap) { this->lock->read_lock(this->lock); if (this->outbound.cb) { - this->outbound.cb(this->outbound.data, packet); + this->outbound.cb(this->outbound.data, packet, encap); } else { @@ -194,7 +194,7 @@ static job_requeue_t process_outbound(private_ipsec_processor_t *this) ip_packet_t *packet; ipsec_sa_t *sa; host_t *src, *dst; - bool acquire = FALSE; + bool acquire = FALSE, encap = FALSE; packet = (ip_packet_t*)this->outbound_queue->dequeue(this->outbound_queue); @@ -242,9 +242,10 @@ static job_requeue_t process_outbound(private_ipsec_processor_t *this) return JOB_REQUEUE_DIRECT; } sa->update_usestats(sa, packet->get_encoding(packet).len); + encap = sa->get_encap(sa); ipsec->sas->checkin(ipsec->sas, sa); policy->destroy(policy); - send_outbound(this, esp_packet); + send_outbound(this, esp_packet, encap); return JOB_REQUEUE_DIRECT; } diff --git a/src/libipsec/ipsec_processor.h b/src/libipsec/ipsec_processor.h index 734e8f53e8..bc9d1863f0 100644 --- a/src/libipsec/ipsec_processor.h +++ b/src/libipsec/ipsec_processor.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2023 Tobias Brunner * * Copyright (C) secunet Security Networks AG * @@ -43,8 +43,10 @@ typedef void (*ipsec_inbound_cb_t)(void *data, ip_packet_t *packet); * * @param data data supplied during registration of the callback * @param packet ESP packet to send + * @param encap TRUE to send the packet with UDP encapsulation */ -typedef void (*ipsec_outbound_cb_t)(void *data, esp_packet_t *packet); +typedef void (*ipsec_outbound_cb_t)(void *data, esp_packet_t *packet, + bool encap); /** * IPsec processor