From: Tobias Brunner Date: Tue, 28 Feb 2017 14:03:45 +0000 (+0100) Subject: child-sa: Add method to associate rekeyed CHILD_SAs with their replacement X-Git-Tag: 5.5.3~25^2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cad13450bed9c082f58c1acddd9c4f197aebd8e5;p=thirdparty%2Fstrongswan.git child-sa: Add method to associate rekeyed CHILD_SAs with their replacement --- diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 93a2120e60..29d4680f23 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -112,6 +112,11 @@ struct private_child_sa_t { */ bool tfcv3; + /** + * The outbound SPI of the CHILD_SA that replaced this one during a rekeying + */ + uint32_t rekey_spi; + /** * Protocol used to protect this SA, ESP|AH */ @@ -1303,6 +1308,18 @@ METHOD(child_sa_t, install_outbound, status_t, return status; } +METHOD(child_sa_t, set_rekey_spi, void, + private_child_sa_t *this, uint32_t spi) +{ + this->rekey_spi = spi; +} + +METHOD(child_sa_t, get_rekey_spi, uint32_t, + private_child_sa_t *this) +{ + return this->rekey_spi; +} + /** * Callback to reinstall a virtual IP */ @@ -1642,6 +1659,8 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, .install = _install, .register_outbound = _register_outbound, .install_outbound = _install_outbound, + .set_rekey_spi = _set_rekey_spi, + .get_rekey_spi = _get_rekey_spi, .update = _update, .set_policies = _set_policies, .install_policies = _install_policies, diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index 98fa24701c..4483346b1c 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -418,6 +418,22 @@ struct child_sa_t { */ status_t (*install_policies)(child_sa_t *this); + /** + * Set the outbound SPI of the CHILD_SA that replaced this CHILD_SA during + * a rekeying. + * + * @param spi outbound SPI of the CHILD_SA that replaced this CHILD_SA + */ + void (*set_rekey_spi)(child_sa_t *this, uint32_t spi); + + /** + * Get the outbound SPI of the CHILD_SA that replaced this CHILD_SA during + * a rekeying. + * + * @return outbound SPI of the CHILD_SA that replaced this CHILD_SA + */ + uint32_t (*get_rekey_spi)(child_sa_t *this); + /** * Update hosts and ecapulation mode in the kernel SAs and policies. *