*/
chunk_t integ_r;
+ /**
+ * Whether the registered outbound SA was created as initiator
+ */
+ bool initiator;
+
/**
* Whether the outbound SA has only been registered yet during a rekeying
*/
METHOD(child_sa_t, register_outbound, status_t,
private_child_sa_t *this, chunk_t encr, chunk_t integ, uint32_t spi,
- uint16_t cpi, bool tfcv3)
+ uint16_t cpi, bool initiator, bool tfcv3)
{
status_t status;
if (install_outbound_immediately(this))
{
- status = install_internal(this, encr, integ, spi, cpi, FALSE, FALSE,
+ status = install_internal(this, encr, integ, spi, cpi, initiator, FALSE,
tfcv3);
}
else
this->other_cpi = cpi;
this->encr_r = chunk_clone(encr);
this->integ_r = chunk_clone(integ);
+ this->initiator = initiator;
this->tfcv3 = tfcv3;
status = SUCCESS;
}
if (!(this->outbound_state & CHILD_OUTBOUND_SA))
{
status = install_internal(this, this->encr_r, this->integ_r,
- this->other_spi, this->other_cpi, FALSE,
- FALSE, this->tfcv3);
+ this->other_spi, this->other_cpi,
+ this->initiator, FALSE, this->tfcv3);
chunk_clear(&this->encr_r);
chunk_clear(&this->integ_r);
}
* @param integ integrity key (cloned)
* @param spi SPI to use, allocated for inbound
* @param cpi CPI to use, allocated for outbound
+ * @param initiator TRUE if initiator of exchange resulting in this SA
* @param tfcv3 TRUE if peer supports ESPv3 TFC
* @return SUCCESS or FAILED
*/
status_t (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ,
- uint32_t spi, uint16_t cpi, bool tfcv3);
+ uint32_t spi, uint16_t cpi, bool initiator,
+ bool tfcv3);
/**
* Install the outbound policies and, if not already done, the outbound SA
{
status_o = this->child_sa->register_outbound(this->child_sa,
encr_i, integ_i, this->other_spi, this->other_cpi,
- this->tfcv3);
+ this->initiator, this->tfcv3);
}
else
{
status_o = this->child_sa->register_outbound(this->child_sa,
encr_r, integ_r, this->other_spi, this->other_cpi,
- this->tfcv3);
+ this->initiator, this->tfcv3);
}
}
else if (this->initiator)
projects / thirdparty / strongswan.git / commitdiff
