From: Adrian-Ken Rueegsegger Date: Tue, 21 Apr 2015 14:34:06 +0000 (+0200) Subject: charon-tkm: Also store local SPI in SAD X-Git-Tag: 5.3.1rc1~35^2 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=38b65d71860a1a725c7bab48500380866cb379d6;p=thirdparty%2Fstrongswan.git charon-tkm: Also store local SPI in SAD --- diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c index d751a06cd4..7a0672aa85 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c @@ -132,7 +132,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } esa_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ESA); - if (!tkm->sad->insert(tkm->sad, esa_id, reqid, local, peer, spi_rem, + if (!tkm->sad->insert(tkm->sad, esa_id, reqid, local, peer, spi_loc, spi_rem, protocol)) { DBG1(DBG_KNL, "unable to add entry (%llu) to SAD", esa_id); diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.c b/src/charon-tkm/src/tkm/tkm_kernel_sad.c index 619ebeeb61..2556f6b8b1 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.c @@ -72,9 +72,14 @@ struct sad_entry_t { host_t *dst; /** - * SPI of CHILD SA. + * Local SPI of CHILD SA. */ - u_int32_t spi; + u_int32_t spi_loc; + + /** + * Remote SPI of CHILD SA. + */ + u_int32_t spi_rem; /** * Protocol of CHILD SA (ESP/AH). @@ -97,7 +102,7 @@ static void sad_entry_destroy(sad_entry_t *entry) } /** - * Find a list entry with given src, dst, spi and proto values. + * Find a list entry with given src, dst, (remote) spi and proto values. */ static bool sad_entry_match(sad_entry_t * const entry, const host_t * const src, const host_t * const dst, const u_int32_t * const spi, @@ -110,7 +115,7 @@ static bool sad_entry_match(sad_entry_t * const entry, const host_t * const src, return src->ip_equals(entry->src, (host_t *)src) && dst->ip_equals(entry->dst, (host_t *)dst) && - entry->spi == *spi && entry->proto == *proto; + entry->spi_rem == *spi && entry->proto == *proto; } /** @@ -121,9 +126,9 @@ static bool sad_entry_match_dst(sad_entry_t * const entry, const u_int32_t * const spi, const u_int8_t * const proto) { - return entry->reqid == *reqid && - entry->spi == *spi && - entry->proto == *proto; + return entry->reqid == *reqid && + entry->spi_rem == *spi && + entry->proto == *proto; } /** @@ -160,13 +165,15 @@ static bool sad_entry_equal(sad_entry_t * const left, sad_entry_t * const right) left->reqid == right->reqid && left->src->ip_equals(left->src, right->src) && left->dst->ip_equals(left->dst, right->dst) && - left->spi == right->spi && left->proto == right->proto; + left->spi_loc == right->spi_loc && + left->spi_rem == right->spi_rem && + left->proto == right->proto; } METHOD(tkm_kernel_sad_t, insert, bool, private_tkm_kernel_sad_t * const this, const esa_id_type esa_id, const u_int32_t reqid, const host_t * const src, const host_t * const dst, - const u_int32_t spi, const u_int8_t proto) + const u_int32_t spi_loc, const u_int32_t spi_rem, const u_int8_t proto) { status_t result; sad_entry_t *new_entry; @@ -176,7 +183,8 @@ METHOD(tkm_kernel_sad_t, insert, bool, .reqid = reqid, .src = (host_t *)src, .dst = (host_t *)dst, - .spi = spi, + .spi_loc = spi_loc, + .spi_rem = spi_rem, .proto = proto, ); @@ -187,8 +195,8 @@ METHOD(tkm_kernel_sad_t, insert, bool, if (result == NOT_FOUND) { DBG3(DBG_KNL, "inserting SAD entry (esa: %llu, reqid: %u, src: %H, " - "dst: %H, spi: %x, proto: %u)", esa_id, reqid, src, dst, - ntohl(spi), proto); + "dst: %H, spi_loc: %x, spi_rem: %x,proto: %u)", esa_id, reqid, src, + dst, ntohl(spi_loc), ntohl(spi_rem), proto); new_entry->src = src->clone((host_t *)src); new_entry->dst = dst->clone((host_t *)dst); this->data->insert_last(this->data, new_entry); diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.h b/src/charon-tkm/src/tkm/tkm_kernel_sad.h index fd48308052..3a84deffcd 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.h +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.h @@ -40,21 +40,22 @@ struct tkm_kernel_sad_t { * @param reqid reqid of the SA * @param src source address of CHILD SA * @param dst destination address of CHILD SA - * @param spi SPI of CHILD SA + * @param spi_loc Local SPI of CHILD SA + * @param spi_rem Remote SPI of CHILD SA * @param proto protocol of CHILD SA (ESP/AH) * @return TRUE if entry was inserted, FALSE otherwise */ bool (*insert)(tkm_kernel_sad_t * const this, const esa_id_type esa_id, const u_int32_t reqid, const host_t * const src, - const host_t * const dst, const u_int32_t spi, - const u_int8_t proto); + const host_t * const dst, const u_int32_t spi_loc, + const u_int32_t spi_rem, const u_int8_t proto); /** * Get ESA id for entry with given parameters. * * @param src source address of CHILD SA * @param dst destination address of CHILD SA - * @param spi SPI of CHILD SA + * @param spi Remote SPI of CHILD SA * @param proto protocol of CHILD SA (ESP/AH) * @return ESA id of entry if found, 0 otherwise */ @@ -76,7 +77,7 @@ struct tkm_kernel_sad_t { * Get destination host for entry with given parameters. * * @param reqid reqid of CHILD SA - * @param spi SPI of CHILD SA + * @param spi Remote SPI of CHILD SA * @param proto protocol of CHILD SA (ESP/AH) * @return destination host of entry if found, NULL otherwise */ diff --git a/src/charon-tkm/tests/kernel_sad_tests.c b/src/charon-tkm/tests/kernel_sad_tests.c index 91ccdd4dd2..2a033d2376 100644 --- a/src/charon-tkm/tests/kernel_sad_tests.c +++ b/src/charon-tkm/tests/kernel_sad_tests.c @@ -34,7 +34,7 @@ START_TEST(test_insert) host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->insert(sad, 1, 2, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 1, 2, addr, addr, 27, 42, 50), "Error inserting SAD entry"); sad->destroy(sad); @@ -47,9 +47,9 @@ START_TEST(test_insert_duplicate) host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->insert(sad, 1, 2, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 1, 2, addr, addr, 27, 42, 50), "Error inserting SAD entry"); - fail_if(sad->insert(sad, 1, 2, addr, addr, 42, 50), + fail_if(sad->insert(sad, 1, 2, addr, addr, 27, 42, 50), "Expected error inserting duplicate entry"); sad->destroy(sad); @@ -61,7 +61,7 @@ START_TEST(test_get_esa_id) { host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->insert(sad, 23, 54, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50) == 23, "Error getting esa id"); @@ -85,9 +85,9 @@ START_TEST(test_get_other_esa_id) { host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->insert(sad, 23, 54, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); - fail_unless(sad->insert(sad, 24, 54, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 24, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); fail_unless(sad->get_other_esa_id(sad, 23) == 24, "Error getting other esa id"); @@ -102,7 +102,7 @@ START_TEST(test_get_other_esa_id_nonexistent) tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); fail_unless(sad->get_other_esa_id(sad, 1) == 0, "Got other esa id for nonexistent SAD entry"); - fail_unless(sad->insert(sad, 23, 54, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); fail_unless(sad->get_other_esa_id(sad, 23) == 0, "Got own esa id"); @@ -116,7 +116,7 @@ START_TEST(test_get_dst_host) { host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->insert(sad, 23, 54, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); host_t *dst = sad->get_dst_host(sad, 54, 42, 50); @@ -139,7 +139,7 @@ START_TEST(test_remove) { host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->insert(sad, 23, 54, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50) == 23, "Error getting esa id");