|
version 1.1.1.1, 2020/06/03 09:46:45
|
version 1.1.1.2, 2021/03/17 00:20:09
|
|
Line 114 struct private_child_sa_t {
|
Line 114 struct private_child_sa_t {
|
| child_sa_outbound_state_t outbound_state; |
child_sa_outbound_state_t outbound_state; |
| |
|
| /** |
/** |
| |
* Whether the inbound SA has been installed |
| |
*/ |
| |
bool inbound_installed; |
| |
|
| |
/** |
| * Whether the peer supports TFCv3 |
* Whether the peer supports TFCv3 |
| */ |
*/ |
| bool tfcv3; |
bool tfcv3; |
|
Line 541 static status_t update_usebytes(private_child_sa_t *th
|
Line 546 static status_t update_usebytes(private_child_sa_t *th
|
| |
|
| if (inbound) |
if (inbound) |
| { |
{ |
| if (this->my_spi) | if (this->my_spi && this->inbound_installed) |
| { |
{ |
| kernel_ipsec_sa_id_t id = { |
kernel_ipsec_sa_id_t id = { |
| .src = this->other_addr, |
.src = this->other_addr, |
|
Line 807 static status_t install_internal(private_child_sa_t *t
|
Line 812 static status_t install_internal(private_child_sa_t *t
|
| this->my_cpi = cpi; |
this->my_cpi = cpi; |
| dst_ts = my_ts; |
dst_ts = my_ts; |
| src_ts = other_ts; |
src_ts = other_ts; |
| |
this->inbound_installed = TRUE; |
| } |
} |
| else |
else |
| { |
{ |
|
Line 1469 static status_t update_sas(private_child_sa_t *this, h
|
Line 1475 static status_t update_sas(private_child_sa_t *this, h
|
| bool encap) |
bool encap) |
| { |
{ |
| /* update our (initiator) SA */ |
/* update our (initiator) SA */ |
| if (this->my_spi) | if (this->my_spi && this->inbound_installed) |
| { |
{ |
| kernel_ipsec_sa_id_t id = { |
kernel_ipsec_sa_id_t id = { |
| .src = this->other_addr, |
.src = this->other_addr, |
|
Line 1542 METHOD(child_sa_t, update, status_t,
|
Line 1548 METHOD(child_sa_t, update, status_t,
|
| OPT_PROXY_MODE); |
OPT_PROXY_MODE); |
| |
|
| if (!this->config->has_option(this->config, OPT_NO_POLICIES) && |
if (!this->config->has_option(this->config, OPT_NO_POLICIES) && |
| require_policy_update()) | require_policy_update() && array_count(this->my_ts) && |
| | array_count(this->other_ts)) |
| { |
{ |
| ipsec_sa_cfg_t my_sa, other_sa; |
ipsec_sa_cfg_t my_sa, other_sa; |
| enumerator_t *enumerator; |
enumerator_t *enumerator; |
|
Line 1605 METHOD(child_sa_t, update, status_t,
|
Line 1612 METHOD(child_sa_t, update, status_t,
|
| |
|
| /* we reinstall the virtual IP to handle interface roaming |
/* we reinstall the virtual IP to handle interface roaming |
| * correctly */ |
* correctly */ |
| vips->invoke_function(vips, reinstall_vip, me); | if (vips) |
| | { |
| | vips->invoke_function(vips, reinstall_vip, me); |
| | } |
| |
|
| /* reinstall updated policies */ |
/* reinstall updated policies */ |
| install_policies_internal(this, me, other, my_ts, other_ts, |
install_policies_internal(this, me, other, my_ts, other_ts, |
|
Line 1696 METHOD(child_sa_t, destroy, void,
|
Line 1706 METHOD(child_sa_t, destroy, void,
|
| enumerator->destroy(enumerator); |
enumerator->destroy(enumerator); |
| } |
} |
| |
|
| /* delete SAs in the kernel, if they are set up */ | /* delete SAs in the kernel, if they are set up, inbound is always deleted |
| | * to remove allocated SPIs */ |
| if (this->my_spi) |
if (this->my_spi) |
| { |
{ |
| kernel_ipsec_sa_id_t id = { |
kernel_ipsec_sa_id_t id = { |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to child_sa.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / sa