version 1.1.1.1, 2020/06/03 09:46:45
|
version 1.1.1.2, 2021/03/17 00:20:09
|
Line 114 struct private_child_sa_t {
|
Line 114 struct private_child_sa_t {
|
child_sa_outbound_state_t outbound_state; |
child_sa_outbound_state_t outbound_state; |
|
|
/** |
/** |
|
* Whether the inbound SA has been installed |
|
*/ |
|
bool inbound_installed; |
|
|
|
/** |
* Whether the peer supports TFCv3 |
* Whether the peer supports TFCv3 |
*/ |
*/ |
bool tfcv3; |
bool tfcv3; |
Line 541 static status_t update_usebytes(private_child_sa_t *th
|
Line 546 static status_t update_usebytes(private_child_sa_t *th
|
|
|
if (inbound) |
if (inbound) |
{ |
{ |
if (this->my_spi) | if (this->my_spi && this->inbound_installed) |
{ |
{ |
kernel_ipsec_sa_id_t id = { |
kernel_ipsec_sa_id_t id = { |
.src = this->other_addr, |
.src = this->other_addr, |
Line 807 static status_t install_internal(private_child_sa_t *t
|
Line 812 static status_t install_internal(private_child_sa_t *t
|
this->my_cpi = cpi; |
this->my_cpi = cpi; |
dst_ts = my_ts; |
dst_ts = my_ts; |
src_ts = other_ts; |
src_ts = other_ts; |
|
this->inbound_installed = TRUE; |
} |
} |
else |
else |
{ |
{ |
Line 1469 static status_t update_sas(private_child_sa_t *this, h
|
Line 1475 static status_t update_sas(private_child_sa_t *this, h
|
bool encap) |
bool encap) |
{ |
{ |
/* update our (initiator) SA */ |
/* update our (initiator) SA */ |
if (this->my_spi) | if (this->my_spi && this->inbound_installed) |
{ |
{ |
kernel_ipsec_sa_id_t id = { |
kernel_ipsec_sa_id_t id = { |
.src = this->other_addr, |
.src = this->other_addr, |
Line 1542 METHOD(child_sa_t, update, status_t,
|
Line 1548 METHOD(child_sa_t, update, status_t,
|
OPT_PROXY_MODE); |
OPT_PROXY_MODE); |
|
|
if (!this->config->has_option(this->config, OPT_NO_POLICIES) && |
if (!this->config->has_option(this->config, OPT_NO_POLICIES) && |
require_policy_update()) | require_policy_update() && array_count(this->my_ts) && |
| array_count(this->other_ts)) |
{ |
{ |
ipsec_sa_cfg_t my_sa, other_sa; |
ipsec_sa_cfg_t my_sa, other_sa; |
enumerator_t *enumerator; |
enumerator_t *enumerator; |
Line 1605 METHOD(child_sa_t, update, status_t,
|
Line 1612 METHOD(child_sa_t, update, status_t,
|
|
|
/* we reinstall the virtual IP to handle interface roaming |
/* we reinstall the virtual IP to handle interface roaming |
* correctly */ |
* correctly */ |
vips->invoke_function(vips, reinstall_vip, me); | if (vips) |
| { |
| vips->invoke_function(vips, reinstall_vip, me); |
| } |
|
|
/* reinstall updated policies */ |
/* reinstall updated policies */ |
install_policies_internal(this, me, other, my_ts, other_ts, |
install_policies_internal(this, me, other, my_ts, other_ts, |
Line 1696 METHOD(child_sa_t, destroy, void,
|
Line 1706 METHOD(child_sa_t, destroy, void,
|
enumerator->destroy(enumerator); |
enumerator->destroy(enumerator); |
} |
} |
|
|
/* delete SAs in the kernel, if they are set up */ | /* delete SAs in the kernel, if they are set up, inbound is always deleted |
| * to remove allocated SPIs */ |
if (this->my_spi) |
if (this->my_spi) |
{ |
{ |
kernel_ipsec_sa_id_t id = { |
kernel_ipsec_sa_id_t id = { |