[hipl-dev] [Branch ~hipl-core/hipl/trunk] Rev 5500: fix issue, where IPsec security policies and security association do not match
- From: noreply@xxxxxxxxxxxxx
- To: HIPL core team <hipl-dev@xxxxxxxxxxxxx>
- Date: Wed, 12 Jan 2011 14:07:30 -0000
------------------------------------------------------------
revno: 5500
committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx>
branch nick: hipl
timestamp: Wed 2011-01-12 15:03:38 +0100
message:
fix issue, where IPsec security policies and security association do not match
IP addresses, HITs and IPsec SA/SP direction did not match in case of
UPDATEs.
modified:
hipd/hadb.c
--
lp:hipl
https://code.launchpad.net/~hipl-core/hipl/trunk
Your team HIPL core team is subscribed to branch lp:hipl.
To unsubscribe from this branch go to
https://code.launchpad.net/~hipl-core/hipl/trunk/+edit-subscription
=== modified file 'hipd/hadb.c'
--- hipd/hadb.c 2011-01-07 18:32:48 +0000
+++ hipd/hadb.c 2011-01-12 14:03:38 +0000
@@ -1551,8 +1551,8 @@
// Create a new security policy
HIP_IFEL(hip_setup_hit_sp_pair(&ha->hit_peer,
&ha->hit_our,
+ src_addr,
dst_addr,
- src_addr,
IPPROTO_ESP,
1,
0),
@@ -1561,8 +1561,8 @@
// Create a new inbound SA
HIP_DEBUG("Creating a new inbound SA, SPI=0x%x\n", new_spi_in);
- HIP_IFEL(hip_add_sa(dst_addr,
- src_addr,
+ HIP_IFEL(hip_add_sa(src_addr,
+ dst_addr,
&ha->hit_peer,
&ha->hit_our,
new_spi_in,
@@ -1580,8 +1580,8 @@
HIP_DEBUG("Creating a new outbound SA, SPI=0x%x\n", new_spi_out);
ha->local_udp_port = ha->nat_mode ? hip_get_local_nat_udp_port() : 0;
- HIP_IFEL(hip_add_sa(src_addr,
- dst_addr,
+ HIP_IFEL(hip_add_sa(dst_addr,
+ src_addr,
&ha->hit_our,
&ha->hit_peer,
new_spi_out,
Other related posts:
- » [hipl-dev] [Branch ~hipl-core/hipl/trunk] Rev 5500: fix issue, where IPsec security policies and security association do not match - noreply
