------------------------------------------------------------ revno: 5500 committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx> branch nick: hipl timestamp: Wed 2011-01-12 15:03:38 +0100 message: fix issue, where IPsec security policies and security association do not match IP addresses, HITs and IPsec SA/SP direction did not match in case of UPDATEs. modified: hipd/hadb.c -- lp:hipl https://code.launchpad.net/~hipl-core/hipl/trunk Your team HIPL core team is subscribed to branch lp:hipl. To unsubscribe from this branch go to https://code.launchpad.net/~hipl-core/hipl/trunk/+edit-subscription
=== modified file 'hipd/hadb.c' --- hipd/hadb.c 2011-01-07 18:32:48 +0000 +++ hipd/hadb.c 2011-01-12 14:03:38 +0000 @@ -1551,8 +1551,8 @@ // Create a new security policy HIP_IFEL(hip_setup_hit_sp_pair(&ha->hit_peer, &ha->hit_our, + src_addr, dst_addr, - src_addr, IPPROTO_ESP, 1, 0), @@ -1561,8 +1561,8 @@ // Create a new inbound SA HIP_DEBUG("Creating a new inbound SA, SPI=0x%x\n", new_spi_in); - HIP_IFEL(hip_add_sa(dst_addr, - src_addr, + HIP_IFEL(hip_add_sa(src_addr, + dst_addr, &ha->hit_peer, &ha->hit_our, new_spi_in, @@ -1580,8 +1580,8 @@ HIP_DEBUG("Creating a new outbound SA, SPI=0x%x\n", new_spi_out); ha->local_udp_port = ha->nat_mode ? hip_get_local_nat_udp_port() : 0; - HIP_IFEL(hip_add_sa(src_addr, - dst_addr, + HIP_IFEL(hip_add_sa(dst_addr, + src_addr, &ha->hit_our, &ha->hit_peer, new_spi_out,