I noticed that in 5.2.2, in child_sa.c, when the hydra kernel interface is being called (line 722), it is called as follows:
status = hydra->kernel_interface->add_sa(hydra->kernel_interface, src, dst, spi, proto_ike2ip(this->protocol), this->reqid, inbound ? this->mark_in : this->mark_out, tfc, lifetime, enc_alg, encr, int_alg, integ, this->mode, this->ipcomp, cpi, this->config->get_replay_window(this->config), initiator, this->encap, esn, update, src_ts, dst_ts); The 3rd to last argument to "add_sa" is the "update" flag, but the kernel interface specifies this as the "inbound" flag. I've written my own kernel interface and all of the SA's are coming in a "outbound" initially, because of this. Is this intended? /Ryan
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
