blob: 9d0247b8fa7740c7f8211f859a5d9528806269ce (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From 9645c87adbfcbfba2ace8a51a5df31448512112c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Fri, 5 Jun 2015 10:19:38 +0300
Subject: [PATCH] kernel-netlink: ignore ports for gre protocol
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Netlink supports matching a grekey from using the port data. But
charon does not handle grekey negotiation currently, so just ignore
them for now.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index f22e07d..5ce6b32 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -754,6 +754,11 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
sel.sport = htons(port & 0xff);
sel.dport = htons(port >> 8);
}
+ else if (sel.proto == IPPROTO_GRE)
+ {
+ sel.sport = sel.dport = 0;
+ sel.sport_mask = sel.dport_mask = 0;
+ }
sel.ifindex = 0;
sel.user = 0;
--
2.4.2
|
