diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2008-07-15 15:28:00 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2008-07-15 15:28:00 +0000 |
| commit | eb0cc33886152940e53d37eba541aefb982cb247 (patch) | |
| tree | 76b39ea1acea8caf5e8923ea7553cda394ae0f87 | |
| parent | 66d4745f8e1dbe5865cd2693e62bc380c04b2aa6 (diff) | |
| download | strongswan-eb0cc33886152940e53d37eba541aefb982cb247.tar.bz2 strongswan-eb0cc33886152940e53d37eba541aefb982cb247.tar.xz | |
The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6 and IPv6-over-IPv6 tunnels with the 2.6.26 and later Linux kernels
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | src/charon/kernel/kernel_interface.c | 8 | ||||
| -rw-r--r-- | src/include/linux/xfrm.h | 1 |
3 files changed, 11 insertions, 1 deletions
@@ -1,6 +1,9 @@ strongswan-4.2.5 ---------------- +- The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6 + and IPv6-over-IPv6 tunnels with the 2.6.26 and later Linux kernels. + - management of different virtual IP pools for different network interfaces have become possible. diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c index d34c16017..7a83a1ef6 100644 --- a/src/charon/kernel/kernel_interface.c +++ b/src/charon/kernel/kernel_interface.c @@ -48,6 +48,11 @@ #include <processing/jobs/callback_job.h> #include <processing/jobs/roam_job.h> +/** required for Linux 2.6.26 kernel and later */ +#ifndef XFRM_STATE_AF_UNSPEC +#define XFRM_STATE_AF_UNSPEC 32 +#endif + /** routing table for routes installed by us */ #ifndef IPSEC_ROUTING_TABLE #define IPSEC_ROUTING_TABLE 100 @@ -505,7 +510,7 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, struct xfrm_selector sel; memset(&sel, 0, sizeof(sel)); - sel.family = src->get_type(src) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6; + sel.family = (src->get_type(src) == TS_IPV4_ADDR_RANGE) ? AF_INET : AF_INET6; /* src or dest proto may be "any" (0), use more restrictive one */ sel.proto = max(src->get_protocol(src), dst->get_protocol(dst)); ts2subnet(dst, &sel.daddr, &sel.prefixlen_d); @@ -2041,6 +2046,7 @@ static status_t add_sa(private_kernel_interface_t *this, sa->family = src->get_family(src); sa->mode = mode; sa->replay_window = (protocol == IPPROTO_COMP) ? 0 : 32; + sa->flags |= XFRM_STATE_AF_UNSPEC; sa->reqid = reqid; /* we currently do not expire SAs by volume/packet count */ sa->lft.soft_byte_limit = XFRM_INF; diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h index e31b8c84f..d4e9e50a8 100644 --- a/src/include/linux/xfrm.h +++ b/src/include/linux/xfrm.h @@ -338,6 +338,7 @@ struct xfrm_usersa_info { #define XFRM_STATE_NOPMTUDISC 4 #define XFRM_STATE_WILDRECV 8 #define XFRM_STATE_ICMP 16 +#define XFRM_STATE_AF_UNSPEC 32 }; struct xfrm_usersa_id { |