aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2013-11-19 12:41:31 +0100
committerTobias Brunner <tobias@strongswan.org>2013-11-19 12:44:16 +0100
commit38a4f1964e98ec9e4e4396c4b3c62855ced6c26a (patch)
tree4468d3f175e066320935ef03257089ed523b72d4 /src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
parent194b69f0b82c148e5e72397a631f762d5393bfa4 (diff)
downloadstrongswan-38a4f1964e98ec9e4e4396c4b3c62855ced6c26a.tar.bz2
strongswan-38a4f1964e98ec9e4e4396c4b3c62855ced6c26a.tar.xz
kernel-netlink: Enable TFC padding only for tunnel mode ESP SAs
The kernel does not allow them for transport mode SAs or IPComp SAs (and of course not for AH SAs). Fixes #446.
Diffstat (limited to 'src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c')
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 8352b9311..128e6571c 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1459,8 +1459,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
goto failed;
}
- if (tfc)
- {
+ if (tfc && protocol == IPPROTO_ESP && mode == MODE_TUNNEL)
+ { /* the kernel supports TFC padding only for tunnel mode ESP SAs */
u_int32_t *tfcpad;
tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD,
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 06:57:04 +0000