aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2013-11-07 17:50:02 +0100
committerTobias Brunner <tobias@strongswan.org>2014-01-23 10:27:12 +0100
commit6d1198e71d3bd8e2f3b5c1fc1f3348807433d851 (patch)
treefcab928da6a62d5ab8c54cf9982960e359a434d2 /src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
parentcf4a7395aaee59b871382154ba9bfeda0819d057 (diff)
downloadstrongswan-6d1198e71d3bd8e2f3b5c1fc1f3348807433d851.tar.bz2
strongswan-6d1198e71d3bd8e2f3b5c1fc1f3348807433d851.tar.xz
updown: Allow IPIP traffic if IPComp was negotiated
The kernel implicitly creates an IPIP SA if an IPComp SA is installed. This SA is used inbound for small packets that are not compressed. Since the addresses are different (they are the tunnel addresses not those of the tunneled traffic) additional rules are required if the traffic selector does not cover the tunnel addresses (e.g. due to a NAT). For SAs with multiple traffic selectors duplicate rules will get installed.
Diffstat (limited to 'src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 08:10:44 +0000