diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2013-10-14 17:00:18 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-10-17 16:57:39 +0200 |
| commit | ddc2d3c8e4f561a35de615858428f31544f0b472 (patch) | |
| tree | 185c7b4e39792f6be6b03822128cdc7f726e3515 /src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | |
| parent | 000235f1c5ac138e62bba8351c1266dece572d7e (diff) | |
| download | strongswan-ddc2d3c8e4f561a35de615858428f31544f0b472.tar.bz2 strongswan-ddc2d3c8e4f561a35de615858428f31544f0b472.tar.xz | |
kernel-netlink: Properly install policies with ICMP[v6] types and codes
Diffstat (limited to 'src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c')
| -rw-r--r-- | src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index e23f22023..2e8d54e38 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2012 Tobias Brunner + * Copyright (C) 2006-2013 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2008 Andreas Steffen * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser @@ -744,6 +744,17 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, ts2subnet(src, &sel.saddr, &sel.prefixlen_s); ts2ports(dst, &sel.dport, &sel.dport_mask); ts2ports(src, &sel.sport, &sel.sport_mask); + if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) && + (sel.dport || sel.sport)) + { + /* the ICMP type is encoded in the most significant 8 bits and the ICMP + * code in the least significant 8 bits of the port. via XFRM we have + * to pass the ICMP type and code in the source and destination port + * fields, respectively. the port is in network byte order. */ + u_int16_t port = max(sel.dport, sel.sport); + sel.sport = htons(port & 0xff); + sel.dport = htons(port >> 8); + } sel.ifindex = 0; sel.user = 0; |