kernel-pfkey: Set state to SADB_SASTATE_MATURE when adding/updating SAs

Picky kernels might otherwise reject our messages as RFC 2367 explicitly mandates this. Fixes #2212.
author: Tobias Brunner <tobias@strongswan.org> 2017-01-16 17:01:33 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2017-01-25 17:30:57 +0100
commit: 4ae2209e3d26c48932760ef048f7078c0e2edb1e (patch)
tree: 996e00ebfb2c1403b182d5f4fac0407552476e63 /src
parent: da565d983298c89fd5df277b23a820964380b332 (diff)
download: strongswan-4ae2209e3d26c48932760ef048f7078c0e2edb1e.tar.bz2
strongswan-4ae2209e3d26c48932760ef048f7078c0e2edb1e.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 1b22ea549..97cf78079 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1717,6 +1717,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	sa->sadb_sa_exttype = SADB_EXT_SA;
 	sa->sadb_sa_len = PFKEY_LEN(len);
 	sa->sadb_sa_spi = id->spi;
+	sa->sadb_sa_state = SADB_SASTATE_MATURE;
 	if (id->proto == IPPROTO_COMP)
 	{
 		sa->sadb_sa_encrypt = lookup_algorithm(COMPRESSION_ALGORITHM,
@@ -1889,6 +1890,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
 	sa->sadb_sa_exttype = SADB_EXT_SA;
 	sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa));
 	sa->sadb_sa_spi = id->spi;
+	sa->sadb_sa_state = SADB_SASTATE_MATURE;
 	PFKEY_EXT_ADD(msg, sa);
 
 	/* the kernel wants a SADB_EXT_ADDRESS_SRC to be present even though
author	Tobias Brunner <tobias@strongswan.org>	2017-01-16 17:01:33 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2017-01-25 17:30:57 +0100
commit	4ae2209e3d26c48932760ef048f7078c0e2edb1e (patch)
tree	996e00ebfb2c1403b182d5f4fac0407552476e63 /src
parent	da565d983298c89fd5df277b23a820964380b332 (diff)
download	strongswan-4ae2209e3d26c48932760ef048f7078c0e2edb1e.tar.bz2 strongswan-4ae2209e3d26c48932760ef048f7078c0e2edb1e.tar.xz