aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c')
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 8352b9311..128e6571c 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1459,8 +1459,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
goto failed;
}
- if (tfc)
- {
+ if (tfc && protocol == IPPROTO_ESP && mode == MODE_TUNNEL)
+ { /* the kernel supports TFC padding only for tunnel mode ESP SAs */
u_int32_t *tfcpad;
tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD,
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-21 18:39:36 +0000