From 326bfd045071c21eae023c7dc40a1a4959c988e0 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Tue, 15 Jul 2008 21:35:55 +0000 Subject: set XFRM_STATE_AF_UNSPEC flag only in IPsec tunnel mode --- src/charon/kernel/kernel_interface.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/charon/kernel/kernel_interface.c') diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c index 7a83a1ef6..81d1e8b2e 100644 --- a/src/charon/kernel/kernel_interface.c +++ b/src/charon/kernel/kernel_interface.c @@ -2045,8 +2045,11 @@ static status_t add_sa(private_kernel_interface_t *this, sa->id.proto = proto_ike2kernel(protocol); sa->family = src->get_family(src); sa->mode = mode; + if (mode == MODE_TUNNEL) + { + sa->flags |= XFRM_STATE_AF_UNSPEC; + } sa->replay_window = (protocol == IPPROTO_COMP) ? 0 : 32; - sa->flags |= XFRM_STATE_AF_UNSPEC; sa->reqid = reqid; /* we currently do not expire SAs by volume/packet count */ sa->lft.soft_byte_limit = XFRM_INF; -- cgit v1.2.3