From eb0cc33886152940e53d37eba541aefb982cb247 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Tue, 15 Jul 2008 15:28:00 +0000 Subject: The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6 and IPv6-over-IPv6 tunnels with the 2.6.26 and later Linux kernels --- src/charon/kernel/kernel_interface.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'src/charon/kernel/kernel_interface.c') diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c index d34c16017..7a83a1ef6 100644 --- a/src/charon/kernel/kernel_interface.c +++ b/src/charon/kernel/kernel_interface.c @@ -48,6 +48,11 @@ #include #include +/** required for Linux 2.6.26 kernel and later */ +#ifndef XFRM_STATE_AF_UNSPEC +#define XFRM_STATE_AF_UNSPEC 32 +#endif + /** routing table for routes installed by us */ #ifndef IPSEC_ROUTING_TABLE #define IPSEC_ROUTING_TABLE 100 @@ -505,7 +510,7 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, struct xfrm_selector sel; memset(&sel, 0, sizeof(sel)); - sel.family = src->get_type(src) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6; + sel.family = (src->get_type(src) == TS_IPV4_ADDR_RANGE) ? AF_INET : AF_INET6; /* src or dest proto may be "any" (0), use more restrictive one */ sel.proto = max(src->get_protocol(src), dst->get_protocol(dst)); ts2subnet(dst, &sel.daddr, &sel.prefixlen_d); @@ -2041,6 +2046,7 @@ static status_t add_sa(private_kernel_interface_t *this, sa->family = src->get_family(src); sa->mode = mode; sa->replay_window = (protocol == IPPROTO_COMP) ? 0 : 32; + sa->flags |= XFRM_STATE_AF_UNSPEC; sa->reqid = reqid; /* we currently do not expire SAs by volume/packet count */ sa->lft.soft_byte_limit = XFRM_INF; -- cgit v1.2.3