From 4ae2209e3d26c48932760ef048f7078c0e2edb1e Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 16 Jan 2017 17:01:33 +0100 Subject: kernel-pfkey: Set state to SADB_SASTATE_MATURE when adding/updating SAs Picky kernels might otherwise reject our messages as RFC 2367 explicitly mandates this. Fixes #2212. --- src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c') diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 1b22ea549..97cf78079 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1717,6 +1717,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(len); sa->sadb_sa_spi = id->spi; + sa->sadb_sa_state = SADB_SASTATE_MATURE; if (id->proto == IPPROTO_COMP) { sa->sadb_sa_encrypt = lookup_algorithm(COMPRESSION_ALGORITHM, @@ -1889,6 +1890,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = id->spi; + sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); /* the kernel wants a SADB_EXT_ADDRESS_SRC to be present even though -- cgit v1.2.3