summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2017-09-01 17:21:25 +0200
committerYves-Alexis Perez <corsac@corsac.net>2017-09-01 17:21:25 +0200
commitd35f9a428e3443c4478b3ba1b03d7f69ce43436c (patch)
treec57633158ae938ac37bac0be0564fc9360746999 /src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
parentdebb2443d93d74388b2330341a787e5ba420909d (diff)
parent11d6b62db969bdd808d0f56706cb18f113927a31 (diff)
downloadvyos-strongswan-d35f9a428e3443c4478b3ba1b03d7f69ce43436c.tar.gz
vyos-strongswan-d35f9a428e3443c4478b3ba1b03d7f69ce43436c.zip
Updated version 5.6.0 from 'upstream/5.6.0'
with Debian dir e138a03837a338ec35cc53a33de19381770a5f0c
Diffstat (limited to 'src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c')
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index c411b829d..8ddaa71d3 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1141,7 +1141,7 @@ static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd,
METHOD(kernel_ipsec_t, get_features, kernel_feature_t,
private_kernel_netlink_ipsec_t *this)
{
- return KERNEL_ESP_V3_TFC;
+ return KERNEL_ESP_V3_TFC | KERNEL_POLICY_SPI;
}
/**
@@ -2409,11 +2409,13 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
struct xfrm_user_tmpl *tmpl;
struct {
uint8_t proto;
+ uint32_t spi;
bool use;
} protos[] = {
- { IPPROTO_COMP, ipsec->cfg.ipcomp.transform != IPCOMP_NONE },
- { IPPROTO_ESP, ipsec->cfg.esp.use },
- { IPPROTO_AH, ipsec->cfg.ah.use },
+ { IPPROTO_COMP, htonl(ntohs(ipsec->cfg.ipcomp.cpi)),
+ ipsec->cfg.ipcomp.transform != IPCOMP_NONE },
+ { IPPROTO_ESP, ipsec->cfg.esp.spi, ipsec->cfg.esp.use },
+ { IPPROTO_AH, ipsec->cfg.ah.spi, ipsec->cfg.ah.use },
};
ipsec_mode_t proto_mode = ipsec->cfg.mode;
int count = 0;
@@ -2441,6 +2443,10 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
}
tmpl->reqid = ipsec->cfg.reqid;
tmpl->id.proto = protos[i].proto;
+ if (policy->direction == POLICY_OUT)
+ {
+ tmpl->id.spi = protos[i].spi;
+ }
tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0;
tmpl->mode = mode2kernel(proto_mode);
tmpl->optional = protos[i].proto == IPPROTO_COMP &&
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-14 14:08:59 +0000