1 files changed, 9 insertions, 3 deletions

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index b6ef31da0..495929965 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -559,13 +559,14 @@ METHOD(child_sa_t, alloc_cpi, u_int16_t,
 
 METHOD(child_sa_t, install, status_t,
 	   private_child_sa_t *this, chunk_t encr, chunk_t integ, u_int32_t spi,
-	   u_int16_t cpi, bool inbound, linked_list_t *my_ts,
+	   u_int16_t cpi, bool inbound, bool tfcv3, linked_list_t *my_ts,
 	   linked_list_t *other_ts)
 {
 	u_int16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size;
 	traffic_selector_t *src_ts = NULL, *dst_ts = NULL;
 	time_t now;
 	lifetime_cfg_t *lifetime;
+	u_int32_t tfc = 0;
 	host_t *src, *dst;
 	status_t status;
 	bool update = FALSE;
@@ -590,6 +591,11 @@ METHOD(child_sa_t, install, status_t,
 		dst = this->other_addr;
 		this->other_spi = spi;
 		this->other_cpi = cpi;
+
+		if (tfcv3)
+		{
+			tfc = this->config->get_tfc(this->config);
+		}
 	}
 
 	DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound",
@@ -620,7 +626,7 @@ METHOD(child_sa_t, install, status_t,
 		lifetime->time.rekey = 0;
 	}
 
-	if (this->mode == MODE_BEET)
+	if (this->mode == MODE_BEET || this->mode == MODE_TRANSPORT)
 	{
 		/* BEET requires the bound address from the traffic selectors.
 		 * TODO: We add just the first traffic selector for now, as the
@@ -639,7 +645,7 @@ METHOD(child_sa_t, install, status_t,
 
 	status = hydra->kernel_interface->add_sa(hydra->kernel_interface,
 				src, dst, spi, proto_ike2ip(this->protocol), this->reqid,
-				inbound ? this->mark_in : this->mark_out,
+				inbound ? this->mark_in : this->mark_out, tfc,
 				lifetime, enc_alg, encr, int_alg, integ, this->mode,
 				this->ipcomp, cpi, this->encap, update, src_ts, dst_ts);