[Openswan dev]
[PATCH] netlink: Do not set optional for outbound SAs
Herbert Xu
herbert at gondor.apana.org.au
Sat Mar 19 09:58:33 CET 2005
Hi:
This patch fixes a bug in kernel_netlink.c. It's currently setting
the optional flag for all IPComp SAs. This is incorrect as it's
only needed for inbound (in/fwd) SAs. For outbound SAs the flag means
something completely different.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-------------- next part --------------
Index: openswan-2/programs/pluto/kernel_netlink.c
===================================================================
RCS file: /public/cvs/openswan-2/programs/pluto/kernel_netlink.c,v
retrieving revision 1.21
diff -u -r1.21 kernel_netlink.c
--- openswan-2/programs/pluto/kernel_netlink.c 14 Feb 2005 04:31:31 -0000 1.21
+++ openswan-2/programs/pluto/kernel_netlink.c 18 Mar 2005 22:53:20 -0000
@@ -501,7 +501,8 @@
{
tmpl[i].reqid = proto_info[i].reqid;
tmpl[i].id.proto = proto_info[i].proto;
- tmpl[i].optional = proto_info[i].proto == IPPROTO_COMP;
+ tmpl[i].optional =
+ proto_info[i].proto == IPPROTO_COMP && dir != XFRM_POLICY_OUT;
tmpl[i].aalgos = tmpl[i].ealgos = tmpl[i].calgos = ~0;
tmpl[i].mode =
proto_info[i].encapsulation == ENCAPSULATION_MODE_TUNNEL;
More information about the Dev
mailing list