kernel-libipsec: Add a feature to request UDP encapsulation of ESP packets
authorTobias Brunner <tobias@strongswan.org>
Mon, 17 Jun 2013 08:13:56 +0000 (10:13 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 21 Jun 2013 15:03:21 +0000 (17:03 +0200)
src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
src/libhydra/kernel/kernel_interface.h

index 45b3406..e304d95 100644 (file)
@@ -223,6 +223,12 @@ static void expire(u_int32_t reqid, u_int8_t protocol, u_int32_t spi, bool hard)
                                                                        spi, hard);
 }
 
+METHOD(kernel_ipsec_t, get_features, kernel_feature_t,
+       private_kernel_libipsec_ipsec_t *this)
+{
+       return KERNEL_REQUIRE_UDP_ENCAPSULATION;
+}
+
 METHOD(kernel_ipsec_t, get_spi, status_t,
        private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
        u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
@@ -628,6 +634,7 @@ kernel_libipsec_ipsec_t *kernel_libipsec_ipsec_create()
        INIT(this,
                .public = {
                        .interface = {
+                               .get_features = _get_features,
                                .get_spi = _get_spi,
                                .get_cpi = _get_cpi,
                                .add_sa  = _add_sa,
index 2e8a4c0..f735781 100644 (file)
@@ -67,6 +67,8 @@ enum kernel_feature_t {
        KERNEL_ESP_V3_TFC = (1<<0),
        /** Networking requires an "exclude" route for IKE/ESP packets */
        KERNEL_REQUIRE_EXCLUDE_ROUTE = (1<<1),
+       /** IPsec implementation requires UDP encapsulation of ESP packets */
+       KERNEL_REQUIRE_UDP_ENCAPSULATION = (1<<2),
 };
 
 /**