kernel-netlink: Convert ports in acquires to ICMP[v6] type and code
authorTobias Brunner <tobias@strongswan.org>
Tue, 15 Oct 2013 15:59:26 +0000 (17:59 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 17 Oct 2013 14:57:39 +0000 (16:57 +0200)
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c

index 2e8d54e..8352b93 100644 (file)
@@ -777,7 +777,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
                prefixlen = sel->prefixlen_s;
                if (sel->sport_mask)
                {
-                       port = htons(sel->sport);
+                       port = ntohs(sel->sport);
                }
        }
        else
@@ -786,10 +786,15 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
                prefixlen = sel->prefixlen_d;
                if (sel->dport_mask)
                {
-                       port = htons(sel->dport);
+                       port = ntohs(sel->dport);
                }
        }
-
+       if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6)
+       {       /* convert ICMP[v6] message type and code as supplied by the kernel in
+                * source and destination ports (both in network order) */
+               port = (sel->sport >> 8) | (sel->dport & 0xff00);
+               port = ntohs(port);
+       }
        /* The Linux 2.6 kernel does not set the selector's family field,
         * so as a kludge we additionally test the prefix length.
         */