Send ESP_TFC_PADDING_NOT_SUPPORTED if the used kernel doesn't support it
authorMartin Willi <martin@revosec.ch>
Thu, 21 Feb 2013 09:09:39 +0000 (10:09 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 1 Mar 2013 10:12:17 +0000 (11:12 +0100)
src/libcharon/sa/ikev2/tasks/child_create.c

index eb3972c..32c0e8c 100644 (file)
@@ -18,6 +18,7 @@
 #include "child_create.h"
 
 #include <daemon.h>
+#include <hydra.h>
 #include <sa/ikev2/keymat_v2.h>
 #include <crypto/diffie_hellman.h>
 #include <credentials/certificates/x509.h>
@@ -615,6 +616,7 @@ static void build_payloads(private_child_create_t *this, message_t *message)
        nonce_payload_t *nonce_payload;
        ke_payload_t *ke_payload;
        ts_payload_t *ts_payload;
+       kernel_feature_t features;
 
        /* add SA payload */
        if (this->initiator)
@@ -661,6 +663,13 @@ static void build_payloads(private_child_create_t *this, message_t *message)
                default:
                        break;
        }
+
+       features = hydra->kernel_interface->get_features(hydra->kernel_interface);
+       if (!(features & KERNEL_ESP_V3_TFC))
+       {
+               message->add_notify(message, FALSE, ESP_TFC_PADDING_NOT_SUPPORTED,
+                                                       chunk_empty);
+       }
 }
 
 /**