The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6 and IPv6-over...

diff --git a/NEWS b/NEWS
index f3ff4cc..b3dc652 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 strongswan-4.2.5
 ----------------
 
 strongswan-4.2.5
 ----------------
 

+- The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6
+  and IPv6-over-IPv6 tunnels with the 2.6.26 and later Linux kernels.
+

 - management of different virtual IP pools for different
   network interfaces have become possible.
 
 - management of different virtual IP pools for different
   network interfaces have become possible.
 

diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c
index d34c160..7a83a1e 100644 (file)
--- a/src/charon/kernel/kernel_interface.c
+++ b/src/charon/kernel/kernel_interface.c
@@ -48,6 +48,11 @@
 #include <processing/jobs/callback_job.h>
 #include <processing/jobs/roam_job.h>
 
 #include <processing/jobs/callback_job.h>
 #include <processing/jobs/roam_job.h>
 

+/** required for Linux 2.6.26 kernel and later */
+#ifndef XFRM_STATE_AF_UNSPEC
+#define XFRM_STATE_AF_UNSPEC   32
+#endif
+

 /** routing table for routes installed by us */
 #ifndef IPSEC_ROUTING_TABLE
 #define IPSEC_ROUTING_TABLE 100
 /** routing table for routes installed by us */
 #ifndef IPSEC_ROUTING_TABLE
 #define IPSEC_ROUTING_TABLE 100


@@ -505,7 +510,7 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
        struct xfrm_selector sel;
 
        memset(&sel, 0, sizeof(sel));
        struct xfrm_selector sel;
 
        memset(&sel, 0, sizeof(sel));

-       sel.family = src->get_type(src) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
+       sel.family = (src->get_type(src) == TS_IPV4_ADDR_RANGE) ? AF_INET : AF_INET6;

        /* src or dest proto may be "any" (0), use more restrictive one */
        sel.proto = max(src->get_protocol(src), dst->get_protocol(dst));
        ts2subnet(dst, &sel.daddr, &sel.prefixlen_d);
        /* src or dest proto may be "any" (0), use more restrictive one */
        sel.proto = max(src->get_protocol(src), dst->get_protocol(dst));
        ts2subnet(dst, &sel.daddr, &sel.prefixlen_d);


@@ -2041,6 +2046,7 @@ static status_t add_sa(private_kernel_interface_t *this,
        sa->family = src->get_family(src);
        sa->mode = mode;
        sa->replay_window = (protocol == IPPROTO_COMP) ? 0 : 32;
        sa->family = src->get_family(src);
        sa->mode = mode;
        sa->replay_window = (protocol == IPPROTO_COMP) ? 0 : 32;

+       sa->flags |= XFRM_STATE_AF_UNSPEC;

        sa->reqid = reqid;
        /* we currently do not expire SAs by volume/packet count */
        sa->lft.soft_byte_limit = XFRM_INF;
        sa->reqid = reqid;
        /* we currently do not expire SAs by volume/packet count */
        sa->lft.soft_byte_limit = XFRM_INF;

diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h
index e31b8c8..d4e9e50 100644 (file)
--- a/src/include/linux/xfrm.h
+++ b/src/include/linux/xfrm.h
@@ -338,6 +338,7 @@ struct xfrm_usersa_info {
 #define XFRM_STATE_NOPMTUDISC  4
 #define XFRM_STATE_WILDRECV    8
 #define XFRM_STATE_ICMP                16
 #define XFRM_STATE_NOPMTUDISC  4
 #define XFRM_STATE_WILDRECV    8
 #define XFRM_STATE_ICMP                16

+#define XFRM_STATE_AF_UNSPEC   32

 };
 
 struct xfrm_usersa_id {
 };
 
 struct xfrm_usersa_id {