From eb0cc33886152940e53d37eba541aefb982cb247 Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Tue, 15 Jul 2008 15:28:00 +0000
Subject: [PATCH] The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows
 IPv4-over-IPv6 and IPv6-over-IPv6 tunnels with the 2.6.26 and later Linux
 kernels

---
 NEWS                                 | 3 +++
 src/charon/kernel/kernel_interface.c | 8 +++++++-
 src/include/linux/xfrm.h             | 1 +
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index f3ff4cc..b3dc652 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 strongswan-4.2.5
 ----------------
 
+- The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6
+  and IPv6-over-IPv6 tunnels with the 2.6.26 and later Linux kernels.
+
 - management of different virtual IP pools for different
   network interfaces have become possible.
 
diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c
index d34c160..7a83a1e 100644
--- a/src/charon/kernel/kernel_interface.c
+++ b/src/charon/kernel/kernel_interface.c
@@ -48,6 +48,11 @@
 #include <processing/jobs/callback_job.h>
 #include <processing/jobs/roam_job.h>
 
+/** required for Linux 2.6.26 kernel and later */
+#ifndef XFRM_STATE_AF_UNSPEC
+#define XFRM_STATE_AF_UNSPEC	32
+#endif
+
 /** routing table for routes installed by us */
 #ifndef IPSEC_ROUTING_TABLE
 #define IPSEC_ROUTING_TABLE 100
@@ -505,7 +510,7 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
 	struct xfrm_selector sel;
 
 	memset(&sel, 0, sizeof(sel));
-	sel.family = src->get_type(src) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
+	sel.family = (src->get_type(src) == TS_IPV4_ADDR_RANGE) ? AF_INET : AF_INET6;
 	/* src or dest proto may be "any" (0), use more restrictive one */
 	sel.proto = max(src->get_protocol(src), dst->get_protocol(dst));
 	ts2subnet(dst, &sel.daddr, &sel.prefixlen_d);
@@ -2041,6 +2046,7 @@ static status_t add_sa(private_kernel_interface_t *this,
 	sa->family = src->get_family(src);
 	sa->mode = mode;
 	sa->replay_window = (protocol == IPPROTO_COMP) ? 0 : 32;
+	sa->flags |= XFRM_STATE_AF_UNSPEC;
 	sa->reqid = reqid;
 	/* we currently do not expire SAs by volume/packet count */
 	sa->lft.soft_byte_limit = XFRM_INF;
diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h
index e31b8c8..d4e9e50 100644
--- a/src/include/linux/xfrm.h
+++ b/src/include/linux/xfrm.h
@@ -338,6 +338,7 @@ struct xfrm_usersa_info {
 #define XFRM_STATE_NOPMTUDISC	4
 #define XFRM_STATE_WILDRECV	8
 #define XFRM_STATE_ICMP		16
+#define XFRM_STATE_AF_UNSPEC	32
 };
 
 struct xfrm_usersa_id {
-- 
2.7.4