kernel-netlink: Enable TFC padding only for tunnel mode ESP SAs

The kernel does not allow them for transport mode SAs or IPComp SAs (and of course not for AH SAs). Fixes #446.
2013-11-19 12:41:31 +01:00 · 2013-11-19 12:41:31 +01:00 · 38a4f1964e
parent 194b69f0b8
commit 38a4f1964e
1 changed files with 2 additions and 2 deletions
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@ -1459,8 +1459,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		goto failed;
 	}

-	if (tfc)
-	{
+	if (tfc && protocol == IPPROTO_ESP && mode == MODE_TUNNEL)
+	{	/* the kernel supports TFC padding only for tunnel mode ESP SAs */
 		u_int32_t *tfcpad;

 		tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD,