kernel-netlink: Use correct 4 byte alignment for AH with IPv4
By default, the kernel incorrectly uses an 8 byte alignment, which is mandatory for IPv6 but prohibited for IPv4. For many algorithms this doesn't matter but that's not the case for HMAC_SHA2_256_128. Since 2.6.39 the kernel can be explicitly configured to use a 4 byte alignment.
This commit is contained in:
parent
8a91729dfe
commit
965daa1df3
|
@ -1369,6 +1369,11 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
|
|||
default:
|
||||
break;
|
||||
}
|
||||
if (id->proto == IPPROTO_AH && sa->family == AF_INET)
|
||||
{ /* use alignment to 4 bytes for IPv4 instead of the incorrect 8 byte
|
||||
* alignment that's used by default but is only valid for IPv6 */
|
||||
sa->flags |= XFRM_STATE_ALIGN4;
|
||||
}
|
||||
|
||||
sa->reqid = data->reqid;
|
||||
sa->lft.soft_byte_limit = XFRM_LIMIT(data->lifetime->bytes.rekey);
|
||||
|
|
Loading…
Reference in New Issue