kernel-netlink: Use correct 4 byte alignment for AH with IPv4

By default, the kernel incorrectly uses an 8 byte alignment, which is
mandatory for IPv6 but prohibited for IPv4.  For many algorithms this
doesn't matter but that's not the case for HMAC_SHA2_256_128.
Since 2.6.39 the kernel can be explicitly configured to use a 4 byte
alignment.

src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c

@@ -1369,6 +1369,11 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		default:
 			break;
 	}
+	if (id->proto == IPPROTO_AH && sa->family == AF_INET)
+	{	/* use alignment to 4 bytes for IPv4 instead of the incorrect 8 byte
+		 * alignment that's used by default but is only valid for IPv6 */
+		sa->flags |= XFRM_STATE_ALIGN4;
+	}
 
 	sa->reqid = data->reqid;
 	sa->lft.soft_byte_limit = XFRM_LIMIT(data->lifetime->bytes.rekey);