Patchwork 'ip' command should allow creation of an IPsec SA with 'proto any' and specified sport and dport as selectors

login
register
mail settings
Submitter Jiri Klimes
Date April 24, 2009, 1:15 p.m.
Message ID <200904241515.6341@centrum.cz>
Download mbox | patch
Permalink /patch/26410/
State Not Applicable
Delegated to: David Miller
Headers show

Comments

Jiri Klimes - April 24, 2009, 1:15 p.m.

Patch

--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -1156,6 +1156,7 @@  static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
                case IPPROTO_UDP:
                case IPPROTO_SCTP:
                case IPPROTO_DCCP:
+               case IPPROTO_IP:  /* to allow shared SA for different protocols */
                        break;
                default:
                        fprintf(stderr, "\"sport\" and \"dport\" are invalid with proto=%s\n", strxf_proto(sel->proto));