From patchwork Fri Apr 24 13:15:18 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: 'ip' command should allow creation of an IPsec SA with 'proto any'
 and specified sport and dport as selectors
Date: Fri, 24 Apr 2009 03:15:18 -0000
From: Jiri Klimes <klimes@centrum.cz>
X-Patchwork-Id: 26410
Message-Id: <200904241515.6341@centrum.cz>
To: <netdev@vger.kernel.org>




--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -1156,6 +1156,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
                case IPPROTO_UDP:
                case IPPROTO_SCTP:
                case IPPROTO_DCCP:
+               case IPPROTO_IP:  /* to allow shared SA for different protocols */
                        break;
                default:
                        fprintf(stderr, "\"sport\" and \"dport\" are invalid with proto=%s\n", strxf_proto(sel->proto));