Feature #2212
Updated by Tobias Brunner over 8 years ago
RFC2367 requires that SADB_SASTATE_MATURE should be used in SADB_ADD message. The same should be done for SADB_UPDATE.
<pre><code class="diff">
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1717,6 +1717,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
sa->sadb_sa_exttype = SADB_EXT_SA;
sa->sadb_sa_len = PFKEY_LEN(len);
sa->sadb_sa_spi = id->spi;
+ sa->sadb_sa_state = SADB_SASTATE_MATURE;
if (id->proto == IPPROTO_COMP)
{
sa->sadb_sa_encrypt = lookup_algorithm(COMPRESSION_ALGORITHM,
</code></pre>
<pre><code class="diff">
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1717,6 +1717,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
sa->sadb_sa_exttype = SADB_EXT_SA;
sa->sadb_sa_len = PFKEY_LEN(len);
sa->sadb_sa_spi = id->spi;
+ sa->sadb_sa_state = SADB_SASTATE_MATURE;
if (id->proto == IPPROTO_COMP)
{
sa->sadb_sa_encrypt = lookup_algorithm(COMPRESSION_ALGORITHM,
</code></pre>