From: Martin Willi <martin@revosec.ch>
Date: Mon, 15 Apr 2013 13:33:36 +0000 (+0200)
Subject: kernel-utun: start traffic forwarding after enabling crypto on utun
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0c9c59e00180cf5e7f7d82ab56f26aed1ef00297;p=thirdparty%2Fstrongswan.git

kernel-utun: start traffic forwarding after enabling crypto on utun
---

diff --git a/src/libhydra/plugins/kernel_utun/kernel_utun_ipsec.c b/src/libhydra/plugins/kernel_utun/kernel_utun_ipsec.c
index 644c686625..cae226d444 100644
--- a/src/libhydra/plugins/kernel_utun/kernel_utun_ipsec.c
+++ b/src/libhydra/plugins/kernel_utun/kernel_utun_ipsec.c
@@ -87,6 +87,13 @@ static bool enable_crypto(tun_device_t *tun)
 			 tun->get_name(tun), strerror(errno));
 		return FALSE;
 	}
+	if (setsockopt(tun->get_fd(tun), SYSPROTO_CONTROL,
+				   UTUN_OPT_START_CRYPTO_DATA_TRAFFIC, &args, sizeof(args)) < 0)
+	{
+		DBG1(DBG_KNL, "starting crypto traffic on %s failed: %s",
+			 tun->get_name(tun), strerror(errno));
+		return FALSE;
+	}
 	return TRUE;
 }