From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 10 Jul 2013 08:56:08 +0000 (+0200)
Subject: kernel-pfkey: Correctly handle IPSEC_PROTO_ANY in an acquire
X-Git-Tag: 5.1.0rc1~35^2~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9f14ada34554bc42b819f8196899a002bade27b;p=thirdparty%2Fstrongswan.git

kernel-pfkey: Correctly handle IPSEC_PROTO_ANY in an acquire
---

diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index d975f15b9f..dd9d354b16 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -981,6 +981,10 @@ static traffic_selector_t* sadb_address2ts(struct sadb_address *address)
 {
 	traffic_selector_t *ts;
 	host_t *host;
+	u_int8_t proto;
+
+	proto = address->sadb_address_proto;
+	proto = proto == IPSEC_PROTO_ANY ? 0 : proto;
 
 	/* The Linux 2.6 kernel does not set the protocol and port information
 	 * in the src and dst sadb_address extensions of the SADB_ACQUIRE message.
@@ -988,8 +992,7 @@ static traffic_selector_t* sadb_address2ts(struct sadb_address *address)
 	host = host_create_from_sockaddr((sockaddr_t*)&address[1]);
 	ts = traffic_selector_create_from_subnet(host,
 											 address->sadb_address_prefixlen,
-											 address->sadb_address_proto,
-											 host->get_port(host),
+											 proto, host->get_port(host),
 											 host->get_port(host) ?: 65535);
 	return ts;
 }