From 636c6ab5b4f93cce2e861eb4d77ea275e13867c8 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 12 Apr 2013 13:33:15 +0200 Subject: [PATCH] kernel-utun: enable utun crypto extensions when creating utun device --- .../plugins/kernel_utun/kernel_utun_net.c | 41 ++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/src/libhydra/plugins/kernel_utun/kernel_utun_net.c b/src/libhydra/plugins/kernel_utun/kernel_utun_net.c index f10670e75a..136593131d 100644 --- a/src/libhydra/plugins/kernel_utun/kernel_utun_net.c +++ b/src/libhydra/plugins/kernel_utun/kernel_utun_net.c @@ -16,6 +16,20 @@ #include #include #include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include #include "kernel_utun_net.h" @@ -102,6 +116,31 @@ METHOD(kernel_net_t, get_nexthop, host_t*, return NULL; } +/** + * Enable IPsec crypt extension on utun device + */ +static bool enable_crypto(tun_device_t *tun) +{ + utun_crypto_args_t args = { + .ver = UTUN_CRYPTO_VER_1, + .type = UTUN_CRYPTO_TYPE_IPSEC, + .args_ulen = sizeof(utun_crypto_ipsec_args_v1_t), + .u = { + .ipsec_v1 = { + /* nothing to set */ + }, + }, + }; + if (setsockopt(tun->get_fd(tun), SYSPROTO_CONTROL, UTUN_OPT_ENABLE_CRYPTO, + &args, sizeof(args)) < 0) + { + DBG1(DBG_KNL, "enabling crypto on %s failed: %s", + tun->get_name(tun), strerror(errno)); + return FALSE; + } + return TRUE; +} + METHOD(kernel_net_t, add_ip, status_t, private_kernel_utun_net_t *this, host_t *virtual_ip, int prefix, char *iface_name) @@ -127,7 +166,7 @@ METHOD(kernel_net_t, add_ip, status_t, { return FAILED; } - if (!tun->set_address(tun, virtual_ip, prefix)) + if (!tun->set_address(tun, virtual_ip, prefix) || !enable_crypto(tun)) { tun->destroy(tun); return FAILED; -- 2.47.2