From 9983326b20ee18806668b589898d81e53d7f1a7c Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 28 May 2021 13:36:04 +0200
Subject: [PATCH] kernel-netlink: Read protocol of acquire not from template

If a policy with IPComp template triggers an acquire, we get two, one for
an IPComp, one for ESP/AH SA.  However, the triggering template of the trap
policy (where we get the reqid from), will be the same in both acquires,
IPComp, which we ignore, so no acquire was actually forwarded.
---
 src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 339ce2a59f..32b6853450 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -899,9 +899,10 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this,
 	size_t rtasize;
 	traffic_selector_t *src_ts, *dst_ts;
 	uint32_t reqid = 0;
-	int proto = 0;
+	uint8_t proto;
 
 	acquire = NLMSG_DATA(hdr);
+	proto = acquire->id.proto;
 	rta = XFRM_RTA(hdr, struct xfrm_user_acquire);
 	rtasize = XFRM_PAYLOAD(hdr, struct xfrm_user_acquire);
 
@@ -916,7 +917,6 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this,
 			struct xfrm_user_tmpl* tmpl;
 			tmpl = (struct xfrm_user_tmpl*)RTA_DATA(rta);
 			reqid = tmpl->reqid;
-			proto = tmpl->id.proto;
 		}
 		rta = RTA_NEXT(rta, rtasize);
 	}
-- 
2.47.2