Properly use dual-stack SAs.
This change sets the XFRM_SA_AF_UNSPEC flag on the SA, which is
required in order to send both IPv4 and IPv6 traffic on an SA.
Setting the flag also allows us to simplify the code. Because we
always have selectors in the policies, none of our SAs need
selectors that specify IP address ranges. Therefore, we only
really use SA selectors to match the address family.
By ensuring that we always set the XFRM_SA_AF_UNSPEC in tunnel
mode (and never in transport mode), we can always pass the
kernel an empty selector and have it determine the appropriate
selector family from the SA family.
While I'm at it, remove the outer_family argument to
_CreateXfrmTunnel, since it must match the address family of the
source addresses.
Bug: 70371070
Test: all_tests.sh passes on android-4.9
Change-Id: I8ce84b3abfb8faccb3ff7e911ce5d5240a719093
4 files changed
tree: 3167c4f0c1f4908693ac6d5db95b35ce7d947c87
- net/
- OWNERS
