Set ESP Next Header field to 0x29 for IPv6 packets

This didn't matter before as we didn't transport IPv6 in ESP — NC doesn't
support it and we haven't worked it out for GPST yet. But Pulse does.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/esp.c b/esp.c
index 1f276b05426ec124af8a748e85eb78b8ffc4c254..fd6cf2bbfb4d58695fd87d2850d926e66e92e924 100644 (file)
--- a/esp.c
+++ b/esp.c
@@ -110,7 +110,10 @@ int construct_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt)
        for (i=0; i<padlen; i++)
                pkt->data[pkt->len + i] = i + 1;
        pkt->data[pkt->len + padlen] = padlen;
-       pkt->data[pkt->len + padlen + 1] = 0x04; /* Legacy IP */
+       if ((pkt->data[0] & 0xf0) == 0x60) /* iph->ip_v */
+               pkt->data[pkt->len + padlen + 1] = 0x29; /* IPv6 */
+       else
+               pkt->data[pkt->len + padlen + 1] = 0x04; /* Legacy IP */
 
        memcpy(pkt->esp.iv, vpninfo->esp_out.iv, sizeof(pkt->esp.iv));