summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>1998-06-03 10:00:20 +0000
committerNiels Provos <provos@cvs.openbsd.org>1998-06-03 10:00:20 +0000
commit4c14b2c29860df694faf6f4d246c9f84d78980e7 (patch)
treed8c605f7b94634739597ccb1d5e70ccbe241c983
parent4a13cf5c5e7f44da86d7fe42c3e7c3ff925e4f95 (diff)
request only auth in notify when vpn ipsec route is found with a different
security protocol than IPPROTO_ESP.
-rw-r--r--sys/netinet/ip_output.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 2f248b3e51f..ec0f71c91ee 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.30 1998/05/24 23:03:47 provos Exp $ */
+/* $OpenBSD: ip_output.c,v 1.31 1998/06/03 10:00:19 provos Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -249,8 +249,10 @@ ip_output(m0, va_alist)
if (ntohl(gw->sen_ipsp_spi) == 0x1) {
struct tdb tmptdb;
- sa_require = NOTIFY_SATYPE_CONF | NOTIFY_SATYPE_AUTH |
- NOTIFY_SATYPE_TUNNEL;
+ sa_require = NOTIFY_SATYPE_AUTH | NOTIFY_SATYPE_TUNNEL;
+ if (gw->sen_ipsp_sproto == IPPROTO_ESP)
+ sa_require |= NOTIFY_SATYPE_CONF;
+
tmptdb.tdb_dst.s_addr = gw->sen_ipsp_dst.s_addr;
tmptdb.tdb_satype = sa_require;