diff options
author | Niels Provos <provos@cvs.openbsd.org> | 1998-06-03 10:00:20 +0000 |
---|---|---|
committer | Niels Provos <provos@cvs.openbsd.org> | 1998-06-03 10:00:20 +0000 |
commit | 4c14b2c29860df694faf6f4d246c9f84d78980e7 (patch) | |
tree | d8c605f7b94634739597ccb1d5e70ccbe241c983 | |
parent | 4a13cf5c5e7f44da86d7fe42c3e7c3ff925e4f95 (diff) |
request only auth in notify when vpn ipsec route is found with a different
security protocol than IPPROTO_ESP.
-rw-r--r-- | sys/netinet/ip_output.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 2f248b3e51f..ec0f71c91ee 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.30 1998/05/24 23:03:47 provos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.31 1998/06/03 10:00:19 provos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -249,8 +249,10 @@ ip_output(m0, va_alist) if (ntohl(gw->sen_ipsp_spi) == 0x1) { struct tdb tmptdb; - sa_require = NOTIFY_SATYPE_CONF | NOTIFY_SATYPE_AUTH | - NOTIFY_SATYPE_TUNNEL; + sa_require = NOTIFY_SATYPE_AUTH | NOTIFY_SATYPE_TUNNEL; + if (gw->sen_ipsp_sproto == IPPROTO_ESP) + sa_require |= NOTIFY_SATYPE_CONF; + tmptdb.tdb_dst.s_addr = gw->sen_ipsp_dst.s_addr; tmptdb.tdb_satype = sa_require; |