If we wanted to send out more proposals than just one, we need to set a

flag in the SA header that there is another proposal coming.  The "more"
attribute borrows its values, as specified in the RFC, from IKEv1.

ok sthen@

2 files changed, 9 insertions, 2 deletions

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 0b88d13ab87..a3bfa1ff176 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.161 2017/12/03 21:02:06 patrick Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.162 2017/12/03 21:02:44 patrick Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -2023,6 +2023,7 @@ ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf,
 		} else
 			nxforms = prop->prop_nxforms;
 
+		sap->sap_more = IKEV1_PAYLOAD_PROPOSAL;
 		sap->sap_proposalnr = prop->prop_id;
 		sap->sap_protoid = prop->prop_protoid;
 		sap->sap_spisize = prop->prop_localspi.spi_size;
@@ -2066,6 +2067,8 @@ ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf,
 		sap->sap_length = htobe16(saplength);
 		length += saplength;
 	}
+	if (sap != NULL)
+		sap->sap_more = IKEV1_PAYLOAD_NONE;
 
 	log_debug("%s: length %zd", __func__, length);
 
diff --git a/sbin/iked/ikev2.h b/sbin/iked/ikev2.h
index 683fd47845d..48c6a6d4820 100644
--- a/sbin/iked/ikev2.h
+++ b/sbin/iked/ikev2.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.h,v 1.26 2017/03/27 10:06:41 reyk Exp $	*/
+/*	$OpenBSD: ikev2.h,v 1.27 2017/12/03 21:02:44 patrick Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -527,4 +527,8 @@ struct ikev2_cfg {
 
 extern struct iked_constmap ikev2_cfg_map[];
 
+/* IKEv1 payload types */
+#define IKEV1_PAYLOAD_NONE	0	/* No payload */
+#define IKEV1_PAYLOAD_PROPOSAL	2	/* Proposal */
+
 #endif /* IKED_IKEV2_H */