diff options
| author | Patrick Wildt <patrick@cvs.openbsd.org> | 2017-12-01 20:19:06 +0000 |
|---|---|---|
| committer | Patrick Wildt <patrick@cvs.openbsd.org> | 2017-12-01 20:19:06 +0000 |
| commit | e9b4c199f94473f7595bfea33e4bd18a60939874 (patch) | |
| tree | 6fab02393767f27a58391c7680f8a2bedc07c385 /sbin/iked | |
| parent | 302fbe7898b8d32a96682fbd23473becf19cfca2 (diff) | |
The RFC specifies that in an SA payload the proposals must be numbered
starting with number 1. Subsequent proposals must be one more than the
previous proposal.
ok sthen@
Diffstat (limited to 'sbin/iked')
| -rw-r--r-- | sbin/iked/parse.y | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y index 5a38333398b..58b12e6d0b4 100644 --- a/sbin/iked/parse.y +++ b/sbin/iked/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.67 2017/11/27 18:39:35 patrick Exp $ */ +/* $OpenBSD: parse.y,v 1.68 2017/12/01 20:19:05 patrick Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -2589,6 +2589,7 @@ create_ike(char *name, int af, uint8_t ipproto, struct ipsec_hosts *hosts, struct iked_policy pol; struct iked_proposal prop[2]; unsigned int j; + unsigned int ikepropid = 1, ipsecpropid = 1; struct iked_transform ikexforms[64], ipsecxforms[64]; struct iked_flow flows[64]; static unsigned int policy_id = 0; @@ -2719,7 +2720,7 @@ create_ike(char *name, int af, uint8_t ipproto, struct ipsec_hosts *hosts, TAILQ_INIT(&pol.pol_proposals); RB_INIT(&pol.pol_flows); - prop[0].prop_id = ++pol.pol_nproposals; + prop[0].prop_id = ikepropid++; prop[0].prop_protoid = IKEV2_SAPROTO_IKE; if (ike_sa == NULL || ike_sa->xfs == NULL) { prop[0].prop_nxforms = ikev2_default_nike_transforms; @@ -2750,8 +2751,9 @@ create_ike(char *name, int af, uint8_t ipproto, struct ipsec_hosts *hosts, prop[0].prop_xforms = ikexforms; } TAILQ_INSERT_TAIL(&pol.pol_proposals, &prop[0], prop_entry); + pol.pol_nproposals++; - prop[1].prop_id = ++pol.pol_nproposals; + prop[1].prop_id = ipsecpropid++; prop[1].prop_protoid = saproto; if (ipsec_sa == NULL || ipsec_sa->xfs == NULL) { prop[1].prop_nxforms = ikev2_default_nesp_transforms; @@ -2790,6 +2792,7 @@ create_ike(char *name, int af, uint8_t ipproto, struct ipsec_hosts *hosts, prop[1].prop_xforms = ipsecxforms; } TAILQ_INSERT_TAIL(&pol.pol_proposals, &prop[1], prop_entry); + pol.pol_nproposals++; if (hosts == NULL || hosts->src == NULL || hosts->dst == NULL) fatalx("create_ike: no traffic selectors/flows"); |