summaryrefslogtreecommitdiff
path: root/sbin/ipsec/photurisd/kernel.c
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>1998-03-16 20:49:54 +0000
committerNiels Provos <provos@cvs.openbsd.org>1998-03-16 20:49:54 +0000
commita051be8da97d3bfa6dfe29cf47ef73407cd193e2 (patch)
treeb8e6d55113f4ed42bb4eee9cb6877333ef4b6a88 /sbin/ipsec/photurisd/kernel.c
parentef52bd69df8be63d098e126ec0e91c929caa7111 (diff)
set socket options, so that photuris bypasses kernel ipsec policy,
not yet supported by the kernel actually.
Diffstat (limited to 'sbin/ipsec/photurisd/kernel.c')
-rw-r--r--sbin/ipsec/photurisd/kernel.c24
1 files changed, 23 insertions, 1 deletions
diff --git a/sbin/ipsec/photurisd/kernel.c b/sbin/ipsec/photurisd/kernel.c
index cb20313f93a..f4c29ebad52 100644
--- a/sbin/ipsec/photurisd/kernel.c
+++ b/sbin/ipsec/photurisd/kernel.c
@@ -29,7 +29,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: kernel.c,v 1.6 1998/03/07 08:48:18 provos Exp $";
+static char rcsid[] = "$Id: kernel.c,v 1.7 1998/03/16 20:49:50 provos Exp $";
#endif
#include <sys/param.h>
@@ -156,6 +156,28 @@ kernel_get_socket(void)
return sd;
}
+void
+kernel_set_socket_policy(int sd)
+{
+ u_char level;
+
+ /*
+ * Need to bypass system security policy, so I can send and
+ * receive key management datagrams in the clear.
+ */
+
+ level = IPSEC_LEVEL_BYPASS; /* Did I mention I'm privileged? */
+ if (setsockopt(sd, IPPROTO_IP, IP_AUTH_LEVEL, (char *)&level,
+ sizeof (u_char)) == -1)
+ crit_error(1, "setsockopt: can not bypass ipsec authentication policy");
+ if (setsockopt(sd, IPPROTO_IP, IP_ESP_TRANS_LEVEL,
+ (char *)&level, sizeof (u_char)) == -1)
+ crit_error(1, "setsockopt: can not bypass ipsec esp transport policy");
+ if (setsockopt(sd, IPPROTO_IP, IP_ESP_NETWORK_LEVEL,
+ (char *)&level, sizeof (u_char)) == -1)
+ crit_error(1, "setsockopt: can not bypass ipsec esp network policy");
+}
+
int
kernel_xf_set(struct encap_msghdr *em)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-01 19:33:31 +0000