summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/ike.c
diff options
context:
space:
mode:
authorHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2006-06-18 18:18:02 +0000
committerHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2006-06-18 18:18:02 +0000
commit9266cd05219113cfefd7ca3e149972a2f6e7e71b (patch)
tree47bf85671604c9394df22fad9c274d8b086fd0fb /sbin/ipsecctl/ike.c
parent16c2b85f0d49cbd90ca8297b869142aa21cac4c0 (diff)
add group "none"; when choosen, pfs will be disabled.
ok david msf
Diffstat (limited to 'sbin/ipsecctl/ike.c')
-rw-r--r--sbin/ipsecctl/ike.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c
index f908eefedc5..9478397946a 100644
--- a/sbin/ipsecctl/ike.c
+++ b/sbin/ipsecctl/ike.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike.c,v 1.44 2006/06/16 18:46:26 hshoexer Exp $ */
+/* $OpenBSD: ike.c,v 1.45 2006/06/18 18:18:01 hshoexer Exp $ */
/*
* Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -255,6 +255,8 @@ ike_section_qm(struct ipsec_addr_wrap *src, struct ipsec_addr_wrap *dst,
if (qmxfs && qmxfs->groupxf) {
switch (qmxfs->groupxf->id) {
+ case GROUPXF_NONE:
+ break;
case GROUPXF_768:
fprintf(fd, "-PFS-GRP1");
break;
@@ -283,7 +285,8 @@ ike_section_qm(struct ipsec_addr_wrap *src, struct ipsec_addr_wrap *dst,
warnx("illegal group %s", qmxfs->groupxf->name);
return (-1);
};
- }
+ } else
+ fprintf(fd, "-PFS");
fprintf(fd, "-SUITE force\n");
return (0);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 17:59:12 +0000