diff options
| author | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2009-01-20 14:36:20 +0000 |
|---|---|---|
| committer | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2009-01-20 14:36:20 +0000 |
| commit | 66729e2a843c8e9110bf23a513cfbf95d3e04087 (patch) | |
| tree | b485048be383611ea2acfc86d5d97f56ae3705da /sbin/ipsecctl/ipsecctl.c | |
| parent | 4c0a50691c50459754a492efc215ccabc8f9e4e1 (diff) | |
Add support to isakmpd(8) and ipsecctl(8) to install SA's with a
different source network than we have negotiated with a peer.
This enables us to do nat/binat on the enc(4) interface.
Very useful to work around rfc 1918 collisions.
Manpage and testing by Mitja Muzenic. Thanks!
OK hshoexer@, markus@. "I like it" todd@
Diffstat (limited to 'sbin/ipsecctl/ipsecctl.c')
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c index b6eccce5e1a..9fb7ee084a6 100644 --- a/sbin/ipsecctl/ipsecctl.c +++ b/sbin/ipsecctl/ipsecctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.c,v 1.71 2008/07/21 14:37:53 bluhm Exp $ */ +/* $OpenBSD: ipsecctl.c,v 1.72 2009/01/20 14:36:19 mpf Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -252,6 +252,8 @@ ipsecctl_free_rule(struct ipsec_rule *rp) free(rp->p2name); if (rp->p2lid) free(rp->p2lid); + if (rp->p2nid) + free(rp->p2nid); if (rp->p2rid) free(rp->p2rid); free(rp); |