diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-11-12 12:00:54 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-11-12 12:00:54 +0000 |
| commit | 63ce3110ca26585d80f472054e98dc7773e807e7 (patch) | |
| tree | 0d5e4df88a49c6d367c076097a29b54a66fcbe0b /sbin/ipsecctl/pfkey.c | |
| parent | 02ffe946b7c40c8ecd5fac91ee755299fc2bacb9 (diff) | |
handle transport/tunnel mode
Diffstat (limited to 'sbin/ipsecctl/pfkey.c')
| -rw-r--r-- | sbin/ipsecctl/pfkey.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/sbin/ipsecctl/pfkey.c b/sbin/ipsecctl/pfkey.c index e6299ba0923..86ba2bf5768 100644 --- a/sbin/ipsecctl/pfkey.c +++ b/sbin/ipsecctl/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.28 2005/11/06 22:51:51 hshoexer Exp $ */ +/* $OpenBSD: pfkey.c,v 1.29 2005/11/12 12:00:53 hshoexer Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org> @@ -47,7 +47,7 @@ static int pfkey_flow(int, u_int8_t, u_int8_t, u_int8_t, static int pfkey_sa(int, u_int8_t, u_int8_t, u_int32_t, struct ipsec_addr_wrap *, struct ipsec_addr_wrap *, struct ipsec_transforms *, struct ipsec_key *, - struct ipsec_key *); + struct ipsec_key *, u_int8_t); static int pfkey_reply(int); int pfkey_parse(struct sadb_msg *, struct ipsec_rule *); int pfkey_ipsec_flush(void); @@ -307,7 +307,7 @@ static int pfkey_sa(int sd, u_int8_t satype, u_int8_t action, u_int32_t spi, struct ipsec_addr_wrap *src, struct ipsec_addr_wrap *dst, struct ipsec_transforms *xfs, struct ipsec_key *authkey, - struct ipsec_key *enckey) + struct ipsec_key *enckey, u_int8_t tmode) { struct sadb_msg smsg; struct sadb_sa sa; @@ -358,6 +358,9 @@ pfkey_sa(int sd, u_int8_t satype, u_int8_t action, u_int32_t spi, sa.sadb_sa_spi = htonl(spi); sa.sadb_sa_state = SADB_SASTATE_MATURE; + if (tmode == IPSEC_TUNNEL) + sa.sadb_sa_flags |= SADB_X_SAFLAGS_TUNNEL; + if (xfs && xfs->authxf) { switch (xfs->authxf->id) { case AUTHXF_NONE: @@ -886,11 +889,12 @@ pfkey_ipsec_establish(int action, struct ipsec_rule *r) switch (action) { case ACTION_ADD: ret = pfkey_sa(fd, satype, SADB_ADD, r->spi, - r->src, r->dst, r->xfs, r->authkey, r->enckey); + r->src, r->dst, r->xfs, r->authkey, r->enckey, + r->tmode); break; case ACTION_DELETE: ret = pfkey_sa(fd, satype, SADB_DELETE, r->spi, - r->src, r->dst, r->xfs, NULL, NULL); + r->src, r->dst, r->xfs, NULL, NULL, r->tmode); break; default: return -1; |