summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
diff options
context:
space:
mode:
authorHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2007-02-19 09:00:47 +0000
committerHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2007-02-19 09:00:47 +0000
commit9c0feff58d2d9b693b0fd27d8c6f470f752626f0 (patch)
tree2ea41fb52ab185138a272c8f931b273ee0cb56ae /sbin/ipsecctl
parent435fe6f49a52da02ed19bf951a7f2a8f0492b706 (diff)
Bits for ESP+NULL encryption. This is useful, when AH can not be
used (when being behind NAT). With Martin Hedenfalk <martin.hedenfalk at gmail.com>, thanks! ok markus@
Diffstat (limited to 'sbin/ipsecctl')
-rw-r--r--sbin/ipsecctl/ike.c5
-rw-r--r--sbin/ipsecctl/parse.y6
2 files changed, 7 insertions, 4 deletions
diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c
index 62a628571d3..0a7b579be63 100644
--- a/sbin/ipsecctl/ike.c
+++ b/sbin/ipsecctl/ike.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike.c,v 1.59 2006/12/18 00:08:04 msf Exp $ */
+/* $OpenBSD: ike.c,v 1.60 2007/02/19 09:00:46 hshoexer Exp $ */
/*
* Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -254,6 +254,9 @@ ike_section_p2(struct ipsec_rule *r, FILE *fd)
case ENCXF_CAST128:
fprintf(fd, "CAST");
break;
+ case ENCXF_NULL:
+ fprintf(fd, "NULL");
+ break;
default:
warnx("illegal transform %s",
r->p2xfs->encxf->name);
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index c15d9a07a13..af15c94214f 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.119 2007/02/19 08:29:30 hshoexer Exp $ */
+/* $OpenBSD: parse.y,v 1.120 2007/02/19 09:00:46 hshoexer Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -1991,11 +1991,11 @@ validate_sa(u_int32_t spi, u_int8_t satype, struct ipsec_transforms *xfs,
return (0);
}
if (xfs && xfs->authxf) {
- if (!authkey) {
+ if (!authkey && xfs->authxf != &authxfs[AUTHXF_NONE]) {
yyerror("no authentication key specified");
return (0);
}
- if (authkey->len != xfs->authxf->keymin) {
+ if (authkey && authkey->len != xfs->authxf->keymin) {
yyerror("wrong authentication key length, needs to be "
"%d bits", xfs->authxf->keymin * 8);
return (0);