diff options
author | Hakan Olsson <ho@cvs.openbsd.org> | 2002-06-14 12:43:12 +0000 |
---|---|---|
committer | Hakan Olsson <ho@cvs.openbsd.org> | 2002-06-14 12:43:12 +0000 |
commit | 14c2660ac94fd81e616e688019e6d0112378eed0 (patch) | |
tree | ea4298b9b2d1d7146d656be98604f32b758d16c3 /sbin/isakmpd | |
parent | 1fa8eb15aa204121c8f5f6ba7610a1a6d4e5b5b3 (diff) |
Recognize the ECN_TUNNEL attribute.
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/ike_quick_mode.c | 7 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec.c | 10 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec_num.cst | 3 |
3 files changed, 15 insertions, 5 deletions
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index 76f3ab98da7..e92885dbe5b 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.65 2002/06/11 18:56:07 ho Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.66 2002/06/14 12:43:11 ho Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -703,6 +703,11 @@ initiator_send_HASH_SA_NONCE (struct message *msg) value); } + value = conf_get_num (xf->field, "ECN_TUNNEL", 0); + if (value) + attr = attribute_set_basic (attr, IPSEC_ATTR_ECN_TUNNEL, + value); + /* Record the real transform size. */ transforms_len[prop_no] += (transform_len[prop_no][xf_no] = attr - transform[prop_no][xf_no]); diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index 338c68eb50f..8a3bc0d13bd 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.67 2002/06/09 08:13:06 todd Exp $ */ +/* $OpenBSD: ipsec.c,v 1.68 2002/06/14 12:43:11 ho Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -329,7 +329,7 @@ ipsec_finalize_exchange (struct message *msg) if (exchange->initiator) { - /* Initiator is source, responder is destination. */ + /* Initiator is source, responder is destination. */ if (ipsec_set_network (ie->id_ci, ie->id_cr, isa)) { log_error ("ipsec_finalize_exchange: " @@ -747,7 +747,7 @@ ipsec_validate_attribute (u_int16_t type, u_int8_t *value, u_int16_t len, || type > IKE_ATTR_GROUP_ORDER)) || (msg->exchange->phase == 2 && (type < IPSEC_ATTR_SA_LIFE_TYPE - || type > IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM))) + || type > IPSEC_ATTR_ECN_TUNNEL))) return -1; return 0; } @@ -1220,6 +1220,8 @@ ipsec_is_attribute_incompatible (u_int16_t type, u_int8_t *value, return 1; case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM: return 1; + case IPSEC_ATTR_ECN_TUNNEL: + return 1; } } /* XXX Silence gcc. */ @@ -1411,6 +1413,8 @@ ipsec_decode_attribute (u_int16_t type, u_int8_t *value, u_int16_t len, break; case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM: break; + case IPSEC_ATTR_ECN_TUNNEL: + break; } } lifetype = 0; diff --git a/sbin/isakmpd/ipsec_num.cst b/sbin/isakmpd/ipsec_num.cst index 3fa366a5c06..9a0745eac7a 100644 --- a/sbin/isakmpd/ipsec_num.cst +++ b/sbin/isakmpd/ipsec_num.cst @@ -1,4 +1,4 @@ -# $OpenBSD: ipsec_num.cst,v 1.9 2002/06/07 20:50:12 ho Exp $ +# $OpenBSD: ipsec_num.cst,v 1.10 2002/06/14 12:43:11 ho Exp $ # $EOM: ipsec_num.cst,v 1.5 2000/10/13 17:56:52 angelos Exp $ # @@ -53,6 +53,7 @@ IPSEC_ATTR KEY_ROUNDS 7 COMPRESS_DICTIONARY_SIZE 8 COMPRESS_PRIVATE_ALGORITHM 9 + ECN_TUNNEL 10 . # IPSEC SA duration. |