summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
authorHakan Olsson <ho@cvs.openbsd.org>2002-06-14 12:43:12 +0000
committerHakan Olsson <ho@cvs.openbsd.org>2002-06-14 12:43:12 +0000
commit14c2660ac94fd81e616e688019e6d0112378eed0 (patch)
treeea4298b9b2d1d7146d656be98604f32b758d16c3 /sbin/isakmpd
parent1fa8eb15aa204121c8f5f6ba7610a1a6d4e5b5b3 (diff)
Recognize the ECN_TUNNEL attribute.
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/ike_quick_mode.c7
-rw-r--r--sbin/isakmpd/ipsec.c10
-rw-r--r--sbin/isakmpd/ipsec_num.cst3
3 files changed, 15 insertions, 5 deletions
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index 76f3ab98da7..e92885dbe5b 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_quick_mode.c,v 1.65 2002/06/11 18:56:07 ho Exp $ */
+/* $OpenBSD: ike_quick_mode.c,v 1.66 2002/06/14 12:43:11 ho Exp $ */
/* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */
/*
@@ -703,6 +703,11 @@ initiator_send_HASH_SA_NONCE (struct message *msg)
value);
}
+ value = conf_get_num (xf->field, "ECN_TUNNEL", 0);
+ if (value)
+ attr = attribute_set_basic (attr, IPSEC_ATTR_ECN_TUNNEL,
+ value);
+
/* Record the real transform size. */
transforms_len[prop_no] += (transform_len[prop_no][xf_no]
= attr - transform[prop_no][xf_no]);
diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c
index 338c68eb50f..8a3bc0d13bd 100644
--- a/sbin/isakmpd/ipsec.c
+++ b/sbin/isakmpd/ipsec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec.c,v 1.67 2002/06/09 08:13:06 todd Exp $ */
+/* $OpenBSD: ipsec.c,v 1.68 2002/06/14 12:43:11 ho Exp $ */
/* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */
/*
@@ -329,7 +329,7 @@ ipsec_finalize_exchange (struct message *msg)
if (exchange->initiator)
{
- /* Initiator is source, responder is destination. */
+ /* Initiator is source, responder is destination. */
if (ipsec_set_network (ie->id_ci, ie->id_cr, isa))
{
log_error ("ipsec_finalize_exchange: "
@@ -747,7 +747,7 @@ ipsec_validate_attribute (u_int16_t type, u_int8_t *value, u_int16_t len,
|| type > IKE_ATTR_GROUP_ORDER))
|| (msg->exchange->phase == 2
&& (type < IPSEC_ATTR_SA_LIFE_TYPE
- || type > IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM)))
+ || type > IPSEC_ATTR_ECN_TUNNEL)))
return -1;
return 0;
}
@@ -1220,6 +1220,8 @@ ipsec_is_attribute_incompatible (u_int16_t type, u_int8_t *value,
return 1;
case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM:
return 1;
+ case IPSEC_ATTR_ECN_TUNNEL:
+ return 1;
}
}
/* XXX Silence gcc. */
@@ -1411,6 +1413,8 @@ ipsec_decode_attribute (u_int16_t type, u_int8_t *value, u_int16_t len,
break;
case IPSEC_ATTR_COMPRESS_PRIVATE_ALGORITHM:
break;
+ case IPSEC_ATTR_ECN_TUNNEL:
+ break;
}
}
lifetype = 0;
diff --git a/sbin/isakmpd/ipsec_num.cst b/sbin/isakmpd/ipsec_num.cst
index 3fa366a5c06..9a0745eac7a 100644
--- a/sbin/isakmpd/ipsec_num.cst
+++ b/sbin/isakmpd/ipsec_num.cst
@@ -1,4 +1,4 @@
-# $OpenBSD: ipsec_num.cst,v 1.9 2002/06/07 20:50:12 ho Exp $
+# $OpenBSD: ipsec_num.cst,v 1.10 2002/06/14 12:43:11 ho Exp $
# $EOM: ipsec_num.cst,v 1.5 2000/10/13 17:56:52 angelos Exp $
#
@@ -53,6 +53,7 @@ IPSEC_ATTR
KEY_ROUNDS 7
COMPRESS_DICTIONARY_SIZE 8
COMPRESS_PRIVATE_ALGORITHM 9
+ ECN_TUNNEL 10
.
# IPSEC SA duration.