isakmpd bits for ESP+NULL encryption. This is useful, when AH can

not be used (when being behind NAT).  With Martin Hedenfalk
<martin.hedenfalk at gmail.com>, thanks!

2 files changed, 8 insertions, 4 deletions

diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index 2dc97bfefad..26a90d02a34 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.c,v 1.92 2006/08/29 08:51:28 hshoexer Exp $	 */
+/* $OpenBSD: conf.c,v 1.93 2007/02/19 09:43:34 hshoexer Exp $	 */
 /* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $	 */
 
 /*
@@ -467,9 +467,9 @@ conf_load_defaults(int tr)
 	char	*dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14",
 		    "-GRP15", 0};
 	char	*qm_enc[] = {"DES", "3DES", "CAST", "BLOWFISH", "AES",
-		    "AES_128_CTR", "NONE", 0};
+		    "AES_128_CTR", "NULL", "NONE", 0};
 	char	*qm_enc_p[] = {"-DES", "-3DES", "-CAST", "-BLF", "-AES",
-		    "-AESCTR", "", 0};
+		    "-AESCTR", "-NULL", "", 0};
 	char	*qm_hash[] = {"HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD",
 		    "HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512", "NONE",
 		    0};
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 15b7cc104e7..7390673bce8 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.177 2006/11/24 13:52:14 reyk Exp $  */
+/* $OpenBSD: pf_key_v2.c,v 1.178 2007/02/19 09:43:34 hshoexer Exp $  */
 /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $	 */
 
 /*
@@ -954,6 +954,10 @@ pf_key_v2_set_spi(struct sa *sa, struct proto *proto, int incoming,
 			ssa.sadb_sa_encrypt = SADB_X_EALG_BLF;
 			break;
 
+		case IPSEC_ESP_NULL:
+			ssa.sadb_sa_encrypt = SADB_EALG_NULL;
+			break;
+
 		default:
 			LOG_DBG((LOG_SYSDEP, 50, "pf_key_v2_set_spi: "
 			    "unknown encryption algorithm %d", proto->id));