diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2006-08-30 22:54:33 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2006-08-30 22:54:33 +0000 |
commit | 75615cfea4d245bcee30357e9f6467a3c38399f5 (patch) | |
tree | 74bb4ab0bc02c1bcbeadd1679d8716d1fb343abd /sbin/isakmpd | |
parent | b3b4491bb8467522dae59c318c9c6d446852fe93 (diff) |
fix isakmpd -Ka, as used by bgpd, or acquire flows set up via ipsecctl.
acquire flows need to be recorded on the fly via connection_record_passive(),
otherwise later lookups fail and the policy check fails.
ok hshoexer ho markus msf deraadt
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index d825b814af5..116a896bdf7 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.174 2006/08/30 18:27:17 henning Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.175 2006/08/30 22:54:32 henning Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -52,6 +52,7 @@ #include "cert.h" #include "conf.h" +#include "connection.h" #include "exchange.h" #include "ipsec.h" #include "ipsec_num.h" @@ -3448,6 +3449,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) /* Let's rock 'n roll. */ pf_key_v2_connection_check(conn); + connection_record_passive(conn); conn = 0; /* Fall-through to cleanup. */ |