summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2006-08-30 22:54:33 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2006-08-30 22:54:33 +0000
commit75615cfea4d245bcee30357e9f6467a3c38399f5 (patch)
tree74bb4ab0bc02c1bcbeadd1679d8716d1fb343abd /sbin/isakmpd
parentb3b4491bb8467522dae59c318c9c6d446852fe93 (diff)
fix isakmpd -Ka, as used by bgpd, or acquire flows set up via ipsecctl.
acquire flows need to be recorded on the fly via connection_record_passive(), otherwise later lookups fail and the policy check fails. ok hshoexer ho markus msf deraadt
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/pf_key_v2.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index d825b814af5..116a896bdf7 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.174 2006/08/30 18:27:17 henning Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.175 2006/08/30 22:54:32 henning Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -52,6 +52,7 @@
#include "cert.h"
#include "conf.h"
+#include "connection.h"
#include "exchange.h"
#include "ipsec.h"
#include "ipsec_num.h"
@@ -3448,6 +3449,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
/* Let's rock 'n roll. */
pf_key_v2_connection_check(conn);
+ connection_record_passive(conn);
conn = 0;
/* Fall-through to cleanup. */