diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 1999-03-27 21:18:03 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 1999-03-27 21:18:03 +0000 |
| commit | e587002df05c5b20cc3d150b2ffe86b81b2e172f (patch) | |
| tree | 9dfd54acbd2a96857d6fcb80e5525ae5901b47a8 /sbin/photurisd/spi.c | |
| parent | defd96f785a6fc79d07307a2e69e27c048f432af (diff) | |
convert the kernel module to PFKEYv2, support for binding incoming and
outgoing SA-pairs, fix a bug in SPI generation. the daemon registers
with pfkey but does not yet handle expiration or acquire messages. well,
there are NO acquire messages at the moment, so dynamic keyed vpn or
stuff does not work :-\ - all this done in canada. thanks again to
dugsong and linh for the ride. linh is sleeping now.
Diffstat (limited to 'sbin/photurisd/spi.c')
| -rw-r--r-- | sbin/photurisd/spi.c | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/sbin/photurisd/spi.c b/sbin/photurisd/spi.c index 92d77a00376..f51cae995db 100644 --- a/sbin/photurisd/spi.c +++ b/sbin/photurisd/spi.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: spi.c,v 1.1 1998/11/14 23:37:29 deraadt Exp $"; +static char rcsid[] = "$Id: spi.c,v 1.2 1999/03/27 21:18:02 provos Exp $"; #endif #define _SPI_C_ @@ -73,7 +73,7 @@ make_spi(struct stateob *st, char *local_address, u_int8_t **attributes, u_int16_t *attribsize) { u_int32_t tmp = 0; - u_int16_t i; + int i, flags = 0; if(*attributes == NULL) { /* We are in need of attributes */ if (select_attrib(st, attributes, attribsize) == -1) { @@ -82,23 +82,20 @@ make_spi(struct stateob *st, char *local_address, } } - /* Just grab a random number, this should be uniq */ - for(i=0; i<SPI_SIZE; i++) { - if(i%4 == 0) { #ifdef IPSEC - int i, flags = 0; - - for (i=0; i<*attribsize; i += (*attributes)[i+1]+2) - if ((*attributes)[i] == AT_ESP_ATTRIB) - flags |= IPSEC_OPT_ENC; - else if ((*attributes)[i] == AT_AH_ATTRIB) - flags |= IPSEC_OPT_AUTH; - - tmp = kernel_reserve_spi(local_address, flags); + /* Let the kernel reserve a SPI for us */ + for (i=0; i<*attribsize; i += (*attributes)[i+1]+2) + if ((*attributes)[i] == AT_ESP_ATTRIB) + flags |= IPSEC_OPT_ENC; + else if ((*attributes)[i] == AT_AH_ATTRIB) + flags |= IPSEC_OPT_AUTH; + + tmp = kernel_reserve_spi(local_address, st->address, flags); #else - tmp = arc4random(); + /* Just grab a random number, this should be uniq */ + tmp = arc4random(); #endif - } + for (i = SPI_SIZE - 1; i >= 0; i--) { SPI[i] = tmp & 0xFF; tmp = tmp >> 8; } |