diff options
author | Hakan Olsson <ho@cvs.openbsd.org> | 2002-06-10 20:54:52 +0000 |
---|---|---|
committer | Hakan Olsson <ho@cvs.openbsd.org> | 2002-06-10 20:54:52 +0000 |
commit | 6b574f5217ef3dc53d84216368ba0dfe9dd62d99 (patch) | |
tree | 04e7f1bc8e7be0452ac90ae822cb9aca7122af3d /sbin | |
parent | bb15a4aaca62df563e32ae3abd46a2869412377b (diff) |
CPIs cannot be selected from the same range as SPIs.
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index 0b0b0016507..e6cdbb1af15 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.107 2002/06/09 08:13:06 todd Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.108 2002/06/10 20:54:51 ho Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -737,8 +737,16 @@ pf_key_v2_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src, /* Setup the SPIRANGE extension. */ spirange.sadb_spirange_exttype = SADB_EXT_SPIRANGE; spirange.sadb_spirange_len = sizeof spirange / PF_KEY_V2_CHUNK; - spirange.sadb_spirange_min = IPSEC_SPI_LOW; - spirange.sadb_spirange_max = 0xffffffff; + if (proto == IPSEC_PROTO_IPCOMP) + { + spirange.sadb_spirange_min = CPI_RESERVED_MAX + 1; + spirange.sadb_spirange_max = CPI_PRIVATE_MIN - 1; + } + else + { + spirange.sadb_spirange_min = IPSEC_SPI_LOW; + spirange.sadb_spirange_max = 0xffffffff; + } spirange.sadb_spirange_reserved = 0; if (pf_key_v2_msg_add (getspi, (struct sadb_ext *)&spirange, 0) == -1) goto cleanup; |