summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>2000-12-12 01:46:30 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>2000-12-12 01:46:30 +0000
commitc9c21d97452061e55bd36ef1a7a7f8b8c95ac586 (patch)
treeec4236683eadf77c05ef1f34a49296520237c2f5 /sbin
parent5012950c3cbd18cb30af7e12675c060bcfc35167 (diff)
Merge with EOM 1.73
author: angelos Pass the local/remote Phase 1 ID to the flow, so it can be reused when an SA is re-negotiated. author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs).
Diffstat (limited to 'sbin')
-rw-r--r--sbin/isakmpd/pf_encap.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/sbin/isakmpd/pf_encap.c b/sbin/isakmpd/pf_encap.c
index 7cf11a2f430..f25fb335b84 100644
--- a/sbin/isakmpd/pf_encap.c
+++ b/sbin/isakmpd/pf_encap.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: pf_encap.c,v 1.17 2000/06/08 20:49:19 niklas Exp $ */
-/* $EOM: pf_encap.c,v 1.71 2000/05/12 12:41:23 ho Exp $ */
+/* $OpenBSD: pf_encap.c,v 1.18 2000/12/12 01:46:29 niklas Exp $ */
+/* $EOM: pf_encap.c,v 1.73 2000/12/04 04:46:34 angelos Exp $ */
/*
* Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
@@ -707,7 +707,7 @@ pf_encap_delete_spi (struct sa *sa, struct proto *proto, int incoming)
/* Enable a flow given an SA. */
int
-pf_encap_enable_sa (struct sa *sa)
+pf_encap_enable_sa (struct sa *sa, struct sa *isakmp_sa)
{
struct ipsec_sa *isa = sa->data;
struct sockaddr *dst;
@@ -904,6 +904,8 @@ pf_encap_connection_check (char *conn)
char *conf, *doi_str, *local_id, *remote_id, *peer, *address;
struct in_addr laddr, lmask, raddr, rmask, gwaddr;
int lid, rid, err;
+ u_int8_t tproto;
+ u_int16_t sport, dport;
if (sa_lookup_by_name (conn, 2) || exchange_lookup_by_name (conn, 2))
{
@@ -940,9 +942,9 @@ pf_encap_connection_check (char *conn)
return;
}
- if (ipsec_get_id (local_id, &lid, &laddr, &lmask))
+ if (ipsec_get_id (local_id, &lid, &laddr, &lmask, &tproto, &sport))
return;
- if (ipsec_get_id (remote_id, &rid, &raddr, &rmask))
+ if (ipsec_get_id (remote_id, &rid, &raddr, &rmask, &tproto, &dport))
return;
peer = conf_get_str (conn, "ISAKMP-peer");