diff options
author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-12-12 01:46:30 +0000 |
---|---|---|
committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-12-12 01:46:30 +0000 |
commit | c9c21d97452061e55bd36ef1a7a7f8b8c95ac586 (patch) | |
tree | ec4236683eadf77c05ef1f34a49296520237c2f5 /sbin | |
parent | 5012950c3cbd18cb30af7e12675c060bcfc35167 (diff) |
Merge with EOM 1.73
author: angelos
Pass the local/remote Phase 1 ID to the flow, so it can be reused when
an SA is re-negotiated.
author: angelos
isakmpd can now negotiate transport protocol/ports (either through the
configuration file or through kernel ACQUIREs).
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/isakmpd/pf_encap.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/sbin/isakmpd/pf_encap.c b/sbin/isakmpd/pf_encap.c index 7cf11a2f430..f25fb335b84 100644 --- a/sbin/isakmpd/pf_encap.c +++ b/sbin/isakmpd/pf_encap.c @@ -1,5 +1,5 @@ -/* $OpenBSD: pf_encap.c,v 1.17 2000/06/08 20:49:19 niklas Exp $ */ -/* $EOM: pf_encap.c,v 1.71 2000/05/12 12:41:23 ho Exp $ */ +/* $OpenBSD: pf_encap.c,v 1.18 2000/12/12 01:46:29 niklas Exp $ */ +/* $EOM: pf_encap.c,v 1.73 2000/12/04 04:46:34 angelos Exp $ */ /* * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. @@ -707,7 +707,7 @@ pf_encap_delete_spi (struct sa *sa, struct proto *proto, int incoming) /* Enable a flow given an SA. */ int -pf_encap_enable_sa (struct sa *sa) +pf_encap_enable_sa (struct sa *sa, struct sa *isakmp_sa) { struct ipsec_sa *isa = sa->data; struct sockaddr *dst; @@ -904,6 +904,8 @@ pf_encap_connection_check (char *conn) char *conf, *doi_str, *local_id, *remote_id, *peer, *address; struct in_addr laddr, lmask, raddr, rmask, gwaddr; int lid, rid, err; + u_int8_t tproto; + u_int16_t sport, dport; if (sa_lookup_by_name (conn, 2) || exchange_lookup_by_name (conn, 2)) { @@ -940,9 +942,9 @@ pf_encap_connection_check (char *conn) return; } - if (ipsec_get_id (local_id, &lid, &laddr, &lmask)) + if (ipsec_get_id (local_id, &lid, &laddr, &lmask, &tproto, &sport)) return; - if (ipsec_get_id (remote_id, &rid, &raddr, &rmask)) + if (ipsec_get_id (remote_id, &rid, &raddr, &rmask, &tproto, &dport)) return; peer = conf_get_str (conn, "ISAKMP-peer"); |