diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2020-12-02 16:47:46 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2020-12-02 16:47:46 +0000 |
| commit | bf3c46369ab79e4d90f8a87d19b4ba92ff21a61d (patch) | |
| tree | 7e2403189cca77c724bbe7197a7c6a72f91cdba3 /sbin | |
| parent | 15629cd6e7a3231d47a0996d26fa5f2cb11dd134 (diff) | |
The skip steps must be set up for each attribute independently
otherwise the wrong rules might me skipped, e.g. if you have
policies with different listen addresses that are not sorted
by address family.
ok patrick@
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/iked/policy.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c index 430833ed3b7..4409f606deb 100644 --- a/sbin/iked/policy.c +++ b/sbin/iked/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.72 2020/11/25 22:17:14 tobhe Exp $ */ +/* $OpenBSD: policy.c,v 1.73 2020/12/02 16:47:45 tobhe Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -229,16 +229,16 @@ policy_calc_skip_steps(struct iked_policies *policies) while (cur != NULL) { if (cur->pol_flags & IKED_POLICY_SKIP) IKED_SET_SKIP_STEPS(IKED_SKIP_FLAGS); - else if (cur->pol_af != AF_UNSPEC && + if (cur->pol_af != AF_UNSPEC && prev->pol_af != AF_UNSPEC && cur->pol_af != prev->pol_af) IKED_SET_SKIP_STEPS(IKED_SKIP_AF); - else if (cur->pol_ipproto && prev->pol_ipproto && + if (cur->pol_ipproto && prev->pol_ipproto && cur->pol_ipproto != prev->pol_ipproto) IKED_SET_SKIP_STEPS(IKED_SKIP_PROTO); - else if (IKED_ADDR_NEQ(&cur->pol_peer, &prev->pol_peer)) + if (IKED_ADDR_NEQ(&cur->pol_peer, &prev->pol_peer)) IKED_SET_SKIP_STEPS(IKED_SKIP_DST_ADDR); - else if (IKED_ADDR_NEQ(&cur->pol_local, &prev->pol_local)) + if (IKED_ADDR_NEQ(&cur->pol_local, &prev->pol_local)) IKED_SET_SKIP_STEPS(IKED_SKIP_SRC_ADDR); prev = cur; |