diff options
| author | Jean-Jacques Bernard-Gundol <jjbg@cvs.openbsd.org> | 2001-07-05 16:45:56 +0000 |
|---|---|---|
| committer | Jean-Jacques Bernard-Gundol <jjbg@cvs.openbsd.org> | 2001-07-05 16:45:56 +0000 |
| commit | 948fec4e04ff4b485f61f0ce7fa4a2c1d40e1704 (patch) | |
| tree | dcc0f0f3b622d2f9c83e68d7fb8101a851cb2be2 /sys/netinet/ip_input.c | |
| parent | 8825709f799a89e2fc142671d9921b6c10501350 (diff) | |
IPComp support. angelos@ ok.
Diffstat (limited to 'sys/netinet/ip_input.c')
| -rw-r--r-- | sys/netinet/ip_input.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 775248a8fa2..cade9bde7a0 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.89 2001/06/28 21:53:42 provos Exp $ */ +/* $OpenBSD: ip_input.c,v 1.90 2001/07/05 16:45:54 jjbg Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -64,6 +64,10 @@ #include <netinet/ip_var.h> #include <netinet/ip_icmp.h> +#ifdef IPSEC +#include <netinet/ip_ipsp.h> +#endif /* IPSEC */ + #ifndef IPFORWARDING #ifdef GATEWAY #define IPFORWARDING 1 /* forward IP packets not for us */ @@ -96,6 +100,7 @@ int ipsec_exp_first_use = IPSEC_DEFAULT_EXP_FIRST_USE; int ipsec_expire_acquire = IPSEC_DEFAULT_EXPIRE_ACQUIRE; char ipsec_def_enc[20]; char ipsec_def_auth[20]; +char ipsec_def_comp[20]; /* * Note: DIRECTED_BROADCAST is handled this way so that previous @@ -124,6 +129,7 @@ struct rttimer_queue *ip_mtudisc_timeout_q = NULL; int ipsec_auth_default_level = IPSEC_AUTH_LEVEL_DEFAULT; int ipsec_esp_trans_default_level = IPSEC_ESP_TRANS_LEVEL_DEFAULT; int ipsec_esp_network_default_level = IPSEC_ESP_NETWORK_LEVEL_DEFAULT; +int ipsec_ipcomp_default_level = IPSEC_IPCOMP_LEVEL_DEFAULT; /* Keep track of memory used for reassembly */ int ip_maxqueue = 300; @@ -247,6 +253,7 @@ ip_init() strncpy(ipsec_def_enc, IPSEC_DEFAULT_DEF_ENC, sizeof(ipsec_def_enc)); strncpy(ipsec_def_auth, IPSEC_DEFAULT_DEF_AUTH, sizeof(ipsec_def_auth)); + strncpy(ipsec_def_comp, IPSEC_DEFAULT_DEF_COMP, sizeof(ipsec_def_comp)); } struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; @@ -608,7 +615,8 @@ found: * While this is not the most paranoid setting, it allows * some flexibility in handling of nested tunnels etc. */ - if ((ip->ip_p == IPPROTO_ESP) || (ip->ip_p == IPPROTO_AH)) + if ((ip->ip_p == IPPROTO_ESP) || (ip->ip_p == IPPROTO_AH) || + (ip->ip_p == IPPROTO_IPCOMP)) goto skipipsec; /* @@ -1650,6 +1658,10 @@ ip_sysctl(name, namelen, oldp, oldlenp, newp, newlen) case IPCTL_IPSEC_EXPIRE_ACQUIRE: return (sysctl_int(oldp, oldlenp, newp, newlen, &ipsec_expire_acquire)); + case IPCTL_IPSEC_IPCOMP_ALGORITHM: + return (sysctl_tstring(oldp, oldlenp, newp, newlen, + ipsec_def_comp, + sizeof(ipsec_def_comp))); default: return (EOPNOTSUPP); } |