diff options
| author | Jean-Jacques Bernard-Gundol <jjbg@cvs.openbsd.org> | 2001-07-05 16:45:56 +0000 |
|---|---|---|
| committer | Jean-Jacques Bernard-Gundol <jjbg@cvs.openbsd.org> | 2001-07-05 16:45:56 +0000 |
| commit | 948fec4e04ff4b485f61f0ce7fa4a2c1d40e1704 (patch) | |
| tree | dcc0f0f3b622d2f9c83e68d7fb8101a851cb2be2 /sys/netinet/ip_output.c | |
| parent | 8825709f799a89e2fc142671d9921b6c10501350 (diff) | |
IPComp support. angelos@ ok.
Diffstat (limited to 'sys/netinet/ip_output.c')
| -rw-r--r-- | sys/netinet/ip_output.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index d089d2d71c9..971f4a04e5b 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.132 2001/06/29 18:36:17 beck Exp $ */ +/* $OpenBSD: ip_output.c,v 1.133 2001/07/05 16:45:55 jjbg Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -84,6 +84,7 @@ extern u_int8_t get_sa_require __P((struct inpcb *)); extern int ipsec_auth_default_level; extern int ipsec_esp_trans_default_level; extern int ipsec_esp_network_default_level; +extern int ipsec_ipcomp_default_level; #endif /* IPSEC */ static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *)); @@ -296,6 +297,7 @@ ip_output(m0, va_alist) (inp->inp_seclevel[SL_AUTH] == IPSEC_LEVEL_BYPASS) && (inp->inp_seclevel[SL_ESP_TRANS] == IPSEC_LEVEL_BYPASS) && (inp->inp_seclevel[SL_ESP_NETWORK] == IPSEC_LEVEL_BYPASS) + && (inp->inp_seclevel[SL_IPCOMP] == IPSEC_LEVEL_BYPASS) && (sdst.sa.sa_family == AF_INET) && (sdst.sin.sin_addr.s_addr == ip->ip_dst.s_addr)) { splx(s); @@ -1094,6 +1096,14 @@ ip_ctloutput(op, so, level, optname, mp) } inp->inp_seclevel[SL_ESP_NETWORK] = optval; break; + case IP_IPCOMP_LEVEL: + if (optval < ipsec_ipcomp_default_level && + suser(p->p_ucred, &p->p_acflag)) { + error = EACCES; + break; + } + inp->inp_seclevel[SL_IPCOMP] = optval; + break; } if (!error) inp->inp_secrequire = get_sa_require(inp); @@ -1318,6 +1328,7 @@ ip_ctloutput(op, so, level, optname, mp) case IP_AUTH_LEVEL: case IP_ESP_TRANS_LEVEL: case IP_ESP_NETWORK_LEVEL: + case IP_IPCOMP_LEVEL: #ifndef IPSEC m->m_len = sizeof(int); *mtod(m, int *) = IPSEC_LEVEL_NONE; @@ -1335,6 +1346,9 @@ ip_ctloutput(op, so, level, optname, mp) case IP_ESP_NETWORK_LEVEL: optval = inp->inp_seclevel[SL_ESP_NETWORK]; break; + case IP_IPCOMP_LEVEL: + optval = inp->inp_seclevel[SL_IPCOMP]; + break; } *mtod(m, int *) = optval; #endif |