diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2001-08-22 06:52:02 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2001-08-22 06:52:02 +0000 |
| commit | 4dae913ed92dc9cdd1aa96afa0f94a276467877c (patch) | |
| tree | 81844a1138fc7295364e78a42706d3d5b981663b /sys/netinet6/ip6_output.c | |
| parent | 88aed4e11fb9335bbedd2f30af187eb75d87fc84 (diff) | |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
Diffstat (limited to 'sys/netinet6/ip6_output.c')
| -rw-r--r-- | sys/netinet6/ip6_output.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 21e4b628dd6..60245ef8e8f 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.47 2001/08/21 06:53:36 angelos Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.48 2001/08/22 06:52:01 niklas Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -101,6 +101,7 @@ extern u_int8_t get_sa_require __P((struct inpcb *)); extern int ipsec_auth_default_level; extern int ipsec_esp_trans_default_level; extern int ipsec_esp_network_default_level; +extern int ipsec_ipcomp_default_level; #endif /* IPSEC */ struct ip6_exthdrs { @@ -1409,6 +1410,7 @@ ip6_ctloutput(op, so, level, optname, mp) case IPV6_AUTH_LEVEL: case IPV6_ESP_TRANS_LEVEL: case IPV6_ESP_NETWORK_LEVEL: + case IPV6_IPCOMP_LEVEL: #ifndef IPSEC error = EINVAL; #else @@ -1425,7 +1427,7 @@ ip6_ctloutput(op, so, level, optname, mp) } switch (optname) { - case IP_AUTH_LEVEL: + case IPV6_AUTH_LEVEL: if (optval < ipsec_auth_default_level && suser(p->p_ucred, &p->p_acflag)) { error = EACCES; @@ -1434,7 +1436,7 @@ ip6_ctloutput(op, so, level, optname, mp) inp->inp_seclevel[SL_AUTH] = optval; break; - case IP_ESP_TRANS_LEVEL: + case IPV6_ESP_TRANS_LEVEL: if (optval < ipsec_esp_trans_default_level && suser(p->p_ucred, &p->p_acflag)) { error = EACCES; @@ -1443,7 +1445,7 @@ ip6_ctloutput(op, so, level, optname, mp) inp->inp_seclevel[SL_ESP_TRANS] = optval; break; - case IP_ESP_NETWORK_LEVEL: + case IPV6_ESP_NETWORK_LEVEL: if (optval < ipsec_esp_network_default_level && suser(p->p_ucred, &p->p_acflag)) { error = EACCES; @@ -1451,6 +1453,15 @@ ip6_ctloutput(op, so, level, optname, mp) } inp->inp_seclevel[SL_ESP_NETWORK] = optval; break; + + case IPV6_IPCOMP_LEVEL: + if (optval < ipsec_ipcomp_default_level && + suser(p->p_ucred, &p->p_acflag)) { + error = EACCES; + break; + } + inp->inp_seclevel[SL_IPCOMP] = optval; + break; } if (!error) inp->inp_secrequire = get_sa_require(inp); |