diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-01-11 03:10:05 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-01-11 03:10:05 +0000 |
| commit | 90ce7e3b18c166f70cc5db547a8934634ce4cb9e (patch) | |
| tree | d98584e524907b915dbb4adaf1db5ecc90384d46 /sys/netinet | |
| parent | 6898663d760593141b941ef631b96d31ad94609b (diff) | |
Correct sa_require handling.
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_ipsp.c | 11 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 4 |
2 files changed, 10 insertions, 5 deletions
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index 0ba921b20cd..bca994aa8f8 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.72 2000/01/11 01:39:10 angelos Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.73 2000/01/11 03:10:04 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -366,7 +366,7 @@ check_ipsec_policy(struct inpcb *inp, void *daddr) /* Initialize TDB for PF_KEY notification */ bzero(&tdb2, sizeof(tdb2)); - tdb2.tdb_satype = get_sa_require(inp); + sa_require = get_sa_require(inp); /* Check for PFS */ if (ipsec_require_pfs) @@ -397,8 +397,10 @@ check_ipsec_policy(struct inpcb *inp, void *daddr) if (ipsec_exp_first_use > 0) tdb2.tdb_exp_first_use = ipsec_exp_first_use; - if (tdb2.tdb_satype & NOTIFY_SATYPE_CONF) + if (sa_require & NOTIFY_SATYPE_CONF) { + tdb2.tdb_satype = SADB_SATYPE_ESP; + if (!strncasecmp(ipsec_def_enc, "des", sizeof("des"))) tdb2.tdb_encalgxform = &enc_xform_des; else @@ -418,6 +420,9 @@ check_ipsec_policy(struct inpcb *inp, void *daddr) if (tdb2.tdb_satype & NOTIFY_SATYPE_AUTH) { + if (!(sa_require & NOTIFY_SATYPE_CONF)) + tdb2.tdb_satype = SADB_SATYPE_AH; + if (!strncasecmp(ipsec_def_auth, "hmac-md5", sizeof("hmac-md5"))) tdb2.tdb_authalgxform = &auth_hash_hmac_md5_96; else diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 81b031a9128..e4fb895561a 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.63 2000/01/11 01:03:23 angelos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.64 2000/01/11 03:10:04 angelos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -514,7 +514,7 @@ sendit: /* Default entry is for ESP */ sa_require = NOTIFY_SATYPE_CONF | NOTIFY_SATYPE_AUTH; - tdb2.tdb_satype = sa_require; + tdb2.tdb_satype = SADB_SATYPE_ESP; } else { if (tdb->tdb_authalgxform) sa_require = NOTIFY_SATYPE_AUTH; |