diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2007-07-30 11:44:00 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2007-07-30 11:44:00 +0000 |
| commit | 61c5794e357f1b86cd14f3590930261ceb0ec055 (patch) | |
| tree | 4f6ac534ed99efddf03da4208340efe5286965c3 /sys | |
| parent | e7db4966f96a9de5cfd46d8c61c75ce28a7ea3dc (diff) | |
With adding ipsec tags and exporting flow filters via sysctl SADB_GET
needs to be allowed to export that information too. Thus, adjust
sadb_exts_allowed_out[] accordingly.
This fixes isakmpd not being able to get the in-kernel last-used-counters
of SAs, which are needed for DPD.
ok ho@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pfkeyv2_parsemessage.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c index 9018fcfbc86..ba3b743a286 100644 --- a/sys/net/pfkeyv2_parsemessage.c +++ b/sys/net/pfkeyv2_parsemessage.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.41 2006/11/24 13:52:14 reyk Exp $ */ +/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.42 2007/07/30 11:43:59 hshoexer Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -217,7 +217,7 @@ uint64_t sadb_exts_allowed_out[SADB_MAX+1] = /* DELETE */ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST, /* GET */ - BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE, + BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_FLOW_TYPE | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG, /* ACQUIRE */ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL | BITMAP_X_CREDENTIALS, /* REGISTER */ |