summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2000-01-10 05:35:10 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2000-01-10 05:35:10 +0000
commita9c9eba7d990a7fe23957e0bb0ec845360c02e47 (patch)
treec5ab75262fdd1d0150fd494ab872b2d6e5348cbf /sys
parent96e025573939dd90b8d0111523a4104c352b3679 (diff)
Some more code for dealing with socket IPsec options.
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_ipsp.c43
1 files changed, 41 insertions, 2 deletions
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index 04df85da61e..1b1d52b95b3 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.c,v 1.67 2000/01/10 04:37:42 angelos Exp $ */
+/* $OpenBSD: ip_ipsp.c,v 1.68 2000/01/10 05:35:09 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -365,7 +365,46 @@ check_ipsec_policy(struct inpcb *inp, void *daddr)
}
/* Initialize TDB for PF_KEY notification */
- /* XXX */
+ bzero(&tdb2, sizeof(tdb2));
+ tdb2.tdb_satype = get_sa_require(inp);
+
+ /* Always require PFS */
+ tdb2.tdb_flags |= TDBF_PFS; /* XXX Make this configurable */
+
+ /*
+ * XXX Initialize:
+ * XXX - Lifetime values
+ * XXX - encalgxform/authalgxform
+ * XXX from sysctl-controlled defaults
+ */
+
+ /* XXX Initialize src_id/dst_id */
+
+#ifdef INET
+ if (!(inp->inp_flags & INP_IPV6))
+ {
+ tdb2.tdb_src.sin.sin_family = AF_INET;
+ tdb2.tdb_src.sin.sin_len = sizeof(struct sockaddr_in);
+ tdb2.tdb_src.sin.sin_addr = inp->inp_laddr;
+
+ tdb2.tdb_dst.sin.sin_family = AF_INET;
+ tdb2.tdb_dst.sin.sin_len = sizeof(struct sockaddr_in);
+ tdb2.tdb_dst.sin.sin_addr = inp->inp_faddr;
+ }
+#endif /* INET */
+
+#ifdef INET6
+ if (inp->inp_flags & INP_IPV6)
+ {
+ tdb2.tdb_src.sin6.sin6_family = AF_INET6;
+ tdb2.tdb_src.sin6.sin6_len = sizeof(struct sockaddr_in6);
+ tdb2.tdb_src.sin6.sin6_addr = inp->inp_laddr6;
+
+ tdb2.tdb_dst.sin6.sin6_family = AF_INET6;
+ tdb2.tdb_dst.sin6.sin6_len = sizeof(struct sockaddr_in6);
+ tdb2.tdb_dst.sin6.sin6_addr = inp->inp_faddr6;
+ }
+#endif /* INET6 */
/* Send PF_KEYv2 Notify */
if ((error = pfkeyv2_acquire(&tdb2, 0)) != 0)