3 files changed, 16 insertions, 10 deletions

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 44d73be335d..b0d468237de 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.82 2002/05/31 01:42:17 angelos Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.83 2002/06/07 04:47:06 ho Exp $ */
 
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) 17 January 1995
@@ -921,11 +921,13 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 	    /* Either all or none of the flow must be included */
 	    if ((headers[SADB_X_EXT_SRC_FLOW] ||
 		headers[SADB_X_EXT_PROTOCOL] ||
+		headers[SADB_X_EXT_FLOW_TYPE] ||
 		headers[SADB_X_EXT_DST_FLOW] ||
 		headers[SADB_X_EXT_SRC_MASK] ||
 		headers[SADB_X_EXT_DST_MASK]) &&
 		!(headers[SADB_X_EXT_SRC_FLOW] &&
 		headers[SADB_X_EXT_PROTOCOL] &&
+		headers[SADB_X_EXT_FLOW_TYPE] &&
 		headers[SADB_X_EXT_DST_FLOW] &&
 		headers[SADB_X_EXT_SRC_MASK] &&
 		headers[SADB_X_EXT_DST_MASK]))
@@ -1000,7 +1002,8 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 		import_flow(&newsa->tdb_filter, &newsa->tdb_filtermask,
 		    headers[SADB_X_EXT_SRC_FLOW], headers[SADB_X_EXT_SRC_MASK],
 		    headers[SADB_X_EXT_DST_FLOW], headers[SADB_X_EXT_DST_MASK],
-		    headers[SADB_X_EXT_PROTOCOL]);
+		    headers[SADB_X_EXT_PROTOCOL],
+		    headers[SADB_X_EXT_FLOW_TYPE]);
 
 		headers[SADB_EXT_KEY_AUTH] = NULL;
 		headers[SADB_EXT_KEY_ENCRYPT] = NULL;
@@ -1061,11 +1064,13 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 	    /* Either all or none of the flow must be included */
 	    if ((headers[SADB_X_EXT_SRC_FLOW] ||
 		headers[SADB_X_EXT_PROTOCOL] ||
+		headers[SADB_X_EXT_FLOW_TYPE] ||
 		headers[SADB_X_EXT_DST_FLOW] ||
 		headers[SADB_X_EXT_SRC_MASK] ||
 		headers[SADB_X_EXT_DST_MASK]) &&
 		!(headers[SADB_X_EXT_SRC_FLOW] &&
 		headers[SADB_X_EXT_PROTOCOL] &&
+		headers[SADB_X_EXT_FLOW_TYPE] &&
 		headers[SADB_X_EXT_DST_FLOW] &&
 		headers[SADB_X_EXT_SRC_MASK] &&
 		headers[SADB_X_EXT_DST_MASK]))
@@ -1146,7 +1151,8 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 		import_flow(&newsa->tdb_filter, &newsa->tdb_filtermask,
 		    headers[SADB_X_EXT_SRC_FLOW], headers[SADB_X_EXT_SRC_MASK],
 		    headers[SADB_X_EXT_DST_FLOW], headers[SADB_X_EXT_DST_MASK],
-		    headers[SADB_X_EXT_PROTOCOL]);
+		    headers[SADB_X_EXT_PROTOCOL],
+		    headers[SADB_X_EXT_FLOW_TYPE]);
 
 		headers[SADB_EXT_KEY_AUTH] = NULL;
 		headers[SADB_EXT_KEY_ENCRYPT] = NULL;
@@ -1463,7 +1469,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 	    import_flow(&encapdst, &encapnetmask,
 		headers[SADB_X_EXT_SRC_FLOW], headers[SADB_X_EXT_SRC_MASK],
 		headers[SADB_X_EXT_DST_FLOW], headers[SADB_X_EXT_DST_MASK],
-		headers[SADB_X_EXT_PROTOCOL]);
+		headers[SADB_X_EXT_PROTOCOL], headers[SADB_X_EXT_FLOW_TYPE]);
 
 	    /* Determine whether the exact same SPD entry already exists. */
 	    bzero(&encapgw, sizeof(struct sockaddr_encap));
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index a8018675eab..a8adfbcfd3d 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.h,v 1.42 2002/05/31 01:39:05 angelos Exp $ */
+/* $OpenBSD: pfkeyv2.h,v 1.43 2002/06/07 04:47:06 ho Exp $ */
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) January 1998
  * 
@@ -432,6 +432,6 @@ void import_credentials(struct tdb *, struct sadb_x_cred *, int);
 void import_sa(struct tdb *, struct sadb_sa *, struct ipsecinit *);
 void import_flow(struct sockaddr_encap *, struct sockaddr_encap *,
     struct sadb_address *, struct sadb_address *, struct sadb_address *,
-    struct sadb_address *, struct sadb_protocol *);
+    struct sadb_address *, struct sadb_protocol *, struct sadb_protocol *);
 #endif /* _KERNEL */
 #endif /* _NET_PFKEY_V2_H_ */
diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c
index c891c336d30..bf2562fcd55 100644
--- a/sys/net/pfkeyv2_convert.c
+++ b/sys/net/pfkeyv2_convert.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkeyv2_convert.c,v 1.9 2002/06/07 01:51:54 ho Exp $	*/
+/*	$OpenBSD: pfkeyv2_convert.c,v 1.10 2002/06/07 04:47:06 ho Exp $	*/
 /*
  * The author of this code is Angelos D. Keromytis (angelos@keromytis.org)
  *
@@ -389,7 +389,7 @@ void
 import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask,
     struct sadb_address *ssrc, struct sadb_address *ssrcmask,
     struct sadb_address *ddst, struct sadb_address *ddstmask,
-    struct sadb_protocol *sab)
+    struct sadb_protocol *sab, struct sadb_protocol *ftype)
 {
 	u_int8_t transproto = 0;
 	union sockaddr_union *src = (union sockaddr_union *)(ssrc + 1);
@@ -431,7 +431,7 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask,
 #ifdef INET
 	case AF_INET:
 		flow->sen_type = SENT_IP4;
-		flow->sen_direction = sab->sadb_protocol_direction;
+		flow->sen_direction = ftype->sadb_protocol_direction;
 		flow->sen_ip_src = src->sin.sin_addr;
 		flow->sen_ip_dst = dst->sin.sin_addr;
 		flow->sen_proto = transproto;
@@ -452,7 +452,7 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask,
 #ifdef INET6
 	case AF_INET6:
 		flow->sen_type = SENT_IP6;
-		flow->sen_ip6_direction = sab->sadb_protocol_direction;
+		flow->sen_ip6_direction = ftype->sadb_protocol_direction;
 		flow->sen_ip6_src = src->sin6.sin6_addr;
 		flow->sen_ip6_dst = dst->sin6.sin6_addr;
 		flow->sen_ip6_proto = transproto;