diff options
-rw-r--r-- | sbin/isakmpd/isakmpd.policy.5 | 8 | ||||
-rw-r--r-- | sbin/isakmpd/policy.c | 33 |
2 files changed, 39 insertions, 2 deletions
diff --git a/sbin/isakmpd/isakmpd.policy.5 b/sbin/isakmpd/isakmpd.policy.5 index ac763567f71..a65cf5e6375 100644 --- a/sbin/isakmpd/isakmpd.policy.5 +++ b/sbin/isakmpd/isakmpd.policy.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.policy.5,v 1.25 2001/12/21 11:41:50 mpech Exp $ +.\" $OpenBSD: isakmpd.policy.5,v 1.26 2002/06/15 19:27:06 angelos Exp $ .\" $EOM: isakmpd.policy.5,v 1.24 2000/11/23 12:55:25 niklas Exp $ .\" .\" Copyright (c) 1999-2001, Angelos D. Keromytis. All rights reserved. @@ -383,6 +383,12 @@ Set to or .Va transport , based on the AH, ESP, and compression proposal. +.It ah_ecn, esp_ecn, comp_ecn +Set to +.Va yes +or +.Va no , +based on whether ECN was requested for the IPsec tunnel. .It comp_dict_size Specifies the log2 maximum size of the dictionary, according to the compression proposal. diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index 0b50c6ed054..32156b739b4 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.54 2002/06/10 18:08:58 ho Exp $ */ +/* $OpenBSD: policy.c,v 1.55 2002/06/15 19:27:06 angelos Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -148,6 +148,7 @@ policy_callback (char *name) static char *comp_alg, ah_life_kbytes[PMAX], ah_life_seconds[PMAX]; static char esp_life_kbytes[PMAX], esp_life_seconds[PMAX]; static char comp_life_kbytes[PMAX]; + static char *ah_ecn, *esp_ecn, *comp_ecn; static char comp_life_seconds[PMAX], *ah_encapsulation, *esp_encapsulation; static char *comp_encapsulation, ah_key_length[PMAX], esp_key_length[PMAX]; static char ah_key_rounds[PMAX], esp_key_rounds[PMAX], comp_dict_size[PMAX]; @@ -180,6 +181,7 @@ policy_callback (char *name) esp_present = ah_present = comp_present = pfs = "no"; ah_hash_alg = ah_auth_alg = phase_1 = ""; esp_auth_alg = esp_enc_alg = comp_alg = ah_encapsulation = ""; + ah_ecn = esp_ecn = comp_ecn = "no"; esp_encapsulation = comp_encapsulation = remote_filter_type = ""; local_filter_type = remote_id_type = initiator = ""; remote_filter_proto = local_filter_proto = remote_id_proto = ""; @@ -472,6 +474,23 @@ policy_callback (char *name) } break; + case IPSEC_ATTR_ECN_TUNNEL: + if (decode_16 (value)) + switch (proto->proto) + { + case IPSEC_PROTO_IPSEC_AH: + ah_ecn = "yes"; + break; + + case IPSEC_PROTO_IPSEC_ESP: + esp_ecn = "yes"; + break; + + case IPSEC_PROTO_IPCOMP: + comp_ecn = "yes"; + break; + } + case IPSEC_ATTR_ENCAPSULATION_MODE: if (decode_16 (value) == IPSEC_ENCAP_TUNNEL) switch (proto->proto) @@ -1530,6 +1549,9 @@ policy_callback (char *name) LOG_DBG ((LOG_POLICY, 80, "ah_group_desc == %s", ah_group_desc)); LOG_DBG ((LOG_POLICY, 80, "esp_group_desc == %s", esp_group_desc)); LOG_DBG ((LOG_POLICY, 80, "comp_group_desc == %s", comp_group_desc)); + LOG_DBG ((LOG_POLICY, 80, "ah_ecn == %s", ah_ecn)); + LOG_DBG ((LOG_POLICY, 80, "esp_ecn == %s", esp_ecn)); + LOG_DBG ((LOG_POLICY, 80, "comp_ecn == %s", comp_ecn)); LOG_DBG ((LOG_POLICY, 80, "remote_filter_type == %s", remote_filter_type)); LOG_DBG ((LOG_POLICY, 80, "remote_filter_addr_upper == %s", @@ -1749,6 +1771,15 @@ policy_callback (char *name) if (strcmp (name, "comp_group_desc") == 0) return comp_group_desc; + if (strcmp (name, "comp_ecn") == 0) + return comp_ecn; + + if (strcmp (name, "ah_ecn") == 0) + return ah_ecn; + + if (strcmp (name, "esp_ecn") == 0) + return esp_ecn; + return ""; bad: |