summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/isakmpd/isakmpd.policy.58
-rw-r--r--sbin/isakmpd/policy.c33
2 files changed, 39 insertions, 2 deletions
diff --git a/sbin/isakmpd/isakmpd.policy.5 b/sbin/isakmpd/isakmpd.policy.5
index ac763567f71..a65cf5e6375 100644
--- a/sbin/isakmpd/isakmpd.policy.5
+++ b/sbin/isakmpd/isakmpd.policy.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: isakmpd.policy.5,v 1.25 2001/12/21 11:41:50 mpech Exp $
+.\" $OpenBSD: isakmpd.policy.5,v 1.26 2002/06/15 19:27:06 angelos Exp $
.\" $EOM: isakmpd.policy.5,v 1.24 2000/11/23 12:55:25 niklas Exp $
.\"
.\" Copyright (c) 1999-2001, Angelos D. Keromytis. All rights reserved.
@@ -383,6 +383,12 @@ Set to
or
.Va transport ,
based on the AH, ESP, and compression proposal.
+.It ah_ecn, esp_ecn, comp_ecn
+Set to
+.Va yes
+or
+.Va no ,
+based on whether ECN was requested for the IPsec tunnel.
.It comp_dict_size
Specifies the log2 maximum size of the dictionary, according to the
compression proposal.
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index 0b50c6ed054..32156b739b4 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.54 2002/06/10 18:08:58 ho Exp $ */
+/* $OpenBSD: policy.c,v 1.55 2002/06/15 19:27:06 angelos Exp $ */
/* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
/*
@@ -148,6 +148,7 @@ policy_callback (char *name)
static char *comp_alg, ah_life_kbytes[PMAX], ah_life_seconds[PMAX];
static char esp_life_kbytes[PMAX], esp_life_seconds[PMAX];
static char comp_life_kbytes[PMAX];
+ static char *ah_ecn, *esp_ecn, *comp_ecn;
static char comp_life_seconds[PMAX], *ah_encapsulation, *esp_encapsulation;
static char *comp_encapsulation, ah_key_length[PMAX], esp_key_length[PMAX];
static char ah_key_rounds[PMAX], esp_key_rounds[PMAX], comp_dict_size[PMAX];
@@ -180,6 +181,7 @@ policy_callback (char *name)
esp_present = ah_present = comp_present = pfs = "no";
ah_hash_alg = ah_auth_alg = phase_1 = "";
esp_auth_alg = esp_enc_alg = comp_alg = ah_encapsulation = "";
+ ah_ecn = esp_ecn = comp_ecn = "no";
esp_encapsulation = comp_encapsulation = remote_filter_type = "";
local_filter_type = remote_id_type = initiator = "";
remote_filter_proto = local_filter_proto = remote_id_proto = "";
@@ -472,6 +474,23 @@ policy_callback (char *name)
}
break;
+ case IPSEC_ATTR_ECN_TUNNEL:
+ if (decode_16 (value))
+ switch (proto->proto)
+ {
+ case IPSEC_PROTO_IPSEC_AH:
+ ah_ecn = "yes";
+ break;
+
+ case IPSEC_PROTO_IPSEC_ESP:
+ esp_ecn = "yes";
+ break;
+
+ case IPSEC_PROTO_IPCOMP:
+ comp_ecn = "yes";
+ break;
+ }
+
case IPSEC_ATTR_ENCAPSULATION_MODE:
if (decode_16 (value) == IPSEC_ENCAP_TUNNEL)
switch (proto->proto)
@@ -1530,6 +1549,9 @@ policy_callback (char *name)
LOG_DBG ((LOG_POLICY, 80, "ah_group_desc == %s", ah_group_desc));
LOG_DBG ((LOG_POLICY, 80, "esp_group_desc == %s", esp_group_desc));
LOG_DBG ((LOG_POLICY, 80, "comp_group_desc == %s", comp_group_desc));
+ LOG_DBG ((LOG_POLICY, 80, "ah_ecn == %s", ah_ecn));
+ LOG_DBG ((LOG_POLICY, 80, "esp_ecn == %s", esp_ecn));
+ LOG_DBG ((LOG_POLICY, 80, "comp_ecn == %s", comp_ecn));
LOG_DBG ((LOG_POLICY, 80, "remote_filter_type == %s",
remote_filter_type));
LOG_DBG ((LOG_POLICY, 80, "remote_filter_addr_upper == %s",
@@ -1749,6 +1771,15 @@ policy_callback (char *name)
if (strcmp (name, "comp_group_desc") == 0)
return comp_group_desc;
+ if (strcmp (name, "comp_ecn") == 0)
+ return comp_ecn;
+
+ if (strcmp (name, "ah_ecn") == 0)
+ return ah_ecn;
+
+ if (strcmp (name, "esp_ecn") == 0)
+ return esp_ecn;
+
return "";
bad: