diff options
Diffstat (limited to 'sbin/isakmpd/ike_phase_1.c')
-rw-r--r-- | sbin/isakmpd/ike_phase_1.c | 49 |
1 files changed, 47 insertions, 2 deletions
diff --git a/sbin/isakmpd/ike_phase_1.c b/sbin/isakmpd/ike_phase_1.c index 010d71cdd18..6077b6ed3cd 100644 --- a/sbin/isakmpd/ike_phase_1.c +++ b/sbin/isakmpd/ike_phase_1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_phase_1.c,v 1.50 2004/06/14 09:55:41 ho Exp $ */ +/* $OpenBSD: ike_phase_1.c,v 1.51 2004/06/20 15:24:05 ho Exp $ */ /* $EOM: ike_phase_1.c,v 1.31 2000/12/11 23:47:56 niklas Exp $ */ /* @@ -45,6 +45,9 @@ #include "crypto.h" #include "dh.h" #include "doi.h" +#ifdef USE_DPD +#include "dpd.h" +#endif #include "exchange.h" #include "hash.h" #include "ike_auth.h" @@ -55,6 +58,9 @@ #include "log.h" #include "math_group.h" #include "message.h" +#if defined (USE_NAT_TRAVERSAL) +#include "nat_traversal.h" +#endif #include "prf.h" #include "sa.h" #include "transport.h" @@ -359,6 +365,18 @@ ike_phase_1_initiator_send_SA(struct message *msg) transforms_len += transform_len[i]; } +#if defined (USE_NAT_TRAVERSAL) + /* Advertise NAT-T capability. */ + if (nat_t_add_vendor_payloads(msg)) + goto bail_out; +#endif + +#if defined (USE_DPD) + /* Advertise DPD capability. */ + if (dpd_add_vendor_payload(msg)) + goto bail_out; +#endif + conf_free_list(conf); free(transform); free(transform_len); @@ -511,7 +529,21 @@ int ike_phase_1_responder_send_SA(struct message *msg) { /* Add the SA payload with the transform that was chosen. */ - return message_add_sa_payload(msg); + if (message_add_sa_payload(msg)) + return -1; + +#if defined (USE_NAT_TRAVERSAL) + /* Advertise NAT-T capability. */ + if (nat_t_add_vendor_payloads(msg)) + return -1; +#endif + +#if defined (USE_DPD) + /* Advertise DPD capability. */ + if (dpd_add_vendor_payload(msg)) + return -1; +#endif + return 0; } /* Send our public DH value and a nonce to the peer. */ @@ -533,6 +565,14 @@ ike_phase_1_send_KE_NONCE(struct message *msg, size_t nonce_sz) /* XXX Log? */ return -1; } +#if defined (USE_NAT_TRAVERSAL) + /* If this exchange uses NAT-Traversal, add NAT-D payloads now. */ + if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_CAP_PEER) + if (nat_t_exchange_add_nat_d(msg)) { + /* XXX Log? */ + return -1; + } +#endif return 0; } @@ -555,6 +595,11 @@ ike_phase_1_recv_KE_NONCE(struct message *msg) /* XXX How to log and notify peer? */ return -1; } +#if defined (USE_NAT_TRAVERSAL) + /* Check NAT-D payloads and contents. */ + if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_CAP_PEER) + (void)nat_t_exchange_check_nat_d(msg); +#endif return 0; } |