From c9c21d97452061e55bd36ef1a7a7f8b8c95ac586 Mon Sep 17 00:00:00 2001 From: Niklas Hallqvist Date: Tue, 12 Dec 2000 01:46:30 +0000 Subject: Merge with EOM 1.73 author: angelos Pass the local/remote Phase 1 ID to the flow, so it can be reused when an SA is re-negotiated. author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs). --- sbin/isakmpd/pf_encap.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/sbin/isakmpd/pf_encap.c b/sbin/isakmpd/pf_encap.c index 7cf11a2f430..f25fb335b84 100644 --- a/sbin/isakmpd/pf_encap.c +++ b/sbin/isakmpd/pf_encap.c @@ -1,5 +1,5 @@ -/* $OpenBSD: pf_encap.c,v 1.17 2000/06/08 20:49:19 niklas Exp $ */ -/* $EOM: pf_encap.c,v 1.71 2000/05/12 12:41:23 ho Exp $ */ +/* $OpenBSD: pf_encap.c,v 1.18 2000/12/12 01:46:29 niklas Exp $ */ +/* $EOM: pf_encap.c,v 1.73 2000/12/04 04:46:34 angelos Exp $ */ /* * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. @@ -707,7 +707,7 @@ pf_encap_delete_spi (struct sa *sa, struct proto *proto, int incoming) /* Enable a flow given an SA. */ int -pf_encap_enable_sa (struct sa *sa) +pf_encap_enable_sa (struct sa *sa, struct sa *isakmp_sa) { struct ipsec_sa *isa = sa->data; struct sockaddr *dst; @@ -904,6 +904,8 @@ pf_encap_connection_check (char *conn) char *conf, *doi_str, *local_id, *remote_id, *peer, *address; struct in_addr laddr, lmask, raddr, rmask, gwaddr; int lid, rid, err; + u_int8_t tproto; + u_int16_t sport, dport; if (sa_lookup_by_name (conn, 2) || exchange_lookup_by_name (conn, 2)) { @@ -940,9 +942,9 @@ pf_encap_connection_check (char *conn) return; } - if (ipsec_get_id (local_id, &lid, &laddr, &lmask)) + if (ipsec_get_id (local_id, &lid, &laddr, &lmask, &tproto, &sport)) return; - if (ipsec_get_id (remote_id, &rid, &raddr, &rmask)) + if (ipsec_get_id (remote_id, &rid, &raddr, &rmask, &tproto, &dport)) return; peer = conf_get_str (conn, "ISAKMP-peer"); -- cgit v1.2.3