From 7fbffbaf7e3799b9cd7a8945cea919cc091ca8d1 Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Fri, 24 Nov 2006 13:52:15 +0000 Subject: add support to tag ipsec traffic belonging to specific IKE-initiated phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@ --- sbin/ipsecctl/ipsecctl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sbin/ipsecctl/ipsecctl.h') diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h index 27e84bd5850..fac2fee8882 100644 --- a/sbin/ipsecctl/ipsecctl.h +++ b/sbin/ipsecctl/ipsecctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.h,v 1.50 2006/11/01 03:10:02 mcbride Exp $ */ +/* $OpenBSD: ipsecctl.h,v 1.51 2006/11/24 13:52:13 reyk Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer * @@ -181,6 +181,7 @@ struct ipsec_rule { struct ipsec_key *authkey; struct ipsec_key *enckey; + char *tag; /* pf tag for SAs */ u_int8_t satype; /* encapsulating prococol */ u_int8_t proto; /* encapsulated protocol */ u_int8_t proto2; -- cgit v1.2.3