From 2da34831d9bea1ffd5b9ac8d32836295dcaac6ea Mon Sep 17 00:00:00 2001 From: Hans-Joerg Hoexer Date: Mon, 19 Feb 2007 09:43:35 +0000 Subject: isakmpd bits for ESP+NULL encryption. This is useful, when AH can not be used (when being behind NAT). With Martin Hedenfalk , thanks! --- sbin/isakmpd/conf.c | 6 +++--- sbin/isakmpd/pf_key_v2.c | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'sbin/isakmpd') diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c index 2dc97bfefad..26a90d02a34 100644 --- a/sbin/isakmpd/conf.c +++ b/sbin/isakmpd/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.92 2006/08/29 08:51:28 hshoexer Exp $ */ +/* $OpenBSD: conf.c,v 1.93 2007/02/19 09:43:34 hshoexer Exp $ */ /* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */ /* @@ -467,9 +467,9 @@ conf_load_defaults(int tr) char *dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14", "-GRP15", 0}; char *qm_enc[] = {"DES", "3DES", "CAST", "BLOWFISH", "AES", - "AES_128_CTR", "NONE", 0}; + "AES_128_CTR", "NULL", "NONE", 0}; char *qm_enc_p[] = {"-DES", "-3DES", "-CAST", "-BLF", "-AES", - "-AESCTR", "", 0}; + "-AESCTR", "-NULL", "", 0}; char *qm_hash[] = {"HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD", "HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512", "NONE", 0}; diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index 15b7cc104e7..7390673bce8 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.177 2006/11/24 13:52:14 reyk Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.178 2007/02/19 09:43:34 hshoexer Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -954,6 +954,10 @@ pf_key_v2_set_spi(struct sa *sa, struct proto *proto, int incoming, ssa.sadb_sa_encrypt = SADB_X_EALG_BLF; break; + case IPSEC_ESP_NULL: + ssa.sadb_sa_encrypt = SADB_EALG_NULL; + break; + default: LOG_DBG((LOG_SYSDEP, 50, "pf_key_v2_set_spi: " "unknown encryption algorithm %d", proto->id)); -- cgit v1.2.3