artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0313ffb)
The RFC specifies that in an SA payload the proposals must be numbered
authorpatrick <patrick@openbsd.org>
Fri, 1 Dec 2017 20:19:05 +0000 (20:19 +0000)
committerpatrick <patrick@openbsd.org>
Fri, 1 Dec 2017 20:19:05 +0000 (20:19 +0000)
starting with number 1.  Subsequent proposals must be one more than the
previous proposal.

ok sthen@

sbin/iked/parse.y patch | blob | history

diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y
index 5a38333..58b12e6 100644 (file)
--- a/sbin/iked/parse.y
+++ b/sbin/iked/parse.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parse.y,v 1.67 2017/11/27 18:39:35 patrick Exp $      */
+/*     $OpenBSD: parse.y,v 1.68 2017/12/01 20:19:05 patrick Exp $      */
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -2589,6 +2589,7 @@ create_ike(char *name, int af, uint8_t ipproto, struct ipsec_hosts *hosts,
        struct iked_policy       pol;
        struct iked_proposal     prop[2];
        unsigned int             j;
+       unsigned int             ikepropid = 1, ipsecpropid = 1;
        struct iked_transform    ikexforms[64], ipsecxforms[64];
        struct iked_flow         flows[64];
        static unsigned int      policy_id = 0;
@@ -2719,7 +2720,7 @@ create_ike(char *name, int af, uint8_t ipproto, struct ipsec_hosts *hosts,
        TAILQ_INIT(&pol.pol_proposals);
        RB_INIT(&pol.pol_flows);
 
-       prop[0].prop_id = ++pol.pol_nproposals;
+       prop[0].prop_id = ikepropid++;
        prop[0].prop_protoid = IKEV2_SAPROTO_IKE;
        if (ike_sa == NULL || ike_sa->xfs == NULL) {
                prop[0].prop_nxforms = ikev2_default_nike_transforms;
@@ -2750,8 +2751,9 @@ create_ike(char *name, int af, uint8_t ipproto, struct ipsec_hosts *hosts,
                prop[0].prop_xforms = ikexforms;
        }
        TAILQ_INSERT_TAIL(&pol.pol_proposals, &prop[0], prop_entry);
+       pol.pol_nproposals++;
 
-       prop[1].prop_id = ++pol.pol_nproposals;
+       prop[1].prop_id = ipsecpropid++;
        prop[1].prop_protoid = saproto;
        if (ipsec_sa == NULL || ipsec_sa->xfs == NULL) {
                prop[1].prop_nxforms = ikev2_default_nesp_transforms;
@@ -2790,6 +2792,7 @@ create_ike(char *name, int af, uint8_t ipproto, struct ipsec_hosts *hosts,
                prop[1].prop_xforms = ipsecxforms;
        }
        TAILQ_INSERT_TAIL(&pol.pol_proposals, &prop[1], prop_entry);
+       pol.pol_nproposals++;
 
        if (hosts == NULL || hosts->src == NULL || hosts->dst == NULL)
                fatalx("create_ike: no traffic selectors/flows");
OpenBSD src
by Ahmet Artu Yildirim