Don't forget about protocol specification when configuring flows.

Tested by and OK claudio.

diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y
index 6a2c570..a792341 100644 (file)
--- a/sbin/iked/parse.y
+++ b/sbin/iked/parse.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parse.y,v 1.42 2014/11/20 05:51:20 jsg Exp $  */
+/*     $OpenBSD: parse.y,v 1.43 2015/01/12 11:24:58 mikeb Exp $        */
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -2623,6 +2623,8 @@ create_ike(char *name, int af, u_int8_t ipproto, struct ipsec_hosts *hosts,
                flows[j].flow_dst.addr_net = ipb->netaddress;
                flows[j].flow_dst.addr_port = hosts->dport;
 
+               flows[j].flow_ipproto = ipproto;
+
                pol.pol_nflows++;
                RB_INSERT(iked_flows, &pol.pol_flows, &flows[j]);
        }