If we wanted to send out more proposals than just one, we need to set a

flag in the SA header that there is another proposal coming.  The "more"
attribute borrows its values, as specified in the RFC, from IKEv1.

ok sthen@

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 0b88d13..a3bfa1f 100644 (file)
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ikev2.c,v 1.161 2017/12/03 21:02:06 patrick Exp $     */
+/*     $OpenBSD: ikev2.c,v 1.162 2017/12/03 21:02:44 patrick Exp $     */
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -2023,6 +2023,7 @@ ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf,
                } else
                        nxforms = prop->prop_nxforms;
 
+               sap->sap_more = IKEV1_PAYLOAD_PROPOSAL;
                sap->sap_proposalnr = prop->prop_id;
                sap->sap_protoid = prop->prop_protoid;
                sap->sap_spisize = prop->prop_localspi.spi_size;
@@ -2066,6 +2067,8 @@ ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf,
                sap->sap_length = htobe16(saplength);
                length += saplength;
        }
+       if (sap != NULL)
+               sap->sap_more = IKEV1_PAYLOAD_NONE;
 
        log_debug("%s: length %zd", __func__, length);
 

diff --git a/sbin/iked/ikev2.h b/sbin/iked/ikev2.h
index 683fd47..48c6a6d 100644 (file)
--- a/sbin/iked/ikev2.h
+++ b/sbin/iked/ikev2.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ikev2.h,v 1.26 2017/03/27 10:06:41 reyk Exp $ */
+/*     $OpenBSD: ikev2.h,v 1.27 2017/12/03 21:02:44 patrick Exp $      */
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -527,4 +527,8 @@ struct ikev2_cfg {
 
 extern struct iked_constmap ikev2_cfg_map[];
 
+/* IKEv1 payload types */
+#define IKEV1_PAYLOAD_NONE     0       /* No payload */
+#define IKEV1_PAYLOAD_PROPOSAL 2       /* Proposal */
+
 #endif /* IKED_IKEV2_H */