From: patrick Date: Tue, 5 Dec 2017 09:06:53 +0000 (+0000) Subject: When sending out a proposal we create an SA/SPI for the Child SAs if we X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=99f2fe774a96792a28bd9d5f11fff50cff036c93;p=openbsd When sending out a proposal we create an SA/SPI for the Child SAs if we are an initiator and store the information on the proposal, because we only had one proposal so far. This changes the code to only create one SA on the first proposal and then apply the SPI to all other proposals as well. ok markus@ --- diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 70f329665cb..411c6751c37 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.163 2017/12/04 14:35:03 patrick Exp $ */ +/* $OpenBSD: ikev2.c,v 1.164 2017/12/05 09:06:53 patrick Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -1971,7 +1971,7 @@ ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf, struct iked_childsa csa; ssize_t length = 0, saplength, xflen; uint64_t spi64; - uint32_t spi32, spi; + uint32_t spi32, spi = 0; unsigned int i, xfi, nxforms; TAILQ_FOREACH(prop, proposals, prop_entry) { @@ -1980,14 +1980,16 @@ ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf, continue; if (protoid != IKEV2_SAPROTO_IKE && initiator) { - bzero(&csa, sizeof(csa)); - csa.csa_ikesa = sa; - csa.csa_saproto = prop->prop_protoid; - csa.csa_local = &sa->sa_peer; - csa.csa_peer = &sa->sa_local; - - if (pfkey_sa_init(env->sc_pfkey, &csa, &spi) == -1) - return (-1); + if (spi == 0) { + bzero(&csa, sizeof(csa)); + csa.csa_ikesa = sa; + csa.csa_saproto = prop->prop_protoid; + csa.csa_local = &sa->sa_peer; + csa.csa_peer = &sa->sa_local; + + if (pfkey_sa_init(env->sc_pfkey, &csa, &spi) == -1) + return (-1); + } prop->prop_localspi.spi = spi; prop->prop_localspi.spi_size = 4;