From 99f2fe774a96792a28bd9d5f11fff50cff036c93 Mon Sep 17 00:00:00 2001 From: patrick Date: Tue, 5 Dec 2017 09:06:53 +0000 Subject: [PATCH] When sending out a proposal we create an SA/SPI for the Child SAs if we are an initiator and store the information on the proposal, because we only had one proposal so far. This changes the code to only create one SA on the first proposal and then apply the SPI to all other proposals as well. ok markus@ --- sbin/iked/ikev2.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 70f329665cb..411c6751c37 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.163 2017/12/04 14:35:03 patrick Exp $ */ +/* $OpenBSD: ikev2.c,v 1.164 2017/12/05 09:06:53 patrick Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -1971,7 +1971,7 @@ ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf, struct iked_childsa csa; ssize_t length = 0, saplength, xflen; uint64_t spi64; - uint32_t spi32, spi; + uint32_t spi32, spi = 0; unsigned int i, xfi, nxforms; TAILQ_FOREACH(prop, proposals, prop_entry) { @@ -1980,14 +1980,16 @@ ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf, continue; if (protoid != IKEV2_SAPROTO_IKE && initiator) { - bzero(&csa, sizeof(csa)); - csa.csa_ikesa = sa; - csa.csa_saproto = prop->prop_protoid; - csa.csa_local = &sa->sa_peer; - csa.csa_peer = &sa->sa_local; - - if (pfkey_sa_init(env->sc_pfkey, &csa, &spi) == -1) - return (-1); + if (spi == 0) { + bzero(&csa, sizeof(csa)); + csa.csa_ikesa = sa; + csa.csa_saproto = prop->prop_protoid; + csa.csa_local = &sa->sa_peer; + csa.csa_peer = &sa->sa_local; + + if (pfkey_sa_init(env->sc_pfkey, &csa, &spi) == -1) + return (-1); + } prop->prop_localspi.spi = spi; prop->prop_localspi.spi_size = 4; -- 2.20.1