IPSEC ESP NULL no longer works in -CURRENT
Bruce M Simpson
bms at spc.org
Thu May 13 07:56:19 PDT 2004
On Thu, May 13, 2004 at 01:13:02PM +0000, Bjoern A. Zeeb wrote:
> setkey is broken imho; check the racoon mailing list archive of
> March/April; a fix had been posted there.
Thank you. I generated a patch against HEAD from the patch which was posted
to the racoon list here:
http://www.kame.net/racoon/racoon-ml/msg00427.html
I shall commit this unless there are any objections.
Regards,
BMS
-------------- next part --------------
Index: parse.y
===================================================================
RCS file: /home/ncvs/src/usr.sbin/setkey/parse.y,v
retrieving revision 1.6
diff -u -r1.6 parse.y
--- parse.y 31 Mar 2004 18:38:02 -0000 1.6
+++ parse.y 13 May 2004 14:51:01 -0000
@@ -322,7 +322,12 @@
p_alg_enc = $1;
p_key_enc_len = 0;
- p_key_enc = NULL;
+ p_key_enc = "";
+ if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
+ p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
+ yyerror(ipsec_strerror());
+ return -1;
+ }
}
| ALG_ENC key_string {
if ($1 < 0) {
More information about the freebsd-current
mailing list