diff options
| author |   hshoexer <hshoexer@openbsd.org> | 2007-07-30 11:43:59 +0000 |
|---|---|---|
| committer | hshoexer <hshoexer@openbsd.org> | 2007-07-30 11:43:59 +0000 |
| commit | ef53865254e1b9b108bc80dafb9b762a9b1577a5 (patch) | |
| tree | 06c8cfe0821b28684e2bffb7bf6c646104daa41e | |
| parent | introduce a Var_Substi to substitute on intervals. (diff) | |
| download | wireguard-openbsd-ef53865254e1b9b108bc80dafb9b762a9b1577a5.tar.xz wireguard-openbsd-ef53865254e1b9b108bc80dafb9b762a9b1577a5.zip | |
With adding ipsec tags and exporting flow filters via sysctl SADB_GET
needs to be allowed to export that information too. Thus, adjust
sadb_exts_allowed_out[] accordingly.
This fixes isakmpd not being able to get the in-kernel last-used-counters
of SAs, which are needed for DPD.
ok ho@
| -rw-r--r-- | sys/net/pfkeyv2_parsemessage.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c index 9018fcfbc86..ba3b743a286 100644 --- a/sys/net/pfkeyv2_parsemessage.c +++ b/sys/net/pfkeyv2_parsemessage.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.41 2006/11/24 13:52:14 reyk Exp $ */ +/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.42 2007/07/30 11:43:59 hshoexer Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -217,7 +217,7 @@ uint64_t sadb_exts_allowed_out[SADB_MAX+1] = /* DELETE */ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST, /* GET */ - BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE, + BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_FLOW_TYPE | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG, /* ACQUIRE */ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL | BITMAP_X_CREDENTIALS, /* REGISTER */ |