Module Name: src
Committed By: tteras
Date: Wed Aug 5 13:16:01 UTC 2009
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: pfkey.c
Log Message:
>From Paul Wernau: Fix transport mode per-port security associations that
got broke during NAT-T fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/pfkey.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.48 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.49
--- src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.48 Fri Jul 3 06:41:46 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/pfkey.c Wed Aug 5 13:16:01 2009
@@ -1,6 +1,6 @@
-/* $NetBSD: pfkey.c,v 1.48 2009/07/03 06:41:46 tteras Exp $ */
+/* $NetBSD: pfkey.c,v 1.49 2009/08/05 13:16:01 tteras Exp $ */
-/* $Id: pfkey.c,v 1.48 2009/07/03 06:41:46 tteras Exp $ */
+/* $Id: pfkey.c,v 1.49 2009/08/05 13:16:01 tteras Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -1820,9 +1820,14 @@
src = (struct sockaddr *) &sp_out->req->saidx.src;
dst = (struct sockaddr *) &sp_out->req->saidx.dst;
} else {
- /* Otherwise use requested addresses */
- src = sp_src;
- dst = sp_dst;
+ /* Otherwise use requested addresses.
+ *
+ * We need to explicitly setup sa_src and sa_dst too,
+ * since the SA ports are different from IKE port. And
+ * src/dst ports will be overwritten when the matching
+ * phase1 is found. */
+ src = sa_src = sp_src;
+ dst = sa_dst = sp_dst;
}
if (sp_out->local && sp_out->remote) {
/* hints available, let's use them */
