summaryrefslogtreecommitdiff
path: root/sysdep/bsd/setkey.h
diff options
context:
space:
mode:
authorOndrej Zajicek (work) <santiago@crfreenet.org>2019-01-04 17:03:48 +0100
committerOndrej Zajicek (work) <santiago@crfreenet.org>2019-01-04 18:21:27 +0100
commita1ee5eb2aae1f5e78909b36c979fd689ba319bbd (patch)
tree73d63ba12881ca464c834c18a8141bcd4e3690ed /sysdep/bsd/setkey.h
parent4d9049dc1a57ccbf0ff9fa2642282a30e875e9e1 (diff)
BSD: Fix TCP-MD5 code on current FreeBSD kernels
Current FreeBSD kernels require SA records for both directions. Thanks to Joseph Mulloy and Andrey V. Elsukov for reporting and solving the issue.
Diffstat (limited to 'sysdep/bsd/setkey.h')
-rw-r--r--sysdep/bsd/setkey.h6
1 files changed, 4 insertions, 2 deletions
diff --git a/sysdep/bsd/setkey.h b/sysdep/bsd/setkey.h
index 3bcd8623..8a1bc9ad 100644
--- a/sysdep/bsd/setkey.h
+++ b/sysdep/bsd/setkey.h
@@ -160,12 +160,14 @@ sk_set_md5_in_sasp_db(sock *s, ip_addr local, ip_addr remote, struct iface *ifa,
if (len > TCP_KEYLEN_MAX)
ERR_MSG("The password for TCP MD5 Signature is too long");
- if (setkey_md5(&src, &dst, pxlen, passwd, SADB_ADD) < 0)
+ if ((setkey_md5(&src, &dst, pxlen, passwd, SADB_ADD) < 0) ||
+ (setkey_md5(&dst, &src, pxlen, passwd, SADB_ADD) < 0))
ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");
}
else
{
- if (setkey_md5(&src, &dst, pxlen, NULL, SADB_DELETE) < 0)
+ if ((setkey_md5(&src, &dst, pxlen, NULL, SADB_DELETE) < 0) ||
+ (setkey_md5(&dst, &src, pxlen, NULL, SADB_DELETE) < 0))
ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");
}
return 0;