summaryrefslogtreecommitdiff
path: root/sysdep/bsd/setkey.h
diff options
context:
space:
mode:
Diffstat (limited to 'sysdep/bsd/setkey.h')
-rw-r--r--sysdep/bsd/setkey.h14
1 files changed, 8 insertions, 6 deletions
diff --git a/sysdep/bsd/setkey.h b/sysdep/bsd/setkey.h
index b417faca..3bcd8623 100644
--- a/sysdep/bsd/setkey.h
+++ b/sysdep/bsd/setkey.h
@@ -11,7 +11,7 @@
#include <netipsec/ipsec.h>
#include "nest/bird.h"
-#include "lib/unix.h"
+#include "sysdep/unix/unix.h"
/*
@@ -63,7 +63,7 @@ setkey_send(struct sadb_msg *msg, uint len)
* operations to implement replace.
*/
static int
-setkey_md5(sockaddr *src, sockaddr *dst, char *passwd, uint type)
+setkey_md5(sockaddr *src, sockaddr *dst, uint pxlen, char *passwd, uint type)
{
uint passwd_len = passwd ? strlen(passwd) : 0;
@@ -122,7 +122,7 @@ setkey_md5(sockaddr *src, sockaddr *dst, char *passwd, uint type)
saddr->sadb_address_len = PFKEY_UNIT64(len);
saddr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
saddr->sadb_address_proto = IPSEC_ULPROTO_ANY;
- saddr->sadb_address_prefixlen = MAX_PREFIX_LENGTH;
+ saddr->sadb_address_prefixlen = pxlen;
memcpy(pos + sizeof(struct sadb_address), &src->sa, src->sa.sa_len);
pos += len;
@@ -132,7 +132,7 @@ setkey_md5(sockaddr *src, sockaddr *dst, char *passwd, uint type)
daddr->sadb_address_len = PFKEY_UNIT64(len);
daddr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
daddr->sadb_address_proto = IPSEC_ULPROTO_ANY;
- daddr->sadb_address_prefixlen = MAX_PREFIX_LENGTH;
+ daddr->sadb_address_prefixlen = pxlen;
memcpy(pos + sizeof(struct sadb_address), &dst->sa, dst->sa.sa_len);
pos += len;
@@ -152,18 +152,20 @@ sk_set_md5_in_sasp_db(sock *s, ip_addr local, ip_addr remote, struct iface *ifa,
sockaddr_fill(&src, s->af, local, ifa, 0);
sockaddr_fill(&dst, s->af, remote, ifa, 0);
+ uint pxlen = (s->af == AF_INET) ? IP4_MAX_PREFIX_LENGTH : IP6_MAX_PREFIX_LENGTH;
+
if (passwd && *passwd)
{
int len = strlen(passwd);
if (len > TCP_KEYLEN_MAX)
ERR_MSG("The password for TCP MD5 Signature is too long");
- if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0)
+ if (setkey_md5(&src, &dst, pxlen, passwd, SADB_ADD) < 0)
ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");
}
else
{
- if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0)
+ if (setkey_md5(&src, &dst, pxlen, NULL, SADB_DELETE) < 0)
ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");
}
return 0;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 17:07:27 +0000