Jerry/bird
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

BSD: Fix TCP-MD5 code on current FreeBSD kernels

Browse source 
Current FreeBSD kernels require SA records for both directions.

Thanks to Joseph Mulloy and Andrey V. Elsukov for reporting and
solving the issue.
This commit is contained in:
Ondrej Zajicek (work) 2019-01-04 17:03:48 +01:00
parent 4d9049dc1a
commit a1ee5eb2aa
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
sysdep/bsd/setkey.h
View file

@ -160,12 +160,14 @@ sk_set_md5_in_sasp_db(sock *s, ip_addr local, ip_addr remote, struct iface *ifa,
if (len > TCP_KEYLEN_MAX) if (len > TCP_KEYLEN_MAX)
ERR_MSG("The password for TCP MD5 Signature is too long"); ERR_MSG("The password for TCP MD5 Signature is too long");
if (setkey_md5(&src, &dst, pxlen, passwd, SADB_ADD) < 0) if ((setkey_md5(&src, &dst, pxlen, passwd, SADB_ADD) < 0) ||
(setkey_md5(&dst, &src, pxlen, passwd, SADB_ADD) < 0))
ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database"); ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");
} }
else else
{ {
if (setkey_md5(&src, &dst, pxlen, NULL, SADB_DELETE) < 0) if ((setkey_md5(&src, &dst, pxlen, NULL, SADB_DELETE) < 0) ||
(setkey_md5(&dst, &src, pxlen, NULL, SADB_DELETE) < 0))
ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database"); ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");
} }
return 0; return 0;