BSD: Fix TCP-MD5 code on current FreeBSD kernels
Current FreeBSD kernels require SA records for both directions. Thanks to Joseph Mulloy and Andrey V. Elsukov for reporting and solving the issue.
This commit is contained in:
parent
4d9049dc1a
commit
a1ee5eb2aa
1 changed files with 4 additions and 2 deletions
|
@ -160,12 +160,14 @@ sk_set_md5_in_sasp_db(sock *s, ip_addr local, ip_addr remote, struct iface *ifa,
|
|||
if (len > TCP_KEYLEN_MAX)
|
||||
ERR_MSG("The password for TCP MD5 Signature is too long");
|
||||
|
||||
if (setkey_md5(&src, &dst, pxlen, passwd, SADB_ADD) < 0)
|
||||
if ((setkey_md5(&src, &dst, pxlen, passwd, SADB_ADD) < 0) ||
|
||||
(setkey_md5(&dst, &src, pxlen, passwd, SADB_ADD) < 0))
|
||||
ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");
|
||||
}
|
||||
else
|
||||
{
|
||||
if (setkey_md5(&src, &dst, pxlen, NULL, SADB_DELETE) < 0)
|
||||
if ((setkey_md5(&src, &dst, pxlen, NULL, SADB_DELETE) < 0) ||
|
||||
(setkey_md5(&dst, &src, pxlen, NULL, SADB_DELETE) < 0))
|
||||
ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");
|
||||
}
|
||||
return 0;
|
||||
|
|
Loading…
Reference in a new issue