OS-6480 Allow IKEV2 pf_key(7P) key management cookies to be updated after setOS-6480

author: Jason King <jason.king@joyent.com> 2017-12-01 18:50:05 +0000
committer: Jason King <jason.king@joyent.com> 2017-12-04 21:30:45 +0000
commit: 031f28be3c6ac4816159361e8cd33673550a431a (patch)
tree: 3e280eda1187ec9de0021a3bf07987e3b5a21318 /usr/src/uts/common/inet/ip/sadb.c
parent: 0d5719a2f0864296378787c96d12da889970c4e4 (diff)
download: illumos-joyent-OS-6480.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/usr/src/uts/common/inet/ip/sadb.c b/usr/src/uts/common/inet/ip/sadb.c
index b56f09d029..a45f69c19e 100644
--- a/usr/src/uts/common/inet/ip/sadb.c
+++ b/usr/src/uts/common/inet/ip/sadb.c
@@ -4468,7 +4468,9 @@ sadb_check_kmc(ipsa_query_t *sq, ipsa_t *sa, int *diagnostic)
 		return (EINVAL);
 	}
 
-	if ((kmc != 0) && (sa->ipsa_kmc != 0) && (sa->ipsa_kmc != kmc)) {
+	/* Allow IKEv2 KMCs to update the kmc value for rekeying */
+	if ((kmp != SADB_X_KMP_IKEV2) && (kmc != 0) && (sa->ipsa_kmc != 0) &&
+	    (sa->ipsa_kmc != kmc)) {
 		*diagnostic = SADB_X_DIAGNOSTIC_DUPLICATE_KMC;
 		return (EINVAL);
 	}
author	Jason King <jason.king@joyent.com>	2017-12-01 18:50:05 +0000
committer	Jason King <jason.king@joyent.com>	2017-12-04 21:30:45 +0000
commit	031f28be3c6ac4816159361e8cd33673550a431a (patch)
tree	3e280eda1187ec9de0021a3bf07987e3b5a21318 /usr/src/uts/common/inet/ip/sadb.c
parent	0d5719a2f0864296378787c96d12da889970c4e4 (diff)
download	illumos-joyent-OS-6480.tar.gz