diff options
| author | Jason King <jason.king@joyent.com> | 2017-12-01 18:50:05 +0000 |
|---|---|---|
| committer | Jason King <jason.king@joyent.com> | 2017-12-04 21:30:45 +0000 |
| commit | 031f28be3c6ac4816159361e8cd33673550a431a (patch) | |
| tree | 3e280eda1187ec9de0021a3bf07987e3b5a21318 /usr/src/uts/common | |
| parent | 0d5719a2f0864296378787c96d12da889970c4e4 (diff) | |
| download | illumos-joyent-OS-6480.tar.gz | |
OS-6480 Allow IKEV2 pf_key(7P) key management cookies to be updated after setOS-6480
Diffstat (limited to 'usr/src/uts/common')
| -rw-r--r-- | usr/src/uts/common/inet/ip/sadb.c | 4 | ||||
| -rw-r--r-- | usr/src/uts/common/net/pfkeyv2.h | 3 |
2 files changed, 5 insertions, 2 deletions
diff --git a/usr/src/uts/common/inet/ip/sadb.c b/usr/src/uts/common/inet/ip/sadb.c index b56f09d029..a45f69c19e 100644 --- a/usr/src/uts/common/inet/ip/sadb.c +++ b/usr/src/uts/common/inet/ip/sadb.c @@ -4468,7 +4468,9 @@ sadb_check_kmc(ipsa_query_t *sq, ipsa_t *sa, int *diagnostic) return (EINVAL); } - if ((kmc != 0) && (sa->ipsa_kmc != 0) && (sa->ipsa_kmc != kmc)) { + /* Allow IKEv2 KMCs to update the kmc value for rekeying */ + if ((kmp != SADB_X_KMP_IKEV2) && (kmc != 0) && (sa->ipsa_kmc != 0) && + (sa->ipsa_kmc != kmc)) { *diagnostic = SADB_X_DIAGNOSTIC_DUPLICATE_KMC; return (EINVAL); } diff --git a/usr/src/uts/common/net/pfkeyv2.h b/usr/src/uts/common/net/pfkeyv2.h index 741de5007d..909c73414a 100644 --- a/usr/src/uts/common/net/pfkeyv2.h +++ b/usr/src/uts/common/net/pfkeyv2.h @@ -841,8 +841,9 @@ typedef struct sadb_x_edump { #define SADB_X_KMP_MANUAL 0 /* Cookie is ignored. */ #define SADB_X_KMP_IKE 1 #define SADB_X_KMP_KINK 2 +#define SADB_X_KMP_IKEV2 3 -#define SADB_X_KMP_MAX 2 +#define SADB_X_KMP_MAX 3 /* * Handy conversion macros. Not part of the PF_KEY spec... |