Module Name: src
Committed By: drochner
Date: Wed May 18 18:56:02 UTC 2011
Modified Files:
src/sys/netipsec: key.c
Log Message:
include the SHA2 hashs into the proposal which goes out with
SADB_ACQUIRE -- this doesn't change much because racoon ignores
the proposal from the kernel anyway and applies its own configuration,
but having MD5 and SHA1 in the list but SHA2 not looks strange
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 src/sys/netipsec/key.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.69 src/sys/netipsec/key.c:1.70
--- src/sys/netipsec/key.c:1.69 Wed May 18 18:36:15 2011
+++ src/sys/netipsec/key.c Wed May 18 18:56:02 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.69 2011/05/18 18:36:15 drochner Exp $ */
+/* $NetBSD: key.c,v 1.70 2011/05/18 18:56:02 drochner Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.69 2011/05/18 18:36:15 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.70 2011/05/18 18:56:02 drochner Exp $");
/*
* This code is referd to RFC 2367
@@ -6138,7 +6138,11 @@
for (i = 1; i <= SADB_AALG_MAX; i++) {
#if 1
/* we prefer HMAC algorithms, not old algorithms */
- if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
+ if (i != SADB_AALG_SHA1HMAC &&
+ i != SADB_AALG_MD5HMAC &&
+ i != SADB_X_AALG_SHA2_256 &&
+ i != SADB_X_AALG_SHA2_384 &&
+ i != SADB_X_AALG_SHA2_512)
continue;
#endif
algo = ah_algorithm_lookup(i);
