CVSROOT: /cvs
Module name: src
Changes by: ren...@cvs.openbsd.org 2017/02/22 06:55:14
Modified files:
usr.sbin/bgpd : parse.y pfkey.c
Log message:
Add missing htonl for IPsec SPI.
Also, do not allow to configure SPI values in the 0..255 range. RFC 4302
and RFC 4303 say the following:
"The set of SPI values in the range 1 through 255 are reserved by the
Internet Assigned Numbers Authority (IANA) for future use; a reserved
SPI value will not normally be assigned by IANA unless the use of the
assigned SPI value is specified in an RFC. The SPI value of zero (0)
is reserved for local, implementation-specific use and MUST NOT be
sent on the wire".
ok and tweak benno@
