CVSROOT: /cvs
Module name: src
Changes by: patr...@cvs.openbsd.org 2017/03/13 09:06:51
Modified files:
sbin/iked : iked.h ikev2.c pfkey.c
Log message:
When setting up IPcomp flows for the networks 'A' and 'B' between
gateways 'a' and 'b', we replace the ESP flow "A->B ESP" with an
IPCOMP flow "A->B IPCOMP" and add a matching (transport mode) ESP
flow between the gateways "a->b ESP". The later is now marked with
flow_ipcomp so it is not translated into "a->b IPCOMP" on rekeying.
When SAs get deleted we do an extra loop to figure out if matching
IPcomp SAs can now be removed, too. This allows faster expiry of
unused IPcomp SAs.
Disable bytes lifetime for IP compression.
ok markus@ reyk@
