Hi,
if we wanted to send out more proposals than just one, we need to set a
flag in the SA header that there is another proposal coming. The "more"
attribute borrows its values, as specified in the RFC, from IKEv1.
ok?
Patrick
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 062b6a50b40..957e52f37a8 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -2023,6 +2023,7 @@ ikev2_add_proposals(struct iked *env, struct iked_sa *sa,
struct ibuf *buf,
} else
nxforms = prop->prop_nxforms;
+ sap->sap_more = IKEV1_PAYLOAD_PROPOSAL;
sap->sap_proposalnr = prop->prop_id;
sap->sap_protoid = prop->prop_protoid;
sap->sap_spisize = prop->prop_localspi.spi_size;
@@ -2066,6 +2067,8 @@ ikev2_add_proposals(struct iked *env, struct iked_sa *sa,
struct ibuf *buf,
sap->sap_length = htobe16(saplength);
length += saplength;
}
+ if (sap != NULL)
+ sap->sap_more = IKEV1_PAYLOAD_NONE;
log_debug("%s: length %zd", __func__, length);
diff --git a/sbin/iked/ikev2.h b/sbin/iked/ikev2.h
index 683fd47845d..d4b15245d24 100644
--- a/sbin/iked/ikev2.h
+++ b/sbin/iked/ikev2.h
@@ -527,4 +527,8 @@ struct ikev2_cfg {
extern struct iked_constmap ikev2_cfg_map[];
+/* IKEv1 payload types */
+#define IKEV1_PAYLOAD_NONE 0 /* No payload */
+#define IKEV1_PAYLOAD_PROPOSAL 2 /* Proposal */
+
#endif /* IKED_IKEV2_H */
