From Maik Broemme: export ISAKMP SA identity as REMOTE_ID for phase1 up

script (trac #313).
2009-09-01 09:24:21 +00:00 · 2009-09-01 09:24:21 +00:00 · 43e6802298
parent e24f6c0896
commit 43e6802298
2 changed files with 14 additions and 2 deletions
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp.c
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp.c
@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp.c,v 1.58 2009/07/03 06:41:46 tteras Exp $	*/
+/*	$NetBSD: isakmp.c,v 1.59 2009/09/01 09:24:21 tteras Exp $	*/

 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */

@ -3140,6 +3140,16 @@ script_hook(iph1, script)
 		}
 	}

+	/* Peer identity. */
+	if (iph1->id_p != NULL) {
+		if (script_env_append(&envp, &envc, "REMOTE_ID",
+				      ipsecdoi_id2str(iph1->id_p)) != 0) {
+			plog(LLV_ERROR, LOCATION, NULL,
+			     "Cannot set REMOTE_ID\n");
+			goto out;
+		}
+	}
+
 	if (privsep_script_exec(iph1->rmconf->script[script]->v, 
 	    script, envp) != 0) 
 		plog(LLV_ERROR, LOCATION, NULL, 
--- a/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5
+++ b/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5
@ -1,4 +1,4 @@
-.\"	$NetBSD: racoon.conf.5,v 1.56 2009/05/04 22:28:30 wiz Exp $
+.\"	$NetBSD: racoon.conf.5,v 1.57 2009/09/01 09:24:21 tteras Exp $
 .\"
 .\"	Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp
 .\"
@ -625,6 +625,8 @@ The local port used for IKE for the phase 1 SA.
 The remote address of the phase 1 SA.
 .It Ev REMOTE_PORT
 The remote port used for IKE for the phase 1 SA.
+.It Ev REMOTE_ID
+The remote identity received in IKE for the phase 1 SA.
 .El
 The following variables are only set if
 .Ic mode_cfg