CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	ae <ae@FreeBSD.org>
	Sun, 18 Nov 2018 00:31:09 +0000 (00:31 +0000)
committer	ae <ae@FreeBSD.org>
	Sun, 18 Nov 2018 00:31:09 +0000 (00:31 +0000)
commit	ec097239f6e01d59e244ec6e4cdfb14995c1b72e
tree	1834e81dea3ad6435c3f86d2010c81de21c551cc	tree \| snapshot
parent	b767a9b53063d46c8e80da6d40713ec1e36fa3bd	commit \| diff

MFC r339533:
  Add sadb_x_sa2 extension to SADB_ACQUIRE requests.

  SADB_ACQUIRE requests are send by kernel, when security policy doesn't
  have corresponding security association for outbound packet. IKE daemon
  usually registers its handler for such messages and when the kernel asks
  for SA it can handle this request. Now such requests will contain
  additional fields that can help IKE daemon to create SA. And IKE now
  can create SAs using only information from SADB_ACQUIRE request, this
  is useful when many if_ipsec(4) interfaces are in use and IKE doesn track
  security policies that was installed by kernel.

  Obtained from: Yandex LLC
  Sponsored by: Yandex LLC