1 files changed, 14 insertions, 1 deletions

diff --git a/lib/libipsec/pfkey.c b/lib/libipsec/pfkey.c
index d7263ee..ca75df4 100644
--- a/lib/libipsec/pfkey.c
+++ b/lib/libipsec/pfkey.c
@@ -79,12 +79,13 @@ static caddr_t pfkey_setsadbxsa2(caddr_t, caddr_t, u_int32_t, u_int32_t);
 /*
  * make and search supported algorithm structure.
  */
-static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, };
+static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, NULL };
 
 static int supported_map[] = {
 	SADB_SATYPE_AH,
 	SADB_SATYPE_ESP,
 	SADB_X_SATYPE_IPCOMP,
+	SADB_X_SATYPE_TCPSIGNATURE
 };
 
 static int
@@ -1169,6 +1170,16 @@ pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
 			return -1;
 		}
 		break;
+	case SADB_X_SATYPE_TCPSIGNATURE:
+		if (e_type != SADB_EALG_NONE) {
+			__ipsec_errcode = EIPSEC_INVAL_ALGS;
+			return -1;
+		}
+		if (a_type != SADB_X_AALG_TCP_MD5) {
+			__ipsec_errcode = EIPSEC_INVAL_ALGS;
+			return -1;
+		}
+		break;
 	default:
 		__ipsec_errcode = EIPSEC_INVAL_SATYPE;
 		return -1;
@@ -1379,6 +1390,7 @@ pfkey_send_x3(so, type, satype)
 		case SADB_SATYPE_AH:
 		case SADB_SATYPE_ESP:
 		case SADB_X_SATYPE_IPCOMP:
+		case SADB_X_SATYPE_TCPSIGNATURE:
 			break;
 		default:
 			__ipsec_errcode = EIPSEC_INVAL_SATYPE;
@@ -1838,6 +1850,7 @@ pfkey_check(mhp)
 	case SADB_SATYPE_ESP:
 	case SADB_SATYPE_AH:
 	case SADB_X_SATYPE_IPCOMP:
+	case SADB_X_SATYPE_TCPSIGNATURE:
 		switch (msg->sadb_msg_type) {
 		case SADB_X_SPDADD:
 		case SADB_X_SPDDELETE: