#! /bin/sh /usr/share/dpatch/dpatch-run
## 10disable_aggressive_in_v2.dpatch by  <hesso@pool.math.tu-berlin.de>
##
## DP: --ikev2 overrides --aggressive anyway by reusing the
## DP: .exchange_type member. Sadly, the override works the
## DP: other way, too. For consistency disallow both.

@DPATCH@
--- ike-scan-1.9.orig/ike-scan.c	2007-01-14 20:05:42.000000000 +0100
+++ ike-scan-1.9/ike-scan.c	2009-02-26 02:51:34.063234781 +0100
@@ -472,6 +472,8 @@
             strncpy(patfile, optarg, MAXLINE);
             break;
          case 'A':	/* --aggressive */
+            if (ike_params.ike_version == 2)
+               err_msg("ERROR: Aggressive mode not applicable for IKEv2.");
             ike_params.exchange_type = ISAKMP_XCHG_AGGR;
             break;
          case 'G':	/* --gssid */
@@ -604,6 +606,8 @@
             shownum_flag = 1;
             break;
          case '2':	/* --ikev2 */
+            if (ike_params.exchange_type == ISAKMP_XCHG_AGGR)
+               err_msg("ERROR: Aggressive mode not applicable for IKEv2.");
             ike_params.ike_version = 2;
             ike_params.header_version = 0x20;	/* v2.0 */
             ike_params.hdr_flags=0x08;	/* Set Initiator bit */