Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools/src/setkey Added support for spdupda...
details: https://anonhg.NetBSD.org/src/rev/174784a37036
branches: trunk
changeset: 755403:174784a37036
user: vanhu <vanhu%NetBSD.org@localhost>
date: Fri Jun 04 13:06:03 2010 +0000
description:
Added support for spdupdate command in setkey
diffstat:
crypto/dist/ipsec-tools/src/setkey/parse.y | 60 ++++++++++++++++++++++++++++-
crypto/dist/ipsec-tools/src/setkey/setkey.8 | 11 ++++-
crypto/dist/ipsec-tools/src/setkey/token.l | 3 +-
3 files changed, 70 insertions(+), 4 deletions(-)
diffs (137 lines):
diff -r 560bf29528fe -r 174784a37036 crypto/dist/ipsec-tools/src/setkey/parse.y
--- a/crypto/dist/ipsec-tools/src/setkey/parse.y Fri Jun 04 10:22:25 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/setkey/parse.y Fri Jun 04 13:06:03 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.12 2009/03/06 11:45:03 tteras Exp $ */
+/* $NetBSD: parse.y,v 1.13 2010/06/04 13:06:03 vanhu Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
@@ -131,7 +131,7 @@
%token F_LIFEBYTE_HARD F_LIFEBYTE_SOFT
%token DECSTRING QUOTEDSTRING HEXSTRING STRING ANY
/* SPD management */
-%token SPDADD SPDDELETE SPDDUMP SPDFLUSH
+%token SPDADD SPDUPDATE SPDDELETE SPDDUMP SPDFLUSH
%token F_POLICY PL_REQUESTS
%token F_AIFLAGS
%token TAGGED
@@ -170,6 +170,7 @@
| dump_command
| exit_command
| spdadd_command
+ | spdupdate_command
| spddelete_command
| spddump_command
| spdflush_command
@@ -572,6 +573,7 @@
/* definition about command for SPD management */
/* spdadd */
spdadd_command
+ /* XXX merge with spdupdate ??? */
: SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT
{
int status;
@@ -624,6 +626,60 @@
}
;
+spdupdate_command
+ /* XXX merge with spdadd ??? */
+ : SPDUPDATE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT
+ {
+ int status;
+ struct addrinfo *src, *dst;
+
+#ifdef HAVE_PFKEY_POLICY_PRIORITY
+ last_msg_type = SADB_X_SPDUPDATE;
+#endif
+
+ /* fixed port fields if ulp is icmp */
+ if ($10.buf != NULL) {
+ if (($9 != IPPROTO_ICMPV6) &&
+ ($9 != IPPROTO_ICMP) &&
+ ($9 != IPPROTO_MH))
+ return -1;
+ free($5.buf);
+ free($8.buf);
+ if (fix_portstr(&$10, &$5, &$8))
+ return -1;
+ }
+
+ src = parse_addr($3.buf, $5.buf);
+ dst = parse_addr($6.buf, $8.buf);
+ if (!src || !dst) {
+ /* yyerror is already called */
+ return -1;
+ }
+ if (src->ai_next || dst->ai_next) {
+ yyerror("multiple address specified");
+ freeaddrinfo(src);
+ freeaddrinfo(dst);
+ return -1;
+ }
+
+ status = setkeymsg_spdaddr(SADB_X_SPDUPDATE, $9, &$12,
+ src, $4, dst, $7);
+ freeaddrinfo(src);
+ freeaddrinfo(dst);
+ if (status < 0)
+ return -1;
+ }
+ | SPDUPDATE TAGGED QUOTEDSTRING policy_spec EOT
+ {
+ int status;
+
+ status = setkeymsg_spdaddr_tag(SADB_X_SPDUPDATE,
+ $3.buf, &$4);
+ if (status < 0)
+ return -1;
+ }
+ ;
+
spddelete_command
: SPDDELETE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT
{
diff -r 560bf29528fe -r 174784a37036 crypto/dist/ipsec-tools/src/setkey/setkey.8
--- a/crypto/dist/ipsec-tools/src/setkey/setkey.8 Fri Jun 04 10:22:25 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/setkey/setkey.8 Fri Jun 04 13:06:03 2010 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: setkey.8,v 1.23 2010/03/05 06:47:58 tteras Exp $
+.\" $NetBSD: setkey.8,v 1.24 2010/06/04 13:06:03 vanhu Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
.\" All rights reserved.
@@ -195,6 +195,15 @@
.Ar tag
must be a string surrounded by double quotes.
.\"
+.It Li spdupdate Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
+Ar label Ar policy Li ;
+Updates an SPD entry.
+.\"
+.It Li spdupdate tagged Ar tag Ar policy Li ;
+Update an SPD entry based on a PF tag.
+.Ar tag
+must be a string surrounded by double quotes.
+.\"
.It Li spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
Fl P Ar direction Li ;
Delete an SPD entry.
diff -r 560bf29528fe -r 174784a37036 crypto/dist/ipsec-tools/src/setkey/token.l
--- a/crypto/dist/ipsec-tools/src/setkey/token.l Fri Jun 04 10:22:25 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/setkey/token.l Fri Jun 04 13:06:03 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: token.l,v 1.14 2009/10/29 14:34:27 christos Exp $ */
+/* $NetBSD: token.l,v 1.15 2010/06/04 13:06:03 vanhu Exp $ */
/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
@@ -127,6 +127,7 @@
/* for management SPD */
spdadd { return(SPDADD); }
+spdupdate { return(SPDUPDATE); }
spddelete { return(SPDDELETE); }
spddump { return(SPDDUMP); }
spdflush { return(SPDFLUSH); }
Home |
Main Index |
Thread Index |
Old Index