diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-10-16 21:24:46 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-10-16 21:24:46 +0000 |
| commit | 34afa51dcf2948b03743b2c5306d0b8969cab3c3 (patch) | |
| tree | 336054f90ac15d8c41eb44bbe2bcca03665db665 | |
| parent | 9a997d1b05d7195d78f395239ba20722044eb1b1 (diff) | |
Add keyword "any" for addresses, reduces to "0.0.0.0/0".
| -rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 8 | ||||
| -rw-r--r-- | sbin/ipsecctl/parse.y | 21 |
2 files changed, 25 insertions, 4 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index d382e7bef2d..553b4cd2fd2 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.21 2005/09/23 14:56:06 jmc Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.22 2005/10/16 21:24:45 hshoexer Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -95,6 +95,9 @@ This rule applies for packets with source address and destination address .Aq Ar dst . All addresses are specified in CIDR notation. +The keyword +.Ar any +will match any address (i.e. 0.0.0.0/0). The .Ar peer parameter specifies the address of the remote endpoint of this particular @@ -274,6 +277,9 @@ This rule applies for packets with source address and destination address .Aq Ar dst . All addresses are specified in CIDR notation. +The keyword +.Ar any +will match any address (i.e. 0.0.0.0/0). The .Ar peer parameter specifies the address of the remote endpoint of this particular diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index cd70c48e387..52c1c8fdec5 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.25 2005/10/16 19:52:19 hshoexer Exp $ */ +/* $OpenBSD: parse.y,v 1.26 2005/10/16 21:24:45 hshoexer Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -48,7 +48,7 @@ static struct ipsecctl *ipsec = NULL; static FILE *fin = NULL; static int lineno = 1; static int errors = 0; -static int debug = 0; +static int debug = 5; const struct ipsec_xf authxfs[] = { {"unknown", AUTHXF_UNKNOWN, 0, 0}, @@ -173,7 +173,7 @@ typedef struct { %token FLOW FROM ESP AH IN PEER ON OUT TO SRCID DSTID RSA PSK TCPMD5 SPI %token AUTHKEY ENCKEY FILENAME AUTHXF ENCXF ERROR IKE MAIN QUICK PASSIVE -%token ACTIVE +%token ACTIVE ANY %token <v.string> STRING %type <v.dir> dir %type <v.protocol> protocol @@ -219,6 +219,7 @@ number : STRING { $$ = (u_int32_t)ulval; free($1); } + ; tcpmd5rule : TCPMD5 hosts spispec authkeyspec { struct ipsec_rule *r; @@ -355,6 +356,19 @@ host : STRING { } free(buf); } + | ANY { + struct ipsec_addr *ipa; + + ipa = calloc(1, sizeof(struct ipsec_addr)); + if (ipa == NULL) + err(1, "calloc"); + + ipa->af = AF_INET; + ipa->netaddress = 1; + if ((ipa->name = strdup("0.0.0.0/0")) == NULL) + err(1, "strdup"); + $$ = ipa; + } ; ids : /* empty */ { @@ -559,6 +573,7 @@ lookup(char *s) static const struct keywords keywords[] = { { "active", ACTIVE}, { "ah", AH}, + { "any", ANY}, { "auth", AUTHXF}, { "authkey", AUTHKEY}, { "dstid", DSTID}, |