diff options
author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-07-09 21:41:09 +0000 |
---|---|---|
committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-07-09 21:41:09 +0000 |
commit | 03c51620cb553cd44702e8f855eddefd42d23d9a (patch) | |
tree | c78bd386aaf4705b725764ab14fb9ce7e1d0a4a3 | |
parent | 8bd7a2d9d3568620c2af95b3a25059a9bc0e0b0b (diff) |
it's ok to not specify the key when deleting a tcpmd5 SA
-rw-r--r-- | sbin/ipsecctl/ipsecctl.c | 8 | ||||
-rw-r--r-- | sbin/ipsecctl/parse.y | 9 |
2 files changed, 10 insertions, 7 deletions
diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c index 6323807274c..0e668ab8ecc 100644 --- a/sbin/ipsecctl/ipsecctl.c +++ b/sbin/ipsecctl/ipsecctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.c,v 1.17 2005/07/09 21:12:07 hshoexer Exp $ */ +/* $OpenBSD: ipsecctl.c,v 1.18 2005/07/09 21:41:08 hshoexer Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -241,8 +241,10 @@ ipsecctl_print_sa(struct ipsec_rule *r, int opts) printf(" to "); ipsecctl_print_addr(r->dst); printf(" spi 0x%08x", r->spi); - printf(" key 0x"); - ipsecctl_print_key(r->key); + if (r->key) { + printf(" key 0x"); + ipsecctl_print_key(r->key); + } } void diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index 3425c4b95c2..a4d25c3bd5a 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.7 2005/07/09 21:12:07 hshoexer Exp $ */ +/* $OpenBSD: parse.y,v 1.8 2005/07/09 21:41:08 hshoexer Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -117,7 +117,7 @@ typedef struct { %type <v.id> id %type <v.authtype> authtype %type <v.spi> spi -%type <v.key> key +%type <v.key> keyspec %% grammar : /* empty */ @@ -147,7 +147,7 @@ number : STRING { flowrule : FLOW ipsecrule { } ; -tcpmd5rule : TCPMD5 hosts spi key { +tcpmd5rule : TCPMD5 hosts spi keyspec { struct ipsec_rule *r; r = create_sa($2.src, $2.dst, $3, $4); @@ -268,7 +268,8 @@ spi : SPI number { } ; -key : KEY STRING { +keyspec : /* empty */ { $$ = NULL; } + | KEY STRING { struct ipsec_key *key; int i; char *hexkey; |