summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2005-07-09 21:41:09 +0000
committerHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2005-07-09 21:41:09 +0000
commit03c51620cb553cd44702e8f855eddefd42d23d9a (patch)
treec78bd386aaf4705b725764ab14fb9ce7e1d0a4a3
parent8bd7a2d9d3568620c2af95b3a25059a9bc0e0b0b (diff)
it's ok to not specify the key when deleting a tcpmd5 SA
-rw-r--r--sbin/ipsecctl/ipsecctl.c8
-rw-r--r--sbin/ipsecctl/parse.y9
2 files changed, 10 insertions, 7 deletions
diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c
index 6323807274c..0e668ab8ecc 100644
--- a/sbin/ipsecctl/ipsecctl.c
+++ b/sbin/ipsecctl/ipsecctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecctl.c,v 1.17 2005/07/09 21:12:07 hshoexer Exp $ */
+/* $OpenBSD: ipsecctl.c,v 1.18 2005/07/09 21:41:08 hshoexer Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -241,8 +241,10 @@ ipsecctl_print_sa(struct ipsec_rule *r, int opts)
printf(" to ");
ipsecctl_print_addr(r->dst);
printf(" spi 0x%08x", r->spi);
- printf(" key 0x");
- ipsecctl_print_key(r->key);
+ if (r->key) {
+ printf(" key 0x");
+ ipsecctl_print_key(r->key);
+ }
}
void
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index 3425c4b95c2..a4d25c3bd5a 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.7 2005/07/09 21:12:07 hshoexer Exp $ */
+/* $OpenBSD: parse.y,v 1.8 2005/07/09 21:41:08 hshoexer Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -117,7 +117,7 @@ typedef struct {
%type <v.id> id
%type <v.authtype> authtype
%type <v.spi> spi
-%type <v.key> key
+%type <v.key> keyspec
%%
grammar : /* empty */
@@ -147,7 +147,7 @@ number : STRING {
flowrule : FLOW ipsecrule { }
;
-tcpmd5rule : TCPMD5 hosts spi key {
+tcpmd5rule : TCPMD5 hosts spi keyspec {
struct ipsec_rule *r;
r = create_sa($2.src, $2.dst, $3, $4);
@@ -268,7 +268,8 @@ spi : SPI number {
}
;
-key : KEY STRING {
+keyspec : /* empty */ { $$ = NULL; }
+ | KEY STRING {
struct ipsec_key *key;
int i;
char *hexkey;