summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2006-06-02 00:33:48 +0000
committerHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2006-06-02 00:33:48 +0000
commit694536001602e2da4368f5d517b6e197579d2791 (patch)
tree85c7745631a6cdf56976b91522d7cfc3eb3637d0
parentd686f204ac22baf198a312708441eed9959862b4 (diff)
Prepare for parsing lifetimes for ike main and quick mode. Not enabled yet.
-rw-r--r--sbin/ipsecctl/ipsecctl.h7
-rw-r--r--sbin/ipsecctl/parse.y46
2 files changed, 48 insertions, 5 deletions
diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h
index 7e8cf6e5876..10da1082db6 100644
--- a/sbin/ipsecctl/ipsecctl.h
+++ b/sbin/ipsecctl/ipsecctl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecctl.h,v 1.43 2006/06/01 17:32:20 naddy Exp $ */
+/* $OpenBSD: ipsecctl.h,v 1.44 2006/06/02 00:33:47 hshoexer Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -134,6 +134,11 @@ struct ipsec_transforms {
const struct ipsec_xf *groupxf;
};
+struct ipsec_life {
+ int lifetime;
+ int lifevolume;
+};
+
extern const struct ipsec_xf authxfs[];
extern const struct ipsec_xf encxfs[];
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index 398c0b3a641..557eacc4479 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.89 2006/06/01 22:44:03 hshoexer Exp $ */
+/* $OpenBSD: parse.y,v 1.90 2006/06/02 00:33:47 hshoexer Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -146,6 +146,7 @@ struct ipsec_addr_wrap *ifa_lookup(const char *ifa_name);
struct ipsec_addr_wrap *ifa_grouplookup(const char *);
void set_ipmask(struct ipsec_addr_wrap *, u_int8_t);
const struct ipsec_xf *parse_xf(const char *, const struct ipsec_xf *);
+struct ipsec_life *parse_life(int);
struct ipsec_transforms *copytransforms(const struct ipsec_transforms *);
struct ipsec_auth *copyipsecauth(const struct ipsec_auth *);
struct ike_auth *copyikeauth(const struct ike_auth *);
@@ -232,6 +233,7 @@ typedef struct {
struct ipsec_transforms *transforms;
struct ipsec_transforms *mmxfs;
struct ipsec_transforms *qmxfs;
+ struct ipsec_life *life;
} v;
int lineno;
} YYSTYPE;
@@ -240,7 +242,7 @@ typedef struct {
%token FLOW FROM ESP AH IN PEER ON OUT TO SRCID DSTID RSA PSK TCPMD5 SPI
%token AUTHKEY ENCKEY FILENAME AUTHXF ENCXF ERROR IKE MAIN QUICK PASSIVE
-%token ACTIVE ANY IPIP IPCOMP COMPXF TUNNEL TRANSPORT DYNAMIC
+%token ACTIVE ANY IPIP IPCOMP COMPXF TUNNEL TRANSPORT DYNAMIC LIFE
%token TYPE DENY BYPASS LOCAL PROTO USE ACQUIRE REQUIRE DONTACQ GROUP PORT
%token <v.string> STRING
%type <v.string> string
@@ -266,6 +268,7 @@ typedef struct {
%type <v.ikemode> ikemode
%type <v.ikeauth> ikeauth
%type <v.type> type
+%type <v.life> life
%%
grammar : /* empty */
@@ -343,11 +346,12 @@ flowrule : FLOW satype dir proto hosts peers ids type {
}
;
-ikerule : IKE ikemode satype proto hosts peers mmxfs qmxfs ids ikeauth {
+ikerule : IKE ikemode satype proto hosts peers mmxfs life qmxfs life
+ ids ikeauth {
struct ipsec_rule *r;
r = create_ike($4, $5.src, $5.dst, $6.local, $6.peer,
- $7, $8, $3, $2, $9.srcid, $9.dstid, &$10);
+ $7, $9, $3, $2, $11.srcid, $11.dstid, &$12);
if (r == NULL)
YYERROR;
r->nr = ipsec->rule_nr++;
@@ -675,6 +679,25 @@ qmxfs : /* empty */ {
| QUICK transforms { $$ = $2; }
;
+life : /* empty */ {
+ struct ipsec_life *life;
+
+ /* We create just an empty transform */
+ if ((life = calloc(1, sizeof(struct ipsec_life)))
+ == NULL)
+ err(1, "life: calloc");
+ $$ = life;
+ }
+ | LIFE number {
+ struct ipsec_life *life;
+
+ life = parse_life($2);
+ if (life == NULL)
+ yyerror("%s not a valid lifetime", $2);
+ $$ = life;
+ }
+ ;
+
authkeyspec : /* empty */ {
$$.keyout = NULL;
$$.keyin = NULL;
@@ -824,6 +847,7 @@ lookup(char *s)
{ "in", IN },
{ "ipcomp", IPCOMP },
{ "ipip", IPIP },
+ { "life", LIFE },
{ "local", LOCAL },
{ "main", MAIN },
{ "out", OUT },
@@ -1644,6 +1668,20 @@ parse_xf(const char *name, const struct ipsec_xf xfs[])
return (NULL);
}
+struct ipsec_life *
+parse_life(int value)
+{
+ struct ipsec_life *life;
+
+ life = calloc(1, sizeof(struct ipsec_life));
+ if (life == NULL)
+ err(1, "calloc");
+
+ life->lifetime = value;
+
+ return (life);
+}
+
struct ipsec_transforms *
copytransforms(const struct ipsec_transforms *xfs)
{