Allow to specify ike and flow explicitly without peer. The any

keyword as argument for the peer parameter will do that.  An ike
without peer creates the peer-default config.  A flow without peer
acquires a host-to-host SA.

tested by grunk@, todd@,  ok grunk@, hshoexer@, todd@

5 files changed, 68 insertions, 3 deletions

diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile
index 4fce7c55f97..033906db91c 100644
--- a/regress/sbin/ipsecctl/Makefile
+++ b/regress/sbin/ipsecctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.53 2009/01/20 14:40:36 mpf Exp $
+# $OpenBSD: Makefile,v 1.54 2009/01/28 18:07:19 bluhm Exp $
 
 # you can update the *.ok files with: make -i | patch
 # TARGETS
@@ -10,7 +10,7 @@
 
 IPSECTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
 IPSECTESTS+=25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
-IPSECTESTS+=51 52 53 54 55 56 57
+IPSECTESTS+=51 52 53 54 55 56 57 58
 TCPMD5TESTS=1 2 3
 SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
 SAFAIL=1 2
@@ -19,7 +19,7 @@ IKEFAIL=1 3 4 5 6 8 9 10 11 12 13
 IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
 IKETESTS+=16 17 18 19 20 21 22 23
 IKETESTS+=29 30 31 32 33 34 35 36 37 38 39 40
-IKETESTS+=41 42 43 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
+IKETESTS+=41 42 43 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
 
 IKEDELTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
 IKEDELTESTS+=16 17 18 19 20 21 22 23
diff --git a/regress/sbin/ipsecctl/ike62.in b/regress/sbin/ipsecctl/ike62.in
new file mode 100644
index 00000000000..a255d588bb0
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike62.in
@@ -0,0 +1,3 @@
+ike from 1.1.1.1 to 2.2.2.2
+ike from 3.3.3.3 to 4.4.4.4 peer any
+ike from 5.5.5.5 to 6.6.6.6 peer 9.9.9.9
diff --git a/regress/sbin/ipsecctl/ike62.ok b/regress/sbin/ipsecctl/ike62.ok
new file mode 100644
index 00000000000..c50b3a2f5e0
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike62.ok
@@ -0,0 +1,53 @@
+C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
+C set [peer-2.2.2.2]:Phase=1 force
+C set [peer-2.2.2.2]:Address=2.2.2.2 force
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
+C set [Phase 1]:Default=peer-default force
+C set [peer-default]:Phase=1 force
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.3-to-4.4.4.4]:Phase=2 force
+C set [from-3.3.3.3-to-4.4.4.4]:ISAKMP-peer=peer-default force
+C set [from-3.3.3.3-to-4.4.4.4]:Configuration=phase2-from-3.3.3.3-to-4.4.4.4 force
+C set [from-3.3.3.3-to-4.4.4.4]:Local-ID=from-3.3.3.3 force
+C set [from-3.3.3.3-to-4.4.4.4]:Remote-ID=to-4.4.4.4 force
+C set [phase2-from-3.3.3.3-to-4.4.4.4]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.3-to-4.4.4.4]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.3]:ID-type=IPV4_ADDR force
+C set [from-3.3.3.3]:Address=3.3.3.3 force
+C set [to-4.4.4.4]:ID-type=IPV4_ADDR force
+C set [to-4.4.4.4]:Address=4.4.4.4 force
+C add [Phase 2]:Connections=from-3.3.3.3-to-4.4.4.4
+C set [Phase 1]:9.9.9.9=peer-9.9.9.9 force
+C set [peer-9.9.9.9]:Phase=1 force
+C set [peer-9.9.9.9]:Address=9.9.9.9 force
+C set [peer-9.9.9.9]:Configuration=phase1-peer-9.9.9.9 force
+C set [phase1-peer-9.9.9.9]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-9.9.9.9]:Transforms=AES-SHA-RSA_SIG force
+C set [from-5.5.5.5-to-6.6.6.6]:Phase=2 force
+C set [from-5.5.5.5-to-6.6.6.6]:ISAKMP-peer=peer-9.9.9.9 force
+C set [from-5.5.5.5-to-6.6.6.6]:Configuration=phase2-from-5.5.5.5-to-6.6.6.6 force
+C set [from-5.5.5.5-to-6.6.6.6]:Local-ID=from-5.5.5.5 force
+C set [from-5.5.5.5-to-6.6.6.6]:Remote-ID=to-6.6.6.6 force
+C set [phase2-from-5.5.5.5-to-6.6.6.6]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-5.5.5.5-to-6.6.6.6]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-5.5.5.5]:ID-type=IPV4_ADDR force
+C set [from-5.5.5.5]:Address=5.5.5.5 force
+C set [to-6.6.6.6]:ID-type=IPV4_ADDR force
+C set [to-6.6.6.6]:Address=6.6.6.6 force
+C add [Phase 2]:Connections=from-5.5.5.5-to-6.6.6.6
diff --git a/regress/sbin/ipsecctl/ipsec58.in b/regress/sbin/ipsecctl/ipsec58.in
new file mode 100644
index 00000000000..e21d557b1f3
--- /dev/null
+++ b/regress/sbin/ipsecctl/ipsec58.in
@@ -0,0 +1,3 @@
+flow from 1.1.1.1 to 2.2.2.2
+flow from 3.3.3.3 to 4.4.4.4 peer any
+flow from 5.5.5.5 to 6.6.6.6 peer 9.9.9.9
diff --git a/regress/sbin/ipsecctl/ipsec58.ok b/regress/sbin/ipsecctl/ipsec58.ok
new file mode 100644
index 00000000000..972bbbc332e
--- /dev/null
+++ b/regress/sbin/ipsecctl/ipsec58.ok
@@ -0,0 +1,6 @@
+flow esp out from 1.1.1.1 to 2.2.2.2 peer 2.2.2.2 type require
+flow esp in from 2.2.2.2 to 1.1.1.1 peer 2.2.2.2 type require
+flow esp out from 3.3.3.3 to 4.4.4.4 type require
+flow esp in from 4.4.4.4 to 3.3.3.3 type require
+flow esp out from 5.5.5.5 to 6.6.6.6 peer 9.9.9.9 type require
+flow esp in from 6.6.6.6 to 5.5.5.5 peer 9.9.9.9 type require