Implement setsa keyword for enc interface TDB binding.

1 files changed, 66 insertions, 2 deletions

diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index 92dc238fac4..7f3d253fef1 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ifconfig.c,v 1.24 1999/12/20 09:28:47 itojun Exp $	*/
+/*	$OpenBSD: ifconfig.c,v 1.25 1999/12/27 03:14:39 angelos Exp $	*/
 /*      $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $      */
 
 /*
@@ -81,7 +81,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)ifconfig.c	8.2 (Berkeley) 2/16/94";
 #else
-static char rcsid[] = "$OpenBSD: ifconfig.c,v 1.24 1999/12/20 09:28:47 itojun Exp $";
+static char rcsid[] = "$OpenBSD: ifconfig.c,v 1.25 1999/12/27 03:14:39 angelos Exp $";
 #endif
 #endif /* not lint */
 
@@ -96,6 +96,8 @@ static char rcsid[] = "$OpenBSD: ifconfig.c,v 1.24 1999/12/20 09:28:47 itojun Ex
 #include <netinet/in_var.h>
 #include <netinet6/nd6.h>
 #include <arpa/inet.h>
+#include <netinet/ip_ipsp.h>
+#include <net/if_enc.h>
 
 #include <netatalk/at.h>
 
@@ -163,6 +165,7 @@ void 	setsnpaoffset __P((char *));
 void	setipxframetype __P((char *, int));
 void    setatrange __P((char *, int));
 void    setatphase __P((char *, int));  
+void	setsa __P((char *));
 #ifdef INET6
 void 	setia6flags __P((char *, int));
 void	setia6pltime __P((char *, int));
@@ -244,6 +247,7 @@ struct	cmd {
 	{ "snap",	ETHERTYPE_SNAP,	0,		setipxframetype },
 	{ "EtherII",	ETHERTYPE_II,	0,		setipxframetype },
 #endif	/* INET_ONLY */
+	{ "setsa",	NEXTARG,	0,		setsa } ,
 	{ "link0",	IFF_LINK0,	0,		setifflags } ,
 	{ "-link0",	-IFF_LINK0,	0,		setifflags } ,
 	{ "link1",	IFF_LINK1,	0,		setifflags } ,
@@ -636,6 +640,65 @@ setifaddr(addr, param)
 }
 
 void
+setsa(sa)
+	char *sa;
+{
+	char *p1, *p2, *p;
+	struct ifsa ifsa;
+
+	bzero(&ifsa, sizeof(ifsa));
+
+	strlcpy(ifsa.sa_ifname, name, sizeof ifsa.sa_ifname);
+
+	p1 = strchr(sa, '/');
+	if (p1 == NULL)
+		errx(1, "invalid SA");
+	else
+		*(p1++) = '\0';
+
+	if (*p1 == '/')
+		errx(1, "missing SPI");
+
+	p2 = strchr(p1, '/');
+	if (p2 == NULL)
+		errx(1, "invalid SA");
+	else
+		*(p2++) = '\0';
+
+	if (*p2 == '\0')
+		errx(1, "invalid security protocol");
+
+#ifdef INET6
+	if (strchr(sa, ':'))
+	{
+		inet_pton(AF_INET6, sa, &ifsa.sa_dst.sin6.sin6_addr);
+		ifsa.sa_dst.sin6.sin6_family = AF_INET6;
+		ifsa.sa_dst.sin6.sin6_len = sizeof(struct sockaddr_in6);
+	}
+	else
+#endif /* INET6 */
+	if (strchr(sa, '.'))
+	{
+	  	inet_pton(AF_INET, sa, &ifsa.sa_dst.sin.sin_addr);
+		ifsa.sa_dst.sin.sin_family = AF_INET;
+		ifsa.sa_dst.sin.sin_len = sizeof(struct sockaddr_in);
+	}
+	else
+	  	errx(1, "unknown address family");
+
+	ifsa.sa_spi = htonl(strtoul(p1, &p, 16));
+	if ((p == NULL) || ((*p != '\0') && (*p != '/')))
+		errx(1, "bad SPI");
+
+	ifsa.sa_proto = strtoul(p2, &p, 10);
+	if ((p == NULL) || (*p != '\0'))
+		errx(1, "bad security protocol");
+
+	if (ioctl(s, SIOCSENCSA, (caddr_t)&ifsa) < 0)
+		warn("SIOCSENCSA");
+}
+
+void
 setifnetmask(addr)
 	char *addr;
 {
@@ -1904,6 +1967,7 @@ usage()
 		"[ netmask mask ] ]\n"
 		"\t[media media_type] [mediaopt media_option]\n"
 		"\t[ metric n ]\n"
+		"\t[ setsa address/spi/protocol ]\n"
 		"\t[ arp | -arp ]\n"
 		"\t[ -802.2 | -802.3 | -802.2tr | -snap | -EtherII ]\n"
 		"\t[ link0 | -link0 ] [ link1 | -link1 ] [ link2 | -link2 ]\n"