diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-01-13 04:46:19 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-01-13 04:46:19 +0000 |
| commit | 25328c7d1851184a3af3ed4fb91bc7b2ad2bb47a (patch) | |
| tree | d21c6a97b378442c197479f527fa2d5b3e8f1ca4 /sbin/ipsecadm/ipsecadm.c | |
| parent | 81b85a5b8e16ba048122544e816d7a636ae4bee0 (diff) | |
Add -ingress flag
Diffstat (limited to 'sbin/ipsecadm/ipsecadm.c')
| -rw-r--r-- | sbin/ipsecadm/ipsecadm.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/sbin/ipsecadm/ipsecadm.c b/sbin/ipsecadm/ipsecadm.c index f42e874d911..f59c17413bf 100644 --- a/sbin/ipsecadm/ipsecadm.c +++ b/sbin/ipsecadm/ipsecadm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecadm.c,v 1.29 2000/01/09 22:53:40 angelos Exp $ */ +/* $OpenBSD: ipsecadm.c,v 1.30 2000/01/13 04:46:18 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -205,6 +205,7 @@ usage() "\t -bypass\t\t\t create/delete a bypass flow\n" "\t -sport\t\t\t source port for flow\n" "\t -dport\t\t\t destination port for flow\n" + "\t -ingress\t\t\t flow is ingress access control entry\n" "\t -[ah|esp|oldah|oldesp|ip4]\t to flush a particular protocol\n" "\talso: dst2, spi2, proto2\n" ); @@ -214,7 +215,7 @@ int main(int argc, char **argv) { int auth = 0, enc = 0, klen = 0, alen = 0, mode = ESP_NEW, i = 0; - int proto = IPPROTO_ESP, proto2 = IPPROTO_AH; + int proto = IPPROTO_ESP, proto2 = IPPROTO_AH, ingress = 0; int dport = -1, sport = -1, tproto = -1, setmask = 0; u_int32_t spi = SPI_RESERVED_MIN, spi2 = SPI_RESERVED_MIN; union sockaddr_union *src, *dst, *dst2, *osrc, *odst, *osmask; @@ -810,7 +811,7 @@ main(int argc, char **argv) continue; } - if (!strcmp(argv[i] + 1, "bypass") && iscmd(mode, FLOW) && !bypass) + if (!strcmp(argv[i] + 1, "bypass") && iscmd(mode, FLOW)) { /* Setup everything for a bypass flow */ bypass = 1; @@ -886,6 +887,13 @@ main(int argc, char **argv) continue; } + if (!strcmp(argv[i] + 1, "ingress") && iscmd(mode, FLOW)) + { + sa.sadb_sa_flags |= SADB_X_SAFLAGS_INGRESS_FLOW; + ingress = 1; + continue; + } + if (!strcmp(argv[i] + 1, "dport") && iscmd(mode, FLOW) && (i + 1 < argc)) { @@ -1208,6 +1216,12 @@ main(int argc, char **argv) exit(1); } + if (bypass && ingress) + { + fprintf(stderr, "%s: cannot specify \"-bypass\" and \"-ingress\" simultaneously\n", argv[0]); + exit(1); + } + if ((klen > 2 * 8100) || (alen > 2 * 8100)) { fprintf(stderr, "%s: key too long\n", argv[0]); |