summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/parse.y
diff options
context:
space:
mode:
authorChristian Weisgerber <naddy@cvs.openbsd.org>2006-06-02 15:43:38 +0000
committerChristian Weisgerber <naddy@cvs.openbsd.org>2006-06-02 15:43:38 +0000
commit91d71383641fdc673fbe4f3fa8ee5acab22e3bb6 (patch)
tree2c00d261d9d24559e3e9e380d9a6a6ed6ee3555e /sbin/ipsecctl/parse.y
parent16f51895c695dd96d7876b703d69137146fd3da4 (diff)
support tcp/udp port modifiers in ike rules
"put it in if it doesn't break regress" hshoexer@
Diffstat (limited to 'sbin/ipsecctl/parse.y')
-rw-r--r--sbin/ipsecctl/parse.y24
1 files changed, 23 insertions, 1 deletions
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index d1bc03cac6f..37aa641c9e8 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.96 2006/06/02 05:59:31 hshoexer Exp $ */
+/* $OpenBSD: parse.y,v 1.97 2006/06/02 15:43:37 naddy Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -2238,7 +2238,29 @@ create_ike(u_int8_t proto, struct ipsec_hosts *hosts, struct ipsec_hosts *peers,
r->proto = proto;
r->src = hosts->src;
+ r->sport = hosts->sport;
r->dst = hosts->dst;
+ r->dport = hosts->dport;
+ if ((hosts->sport != 0 || hosts->dport != 0) &&
+ (proto != IPPROTO_TCP && proto != IPPROTO_UDP)) {
+ yyerror("no protocol supplied with source/destination ports");
+ free(r);
+ free(hosts->src);
+ free(hosts->dst);
+ if (mainmode) {
+ free(mainmode->xfs);
+ free(mainmode->life);
+ }
+ if (quickmode) {
+ free(quickmode->xfs);
+ free(quickmode->life);
+ }
+ if (srcid)
+ free(srcid);
+ if (dstid)
+ free(dstid);
+ return NULL;
+ }
if (peers->dst == NULL) {
/* Set peer to remote host. Must be a host address. */
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-17 08:01:59 +0000