diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2007-01-03 12:17:44 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2007-01-03 12:17:44 +0000 |
| commit | 93e8aa55dd50b47672de31b3b779d3bbcbfd0949 (patch) | |
| tree | 715a0ae33b3d42879fe996e0546cf2ccf67f7fa7 /sbin/ipsecctl | |
| parent | 8f2a7094ed1bf1b16d6d21f6060e5890a0a10cc4 (diff) | |
do not print secret keys by default, -k restores old behaviour; ok hshoexer
Diffstat (limited to 'sbin/ipsecctl')
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.8 | 6 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.c | 10 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.h | 3 | ||||
| -rw-r--r-- | sbin/ipsecctl/pfkdump.c | 7 |
4 files changed, 19 insertions, 7 deletions
diff --git a/sbin/ipsecctl/ipsecctl.8 b/sbin/ipsecctl/ipsecctl.8 index a098173ce80..5b4a1e720b7 100644 --- a/sbin/ipsecctl/ipsecctl.8 +++ b/sbin/ipsecctl/ipsecctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsecctl.8,v 1.23 2006/09/29 10:51:27 jmc Exp $ +.\" $OpenBSD: ipsecctl.8,v 1.24 2007/01/03 12:17:43 markus Exp $ .\" .\" Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> .\" @@ -22,7 +22,7 @@ .Nd control flows for IPsec .Sh SYNOPSIS .Nm ipsecctl -.Op Fl dFmnv +.Op Fl dFkmnv .Oo Fl D Ar macro Ns = .Ar value Oc .Op Fl f Ar file @@ -67,6 +67,8 @@ option flushes the SPD and the SAD. .It Fl f Ar file Load the rules contained in .Ar file . +.It Fl k +Show secret keying material when printing the active SAD entries. .It Fl m Continuously display all .Dv PF_KEY diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c index a64dbe412e0..d64c2a44cc7 100644 --- a/sbin/ipsecctl/ipsecctl.c +++ b/sbin/ipsecctl/ipsecctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.c,v 1.64 2006/11/30 15:51:28 markus Exp $ */ +/* $OpenBSD: ipsecctl.c,v 1.65 2007/01/03 12:17:43 markus Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -648,16 +648,18 @@ main(int argc, char *argv[]) if (argc < 2) usage(); - while ((ch = getopt(argc, argv, "D:df:Fmnvs:")) != -1) { + while ((ch = getopt(argc, argv, "D:df:Fkmnvs:")) != -1) { switch (ch) { case 'D': if (cmdline_symset(optarg) < 0) warnx("could not parse macro definition %s", optarg); break; + case 'd': opts |= IPSECCTL_OPT_DELETE; break; + case 'f': rulesopt = optarg; break; @@ -666,6 +668,10 @@ main(int argc, char *argv[]) opts |= IPSECCTL_OPT_FLUSH; break; + case 'k': + opts |= IPSECCTL_OPT_SHOWKEY; + break; + case 'm': opts |= IPSECCTL_OPT_MONITOR; break; diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h index e99691f41ec..789ba2f1bb1 100644 --- a/sbin/ipsecctl/ipsecctl.h +++ b/sbin/ipsecctl/ipsecctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.h,v 1.52 2006/11/30 15:51:28 markus Exp $ */ +/* $OpenBSD: ipsecctl.h,v 1.53 2007/01/03 12:17:43 markus Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -28,6 +28,7 @@ #define IPSECCTL_OPT_FLUSH 0x0100 #define IPSECCTL_OPT_DELETE 0x0200 #define IPSECCTL_OPT_MONITOR 0x0400 +#define IPSECCTL_OPT_SHOWKEY 0x0800 enum { ACTION_ADD, ACTION_DELETE diff --git a/sbin/ipsecctl/pfkdump.c b/sbin/ipsecctl/pfkdump.c index 461ec13882b..bcfa10bd5f6 100644 --- a/sbin/ipsecctl/pfkdump.c +++ b/sbin/ipsecctl/pfkdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkdump.c,v 1.23 2006/11/24 13:52:13 reyk Exp $ */ +/* $OpenBSD: pfkdump.c,v 1.24 2007/01/03 12:17:43 markus Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. @@ -618,7 +618,10 @@ pfkey_print_sa(struct sadb_msg *msg, int opts) setup_extensions(msg); sa = (struct sadb_sa *)extensions[SADB_EXT_SA]; - + if (!(opts & IPSECCTL_OPT_SHOWKEY)) { + extensions[SADB_EXT_KEY_AUTH] = NULL; + extensions[SADB_EXT_KEY_ENCRYPT] = NULL; + } bzero(&r, sizeof r); r.type |= RULE_SA; r.tmode = (msg->sadb_msg_satype != SADB_X_SATYPE_TCPSIGNATURE) && |