summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
diff options
context:
space:
mode:
authorHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2005-07-07 21:13:01 +0000
committerHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2005-07-07 21:13:01 +0000
commitc72f30b2467e073602a1ee4109d550af0cadecc0 (patch)
treebe9f1caf8936f90f4ba07f2297652f41b2ce17ea /sbin/ipsecctl
parent8a5114c9f5c0e7096e76478d33bdac4c2cdc8454 (diff)
Do not mix rule types with flow types
Diffstat (limited to 'sbin/ipsecctl')
-rw-r--r--sbin/ipsecctl/ipsecctl.c3
-rw-r--r--sbin/ipsecctl/ipsecctl.h6
-rw-r--r--sbin/ipsecctl/pfkey.c16
3 files changed, 14 insertions, 11 deletions
diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c
index 5f42601b3a2..b1a562e7aed 100644
--- a/sbin/ipsecctl/ipsecctl.c
+++ b/sbin/ipsecctl/ipsecctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecctl.c,v 1.14 2005/07/07 21:00:07 hshoexer Exp $ */
+/* $OpenBSD: ipsecctl.c,v 1.15 2005/07/07 21:13:00 hshoexer Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -266,6 +266,7 @@ ipsecctl_get_rules(struct ipsecctl *ipsec)
if (rule == NULL)
err(1, "malloc");
rule->nr = ipsec->rule_nr++;
+ rule->type = RULE_FLOW;
if (pfkey_parse(msg, rule))
errx(1, "failed to parse pfkey message");
diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h
index f84075125ad..b70d72add69 100644
--- a/sbin/ipsecctl/ipsecctl.h
+++ b/sbin/ipsecctl/ipsecctl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecctl.h,v 1.8 2005/07/07 21:00:08 hshoexer Exp $ */
+/* $OpenBSD: ipsecctl.h,v 1.9 2005/07/07 21:13:00 hshoexer Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -67,6 +67,8 @@ struct ipsec_auth {
/* Complete state of one rule. */
struct ipsec_rule {
+ u_int8_t type;
+
struct ipsec_addr *src;
struct ipsec_addr *dst;
struct ipsec_addr *peer;
@@ -74,7 +76,7 @@ struct ipsec_rule {
u_int8_t proto;
u_int8_t direction;
- u_int8_t type;
+ u_int8_t flowtype;
u_int32_t nr;
TAILQ_ENTRY(ipsec_rule) entries;
diff --git a/sbin/ipsecctl/pfkey.c b/sbin/ipsecctl/pfkey.c
index ce6d2341797..2d61022eccb 100644
--- a/sbin/ipsecctl/pfkey.c
+++ b/sbin/ipsecctl/pfkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkey.c,v 1.11 2005/07/07 20:58:28 hshoexer Exp $ */
+/* $OpenBSD: pfkey.c,v 1.12 2005/07/07 21:13:00 hshoexer Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
* Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org>
@@ -442,25 +442,25 @@ pfkey_parse(struct sadb_msg *msg, struct ipsec_rule *rule)
}
switch (sproto->sadb_protocol_proto) {
case SADB_X_FLOW_TYPE_USE:
- rule->type = TYPE_USE;
+ rule->flowtype = TYPE_USE;
break;
case SADB_X_FLOW_TYPE_ACQUIRE:
- rule->type = TYPE_ACQUIRE;
+ rule->flowtype = TYPE_ACQUIRE;
break;
case SADB_X_FLOW_TYPE_REQUIRE:
- rule->type = TYPE_REQUIRE;
+ rule->flowtype = TYPE_REQUIRE;
break;
case SADB_X_FLOW_TYPE_DENY:
- rule->type = TYPE_DENY;
+ rule->flowtype = TYPE_DENY;
break;
case SADB_X_FLOW_TYPE_BYPASS:
- rule->type = TYPE_BYPASS;
+ rule->flowtype = TYPE_BYPASS;
break;
case SADB_X_FLOW_TYPE_DONTACQ:
- rule->type = TYPE_DONTACQ;
+ rule->flowtype = TYPE_DONTACQ;
break;
default:
- rule->type = TYPE_UNKNOWN;
+ rule->flowtype = TYPE_UNKNOWN;
break;
}
break;