diff options
author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2008-06-14 00:57:31 +0000 |
---|---|---|
committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2008-06-14 00:57:31 +0000 |
commit | 1cdebcfc1b3c19092b8446a14320ed29ec834eee (patch) | |
tree | 0e29e64e4fc0012682c4cfdc5e2c99c70c91374f /sbin/ipsecctl | |
parent | 17def441df7ddc17cfe4a8d60851ce9c57f5997d (diff) |
Move ike and flow peer selection to common function.
No functional change yet.
ok hshoexer
Diffstat (limited to 'sbin/ipsecctl')
-rw-r--r-- | sbin/ipsecctl/parse.y | 69 |
1 files changed, 31 insertions, 38 deletions
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index 6d302061409..ff7569ccc8a 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.135 2008/06/11 22:11:20 bluhm Exp $ */ +/* $OpenBSD: parse.y,v 1.136 2008/06/14 00:57:30 bluhm Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -168,7 +168,7 @@ struct ipsec_addr_wrap *copyhost(const struct ipsec_addr_wrap *); char *copytag(const char *); struct ipsec_rule *copyrule(struct ipsec_rule *); int validate_af(struct ipsec_addr_wrap *, - struct ipsec_addr_wrap *); + struct ipsec_addr_wrap *); int validate_sa(u_int32_t, u_int8_t, struct ipsec_transforms *, struct ipsec_key *, struct ipsec_key *, u_int8_t); @@ -183,6 +183,8 @@ struct ipsec_rule *create_sagroup(struct ipsec_addr_wrap *, u_int8_t, struct ipsec_rule *create_flow(u_int8_t, u_int8_t, struct ipsec_hosts *, struct ipsec_hosts *, u_int8_t, char *, char *, u_int8_t); +void set_rule_peers(struct ipsec_rule *r, + struct ipsec_hosts *peers); void expand_any(struct ipsec_addr_wrap *); int expand_rule(struct ipsec_rule *, u_int8_t, u_int32_t, struct ipsec_key *, struct ipsec_key *, int); @@ -2340,24 +2342,11 @@ create_flow(u_int8_t dir, u_int8_t proto, struct ipsec_hosts *hosts, if (type == TYPE_DENY || type == TYPE_BYPASS) return (r); - r->local = peers->src; - if (peers->dst == NULL) { - /* Set peer to remote host. Must be a host address. */ - if (r->direction == IPSEC_IN) { - if (r->src->netaddress) { - yyerror("no peer specified"); - goto errout; - } - r->peer = copyhost(r->src); - } else { - if (r->dst->netaddress) { - yyerror("no peer specified"); - goto errout; - } - r->peer = copyhost(r->dst); - } - } else - r->peer = peers->dst; + set_rule_peers(r, peers); + if (r->peer == NULL) { + yyerror("no peer specified"); + goto errout; + } r->auth = calloc(1, sizeof(struct ipsec_auth)); if (r->auth == NULL) @@ -2408,6 +2397,27 @@ expand_any(struct ipsec_addr_wrap *ipa_in) ipa->next->next = oldnext; } } + +void +set_rule_peers(struct ipsec_rule *r, struct ipsec_hosts *peers) +{ + r->local = peers->src; + r->peer = peers->dst; + if (r->peer == NULL) { + /* Set peer to remote host. Must be a host address. */ + if (r->direction == IPSEC_IN) { + if (r->src->netaddress) + r->peer = NULL; + else + r->peer = copyhost(r->src); + } else { + if (r->dst->netaddress) + r->peer = NULL; + else + r->peer = copyhost(r->dst); + } + } +} int expand_rule(struct ipsec_rule *rule, u_int8_t direction, u_int32_t spi, @@ -2565,24 +2575,7 @@ create_ike(u_int8_t proto, struct ipsec_hosts *hosts, struct ipsec_hosts *peers, return NULL; } - if (peers->dst == NULL) { - /* Set peer to remote host. Must be a host address. */ - if (r->direction == IPSEC_IN) { - if (r->src->netaddress) - r->peer = NULL; - else - r->peer = copyhost(r->src); - } else { - if (r->dst->netaddress) - r->peer = NULL; - else - r->peer = copyhost(r->dst); - } - } else - r->peer = peers->dst; - - if (peers->src) - r->local = peers->src; + set_rule_peers(r, peers); r->satype = satype; r->tmode = tmode; |