summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
diff options
context:
space:
mode:
authorMike Belopuhov <mikeb@cvs.openbsd.org>2012-06-29 15:01:08 +0000
committerMike Belopuhov <mikeb@cvs.openbsd.org>2012-06-29 15:01:08 +0000
commite91992f52a22a0dab6b9b41462ff1cef325170a0 (patch)
tree0a8da5d849bca7deebfd8ac909baf67155f2d33a /sbin/ipsecctl
parent1b047c0a705eb03c70912339bdc1e73ea765c248 (diff)
Print esn flag when dumping SAs with ESN enabled
Diffstat (limited to 'sbin/ipsecctl')
-rw-r--r--sbin/ipsecctl/ipsecctl.c6
-rw-r--r--sbin/ipsecctl/ipsecctl.h3
-rw-r--r--sbin/ipsecctl/pfkdump.c3
3 files changed, 8 insertions, 4 deletions
diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c
index feff5c074ff..17f047ef145 100644
--- a/sbin/ipsecctl/ipsecctl.c
+++ b/sbin/ipsecctl/ipsecctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecctl.c,v 1.75 2011/11/08 16:49:32 jmc Exp $ */
+/* $OpenBSD: ipsecctl.c,v 1.76 2012/06/29 15:01:07 mikeb Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -360,13 +360,15 @@ void
ipsecctl_print_sa(struct ipsec_rule *r, int opts)
{
printf("%s ", satype[r->satype]);
- /* tunnel/transport is only meaningful esp/ah/ipcomp */
+ /* tunnel/transport is only meaningful for esp/ah/ipcomp */
if (r->satype != IPSEC_TCPMD5 && r->satype != IPSEC_IPIP)
printf("%s ", tmode[r->tmode]);
printf("from ");
ipsecctl_print_addr(r->src);
printf(" to ");
ipsecctl_print_addr(r->dst);
+ if (r->esn)
+ printf(" esn");
printf(" spi 0x%08x", r->spi);
if (r->satype != IPSEC_TCPMD5) {
diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h
index 00463217733..97bea69ee67 100644
--- a/sbin/ipsecctl/ipsecctl.h
+++ b/sbin/ipsecctl/ipsecctl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecctl.h,v 1.62 2011/11/08 13:26:06 henning Exp $ */
+/* $OpenBSD: ipsecctl.h,v 1.63 2012/06/29 15:01:07 mikeb Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -203,6 +203,7 @@ struct ipsec_rule {
u_int8_t ikemode;
u_int8_t p1ie;
u_int8_t p2ie;
+ u_int8_t esn;
u_int16_t sport;
u_int16_t dport;
u_int32_t spi;
diff --git a/sbin/ipsecctl/pfkdump.c b/sbin/ipsecctl/pfkdump.c
index cf8a72785d1..2c3a668e942 100644
--- a/sbin/ipsecctl/pfkdump.c
+++ b/sbin/ipsecctl/pfkdump.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkdump.c,v 1.30 2011/04/13 11:31:27 markus Exp $ */
+/* $OpenBSD: pfkdump.c,v 1.31 2012/06/29 15:01:07 mikeb Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
@@ -637,6 +637,7 @@ pfkey_print_sa(struct sadb_msg *msg, int opts)
r.tmode = (msg->sadb_msg_satype != SADB_X_SATYPE_TCPSIGNATURE) &&
(sa->sadb_sa_flags & SADB_X_SAFLAGS_TUNNEL) ?
IPSEC_TUNNEL : IPSEC_TRANSPORT;
+ r.esn = sa->sadb_sa_flags & SADB_X_SAFLAGS_ESN ? 1 : 0;
r.spi = ntohl(sa->sadb_sa_spi);
switch (msg->sadb_msg_satype) {