diff options
author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1997-07-15 00:38:16 +0000 |
---|---|---|
committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1997-07-15 00:38:16 +0000 |
commit | 25cd5ae9fcfc1df67e3f8ae81ad01e57b6184942 (patch) | |
tree | 2cb4ad223c18be2309d9c54ade97d599b23f42c8 /sbin/sysctl | |
parent | 01b9cd8197607807bcfcf13d3a660c9ee170492f (diff) |
sysctl for PF_ENCAP.
Diffstat (limited to 'sbin/sysctl')
-rw-r--r-- | sbin/sysctl/sysctl.8 | 3 | ||||
-rw-r--r-- | sbin/sysctl/sysctl.c | 97 |
2 files changed, 79 insertions, 21 deletions
diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index fa0511b8646..9ffc0ea4fd7 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.9 1997/06/14 21:37:11 mickey Exp $ +.\" $OpenBSD: sysctl.8,v 1.10 1997/07/15 00:38:14 angelos Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -159,6 +159,7 @@ privilege can change the value. .It net.inet.udp.checksum integer yes .It net.ipx.ipx.recvspace integer yes .It net.ipx.ipx.sendspace integer yes +.It net.ipsec.encap.encdebug integer yes .It debug.syncprt integer yes .It debug.busyprt integer yes .It debug.doclusterread integer yes diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c index 91e93393cec..5812842bb17 100644 --- a/sbin/sysctl/sysctl.c +++ b/sbin/sysctl/sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.c,v 1.11 1997/06/28 07:05:34 deraadt Exp $ */ +/* $OpenBSD: sysctl.c,v 1.12 1997/07/15 00:38:15 angelos Exp $ */ /* $NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $ */ /* @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)sysctl.c 8.1 (Berkeley) 6/6/93"; #else -static char *rcsid = "$OpenBSD: sysctl.c,v 1.11 1997/06/28 07:05:34 deraadt Exp $"; +static char *rcsid = "$OpenBSD: sysctl.c,v 1.12 1997/07/15 00:38:15 angelos Exp $"; #endif #endif /* not lint */ @@ -73,6 +73,8 @@ static char *rcsid = "$OpenBSD: sysctl.c,v 1.11 1997/06/28 07:05:34 deraadt Exp #include <netipx/spx_var.h> #include <ddb/db_var.h> #include <dev/rndvar.h> +#include <net/encap.h> +#include <netinet/ip_ipsp.h> #include <errno.h> #include <stdio.h> @@ -133,6 +135,7 @@ void parse __P(( char *string, int flags)); void listall __P((char *prefix, struct list *lp)); int findname __P((char *string, char *level, char **bufp, struct list *namelist)); int sysctl_inet __P((char *string, char **bufpp, int mib[], int flags, int *typep)); +int sysctl_ipsec __P((char *string, char **bufpp, int mib[], int flags, int *typep)); int sysctl_ipx __P((char *string, char **bufpp, int mib[], int flags, int *typep)); int sysctl_fs __P((char *string, char **bufpp, int mib[], int flags, int *typep)); @@ -355,6 +358,12 @@ parse(string, flags) break; return; } + if (mib[1] == PF_ENCAP) { + len = sysctl_ipsec(string, &bufp, mib, flags, &type); + if (len >= 0) + break; + return; + } if (flags == 0) return; fprintf(stderr, "Use netstat to view %s information\n", string); @@ -578,6 +587,54 @@ sysctl_fs(string, bufpp, mib, flags, typep) return (3); } +struct ctlname encapname[] = ENCAPCTL_NAMES; +struct ctlname ipsecname[] = CTL_IPSEC_NAMES; +struct list ipseclist = { ipsecname, IPSECCTL_MAXID }; +struct list ipsecvars[] = { + { encapname, ENCAPCTL_MAXID }, +}; + +/* + * handle ipsec requests + */ +int +sysctl_ipsec(string, bufpp, mib, flags, typep) + char *string; + char **bufpp; + int mib[]; + int flags; + int *typep; +{ + struct list *lp; + int indx; + + if (*bufpp == NULL) { + listall(string, &ipseclist); + return (-1); + } + if ((indx = findname(string, "third", bufpp, &ipseclist)) == -1) + return (-1); + mib[2] = indx; + if (indx <= IPSECCTL_MAXID && ipsecvars[indx].list != NULL) + lp = &ipsecvars[indx]; + else if (!flags) + return (-1); + else { + fprintf(stderr, "%s: no variables defined for this protocol\n", + string); + return (-1); + } + if (*bufpp == NULL) { + listall(string, lp); + return (-1); + } + if ((indx = findname(string, "fourth", bufpp, lp)) == -1) + return (-1); + mib[3] = indx; + *typep = lp->list[indx].ctl_type; + return (4); +} + struct ctlname inetname[] = CTL_IPPROTO_NAMES; struct ctlname ipname[] = IPCTL_NAMES; struct ctlname icmpname[] = ICMPCTL_NAMES; @@ -585,24 +642,24 @@ struct ctlname tcpname[] = TCPCTL_NAMES; struct ctlname udpname[] = UDPCTL_NAMES; struct list inetlist = { inetname, IPPROTO_MAXID }; struct list inetvars[] = { - { ipname, IPCTL_MAXID }, /* ip */ - { icmpname, ICMPCTL_MAXID }, /* icmp */ - { 0, 0 }, /* igmp */ - { 0, 0 }, /* ggmp */ - { 0, 0 }, - { 0, 0 }, - { tcpname, TCPCTL_MAXID }, /* tcp */ - { 0, 0 }, - { 0, 0 }, /* egp */ - { 0, 0 }, - { 0, 0 }, - { 0, 0 }, - { 0, 0 }, /* pup */ - { 0, 0 }, - { 0, 0 }, - { 0, 0 }, - { 0, 0 }, - { udpname, UDPCTL_MAXID }, /* udp */ + { ipname, IPCTL_MAXID }, /* ip */ + { icmpname, ICMPCTL_MAXID }, /* icmp */ + { 0, 0 }, /* igmp */ + { 0, 0 }, /* ggmp */ + { 0, 0 }, + { 0, 0 }, + { tcpname, TCPCTL_MAXID }, /* tcp */ + { 0, 0 }, + { 0, 0 }, /* egp */ + { 0, 0 }, + { 0, 0 }, + { 0, 0 }, + { 0, 0 }, /* pup */ + { 0, 0 }, + { 0, 0 }, + { 0, 0 }, + { 0, 0 }, + { udpname, UDPCTL_MAXID }, /* udp */ }; /* |