diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-05-27 19:55:22 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-05-27 19:55:22 +0000 |
| commit | 34d02c6ecbcda7ff48ce7a357ce79709438388fe (patch) | |
| tree | 6869c216b4d4e666cf3cbaccde3fc3b6824f2547 /sbin | |
| parent | 7b2133333bb4d9e15c9e6ffc5a628e66a1c56f43 (diff) | |
show flow type (require, use, etc.)
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.c | 7 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.h | 7 | ||||
| -rw-r--r-- | sbin/ipsecctl/pfkey.c | 25 |
3 files changed, 35 insertions, 4 deletions
diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c index 39ead47825e..49172010023 100644 --- a/sbin/ipsecctl/ipsecctl.c +++ b/sbin/ipsecctl/ipsecctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.c,v 1.9 2005/05/27 15:33:49 hshoexer Exp $ */ +/* $OpenBSD: ipsecctl.c,v 1.10 2005/05/27 19:55:21 hshoexer Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -183,6 +183,8 @@ void ipsecctl_print_rule(struct ipsec_rule *r, int opts) { static const char *direction[] = {"?", "in", "out"}; + static const char *type[] = {"?", "use", "acquire", "require", "deny", + "bypass", "dontacq"}; static const char *proto[] = {"?", "esp", "ah"}; static const char *auth[] = {"?", "psk", "rsa"}; @@ -203,7 +205,8 @@ ipsecctl_print_rule(struct ipsec_rule *r, int opts) if (r->auth.dstid) printf("\n\tdstid %s", r->auth.dstid); if (r->auth.type > 0) - printf(" %s", auth[r->auth.type]); + printf("\n\t%s", auth[r->auth.type]); + printf("\n\ttype %s", type[r->type]); } printf("\n"); } diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h index a1d831aeb1b..267e3ef7289 100644 --- a/sbin/ipsecctl/ipsecctl.h +++ b/sbin/ipsecctl/ipsecctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.h,v 1.5 2005/05/27 05:19:55 hshoexer Exp $ */ +/* $OpenBSD: ipsecctl.h,v 1.6 2005/05/27 19:55:21 hshoexer Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -39,6 +39,10 @@ enum { enum { ID_UNKNOWN, ID_PREFIX, ID_FQDN, ID_UFQDN }; +enum { + TYPE_UNKNOWN, TYPE_USE, TYPE_ACQUIRE, TYPE_REQUIRE, TYPE_DENY, + TYPE_BYPASS, TYPE_DONTACQ +}; struct ipsec_addr { struct in_addr v4; @@ -66,6 +70,7 @@ struct ipsec_rule { u_int8_t proto; u_int8_t direction; + u_int8_t type; u_int32_t nr; TAILQ_ENTRY(ipsec_rule) entries; diff --git a/sbin/ipsecctl/pfkey.c b/sbin/ipsecctl/pfkey.c index 51df7f448aa..29c85f83e37 100644 --- a/sbin/ipsecctl/pfkey.c +++ b/sbin/ipsecctl/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.7 2005/05/27 19:15:44 hshoexer Exp $ */ +/* $OpenBSD: pfkey.c,v 1.8 2005/05/27 19:55:21 hshoexer Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org> @@ -435,6 +435,29 @@ pfkey_parse(struct sadb_msg *msg, struct ipsec_rule *rule) default: return (1); } + switch (sproto->sadb_protocol_proto) { + case SADB_X_FLOW_TYPE_USE: + rule->type = TYPE_USE; + break; + case SADB_X_FLOW_TYPE_ACQUIRE: + rule->type = TYPE_ACQUIRE; + break; + case SADB_X_FLOW_TYPE_REQUIRE: + rule->type = TYPE_REQUIRE; + break; + case SADB_X_FLOW_TYPE_DENY: + rule->type = TYPE_DENY; + break; + case SADB_X_FLOW_TYPE_BYPASS: + rule->type = TYPE_BYPASS; + break; + case SADB_X_FLOW_TYPE_DONTACQ: + rule->type = TYPE_DONTACQ; + break; + default: + rule->type = TYPE_UNKNOWN; + break; + } break; case SADB_X_EXT_SRC_FLOW: |