src - OpenBSD base system

diff options


context:
space:
mode:

author	Angelos D. Keromytis <angelos@cvs.openbsd.org>	2000-12-30 21:56:45 +0000
committer	Angelos D. Keromytis <angelos@cvs.openbsd.org>	2000-12-30 21:56:45 +0000
commit	7130e4c18934f87382bde47f06cc6f135cbc8c82 (patch)
tree	7c2b2613cf78523704aad96dcbbdfaa1dd2923da /sbin
parent	35220a7dfc57814ada86559fee19068a7452223e (diff)

Remove the dstsa/srcsa/clearsa directives, the bridge will be using

the gif interface instead.

Diffstat (limited to 'sbin')

-rw-r--r--

sbin/ifconfig/ifconfig.8

-rw-r--r--

sbin/ifconfig/ifconfig.c

104

2 files changed, 3 insertions, 176 deletions

diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index ddae3e64f7d..9a9cea09d45 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8

@@ -1,4 +1,4 @@

-.\" $OpenBSD: ifconfig.8,v 1.48 2000/10/17 21:56:06 naddy Exp $

+.\" $OpenBSD: ifconfig.8,v 1.49 2000/12/30 21:56:43 angelos Exp $

.\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $

.\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $

.\"

@@ -182,15 +182,6 @@ Clear the IPv6 anycast address bit.

Specify the address to use to represent broadcasts to the

network.

The default broadcast address is the address with a host part of all 1's.

-.It Cm clearsa

-Remove the binding between an SA and an

-.Xr enc 4

-interface, such as established with the

-.Cm srcsa

-or

-.Cm dstsa

-flags.

-If the all-zeroes SA is specified, the sending SA is cleared by default.

.It Cm debug

Enable driver dependent debugging code; usually, this turns on

extra console error logging.

@@ -215,45 +206,6 @@ the system will not attempt to

transmit messages through that interface.

If possible, the interface will be reset to disable reception as well.

This action automatically disables routes using the interface.

-.It Cm dstsa

-Bind an

-.Xr ipsec 4

-Security Association (SA) to an

-.Xr enc 4

-interface.

-The interface can then be used in conjunction with the

-.Xr bridge 4

-to establish virtual Local Area Networks (LANs).

-The SA is specified as

-.Ar address/SPI/protocol ,

-where

-.Ar address

-is an IPv4 or IPv6 address,

-.Ar SPI

-is a hexadecimal number, and

-.Ar protocol

-is a decimal number identifying the security protocol (typically 50

-for ESP, 51 for AH, or 4 for IP-in-IP).

-The SA must exist for the operation to be successfully completed.

-Typically, such SAs would be

-established via

-.Xr ipsecadm 1 .

-This SA will be used to send packets to a remote host via

-.Xr ipsec 4 .

-If the

-.Ar 0.0.0.0/0/0

-or

-.Ar ::/0/0

-SA is specified, any existing binding between the corresponding

-.Xr enc 4

-interface and the SA is cleared (in fact, just the SPI and the protocol

-part of the SA have to be set to zero).

-Only one SA may be bound to an

-.Xr enc 4

-interface at a time.

-SAs may not be bound to the

-.Dq enc0

-interface.

.It Cm giftunnel

Set the source and destination tunnel addresses on a

.Xr gif 4

@@ -435,31 +387,6 @@ AppleTalk uses this scheme instead of

netmasks though

.Ox

implements it internally as a set of netmasks.

-.It Cm srcsa

-Similar to

-.Cm dstsa ,

-this operation binds an

-.Xr ipsec 4

-SA to an

-.Xr enc 4

-interface.

-The SAs bound via this operation are receiving SAs.

-Any packets received over one of these SAs, will be made to appear as if

-it arrived by the corresponding

-.Xr enc 4

-interface.

-If the interface is part of a bridge, the packets will be

-delivered to the bridge.

-Contrary to the

-.Cm dstsa

-flag, multiple SAs may be bound to an

-.Xr enc 4

-interface via this operation.

-Similar to the

-.Cm dstsa

-flag, no SAs may be bound to the

-.Dq enc0

-interface.

.It Cm tentative

(inet6 only)

Set the IPv6 tentative address bit.

diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index fc3fa3ee2b6..2299980fc30 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ifconfig.c,v 1.42 2000/12/18 07:00:17 mickey Exp $ */

+/* $OpenBSD: ifconfig.c,v 1.43 2000/12/30 21:56:44 angelos Exp $ */

/* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */

@@ -81,7 +81,7 @@ static char copyright[] =

#if 0

static char sccsid[] = "@(#)ifconfig.c 8.2 (Berkeley) 2/16/94";

#else

-static char rcsid[] = "$OpenBSD: ifconfig.c,v 1.42 2000/12/18 07:00:17 mickey Exp $";

+static char rcsid[] = "$OpenBSD: ifconfig.c,v 1.43 2000/12/30 21:56:44 angelos Exp $";

#endif

#endif /* not lint */

@@ -177,9 +177,6 @@ void setipxframetype __P((char *, int));

void setatrange __P((char *, int));

void setatphase __P((char *, int));

void gifsettunnel __P((char *, char *));

-void dstsa __P((char *));

-void srcsa __P((char *));

-void clearsa __P((char *));

#ifdef INET6

void setia6flags __P((char *, int));

void setia6pltime __P((char *, int));

@@ -272,9 +269,6 @@ const struct cmd {

{ "-vlandev", 1, 0, unsetvlandev },

#endif /* INET_ONLY */

{ "giftunnel", NEXTARG2, 0, gifsettunnel } ,

- { "dstsa", NEXTARG, 0, dstsa } ,

- { "srcsa", NEXTARG, 0, srcsa } ,

- { "clearsa", NEXTARG, 0, clearsa } ,

{ "link0", IFF_LINK0, 0, setifflags } ,

{ "-link0", -IFF_LINK0, 0, setifflags } ,

{ "link1", IFF_LINK1, 0, setifflags } ,

@@ -825,97 +819,6 @@ gifsettunnel(src, dst)

freeaddrinfo(dstres);

}

-static void

-handlesa(cmd, sa)

- int cmd;

- char *sa;

- char *p1, *p2, *p;

- struct ifsa ifsa;

- struct addrinfo *res;

- struct protoent *prnt;

- int ecode;

- bzero(&ifsa, sizeof(ifsa));

- strlcpy(ifsa.sa_ifname, name, sizeof ifsa.sa_ifname);

- p1 = strchr(sa, '/');

- if (p1 == NULL)

- errx(1, "invalid SA");

- else

- *(p1++) = '\0';

- if (*p1 == '/')

- errx(1, "missing SPI");

- p2 = strchr(p1, '/');

- if (p2 == NULL)

- errx(1, "invalid SA");

- else

- *(p2++) = '\0';

- if (*p2 == '\0')

- errx(1, "invalid security protocol");

- if ((ecode = getaddrinfo(sa, NULL, NULL, &res)) != 0)

- errx(1, "error in parsing address string: %s",

- gai_strerror(ecode));

- bcopy(res->ai_addr, &ifsa.sa_dst, res->ai_addr->sa_len);

- freeaddrinfo(res);

- ifsa.sa_spi = htonl(strtoul(p1, &p, 16));

- if ((p == NULL) || ((*p != '\0') && (*p != '/')))

- errx(1, "bad SPI");

- ifsa.sa_proto = strtoul(p2, &p, 10);

- if ((p == NULL) || (*p != '\0')) {

- prnt = getprotobyname(p2);

- if (prnt == NULL)

- errx(1, "bad security protocol");

- ifsa.sa_proto = prnt->p_proto;

- }

- if (ioctl(s, cmd, (caddr_t)&ifsa) < 0) {

- switch (cmd) {

- case SIOCSENCDSTSA:

- warn("SIOCSENCDSTSA");

- break;

- case SIOCSENCSRCSA:

- warn("SIOCSENCSRCSA");

- break;

- case SIOCSENCCLEARSA:

- warn("SIOCSENCCLEARSA");

- break;

- }

-void

-dstsa(sa)

- char *sa;

- handlesa(SIOCSENCDSTSA, sa);

-void

-srcsa(sa)

- char *sa;

- handlesa(SIOCSENCSRCSA, sa);

-void

-clearsa(sa)

- char *sa;

- handlesa(SIOCSENCCLEARSA, sa);

void

setifnetmask(addr)

char *addr;

@@ -2366,9 +2269,6 @@ usage()

"\t[ metric n ]\n"

"\t[ mtu n ]\n"

"\t[ nwid netword_id ]\n"

- "\t[ dstsa address/spi/protocol ]\n"

- "\t[ srcsa address/spi/protocol ]\n"

- "\t[ clearsa address/spi/protocol ]\n"

"\t[ giftunnel srcaddress dstaddress ]\n"

"\t[ vlan n vlandev interface ]\n"

"\t[ arp | -arp ]\n"