diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2008-04-11 00:05:52 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2008-04-11 00:05:52 +0000 |
| commit | 15a7904588661dee128737d8ccff728da3d5b818 (patch) | |
| tree | 091a44db668f40b0c45ee05ab9fc0bd431999457 /sbin | |
| parent | ca31726a0b98ca5ca3caaf50a8f5ca284988eb81 (diff) | |
add support for the "include" directive using code from pfctl/parse.y.
pointed out by Prabhu Gurumurthy
ok deraadt@
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 11 | ||||
| -rw-r--r-- | sbin/ipsecctl/parse.y | 20 |
2 files changed, 28 insertions, 3 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index 1faaef51cb3..69e8b4122fe 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.117 2008/02/22 23:51:31 hshoexer Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.118 2008/04/11 00:05:51 reyk Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 22 2008 $ +.Dd $Mdocdate: April 11 2008 $ .Dt IPSEC.CONF 5 .Os .Sh NAME @@ -148,6 +148,13 @@ For example: remote_gw = "192.168.3.12" flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer $remote_gw .Ed +.Pp +Additional configuration files can be included with the +.Ic include +keyword, for example: +.Bd -literal -offset indent +include "/etc/macros.conf" +.Ed .Sh AUTOMATIC KEYING In this scenario, .Nm diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index 4c79ccb658d..a31bfb27747 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.133 2008/02/22 23:51:31 hshoexer Exp $ */ +/* $OpenBSD: parse.y,v 1.134 2008/04/11 00:05:51 reyk Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -246,6 +246,7 @@ typedef struct { %token AUTHKEY ENCKEY FILENAME AUTHXF ENCXF ERROR IKE MAIN QUICK AGGRESSIVE %token PASSIVE ACTIVE ANY IPIP IPCOMP COMPXF TUNNEL TRANSPORT DYNAMIC LIFE %token TYPE DENY BYPASS LOCAL PROTO USE ACQUIRE REQUIRE DONTACQ GROUP PORT TAG +%token INCLUDE %token <v.string> STRING %token <v.number> NUMBER %type <v.string> string @@ -276,6 +277,7 @@ typedef struct { %% grammar : /* empty */ + | grammar include '\n' | grammar '\n' | grammar ikerule '\n' | grammar flowrule '\n' @@ -289,6 +291,21 @@ comma : ',' | /* empty */ ; +include : INCLUDE STRING { + struct file *nfile; + + if ((nfile = pushfile($2, 0)) == NULL) { + yyerror("failed to include file %s", $2); + free($2); + YYERROR; + } + free($2); + + file = nfile; + lungetc('\n'); + } + ; + tcpmd5rule : TCPMD5 hosts spispec authkeyspec { struct ipsec_rule *r; @@ -877,6 +894,7 @@ lookup(char *s) { "group", GROUP }, { "ike", IKE }, { "in", IN }, + { "include", INCLUDE }, { "ipcomp", IPCOMP }, { "ipip", IPIP }, { "life", LIFE }, |