diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1998-07-29 21:02:56 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1998-07-29 21:02:56 +0000 |
| commit | 5093f80ce7061096b622d1aedf3f1a4d88770580 (patch) | |
| tree | 9b9469062317c52cd4d84682aeb710abf8abb644 /sbin | |
| parent | 0ca51f9b8a3c5dc4759ce95bdb31fb57b3757f79 (diff) | |
Do IP-in-IP encapsulation properly.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipsec/ipsecadm/ipsecadm.c | 14 | ||||
| -rw-r--r-- | sbin/ipsec/ipsecadm/xf_ip4.c | 3 |
2 files changed, 10 insertions, 7 deletions
diff --git a/sbin/ipsec/ipsecadm/ipsecadm.c b/sbin/ipsec/ipsecadm/ipsecadm.c index 9ef7569bc6a..4979f6bcba4 100644 --- a/sbin/ipsec/ipsecadm/ipsecadm.c +++ b/sbin/ipsec/ipsecadm/ipsecadm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecadm.c,v 1.16 1998/06/08 17:42:33 provos Exp $ */ +/* $OpenBSD: ipsecadm.c,v 1.17 1998/07/29 21:02:54 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -283,7 +283,7 @@ main(argc, argv) } else if (!strcmp(argv[i]+1, "local") && iscmd(mode, FLOW)) { local = 1; } else if (!strcmp(argv[i]+1, "tunnel") && - isencauth(mode) && i+2 < argc) { + (isencauth(mode) || mode == ENC_IP) && i+2 < argc) { osrc.s_addr = inet_addr(argv[i+1]); i++; odst.s_addr = inet_addr(argv[i+1]); @@ -357,12 +357,14 @@ main(argc, argv) exit(1); } else if ((iscmd(mode, DEL_SPI) || iscmd(mode, GRP_SPI) || iscmd(mode, FLOW)) && - proto != IPPROTO_ESP && proto != IPPROTO_AH) { - fprintf(stderr, "%s: Security protocol is neither AH or ESP\n", argv[0]); + proto != IPPROTO_ESP && proto != IPPROTO_AH && + proto != IPPROTO_IPIP) { + fprintf(stderr, "%s: Security protocol is none of AH, ESP or IPIP\n", argv[0]); exit(1); } else if (iscmd(mode, GRP_SPI) && - proto2 != IPPROTO_ESP && proto2 != IPPROTO_AH) { - fprintf(stderr, "%s: Security protocol2 is neither AH or ESP\n", argv[0]); + proto2 != IPPROTO_ESP && proto2 != IPPROTO_AH && + proto2 != IPPROTO_IPIP) { + fprintf(stderr, "%s: Security protocol2 is none of AH, ESP or IPIP\n", argv[0]); exit(1); } else if (dst.s_addr == 0) { fprintf(stderr, "%s: No destination address specified\n", diff --git a/sbin/ipsec/ipsecadm/xf_ip4.c b/sbin/ipsec/ipsecadm/xf_ip4.c index d8d35f15d2a..b322e2fc38e 100644 --- a/sbin/ipsec/ipsecadm/xf_ip4.c +++ b/sbin/ipsec/ipsecadm/xf_ip4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xf_ip4.c,v 1.5 1998/05/24 13:29:11 provos Exp $ */ +/* $OpenBSD: xf_ip4.c,v 1.6 1998/07/29 21:02:55 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -78,6 +78,7 @@ struct in_addr osrc, odst; em->em_version = PFENCAP_VERSION_1; em->em_type = EMT_SETSPI; + em->em_sproto = IPPROTO_IPIP; em->em_spi = spi; em->em_src = src; em->em_dst = dst; |