diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2011-11-08 13:26:07 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2011-11-08 13:26:07 +0000 |
| commit | fd7e4683884a5980c04a2c334e92bc5e049decee (patch) | |
| tree | 81e77c6eedf3b69c0eb9f7268f5986db1d4114f7 /sbin | |
| parent | 83bcd1a41aa535fa1ad2322913dc6c33a6d363a5 (diff) | |
allow the path to isakmpd's fifo to be specified (aka changed) on the
command line, ok mikeb sthen
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipsecctl/ike.c | 18 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.8 | 10 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.c | 14 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.h | 4 |
4 files changed, 28 insertions, 18 deletions
diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c index 3dc24262dde..eaf8df3db0e 100644 --- a/sbin/ipsecctl/ike.c +++ b/sbin/ipsecctl/ike.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike.c,v 1.69 2010/10/15 12:11:10 mikeb Exp $ */ +/* $OpenBSD: ike.c,v 1.70 2011/11/08 13:26:06 henning Exp $ */ /* * Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -45,15 +45,13 @@ static int ike_delete_config(struct ipsec_rule *, FILE *); static void ike_setup_ids(struct ipsec_rule *); int ike_print_config(struct ipsec_rule *, int); -int ike_ipsec_establish(int, struct ipsec_rule *); +int ike_ipsec_establish(int, struct ipsec_rule *, const char *); #define SET "C set " #define ADD "C add " #define DELETE "C rms " #define RMV "C rmv " -#define ISAKMPD_FIFO "/var/run/isakmpd.fifo" - #define CONF_DFLT_DYNAMIC_DPD_CHECK_INTERVAL 5 #define CONF_DFLT_DYNAMIC_CHECK_INTERVAL 30 @@ -707,20 +705,20 @@ ike_print_config(struct ipsec_rule *r, int opts) } int -ike_ipsec_establish(int action, struct ipsec_rule *r) +ike_ipsec_establish(int action, struct ipsec_rule *r, const char *fifo) { struct stat sb; FILE *fdp; int fd, ret = 0; - if ((fd = open(ISAKMPD_FIFO, O_WRONLY)) == -1) - err(1, "ike_ipsec_establish: open(%s)", ISAKMPD_FIFO); + if ((fd = open(fifo, O_WRONLY)) == -1) + err(1, "ike_ipsec_establish: open(%s)", fifo); if (fstat(fd, &sb) == -1) - err(1, "ike_ipsec_establish: fstat(%s)", ISAKMPD_FIFO); + err(1, "ike_ipsec_establish: fstat(%s)", fifo); if (!S_ISFIFO(sb.st_mode)) - errx(1, "ike_ipsec_establish: %s not a fifo", ISAKMPD_FIFO); + errx(1, "ike_ipsec_establish: %s not a fifo", fifo); if ((fdp = fdopen(fd, "w")) == NULL) - err(1, "ike_ipsec_establish: fdopen(%s)", ISAKMPD_FIFO); + err(1, "ike_ipsec_establish: fdopen(%s)", fifo); switch (action) { case ACTION_ADD: diff --git a/sbin/ipsecctl/ipsecctl.8 b/sbin/ipsecctl/ipsecctl.8 index 23c090bb147..f05c7bd610c 100644 --- a/sbin/ipsecctl/ipsecctl.8 +++ b/sbin/ipsecctl/ipsecctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsecctl.8,v 1.25 2007/05/31 19:19:44 jmc Exp $ +.\" $OpenBSD: ipsecctl.8,v 1.26 2011/11/08 13:26:06 henning Exp $ .\" .\" Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 31 2007 $ +.Dd $Mdocdate: November 8 2011 $ .Dt IPSECCTL 8 .Os .Sh NAME @@ -25,6 +25,7 @@ .Op Fl dFkmnv .Oo Fl D Ar macro Ns = .Ar value Oc +.Op Fl i Ar fifo .Op Fl f Ar file .Op Fl s Ar modifier .Sh DESCRIPTION @@ -67,6 +68,11 @@ option flushes the SPD and the SAD. .It Fl f Ar file Load the rules contained in .Ar file . +.It Fl i Ar fifo +The +.Fl i +option specifies the FIFO used to talk to +.Xr isakmpd 8 . .It Fl k Show secret keying material when printing the active SAD entries. .It Fl m diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c index 819491d7e65..afc5135e180 100644 --- a/sbin/ipsecctl/ipsecctl.c +++ b/sbin/ipsecctl/ipsecctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.c,v 1.73 2009/01/27 15:32:08 bluhm Exp $ */ +/* $OpenBSD: ipsecctl.c,v 1.74 2011/11/08 13:26:06 henning Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -63,6 +63,7 @@ static int unmask(struct ipsec_addr *, sa_family_t); int sacompare(const void *, const void *); const char *showopt; +char *isakmpd_fifo = "/var/run/isakmpd.fifo"; int first_title = 1; @@ -162,7 +163,8 @@ ipsecctl_commit(int action, struct ipsecctl *ipsec) TAILQ_FOREACH(rp, &ipsec->rule_queue, rule_entry) { if (rp->type & RULE_IKE) { - if (ike_ipsec_establish(action, rp) == -1) { + if (ike_ipsec_establish(action, rp, isakmpd_fifo) == + -1) { warnx("failed to %s ike rule %d", action == ACTION_DELETE ? "delete" : "add", rp->nr); @@ -614,7 +616,7 @@ usage(void) extern char *__progname; fprintf(stderr, "usage: %s [-dFkmnv] [-D macro=value] [-f file]" - " [-s modifier]\n", __progname); + " [-s modifier] [-i fifo]\n", __progname); exit(1); } @@ -639,7 +641,7 @@ main(int argc, char *argv[]) if (argc < 2) usage(); - while ((ch = getopt(argc, argv, "D:df:Fkmnvs:")) != -1) { + while ((ch = getopt(argc, argv, "D:df:Fi:kmnvs:")) != -1) { switch (ch) { case 'D': if (cmdline_symset(optarg) < 0) @@ -659,6 +661,10 @@ main(int argc, char *argv[]) opts |= IPSECCTL_OPT_FLUSH; break; + case 'i': + isakmpd_fifo = optarg; + break; + case 'k': opts |= IPSECCTL_OPT_SHOWKEY; break; diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h index b88b07ab525..00463217733 100644 --- a/sbin/ipsecctl/ipsecctl.h +++ b/sbin/ipsecctl/ipsecctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.h,v 1.61 2010/10/06 22:19:20 mikeb Exp $ */ +/* $OpenBSD: ipsecctl.h,v 1.62 2011/11/08 13:26:06 henning Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -233,7 +233,7 @@ void ipsecctl_free_rule(struct ipsec_rule *); void ipsecctl_get_rules(struct ipsecctl *); void ipsecctl_print_rule(struct ipsec_rule *, int); int ike_print_config(struct ipsec_rule *, int); -int ike_ipsec_establish(int, struct ipsec_rule *); +int ike_ipsec_establish(int, struct ipsec_rule *, const char *); void set_ipmask(struct ipsec_addr_wrap *, u_int8_t); #endif /* _IPSECCTL_H_ */ |