diff options
author | Reyk Floeter <reyk@cvs.openbsd.org> | 2010-06-10 14:08:38 +0000 |
---|---|---|
committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2010-06-10 14:08:38 +0000 |
commit | 0df4b125f49ee26a37cb7cb198c870e4f8703205 (patch) | |
tree | 2bd38f4839fa68095c2a4051fd90d5fa5f0100c4 /usr.sbin | |
parent | 4e2c4fe0bf44a2ff64806e16bbff4490ad38b67f (diff) |
add new commands: the couple/decouple commands will set loading of the
learned flows and SAs to the kernel which is useful for testing and
debugging. the active/passive commands are required to use iked
with sasyncd(8); sasyncd just needs to call "ikectl active/passive" or
send the appropriate imsg to support iked but this is not implemented yet.
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/ikectl/ikectl.8 | 20 | ||||
-rw-r--r-- | usr.sbin/ikectl/ikectl.c | 14 | ||||
-rw-r--r-- | usr.sbin/ikectl/parser.c | 12 | ||||
-rw-r--r-- | usr.sbin/ikectl/parser.h | 6 |
4 files changed, 44 insertions, 8 deletions
diff --git a/usr.sbin/ikectl/ikectl.8 b/usr.sbin/ikectl/ikectl.8 index fbacfe52b8c..1f1d8390457 100644 --- a/usr.sbin/ikectl/ikectl.8 +++ b/usr.sbin/ikectl/ikectl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ikectl.8,v 1.1 2010/06/03 16:49:00 reyk Exp $ +.\" $OpenBSD: ikectl.8,v 1.2 2010/06/10 14:08:37 reyk Exp $ .\" $vantronix: ikectl.8,v 1.11 2010/06/03 15:55:51 reyk Exp $ .\" .\" Copyright (c) 2007, 2008, 2009, 2010 Reyk Floeter <reyk@vantronix.net> @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 3 2010 $ +.Dd $Mdocdate: June 10 2010 $ .Dt IKECTL 8 .Os .Sh NAME @@ -48,6 +48,22 @@ to communicate with The following commands are available to control .Xr iked 8 : .Bl -tag -width Ds +.It Cm active +Set +.Xr iked 8 +to active mode. +.It Cm passive +Set +.Xr iked 8 +to passive mode. +In passive mode no packets are sent to peers and no connections +are initiated by +.Xr iked 8 . +.It Cm couple +Load the negotiated security associations (SAs) and flows into the kernel. +.It Cm decouple +Unload the negotiated SAs and flows from the kernel. +This mode is only useful for testing and debugging. .It Cm load Ar filename Reload the configuration from the specified file. .It Cm log brief diff --git a/usr.sbin/ikectl/ikectl.c b/usr.sbin/ikectl/ikectl.c index 3be3a0eeb74..1900db3ef98 100644 --- a/usr.sbin/ikectl/ikectl.c +++ b/usr.sbin/ikectl/ikectl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikectl.c,v 1.1 2010/06/03 16:49:00 reyk Exp $ */ +/* $OpenBSD: ikectl.c,v 1.2 2010/06/10 14:08:37 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@vantronix.net> @@ -257,6 +257,18 @@ main(int argc, char *argv[]) imsg_compose(ibuf, IMSG_CTL_NOTIFY, 0, 0, -1, NULL, 0); done = 0; break; + case COUPLE: + imsg_compose(ibuf, IMSG_CTL_COUPLE, 0, 0, -1, NULL, 0); + break; + case DECOUPLE: + imsg_compose(ibuf, IMSG_CTL_DECOUPLE, 0, 0, -1, NULL, 0); + break; + case ACTIVE: + imsg_compose(ibuf, IMSG_CTL_ACTIVE, 0, 0, -1, NULL, 0); + break; + case PASSIVE: + imsg_compose(ibuf, IMSG_CTL_PASSIVE, 0, 0, -1, NULL, 0); + break; case LOG_VERBOSE: case LOG_BRIEF: imsg_compose(ibuf, IMSG_CTL_VERBOSE, 0, 0, -1, &v, sizeof(v)); diff --git a/usr.sbin/ikectl/parser.c b/usr.sbin/ikectl/parser.c index d0e1e11d9ac..4aba2efa886 100644 --- a/usr.sbin/ikectl/parser.c +++ b/usr.sbin/ikectl/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.1 2010/06/03 16:49:00 reyk Exp $ */ +/* $OpenBSD: parser.c,v 1.2 2010/06/10 14:08:37 reyk Exp $ */ /* * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net> @@ -66,13 +66,17 @@ static const struct token t_show_ca[]; static const struct token t_show_ca_modifiers[]; static const struct token t_main[] = { - { KEYWORD, "reset", NONE, t_reset }, + { KEYWORD, "active", ACTIVE, NULL }, + { KEYWORD, "passive", PASSIVE, NULL }, + { KEYWORD, "couple", COUPLE, NULL }, + { KEYWORD, "decouple", DECOUPLE, NULL }, + { KEYWORD, "load", LOAD, t_load }, { KEYWORD, "log", NONE, t_log }, { KEYWORD, "monitor", MONITOR, NULL }, - { KEYWORD, "load", LOAD, t_load }, { KEYWORD, "reload", RELOAD, NULL }, - { KEYWORD, "ca", CA, t_ca }, + { KEYWORD, "reset", NONE, t_reset }, { KEYWORD, "show", NONE, t_show }, + { KEYWORD, "ca", CA, t_ca }, { ENDTOKEN, "", NONE, NULL } }; diff --git a/usr.sbin/ikectl/parser.h b/usr.sbin/ikectl/parser.h index 0945513104f..851bda3f5ed 100644 --- a/usr.sbin/ikectl/parser.h +++ b/usr.sbin/ikectl/parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.h,v 1.1 2010/06/03 16:49:00 reyk Exp $ */ +/* $OpenBSD: parser.h,v 1.2 2010/06/10 14:08:37 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@vantronix.net> @@ -23,6 +23,10 @@ enum actions { MONITOR, LOG_VERBOSE, LOG_BRIEF, + COUPLE, + DECOUPLE, + ACTIVE, + PASSIVE, RESETALL, RESETCA, RESETPOLICY, |