diff options
| -rw-r--r-- | usr.sbin/bgpd/bgpd.h | 38 | ||||
| -rw-r--r-- | usr.sbin/bgpd/parse.y | 10 |
2 files changed, 31 insertions, 17 deletions
diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h index b235e8dc77c..5dd0b7547ea 100644 --- a/usr.sbin/bgpd/bgpd.h +++ b/usr.sbin/bgpd/bgpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.h,v 1.112 2004/04/27 03:53:42 henning Exp $ */ +/* $OpenBSD: bgpd.h,v 1.113 2004/04/27 22:06:54 henning Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -146,21 +146,29 @@ struct filter_set { u_int8_t prepend; }; +enum auth_method { + MD5SIG = 1, + IPSEC_MANUAL_ESP, + IPSEC_MANUAL_AH, + IPSEC_IKE +}; + struct peer_ipsec { - u_int32_t spi_in; - u_int32_t spi_out; - u_int8_t auth_alg_in; - u_int8_t auth_alg_out; - char auth_key_in[IPSEC_AUTH_KEY_LEN]; - char auth_key_out[IPSEC_AUTH_KEY_LEN]; - u_int8_t auth_keylen_in; - u_int8_t auth_keylen_out; - u_int8_t enc_alg_in; - u_int8_t enc_alg_out; - char enc_key_in[IPSEC_ENC_KEY_LEN]; - char enc_key_out[IPSEC_ENC_KEY_LEN]; - u_int8_t enc_keylen_in; - u_int8_t enc_keylen_out; + enum auth_method method; + u_int32_t spi_in; + u_int32_t spi_out; + u_int8_t auth_alg_in; + u_int8_t auth_alg_out; + char auth_key_in[IPSEC_AUTH_KEY_LEN]; + char auth_key_out[IPSEC_AUTH_KEY_LEN]; + u_int8_t auth_keylen_in; + u_int8_t auth_keylen_out; + u_int8_t enc_alg_in; + u_int8_t enc_alg_out; + char enc_key_in[IPSEC_ENC_KEY_LEN]; + char enc_key_out[IPSEC_ENC_KEY_LEN]; + u_int8_t enc_keylen_in; + u_int8_t enc_keylen_out; }; struct peer_config { diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index 4083a9bd81d..e7c3fdfa798 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.88 2004/04/27 04:38:12 deraadt Exp $ */ +/* $OpenBSD: parse.y,v 1.89 2004/04/27 22:06:54 henning Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -120,7 +120,7 @@ typedef struct { %token PREFIX PREFIXLEN SOURCEAS TRANSITAS COMMUNITY %token SET LOCALPREF MED NEXTHOP PREPEND %token ERROR -%token IPSEC ESP AH SPI +%token IPSEC ESP AH SPI IKE %token <v.string> STRING %type <v.number> number asnumber optnumber yesno inout %type <v.string> string @@ -548,12 +548,17 @@ peeropts : REMOTEAS asnumber { } free($4); } + | IPSEC IKE { + curpeer->conf.ipsec.method = IPSEC_IKE; + } | IPSEC ESP inout SPI number STRING STRING encspec { unsigned i; char s[3]; u_int32_t auth_alg; u_int8_t keylen; + curpeer->conf.ipsec.method = IPSEC_MANUAL_ESP; + if (!strcmp($6, "sha1")) { auth_alg = SADB_AALG_SHA1HMAC; keylen = 20; @@ -960,6 +965,7 @@ lookup(char *s) { "group", GROUP}, { "holdtime", HOLDTIME}, { "in", IN}, + { "ike", IKE}, { "ipsec", IPSEC}, { "key", KEY}, { "listen", LISTEN}, |