diff options
| -rw-r--r-- | sbin/route/route.8 | 13 | ||||
| -rw-r--r-- | sbin/route/route.c | 17 |
2 files changed, 22 insertions, 8 deletions
diff --git a/sbin/route/route.8 b/sbin/route/route.8 index bc61e3ccdf5..360f2de398c 100644 --- a/sbin/route/route.8 +++ b/sbin/route/route.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: route.8,v 1.17 1999/06/04 02:45:23 aaron Exp $ +.\" $OpenBSD: route.8,v 1.18 1999/07/29 22:14:33 ho Exp $ .\" $NetBSD: route.8,v 1.6 1995/03/18 15:00:13 cgd Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 @@ -122,11 +122,17 @@ command is specified, .Nm will .Dq flush -the routing tables of all gateway entries. -When the address family may is specified by any of the +the routing tables of all gateway entries expect +the +.Dq encap +family entries (IPsec routing flows). +When the address family is specified by any of the .Fl osi , .Fl xns , +.Fl ipx , +.Fl link, .Fl encap , +.Fl x25 , or .Fl inet modifiers, only routes having destinations with addresses in the @@ -332,6 +338,7 @@ to create the new entry. .El .Sh SEE ALSO .Xr esis 4 , +.Xr ipsecadm 1 , .Xr netintro 4 , .Xr route 4 , .Xr routed 8 diff --git a/sbin/route/route.c b/sbin/route/route.c index b9136bf9990..1a8c3c4fbf9 100644 --- a/sbin/route/route.c +++ b/sbin/route/route.c @@ -1,4 +1,4 @@ -/* $OpenBSD: route.c,v 1.31 1999/07/28 09:47:22 espie Exp $ */ +/* $OpenBSD: route.c,v 1.32 1999/07/29 22:14:33 ho Exp $ */ /* $NetBSD: route.c,v 1.16 1996/04/15 18:27:05 cgd Exp $ */ /* @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)route.c 8.3 (Berkeley) 3/19/94"; #else -static char rcsid[] = "$OpenBSD: route.c,v 1.31 1999/07/28 09:47:22 espie Exp $"; +static char rcsid[] = "$OpenBSD: route.c,v 1.32 1999/07/29 22:14:33 ho Exp $"; #endif #endif /* not lint */ @@ -231,6 +231,7 @@ flushroutes(argc, argv) int mib[6], rlen, seqno; char *buf = NULL, *next, *lim; register struct rt_msghdr *rtm; + struct sockaddr *sa; if (uid) { errno = EACCES; @@ -258,7 +259,7 @@ flushroutes(argc, argv) af = AF_ISO; break; case K_ENCAP: - af = PF_KEY; + af = AF_KEY; break; case K_X25: af = AF_CCITT; @@ -298,11 +299,17 @@ bad: usage(*argv); print_rtmsg(rtm, rtm->rtm_msglen); if ((rtm->rtm_flags & (RTF_GATEWAY|RTF_STATIC|RTF_LLINFO)) == 0) continue; + sa = (struct sockaddr *)(rtm + 1); if (af) { - struct sockaddr *sa = (struct sockaddr *)(rtm + 1); - if (sa->sa_family != af) continue; + } else { + /* + * A general 'flush' should not touch PF_KEY flows, + * as the flows' SPIs would be left behind. + */ + if (sa->sa_family == AF_KEY) + continue; } if (debugonly) continue; |