diff options
| -rw-r--r-- | regress/sbin/Makefile | 4 | ||||
| -rw-r--r-- | regress/sbin/ipsecadm/Makefile | 47 | ||||
| -rw-r--r-- | sbin/ipsecadm/ipsecadm.c | 5 |
3 files changed, 53 insertions, 3 deletions
diff --git a/regress/sbin/Makefile b/regress/sbin/Makefile index 2cb9229c1d2..367c885c84b 100644 --- a/regress/sbin/Makefile +++ b/regress/sbin/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.2 2002/02/23 01:25:11 art Exp $ +# $OpenBSD: Makefile,v 1.3 2004/05/23 16:04:18 markus Exp $ -SUBDIR+= pfctl +SUBDIR+= ipsecadm pfctl install: diff --git a/regress/sbin/ipsecadm/Makefile b/regress/sbin/ipsecadm/Makefile new file mode 100644 index 00000000000..3b72f88bcc9 --- /dev/null +++ b/regress/sbin/ipsecadm/Makefile @@ -0,0 +1,47 @@ +# $OpenBSD: Makefile,v 1.1 2004/05/23 16:04:18 markus Exp $ + +SRC=192.0.2.0 +DST=192.0.2.1 +SPI=1000 +EK=eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +AK=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + +IPCOMP_ENABLE!= sysctl -n net.inet.ipcomp.enable +ESP_ENABLE!= sysctl -n net.inet.esp.enable +AH_ENABLE!= sysctl -n net.inet.ah.enable + +.INTERRUPT: + -@${SUDO} sysctl -q net.inet.ipcomp.enable=${IPCOMP_ENABLE} + -@${SUDO} sysctl -q net.inet.esp.enable=${ESP_ENABLE} + -@${SUDO} sysctl -q net.inet.ah.enable=${AH_ENABLE} + +.END: + -@${SUDO} sysctl -q net.inet.ipcomp.enable=${IPCOMP_ENABLE} + -@${SUDO} sysctl -q net.inet.esp.enable=${ESP_ENABLE} + -@${SUDO} sysctl -q net.inet.ah.enable=${AH_ENABLE} + +ipcomp: + @${SUDO} sysctl -q net.inet.ipcomp.enable=1 + ${SUDO} ipsecadm ipcomp -cpi ${SPI} -dst ${DST} -comp deflate + ${SUDO} ipsecadm delspi -spi ${SPI} -dst ${DST} -proto ipcomp + +tcpmd5: + ${SUDO} ipsecadm tcpmd5 -spi ${SPI} -src ${SRC} -dst ${DST} -key deadbeef + ${SUDO} ipsecadm delspi -spi ${SPI} -dst ${DST} -proto tcpmd5 + +esp: + @${SUDO} sysctl -q net.inet.esp.enable=1 + ${SUDO} ipsecadm new esp -spi ${SPI} -src ${SRC} -dst ${DST} \ + -enc aes -key ${EK} -auth sha1 -authkey ${AK} + ${SUDO} ipsecadm delspi -spi ${SPI} -dst ${DST} -proto esp + +ah: + @${SUDO} sysctl -q net.inet.ah.enable=1 + ${SUDO} ipsecadm new ah -spi ${SPI} -src ${SRC} -dst ${DST} \ + -key ${AK} -auth sha1 + ${SUDO} ipsecadm delspi -spi ${SPI} -dst ${DST} -proto ah + +REGRESS_TARGETS=ipcomp tcpmd5 esp ah +.PHONY: ${REGRESS_TARGETS} + +.include <bsd.regress.mk> diff --git a/sbin/ipsecadm/ipsecadm.c b/sbin/ipsecadm/ipsecadm.c index 2bb58494316..f9c70cbbc46 100644 --- a/sbin/ipsecadm/ipsecadm.c +++ b/sbin/ipsecadm/ipsecadm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecadm.c,v 1.78 2004/05/23 08:48:03 markus Exp $ */ +/* $OpenBSD: ipsecadm.c,v 1.79 2004/05/23 16:04:18 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -1385,6 +1385,9 @@ main(int argc, char *argv[]) } else if (!strcasecmp(argv[i + 1], "ipcomp")) { smsg.sadb_msg_satype = SADB_X_SATYPE_IPCOMP; proto = IPPROTO_IPCOMP; + } else if (!strcasecmp(argv[i + 1], "tcpmd5")) { + smsg.sadb_msg_satype = SADB_X_SATYPE_TCPSIGNATURE; + proto = IPPROTO_TCP; } else { fprintf(stderr, "%s: unknown security protocol type %s\n", |