diff options
-rw-r--r-- | sbin/ipsec/Makefile.inc | 3 | ||||
-rw-r--r-- | sbin/ipsec/ipsecadm/xf_ahhmacmd5.c | 18 | ||||
-rw-r--r-- | sbin/ipsec/ipsecadm/xf_ahhmacsha1.c | 17 | ||||
-rw-r--r-- | sbin/ipsec/ipsecadm/xf_ahmd5.c | 20 | ||||
-rw-r--r-- | sbin/ipsec/ipsecadm/xf_ahsha1.c | 19 | ||||
-rw-r--r-- | sbin/ipsec/ipsecadm/xf_delspi.c | 9 | ||||
-rw-r--r-- | sbin/ipsec/ipsecadm/xf_esp3des.c | 18 | ||||
-rw-r--r-- | sbin/ipsec/ipsecadm/xf_esp3desmd5.c | 17 | ||||
-rw-r--r-- | sbin/ipsec/ipsecadm/xf_espdes.c | 18 | ||||
-rw-r--r-- | sbin/ipsec/ipsecadm/xf_espdesmd5.c | 17 | ||||
-rw-r--r-- | sbin/ipsec/ipsecadm/xf_grp.c | 19 | ||||
-rw-r--r-- | sbin/ipsec/rt/rt.c | 15 | ||||
-rw-r--r-- | sbin/ipsec/rtdelete/rtdelete.c | 13 |
13 files changed, 112 insertions, 91 deletions
diff --git a/sbin/ipsec/Makefile.inc b/sbin/ipsec/Makefile.inc index f208c3b74b0..0abaf24c062 100644 --- a/sbin/ipsec/Makefile.inc +++ b/sbin/ipsec/Makefile.inc @@ -1,4 +1,5 @@ -# $OpenBSD: Makefile.inc,v 1.1 1997/02/21 23:17:22 niklas Exp $ +# $OpenBSD: Makefile.inc,v 1.2 1997/07/11 23:50:21 provos Exp $ BINDIR= /sbin +LDSTATIC= ${STATIC} NOMAN= diff --git a/sbin/ipsec/ipsecadm/xf_ahhmacmd5.c b/sbin/ipsec/ipsecadm/xf_ahhmacmd5.c index a90db90b73c..b72c8d49b6b 100644 --- a/sbin/ipsec/ipsecadm/xf_ahhmacmd5.c +++ b/sbin/ipsec/ipsecadm/xf_ahhmacmd5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xf_ahhmacmd5.c,v 1.3 1997/07/01 22:18:01 provos Exp $ */ +/* $OpenBSD: xf_ahhmacmd5.c,v 1.4 1997/07/11 23:50:21 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, * (except when noted otherwise). @@ -63,7 +63,7 @@ char **argv; int klen, i; struct encap_msghdr *em; - struct ahhmacmd5_xencap *xd; + struct ah_new_xencap *xd; if (argc != 5) { fprintf(stderr, "usage: %s src dst spi key\n", argv[0]); @@ -74,20 +74,22 @@ char **argv; em = (struct encap_msghdr *)&buf[0]; - em->em_msglen = EMT_SETSPI_FLEN + 4 + AHHMACMD5_KMAX; + em->em_msglen = EMT_SETSPI_FLEN + AH_NEW_XENCAP_LEN + klen; em->em_version = PFENCAP_VERSION_1; em->em_type = EMT_SETSPI; em->em_spi = htonl(strtoul(argv[3], NULL, 16)); em->em_src.s_addr = inet_addr(argv[1]); em->em_dst.s_addr = inet_addr(argv[2]); - em->em_alg = XF_AHHMACMD5; - xd = (struct ahhmacmd5_xencap *)(em->em_dat); + em->em_alg = XF_NEW_AH; + em->em_sproto = IPPROTO_AH; - xd->amx_alen = 16; - xd->amx_rpl = 1; + xd = (struct ah_new_xencap *)(em->em_dat); + + xd->amx_hash_algorithm = ALG_AUTH_MD5; xd->amx_wnd = 32; + xd->amx_keylen = klen; - bzero(xd->amx_key, AHHMACMD5_KMAX); + bzero(xd->amx_key, klen); for (i = 0; i < klen; i++ ) xd->amx_key[i] = x2i(&(argv[4][2*i])); diff --git a/sbin/ipsec/ipsecadm/xf_ahhmacsha1.c b/sbin/ipsec/ipsecadm/xf_ahhmacsha1.c index c335bd21cd4..fc3e853923b 100644 --- a/sbin/ipsec/ipsecadm/xf_ahhmacsha1.c +++ b/sbin/ipsec/ipsecadm/xf_ahhmacsha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xf_ahhmacsha1.c,v 1.3 1997/07/01 22:18:02 provos Exp $ */ +/* $OpenBSD: xf_ahhmacsha1.c,v 1.4 1997/07/11 23:50:22 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, * (except when noted otherwise). @@ -63,7 +63,7 @@ char **argv; int klen, i; struct encap_msghdr *em; - struct ahhmacsha1_xencap *xd; + struct ah_new_xencap *xd; if (argc != 5) { fprintf(stderr, "usage: %s src dst spi key\n", argv[0]); @@ -74,19 +74,22 @@ char **argv; em = (struct encap_msghdr *)&buf[0]; - em->em_msglen = EMT_SETSPI_FLEN + 4 + AHHMACSHA1_KMAX; + em->em_msglen = EMT_SETSPI_FLEN + 12 + klen; em->em_version = PFENCAP_VERSION_1; em->em_type = EMT_SETSPI; em->em_spi = htonl(strtoul(argv[3], NULL, 16)); em->em_src.s_addr = inet_addr(argv[1]); em->em_dst.s_addr = inet_addr(argv[2]); - em->em_alg = XF_AHHMACSHA1; - xd = (struct ahhmacsha1_xencap *)(em->em_dat); + em->em_alg = XF_NEW_AH; + em->em_sproto = IPPROTO_AH; - xd->amx_alen = 20; + xd = (struct ah_new_xencap *)(em->em_dat); + + xd->amx_hash_algorithm = ALG_AUTH_SHA1; xd->amx_wnd = 32; + xd->amx_keylen = klen; - bzero(xd->amx_key, AHHMACSHA1_KMAX); + bzero(xd->amx_key, klen); for (i = 0; i < klen; i++ ) xd->amx_key[i] = x2i(&(argv[4][2*i])); diff --git a/sbin/ipsec/ipsecadm/xf_ahmd5.c b/sbin/ipsec/ipsecadm/xf_ahmd5.c index a1884ec1e83..1b95d9f9d35 100644 --- a/sbin/ipsec/ipsecadm/xf_ahmd5.c +++ b/sbin/ipsec/ipsecadm/xf_ahmd5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xf_ahmd5.c,v 1.3 1997/07/01 22:18:03 provos Exp $ */ +/* $OpenBSD: xf_ahmd5.c,v 1.4 1997/07/11 23:50:22 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, * (except when noted otherwise). @@ -63,7 +63,7 @@ char **argv; int klen, i; struct encap_msghdr *em; - struct ahmd5_xdata *xd; + struct ah_old_xencap *xd; if (argc != 5) { fprintf(stderr, "usage: %s src dst spi key\n", argv[0]); @@ -74,22 +74,22 @@ char **argv; em = (struct encap_msghdr *)&buf[0]; - em->em_msglen = EMT_SETSPI_FLEN + 4 + klen; + em->em_msglen = EMT_SETSPI_FLEN + AH_OLD_XENCAP_LEN + klen; em->em_version = PFENCAP_VERSION_1; em->em_type = EMT_SETSPI; em->em_spi = htonl(strtoul(argv[3], NULL, 16)); em->em_src.s_addr = inet_addr(argv[1]); em->em_dst.s_addr = inet_addr(argv[2]); - em->em_alg = XF_AHMD5; - xd = (struct ahmd5_xdata *)(em->em_dat); + em->em_alg = XF_OLD_AH; + em->em_sproto = IPPROTO_AH; + + xd = (struct ah_old_xencap *)(em->em_dat); + + xd->amx_hash_algorithm = ALG_AUTH_MD5; + xd->amx_keylen = klen; - xd->amx_klen = klen; - xd->amx_alen = 16; - for (i = 0; i < klen; i++ ) xd->amx_key[i] = x2i(&(argv[4][2*i])); return xf_set(em); } - - diff --git a/sbin/ipsec/ipsecadm/xf_ahsha1.c b/sbin/ipsec/ipsecadm/xf_ahsha1.c index 28ba84acc45..1ef428f4644 100644 --- a/sbin/ipsec/ipsecadm/xf_ahsha1.c +++ b/sbin/ipsec/ipsecadm/xf_ahsha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xf_ahsha1.c,v 1.2 1997/07/01 22:18:04 provos Exp $ */ +/* $OpenBSD: xf_ahsha1.c,v 1.3 1997/07/11 23:50:22 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, * (except when noted otherwise). @@ -63,7 +63,7 @@ char **argv; int klen, i; struct encap_msghdr *em; - struct ahsha1_xdata *xd; + struct ah_old_xencap *xd; if (argc != 5) { fprintf(stderr, "usage: %s src dst spi key\n", argv[0]); @@ -71,23 +71,22 @@ char **argv; } klen = strlen(argv[4])/2; - if (klen > AHSHA1_KMAX) - klen = AHSHA1_KMAX; em = (struct encap_msghdr *)&buf[0]; - em->em_msglen = EMT_SETSPI_FLEN + 4 + klen; + em->em_msglen = EMT_SETSPI_FLEN + AH_OLD_XENCAP_LEN + klen; em->em_version = PFENCAP_VERSION_1; em->em_type = EMT_SETSPI; em->em_spi = htonl(strtoul(argv[3], NULL, 16)); em->em_src.s_addr = inet_addr(argv[1]); em->em_dst.s_addr = inet_addr(argv[2]); - em->em_alg = XF_AHSHA1; - xd = (struct ahsha1_xdata *)(em->em_dat); + em->em_alg = XF_OLD_AH; + em->em_sproto = IPPROTO_AH; - xd->amx_klen = klen; - xd->amx_alen = AHSHA1_ALEN; - + xd = (struct ah_old_xencap *)(em->em_dat); + + xd->amx_hash_algorithm = ALG_AUTH_SHA1; + xd->amx_keylen = klen; for (i = 0; i < klen; i++ ) xd->amx_key[i] = x2i(&(argv[4][2*i])); diff --git a/sbin/ipsec/ipsecadm/xf_delspi.c b/sbin/ipsec/ipsecadm/xf_delspi.c index ef477a3e752..b9633cc7b1e 100644 --- a/sbin/ipsec/ipsecadm/xf_delspi.c +++ b/sbin/ipsec/ipsecadm/xf_delspi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xf_delspi.c,v 1.3 1997/07/01 22:18:04 provos Exp $ */ +/* $OpenBSD: xf_delspi.c,v 1.4 1997/07/11 23:50:23 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, * (except when noted otherwise). @@ -62,12 +62,12 @@ char **argv; struct encap_msghdr *em; - if (argc != 4) { - fprintf(stderr, "usage: %s dst spi chaindelete\n", argv[0]); + if (argc != 5) { + fprintf(stderr, "usage: %s dst spi fespah chaindelete\n", argv[0]); return 0; } - chain = atoi(argv[3]); + chain = atoi(argv[4]); em = (struct encap_msghdr *)&buf[0]; em->em_version = PFENCAP_VERSION_1; @@ -80,6 +80,7 @@ char **argv; } em->em_gen_spi = htonl(strtoul(argv[2], NULL, 16)); em->em_gen_dst.s_addr = inet_addr(argv[1]); + em->em_gen_sproto = atoi(argv[3]) ? IPPROTO_ESP : IPPROTO_AH; return xf_set(em); } diff --git a/sbin/ipsec/ipsecadm/xf_esp3des.c b/sbin/ipsec/ipsecadm/xf_esp3des.c index 0e5f69be807..c746e48a818 100644 --- a/sbin/ipsec/ipsecadm/xf_esp3des.c +++ b/sbin/ipsec/ipsecadm/xf_esp3des.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xf_esp3des.c,v 1.2 1997/07/01 22:18:05 provos Exp $ */ +/* $OpenBSD: xf_esp3des.c,v 1.3 1997/07/11 23:50:23 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, * (except when noted otherwise). @@ -63,7 +63,7 @@ char **argv; int i; struct encap_msghdr *em; - struct esp3des_xdata *xd; + struct esp_old_xencap *xd; if (argc != 6) { fprintf(stderr, "usage: %s src dst spi iv key\n", argv[0]); @@ -72,22 +72,26 @@ char **argv; em = (struct encap_msghdr *)&buf[0]; - em->em_msglen = EMT_SETSPI_FLEN + ESP_ULENGTH; + em->em_msglen = EMT_SETSPI_FLEN + ESP_OLD_XENCAP_LEN + 4 + 3*8; em->em_version = PFENCAP_VERSION_1; em->em_type = EMT_SETSPI; em->em_spi = htonl(strtoul(argv[3], NULL, 16)); em->em_src.s_addr = inet_addr(argv[1]); em->em_dst.s_addr = inet_addr(argv[2]); - em->em_alg = XF_ESP3DES; - xd = (struct esp3des_xdata *)(em->em_dat); + em->em_alg = XF_OLD_ESP; + em->em_sproto = IPPROTO_ESP; + xd = (struct esp_old_xencap *)(em->em_dat); + + xd->edx_enc_algorithm = ALG_ENC_3DES; xd->edx_ivlen = 4; + xd->edx_keylen = 3*8; for (i = 0; i < 4; i++) - xd->edx_iv[i] = x2i(&(argv[4][2*i])); + xd->edx_data[i] = x2i(&(argv[4][2*i])); for (i = 0; i < 3*8; i++) - xd->edx_iv[i+8] = x2i(&(argv[5][2*i])); + xd->edx_data[i+8] = x2i(&(argv[5][2*i])); return xf_set(em); } diff --git a/sbin/ipsec/ipsecadm/xf_esp3desmd5.c b/sbin/ipsec/ipsecadm/xf_esp3desmd5.c index 8f0badddde8..6eaf97bffd6 100644 --- a/sbin/ipsec/ipsecadm/xf_esp3desmd5.c +++ b/sbin/ipsec/ipsecadm/xf_esp3desmd5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xf_esp3desmd5.c,v 1.3 1997/07/01 22:18:06 provos Exp $ */ +/* $OpenBSD: xf_esp3desmd5.c,v 1.4 1997/07/11 23:50:24 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, * (except when noted otherwise). @@ -63,7 +63,7 @@ char **argv; int i; struct encap_msghdr *em; - struct esp3desmd5_xencap *xd; + struct esp_new_xencap *xd; if (argc != 6) { fprintf(stderr, "usage: %s src dst spi iv key\n", argv[0]); @@ -72,22 +72,23 @@ char **argv; em = (struct encap_msghdr *)&buf[0]; - em->em_msglen = EMT_SETSPI_FLEN + ESP3DESMD5_ULENGTH; + em->em_msglen = EMT_SETSPI_FLEN + ESP_NEW_XENCAP_LEN; em->em_version = PFENCAP_VERSION_1; em->em_type = EMT_SETSPI; em->em_spi = htonl(strtoul(argv[3], NULL, 16)); em->em_src.s_addr = inet_addr(argv[1]); em->em_dst.s_addr = inet_addr(argv[2]); - em->em_alg = XF_ESP3DESMD5; - xd = (struct esp3desmd5_xencap *)(em->em_dat); + em->em_alg = XF_NEW_ESP; + em->em_sproto = IPPROTO_ESP; + + xd = (struct esp_new_xencap *)(em->em_dat); xd->edx_ivlen = 0; - xd->edx_initiator = 1; - xd->edx_wnd = 32; xd->edx_keylen = 8; + xd->edx_wnd = 32; for (i = 0; i < 8; i++) - xd->edx_key[i] = x2i(&(argv[5][2*i])); + xd->edx_data[i] = x2i(&(argv[5][2*i])); return xf_set(em); } diff --git a/sbin/ipsec/ipsecadm/xf_espdes.c b/sbin/ipsec/ipsecadm/xf_espdes.c index 96022808438..8d62e05c2d2 100644 --- a/sbin/ipsec/ipsecadm/xf_espdes.c +++ b/sbin/ipsec/ipsecadm/xf_espdes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xf_espdes.c,v 1.3 1997/07/01 22:18:07 provos Exp $ */ +/* $OpenBSD: xf_espdes.c,v 1.4 1997/07/11 23:50:24 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, * (except when noted otherwise). @@ -63,7 +63,7 @@ char **argv; int i; struct encap_msghdr *em; - struct espdes_xdata *xd; + struct esp_old_xencap *xd; if (argc != 6) { fprintf(stderr, "usage: %s src dst spi iv key\n", argv[0]); @@ -72,22 +72,26 @@ char **argv; em = (struct encap_msghdr *)&buf[0]; - em->em_msglen = EMT_SETSPI_FLEN + ESP_ULENGTH; + em->em_msglen = EMT_SETSPI_FLEN + ESP_OLD_XENCAP_LEN + 4 + 8; em->em_version = PFENCAP_VERSION_1; em->em_type = EMT_SETSPI; em->em_spi = htonl(strtoul(argv[3], NULL, 16)); em->em_src.s_addr = inet_addr(argv[1]); em->em_dst.s_addr = inet_addr(argv[2]); - em->em_alg = XF_ESPDES; - xd = (struct espdes_xdata *)(em->em_dat); + em->em_alg = XF_OLD_ESP; + em->em_sproto = IPPROTO_ESP; + xd = (struct esp_old_xencap *)(em->em_dat); + + xd->edx_enc_algorithm = ALG_ENC_DES; xd->edx_ivlen = 4; + xd->edx_keylen = 8; for (i = 0; i < 4; i++) - xd->edx_iv[i] = x2i(&(argv[4][2*i])); + xd->edx_data[i] = x2i(&(argv[4][2*i])); for (i = 0; i < 8; i++) - xd->edx_iv[i+8] = x2i(&(argv[5][2*i])); + xd->edx_data[i+4] = x2i(&(argv[5][2*i])); return xf_set(em); } diff --git a/sbin/ipsec/ipsecadm/xf_espdesmd5.c b/sbin/ipsec/ipsecadm/xf_espdesmd5.c index 713722d156f..b1ad60bddb9 100644 --- a/sbin/ipsec/ipsecadm/xf_espdesmd5.c +++ b/sbin/ipsec/ipsecadm/xf_espdesmd5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xf_espdesmd5.c,v 1.3 1997/07/01 22:18:07 provos Exp $ */ +/* $OpenBSD: xf_espdesmd5.c,v 1.4 1997/07/11 23:50:24 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, * (except when noted otherwise). @@ -63,7 +63,7 @@ char **argv; int i; struct encap_msghdr *em; - struct espdesmd5_xencap *xd; + struct esp_new_xencap *xd; if (argc != 6) { fprintf(stderr, "usage: %s src dst spi iv key\n", argv[0]); @@ -72,22 +72,23 @@ char **argv; em = (struct encap_msghdr *)&buf[0]; - em->em_msglen = EMT_SETSPI_FLEN + ESPDESMD5_ULENGTH; + em->em_msglen = EMT_SETSPI_FLEN + ESP_NEW_XENCAP_LEN; em->em_version = PFENCAP_VERSION_1; em->em_type = EMT_SETSPI; em->em_spi = htonl(strtoul(argv[3], NULL, 16)); em->em_src.s_addr = inet_addr(argv[1]); em->em_dst.s_addr = inet_addr(argv[2]); - em->em_alg = XF_ESPDESMD5; - xd = (struct espdesmd5_xencap *)(em->em_dat); + em->em_alg = XF_NEW_ESP; + em->em_sproto = IPPROTO_ESP; + + xd = (struct esp_new_xencap *)(em->em_dat); xd->edx_ivlen = 0; - xd->edx_initiator = 1; - xd->edx_wnd = 32; xd->edx_keylen = 8; + xd->edx_wnd = 32; for (i = 0; i < 8; i++) - xd->edx_key[i] = x2i(&(argv[5][2*i])); + xd->edx_data[i] = x2i(&(argv[5][2*i])); return xf_set(em); } diff --git a/sbin/ipsec/ipsecadm/xf_grp.c b/sbin/ipsec/ipsecadm/xf_grp.c index 2b2f44935a9..6c9cd56ee5a 100644 --- a/sbin/ipsec/ipsecadm/xf_grp.c +++ b/sbin/ipsec/ipsecadm/xf_grp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xf_grp.c,v 1.4 1997/07/02 06:59:38 provos Exp $ */ +/* $OpenBSD: xf_grp.c,v 1.5 1997/07/11 23:50:25 provos Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, * (except when noted otherwise). @@ -63,12 +63,12 @@ char **argv; struct encap_msghdr *em; - if ((argc < 3) || (argc > 9) || ((argc % 2) != 1)) { - fprintf(stderr, "usage: %s dst1 spi1 [ dst2 spi2 [ dst3 spi3 [ dst4 spi4 ] ] ] \n", argv[0]); + if ((argc < 4) || (argc > 13) || ((argc % 3) != 1)) { + fprintf(stderr, "usage: %s dst1 spi1 proto1 [ dst2 spi2 proto2 [ dst3 spi3 proto3 [ dst4 spi4 proto4] ] ] \n", argv[0]); return 0; } - for (i=0; i<argc/2-1; i++) { + for (i=0; i<argc/3-1; i++) { bzero(buf, EMT_GRPSPIS_FLEN); em = (struct encap_msghdr *)&buf[0]; @@ -77,10 +77,13 @@ char **argv; em->em_version = PFENCAP_VERSION_1; em->em_type = EMT_GRPSPIS; - em->em_rel_spi = htonl(strtoul(argv[2*i+2], NULL, 16)); - em->em_rel_dst.s_addr = inet_addr(argv[2*i+1]); - em->em_rel_spi2 = htonl(strtoul(argv[2*i+4], NULL, 16)); - em->em_rel_dst2.s_addr = inet_addr(argv[2*i+3]); + em->em_rel_spi = htonl(strtoul(argv[3*i+2], NULL, 16)); + em->em_rel_dst.s_addr = inet_addr(argv[3*i+1]); + em->em_rel_sproto = atoi(argv[3*i+3]) ? IPPROTO_ESP : IPPROTO_AH; + + em->em_rel_spi2 = htonl(strtoul(argv[3*i+5], NULL, 16)); + em->em_rel_dst2.s_addr = inet_addr(argv[3*i+4]); + em->em_rel_sproto = atoi(argv[3*i+6]) ? IPPROTO_ESP : IPPROTO_AH; if (!xf_set(em)) break; diff --git a/sbin/ipsec/rt/rt.c b/sbin/ipsec/rt/rt.c index cb84c2b9256..996eb13bc7e 100644 --- a/sbin/ipsec/rt/rt.c +++ b/sbin/ipsec/rt/rt.c @@ -83,8 +83,8 @@ char **argv; struct sockaddr_encap *dst, *msk, *gw; u_char *opts; - if (argc != 10) - fprintf(stderr, "usage: %s isrc isrcmask idst idstmask odst spi proto sport dport\n", argv[0]), exit(1); + if (argc != 11) + fprintf(stderr, "usage: %s isrc isrcmask idst idstmask odst spi fespah proto sport dport\n", argv[0]), exit(1); sd = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); if (sd < 0) @@ -111,18 +111,18 @@ char **argv; dst->sen_ip_dst.s_addr = inet_addr(argv[3]); dst->sen_proto = dst->sen_sport = dst->sen_dport = 0; - if (atoi(argv[7]) >= 0) + if (atoi(argv[8]) >= 0) { dst->sen_proto = atoi(argv[7]); msk->sen_proto = 0xff; - if (atoi(argv[8]) >= 0) + if (atoi(argv[9]) >= 0) { - dst->sen_sport = atoi(argv[8]); + dst->sen_sport = atoi(argv[9]); msk->sen_sport = 0xffff; } - if (atoi(argv[9]) >= 0) + if (atoi(argv[10]) >= 0) { - dst->sen_dport = atoi(argv[9]); + dst->sen_dport = atoi(argv[10]); msk->sen_dport = 0xffff; } } @@ -132,6 +132,7 @@ char **argv; gw->sen_type = SENT_IPSP; gw->sen_ipsp_dst.s_addr = inet_addr(argv[5]); gw->sen_ipsp_spi = htonl(strtoul(argv[6], NULL, 16)); + gw->sen_ipsp_sproto = atoi(argv[7]) == 1 ? IPPROTO_ESP : IPPROTO_AH; msk->sen_len = SENT_IP4_LEN; msk->sen_family = AF_ENCAP; diff --git a/sbin/ipsec/rtdelete/rtdelete.c b/sbin/ipsec/rtdelete/rtdelete.c index 2e7e6204f08..841fc8cd761 100644 --- a/sbin/ipsec/rtdelete/rtdelete.c +++ b/sbin/ipsec/rtdelete/rtdelete.c @@ -84,8 +84,8 @@ char **argv; struct sockaddr_dl *dl; u_char *opts; - if (argc != 10) - fprintf(stderr, "usage: %s isrc isrcmask idst idstmask odst spi proto sport dport\n", argv[0]), exit(1); + if (argc != 11) + fprintf(stderr, "usage: %s isrc isrcmask idst idstmask odst spi fespah proto sport dport\n", argv[0]), exit(1); sd = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); if (sd < 0) @@ -112,18 +112,18 @@ char **argv; dst->sen_ip_dst.s_addr = inet_addr(argv[3]); dst->sen_proto = dst->sen_sport = dst->sen_dport = 0; - if (atoi(argv[7]) >= 0) + if (atoi(argv[8]) >= 0) { dst->sen_proto = atoi(argv[7]); msk->sen_proto = 0xff; if (atoi(argv[8]) >= 0) { - dst->sen_sport = atoi(argv[8]); + dst->sen_sport = atoi(argv[9]); msk->sen_sport = 0xffff; } - if (atoi(argv[9]) >= 0) + if (atoi(argv[10]) >= 0) { - dst->sen_dport = atoi(argv[9]); + dst->sen_dport = atoi(argv[10]); msk->sen_dport = 0xffff; } } @@ -133,6 +133,7 @@ char **argv; gw->sen_type = SENT_IPSP; gw->sen_ipsp_dst.s_addr = inet_addr(argv[5]); gw->sen_ipsp_spi = htonl(strtoul(argv[6], NULL, 16)); + gw->sen_ipsp_sproto = atoi(argv[7]) == 1 ? IPPROTO_ESP : IPPROTO_AH; msk->sen_len = SENT_IP4_LEN; msk->sen_family = AF_ENCAP; |