diff options
| -rw-r--r-- | sbin/iked/iked.8 | 15 | ||||
| -rw-r--r-- | sbin/iked/iked.c | 7 | ||||
| -rw-r--r-- | sbin/iked/parse.y | 5 | ||||
| -rw-r--r-- | sbin/iked/types.h | 3 |
4 files changed, 23 insertions, 7 deletions
diff --git a/sbin/iked/iked.8 b/sbin/iked/iked.8 index 6b49148b64f..7266b084e25 100644 --- a/sbin/iked/iked.8 +++ b/sbin/iked/iked.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: iked.8,v 1.3 2010/06/07 14:15:27 jsg Exp $ +.\" $OpenBSD: iked.8,v 1.4 2010/06/10 14:17:48 reyk Exp $ .\" $vantronix: iked.8,v 1.5 2010/06/02 14:38:08 reyk Exp $ .\" .\" Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net> @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 7 2010 $ +.Dd $Mdocdate: June 10 2010 $ .Dt IKED 8 .Os .Sh NAME @@ -23,7 +23,7 @@ .Nd Internet Key Exchange version 2 (IKEv2) daemon .Sh SYNOPSIS .Nm iked -.Op Fl dnTv +.Op Fl dnSTv .Oo .Fl D Ar macro Ns = Ns Ar value .Oc @@ -68,6 +68,15 @@ as the configuration file, instead of the default .It Fl n Configtest mode. Only check the configuration file for validity. +.It Fl S +Start +.Nm +in passive mode. +See the +.Ic set passive +option in +.Xr iked.conf 5 +for more information. .It Fl T Disable NAT-Traversal and do not propose NAT-Traversal support to the peers. .It Fl v diff --git a/sbin/iked/iked.c b/sbin/iked/iked.c index c3519d9b059..8dfb7116756 100644 --- a/sbin/iked/iked.c +++ b/sbin/iked/iked.c @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.c,v 1.3 2010/06/10 14:08:37 reyk Exp $ */ +/* $OpenBSD: iked.c,v 1.4 2010/06/10 14:17:48 reyk Exp $ */ /* $vantronix: iked.c,v 1.22 2010/06/02 14:43:30 reyk Exp $ */ /* @@ -81,7 +81,7 @@ main(int argc, char *argv[]) log_init(1); - while ((c = getopt(argc, argv, "dD:nf:vT")) != -1) { + while ((c = getopt(argc, argv, "dD:nf:vST")) != -1) { switch (c) { case 'd': debug++; @@ -104,6 +104,9 @@ main(int argc, char *argv[]) verbose++; opts |= IKED_OPT_VERBOSE; break; + case 'S': + opts |= IKED_OPT_PASSIVE; + break; case 'T': opts |= IKED_OPT_NONATT; break; diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y index 7ee321e1b83..bb668efafcd 100644 --- a/sbin/iked/parse.y +++ b/sbin/iked/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.2 2010/06/10 14:08:37 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.3 2010/06/10 14:17:48 reyk Exp $ */ /* $vantronix: parse.y,v 1.22 2010/06/03 11:08:34 reyk Exp $ */ /* @@ -1260,6 +1260,9 @@ parse_config(const char *filename, struct iked *x_env) decouple = passive = 0; + if (env->sc_opts & IKED_OPT_PASSIVE) + passive = 1; + yyparse(); errors = file->errors; popfile(); diff --git a/sbin/iked/types.h b/sbin/iked/types.h index 27ef27e9110..97c24c7c684 100644 --- a/sbin/iked/types.h +++ b/sbin/iked/types.h @@ -1,4 +1,4 @@ -/* $OpenBSD: types.h,v 1.4 2010/06/10 14:08:37 reyk Exp $ */ +/* $OpenBSD: types.h,v 1.5 2010/06/10 14:17:48 reyk Exp $ */ /* $vantronix: types.h,v 1.24 2010/05/11 12:05:56 reyk Exp $ */ /* @@ -39,6 +39,7 @@ #define IKED_OPT_VERBOSE 0x00000001 #define IKED_OPT_NOACTION 0x00000002 #define IKED_OPT_NONATT 0x00000004 +#define IKED_OPT_PASSIVE 0x00000008 #define IKED_IKE_PORT 500 #define IKED_NATT_PORT 4500 |