diff options
Diffstat (limited to 'sbin/ipsecctl')
-rw-r--r-- | sbin/ipsecctl/parse.y | 53 |
1 files changed, 43 insertions, 10 deletions
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index 25fc584098b..aeadfc7390f 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.9 2005/07/10 09:33:10 hshoexer Exp $ */ +/* $OpenBSD: parse.y,v 1.10 2005/07/23 19:28:27 hshoexer Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -72,6 +72,7 @@ int symset(const char *, const char *, int); int cmdline_symset(char *); char *symget(const char *); int atoul(char *, u_long *); +int atospi(char *, u_int32_t *); u_int8_t x2i(unsigned char *); struct ipsec_key *parsekey(unsigned char *, size_t); struct ipsec_addr *host(const char *); @@ -102,7 +103,10 @@ typedef struct { } ids; char *id; u_int16_t authtype; - u_int32_t spi; + struct { + u_int32_t spiout; + u_int32_t spiin; + } spis; struct ipsec_key *key; } v; int lineno; @@ -122,7 +126,7 @@ typedef struct { %type <v.ids> ids %type <v.id> id %type <v.authtype> authtype -%type <v.spi> spi +%type <v.spis> spispec %type <v.key> keyspec %% @@ -153,10 +157,10 @@ number : STRING { flowrule : FLOW ipsecrule { } ; -tcpmd5rule : TCPMD5 hosts spi keyspec { +tcpmd5rule : TCPMD5 hosts spispec keyspec { struct ipsec_rule *r; - r = create_sa($2.src, $2.dst, $3, $4); + r = create_sa($2.src, $2.dst, $3.spiout, $4); if (r == NULL) YYERROR; r->nr = ipsec->rule_nr++; @@ -265,12 +269,28 @@ authtype : /* empty */ { $$ = 0; } | PSK { $$ = AUTH_PSK; } ; -spi : SPI number { - if ($2 >= SPI_RESERVED_MIN && $2 <= SPI_RESERVED_MAX) { - yyerror("invalid spi 0x%lx", $2); - YYERROR; +spispec : SPI STRING { + u_int32_t spi; + char *p = strchr($2, ':'); + + if (p != NULL) { + *p++ = 0; + + if (atospi($2, &spi) == -1) { + yyerror("%s is not a valid spi", $2); + free($2); + YYERROR; + } + $$.spiin = spi; + } + if (atospi($2, &spi) == -1) { + yyerror("%s is not a valid spi", $2); + free($2); + YYERROR; } - $$ = $2; + $$.spiout = spi; + + free($2); } ; @@ -675,6 +695,19 @@ atoul(char *s, u_long *ulvalp) return (0); } +int +atospi(char *s, u_int32_t *spivalp) +{ + unsigned long ulval; + + if (atoul(s, &ulval) == -1) + return (-1); + if (ulval >= SPI_RESERVED_MIN && ulval <= SPI_RESERVED_MAX) + return (-1); + *spivalp = ulval; + return (0); +} + u_int8_t x2i(unsigned char *s) { |