diff options
| author | jojemann <none@none> | 2005-07-25 11:08:36 -0700 |
|---|---|---|
| committer | jojemann <none@none> | 2005-07-25 11:08:36 -0700 |
| commit | eeda67c686ee5ca47290de71fb63cca024027669 (patch) | |
| tree | d17bdaa9b8eb2fb59f59a309940841897257c4d3 /usr/src | |
| parent | a1be23daf6883d01f3adb1e10ae718b64f4db3f3 (diff) | |
| download | illumos-joyent-eeda67c686ee5ca47290de71fb63cca024027669.tar.gz | |
4317114 inconsistent syntax between ipsecconf and ipseckey
6242434 ipsecconf should require directional indicator with "saddr/daddr" and ipsec keyword
6270212 gcc and ipsecconf don't get along
6270215 gcc and ipseckey don't get along
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/cmd/cmd-inet/usr.sbin/ipsecconf.c | 27 | ||||
| -rw-r--r-- | usr/src/cmd/cmd-inet/usr.sbin/ipseckey.c | 6 |
2 files changed, 28 insertions, 5 deletions
diff --git a/usr/src/cmd/cmd-inet/usr.sbin/ipsecconf.c b/usr/src/cmd/cmd-inet/usr.sbin/ipsecconf.c index 84707f16f1..6507162b78 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/ipsecconf.c +++ b/usr/src/cmd/cmd-inet/usr.sbin/ipsecconf.c @@ -92,7 +92,7 @@ static char spdsock_diag_buf[SPDSOCK_DIAG_BUF_LEN]; * are given, we can fail the request. */ -static enum ipsec_cmds {IPSEC_CONF_ADD = 1, IPSEC_CONF_DEL, IPSEC_CONF_VIEW, +enum ipsec_cmds {IPSEC_CONF_ADD = 1, IPSEC_CONF_DEL, IPSEC_CONF_VIEW, IPSEC_CONF_FLUSH, IPSEC_CONF_LIST, IPSEC_CONF_SUB}; static const char policy_conf_file[] = "/var/run/ipsecpolicy.conf"; @@ -109,7 +109,7 @@ static const char index_tag[] = "#INDEX"; #define VALID_ALG_LEN 40 /* Types of Error messages */ -typedef enum error_tpye {BAD_ERROR, DUP_ERROR} error_type_t; +typedef enum error_type {BAD_ERROR, DUP_ERROR, REQ_ERROR} error_type_t; static int cmd; static char *filename; @@ -3506,8 +3506,11 @@ error_message(error_type_t error, int type, int line) * If we never read a newline character, we don't want * to print 0. */ - warnx(gettext("%s %s on line: %d"), (error == BAD_ERROR) ? - gettext("Bad") : gettext("Duplicate"), mesg, + warnx(gettext("%s%s%s %s on line: %d"), + (error == BAD_ERROR) ? gettext("Bad") : "", + (error == DUP_ERROR) ? gettext("Duplicate") : "", + (error == REQ_ERROR) ? gettext("Requires") : "", + mesg, (arg_indices[line] == 0) ? 1 : arg_indices[line]); } @@ -4566,6 +4569,22 @@ form_ipsec_conf(act_prop_t *act_props, ips_conf_t *cptr) cptr->ips_dir = SPD_RULE_FLAG_INBOUND; break; case TOK_ipsec: + if (old_style) { + /* Using saddr/daddr with ipsec action. */ + if (!dir) { + /* No direction specified */ + error_message(REQ_ERROR, + IPSEC_CONF_IPSEC_DIR, line_no); + return (-1); + } + if (cptr->ips_dir == SPD_RULE_FLAG_INBOUND) + /* + * Need to swap addresses if + * 'dir in' or translation to + * laddr/raddr will be incorrect. + */ + cptr->swap = 1; + } if (!dir) cptr->ips_dir = SPD_RULE_FLAG_INBOUND diff --git a/usr/src/cmd/cmd-inet/usr.sbin/ipseckey.c b/usr/src/cmd/cmd-inet/usr.sbin/ipseckey.c index 91ab7edd7c..fbdf95a53f 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/ipseckey.c +++ b/usr/src/cmd/cmd-inet/usr.sbin/ipseckey.c @@ -20,7 +20,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -366,6 +366,7 @@ static struct toktable { {"sport", TOK_SRCPORT, NEXTNUM}, {"dport", TOK_DSTPORT, NEXTNUM}, {"proto", TOK_PROTO, NEXTNUM}, + {"ulp", TOK_PROTO, NEXTNUM}, {"saddr6", TOK_SRCADDR6, NEXTADDR}, {"srcaddr6", TOK_SRCADDR6, NEXTADDR}, @@ -452,6 +453,7 @@ parsestate(char *state) warnx(gettext("Unknown state type %s."), state); usage(); /* NOTREACHED */ + return (0); } /* @@ -516,6 +518,7 @@ parsealg(char *alg, int proto_num) alg); usage(); /* NOTREACHED */ + return (0); } /* @@ -579,6 +582,7 @@ parseidtype(char *type) warnx(gettext("Unknown identity type %s."), type); usage(); /* NOTREACHED */ + return (0); } /* |