diff options
| author |   reyk <reyk@openbsd.org> | 2006-03-22 16:01:23 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2006-03-22 16:01:23 +0000 |
| commit | 3d351c90a54572b0ce037b23b20f10ced7b1f9cd (patch) | |
| tree | 5e6c4e957d3a422daee8d69efce7e2d0844d6cff | |
| parent | Move the AS external LSA tree out of struct ospfd_config. This simplifies (diff) | |
| download | wireguard-openbsd-3d351c90a54572b0ce037b23b20f10ced7b1f9cd.tar.xz wireguard-openbsd-3d351c90a54572b0ce037b23b20f10ced7b1f9cd.zip | |
add support for macros in ipsec.conf(5). some bits have already been
there.
requested by david@
ok hshoexer@, msf@
| -rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 21 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.8 | 13 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.c | 13 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.h | 3 | ||||
| -rw-r--r-- | sbin/ipsecctl/parse.y | 28 |
5 files changed, 70 insertions, 8 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index 1fa68432dc4..90d1517964b 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.32 2006/03/07 00:30:28 reyk Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.33 2006/03/22 16:01:23 reyk Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -37,6 +37,25 @@ IP security services. The rulesets themselves can be loaded, viewed, and modified via the .Xr ipsecctl 8 userland utility. +.Sh MACROS +Much like +.Xr cpp 1 +or +.Xr m4 1 , +macros can be defined that will later be expanded in context. +Macro names must start with a letter, and may contain letters, digits +and underscores. +Macro names may not be reserved words (for example +.Ar flow , +.Ar from , +.Ar esp ) . +Macros are not expanded inside quotes. +.Pp +For example, +.Bd -literal -offset indent +remote_gw = \&"192.168.3.12\&" +flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer $remote_gw +.Ed .Sh FLOWS IPsec uses .Em flows diff --git a/sbin/ipsecctl/ipsecctl.8 b/sbin/ipsecctl/ipsecctl.8 index aadab011c1b..d964b94f861 100644 --- a/sbin/ipsecctl/ipsecctl.8 +++ b/sbin/ipsecctl/ipsecctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsecctl.8,v 1.15 2005/09/23 11:59:56 hshoexer Exp $ +.\" $OpenBSD: ipsecctl.8,v 1.16 2006/03/22 16:01:23 reyk Exp $ .\" .\" Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> .\" @@ -23,6 +23,8 @@ .Sh SYNOPSIS .Nm ipsecctl .Op Fl dFnv +.Oo Fl D +.Ar macro Ns = Ns Ar value Oc .Op Fl f Ar file .Op Fl s Ar modifier .Sh DESCRIPTION @@ -52,6 +54,15 @@ The ruleset grammar is described in .Pp The options are as follows: .Bl -tag -width Ds +.It Fl D Ar macro Ns = Ns Ar value +Define +.Ar macro +to be set to +.Ar value +on the command line. +Overrides the definition of +.Ar macro +in the ruleset. .It Fl d When the .Fl d diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c index e450942e38e..6a055c6d2b7 100644 --- a/sbin/ipsecctl/ipsecctl.c +++ b/sbin/ipsecctl/ipsecctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.c,v 1.42 2006/02/01 12:38:47 hshoexer Exp $ */ +/* $OpenBSD: ipsecctl.c,v 1.43 2006/03/22 16:01:23 reyk Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -484,8 +484,8 @@ usage(void) { extern char *__progname; - fprintf(stderr, "usage: %s [-dFnv] [-f file] [-s modifier]\n", - __progname); + fprintf(stderr, "usage: %s [-dFnv] [-D macro=value] [-f file]" + " [-s modifier]\n", __progname); exit(1); } @@ -510,8 +510,13 @@ main(int argc, char *argv[]) if (argc < 2) usage(); - while ((ch = getopt(argc, argv, "df:Fnvs:")) != -1) { + while ((ch = getopt(argc, argv, "D:df:Fnvs:")) != -1) { switch (ch) { + case 'D': + if (cmdline_symset(optarg) < 0) + warnx("could not parse macro definition %s", + optarg); + break; case 'd': opts |= IPSECCTL_OPT_DELETE; break; diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h index 1ffa800db72..455e72acd47 100644 --- a/sbin/ipsecctl/ipsecctl.h +++ b/sbin/ipsecctl/ipsecctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.h,v 1.28 2006/03/07 00:19:58 reyk Exp $ */ +/* $OpenBSD: ipsecctl.h,v 1.29 2006/03/22 16:01:23 reyk Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -170,6 +170,7 @@ struct addr_node { }; int parse_rules(FILE *, struct ipsecctl *); +int cmdline_symset(char *); int ipsecctl_add_rule(struct ipsecctl * ipsec, struct ipsec_rule *); void ipsecctl_get_rules(struct ipsecctl *); int ike_print_config(struct ipsec_rule *, int); diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index 541d01d619c..25b7bc281ef 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.52 2006/03/07 00:30:28 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.53 2006/03/22 16:01:23 reyk Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -194,6 +194,7 @@ typedef struct { %token ACTIVE ANY IPIP IPCOMP COMPXF TUNNEL TRANSPORT DYNAMIC %token TYPE DENY BYPASS %token <v.string> STRING +%type <v.string> string %type <v.dir> dir %type <v.protocol> protocol %type <v.tmode> tmode @@ -221,6 +222,7 @@ grammar : /* empty */ | grammar flowrule '\n' | grammar sarule '\n' | grammar tcpmd5rule '\n' + | grammar varset '\n' | grammar error '\n' { errors++; } ; @@ -608,6 +610,27 @@ ikeauth : /* empty */ { } ; +string : string STRING + { + if (asprintf(&$$, "%s %s", $1, $2) == -1) + err(1, "string: asprintf"); + free($1); + free($2); + } + | STRING + ; + +varset : STRING '=' string + { + if (ipsec->opts & IPSECCTL_OPT_VERBOSE) + printf("%s = \"%s\"\n", $1, $3); + if (symset($1, $3, 0) == -1) + err(1, "cannot store variable"); + free($1); + free($3); + } + ; + %% struct keywords { @@ -893,6 +916,9 @@ parse_rules(FILE *input, struct ipsecctl *ipsecx) /* Free macros and check which have not been used. */ while ((sym = TAILQ_FIRST(&symhead))) { + if ((ipsec->opts & IPSECCTL_OPT_VERBOSE2) && !sym->used) + fprintf(stderr, "warning: macro '%s' not " + "used\n", sym->nam); TAILQ_REMOVE(&symhead, sym, entries); free(sym->nam); free(sym->val); |