diff options
| author |   henning <henning@openbsd.org> | 2004-04-28 04:34:46 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2004-04-28 04:34:46 +0000 |
| commit | 50a1a1fb33d7672e53e276326b8596db3ccba593 (patch) | |
| tree | 58e06909ca8a732e3fad1e89edbc064bd572978d | |
| parent | do not give up on ESRCH, someone might have mucked with ipsecadm behind (diff) | |
| download | wireguard-openbsd-50a1a1fb33d7672e53e276326b8596db3ccba593.tar.xz wireguard-openbsd-50a1a1fb33d7672e53e276326b8596db3ccba593.zip | |
allow ah/esp spec with IKE, markus ok
| -rw-r--r-- | usr.sbin/bgpd/bgpd.h | 5 | ||||
| -rw-r--r-- | usr.sbin/bgpd/parse.y | 13 | ||||
| -rw-r--r-- | usr.sbin/bgpd/printconf.c | 8 |
3 files changed, 18 insertions, 8 deletions
diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h index 3434f775df6..38961b2b2d1 100644 --- a/usr.sbin/bgpd/bgpd.h +++ b/usr.sbin/bgpd/bgpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.h,v 1.117 2004/04/28 02:57:27 claudio Exp $ */ +/* $OpenBSD: bgpd.h,v 1.118 2004/04/28 04:34:46 henning Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -150,7 +150,8 @@ enum auth_method { AUTH_MD5SIG = 1, AUTH_IPSEC_MANUAL_ESP, AUTH_IPSEC_MANUAL_AH, - AUTH_IPSEC_IKE + AUTH_IPSEC_IKE_ESP, + AUTH_IPSEC_IKE_AH }; struct peer_auth { diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index 3856d48178f..4bfae60852e 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.94 2004/04/28 01:36:56 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.95 2004/04/28 04:34:46 henning Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -558,12 +558,19 @@ peeropts : REMOTEAS asnumber { curpeer->conf.auth.method = AUTH_MD5SIG; free($4); } - | IPSEC IKE { + | IPSEC ESP IKE { if (curpeer->conf.auth.method) { yyerror("auth method cannot be redefined"); YYERROR; } - curpeer->conf.auth.method = AUTH_IPSEC_IKE; + curpeer->conf.auth.method = AUTH_IPSEC_IKE_ESP; + } + | IPSEC AH IKE { + if (curpeer->conf.auth.method) { + yyerror("auth method cannot be redefined"); + YYERROR; + } + curpeer->conf.auth.method = AUTH_IPSEC_IKE_AH; } | IPSEC ESP inout SPI number STRING STRING encspec { unsigned i; diff --git a/usr.sbin/bgpd/printconf.c b/usr.sbin/bgpd/printconf.c index 91bcce1e5a4..e6b9d17c725 100644 --- a/usr.sbin/bgpd/printconf.c +++ b/usr.sbin/bgpd/printconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printconf.c,v 1.16 2004/04/28 00:38:39 henning Exp $ */ +/* $OpenBSD: printconf.c,v 1.17 2004/04/28 04:34:46 henning Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -183,8 +183,10 @@ print_peer(struct peer_config *p) printf(" %s XXXXXX", print_enc_alg(p->auth.enc_alg_out)); printf("\n"); - } else if (p->auth.method == AUTH_IPSEC_IKE) - printf("%s\tipsec ike\n", c); + } else if (p->auth.method == AUTH_IPSEC_IKE_AH) + printf("%s\tipsec ah ike\n", c); + else if (p->auth.method == AUTH_IPSEC_IKE_ESP) + printf("%s\tipsec esp ike\n", c); if (p->attrset.flags) printf("%s\t", c); |