diff options
| author |   angelos <angelos@openbsd.org> | 1999-12-27 04:19:42 +0000 |
|---|---|---|
| committer | angelos <angelos@openbsd.org> | 1999-12-27 04:19:42 +0000 |
| commit | cbd5fabc1d57d227638381f621d693edeb740de6 (patch) | |
| tree | 1ffdcfd5c038b1f0f0d964da7f82d7883ccccffa | |
| parent | Some more enc ioctls. (diff) | |
| download | wireguard-openbsd-cbd5fabc1d57d227638381f621d693edeb740de6.tar.xz wireguard-openbsd-cbd5fabc1d57d227638381f621d693edeb740de6.zip | |
Handle srcsa/clearsa, and rename setsa to dstsa.
| -rw-r--r-- | sbin/ifconfig/ifconfig.8 | 37 | ||||
| -rw-r--r-- | sbin/ifconfig/ifconfig.c | 59 |
2 files changed, 83 insertions, 13 deletions
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index f671b5aa943..64a7f94cbf1 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ifconfig.8,v 1.31 1999/12/27 03:25:19 angelos Exp $ +.\" $OpenBSD: ifconfig.8,v 1.32 1999/12/27 04:19:42 angelos Exp $ .\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $ .\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $ .\" @@ -145,7 +145,7 @@ for example, The following parameters may be set with .Nm ifconfig : .Bl -tag -width dest_addressxx -.It Cm setsa +.It Cm dstsa Bind an .Xr ipsec 4 Security Association (SA) to an @@ -166,14 +166,43 @@ for ESP, 51 for AH, or 4 for IP-in-IP). The SA must exist for the operation to be successfully completed. Typically, such SAs would be established via .Xr ipsecadm 1 . +This SA will be used to send packets to a remote host via +.Xr ipsec 4 . If the .Ar 0.0.0.0/0/0 or .Ar ::/0/0 SA is specified, any existing binding between the corresponding .Xr enc 4 -interface and an SA is cleared (in fact, just the SPI and the protocol -part of the SA have to be set to zero). +interface and the SA is cleared (in fact, just the SPI and the protocol +part of the SA have to be set to zero). Only one SA may be bound to an +.Xr enc 4 +interface at a time. +.It Cm srcsa +Similar to +.Cm dstsa , +this operation binds an +.Xr ipsec 4 +SA to an +.Xr enc 4 +interface. The SAs bound via this operation are receiving SAs. Any +packets received over one of these SAs, will be made to appear as if +it arrived by the corresponding +.Xr enc 4 +interface. If the interface is part of a bridge, the packets will be +delivered to the bridge. Contrary to the +.Cm dstsa +flag, multiple SAs may be bound to an +.Xr enc 4 +interface via this operation. +.It Cm clearsa +Remove the binding between an SA and an +.Xr enc 4 +interface, such as established with the +.Cm srcsa +or +.Cm dstsa +flags. .It Cm alias Establish an additional network address for this interface. This is sometimes useful when changing network numbers, and diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c index 7f3d253fef1..3b76ac993a1 100644 --- a/sbin/ifconfig/ifconfig.c +++ b/sbin/ifconfig/ifconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifconfig.c,v 1.25 1999/12/27 03:14:39 angelos Exp $ */ +/* $OpenBSD: ifconfig.c,v 1.26 1999/12/27 04:19:42 angelos Exp $ */ /* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */ /* @@ -81,7 +81,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)ifconfig.c 8.2 (Berkeley) 2/16/94"; #else -static char rcsid[] = "$OpenBSD: ifconfig.c,v 1.25 1999/12/27 03:14:39 angelos Exp $"; +static char rcsid[] = "$OpenBSD: ifconfig.c,v 1.26 1999/12/27 04:19:42 angelos Exp $"; #endif #endif /* not lint */ @@ -165,7 +165,9 @@ void setsnpaoffset __P((char *)); void setipxframetype __P((char *, int)); void setatrange __P((char *, int)); void setatphase __P((char *, int)); -void setsa __P((char *)); +void dstsa __P((char *)); +void srcsa __P((char *)); +void clearsa __P((char *)); #ifdef INET6 void setia6flags __P((char *, int)); void setia6pltime __P((char *, int)); @@ -247,7 +249,9 @@ struct cmd { { "snap", ETHERTYPE_SNAP, 0, setipxframetype }, { "EtherII", ETHERTYPE_II, 0, setipxframetype }, #endif /* INET_ONLY */ - { "setsa", NEXTARG, 0, setsa } , + { "dstsa", NEXTARG, 0, dstsa } , + { "srcsa", NEXTARG, 0, srcsa } , + { "clearsa", NEXTARG, 0, clearsa } , { "link0", IFF_LINK0, 0, setifflags } , { "-link0", -IFF_LINK0, 0, setifflags } , { "link1", IFF_LINK1, 0, setifflags } , @@ -639,8 +643,9 @@ setifaddr(addr, param) (*afp->af_getaddr)(addr, (doalias >= 0 ? ADDR : RIDADDR)); } -void -setsa(sa) +static void +handlesa(cmd, sa) + int cmd; char *sa; { char *p1, *p2, *p; @@ -694,8 +699,42 @@ setsa(sa) if ((p == NULL) || (*p != '\0')) errx(1, "bad security protocol"); - if (ioctl(s, SIOCSENCSA, (caddr_t)&ifsa) < 0) - warn("SIOCSENCSA"); + if (ioctl(s, cmd, (caddr_t)&ifsa) < 0) + switch (cmd) + { + case SIOCSENCDSTSA: + warn("SIOCSENCDSTSA"); + break; + + case SIOCSENCSRCSA: + warn("SIOCSENCSRCSA"); + break; + + case SIOCSENCCLEARSA: + warn("SIOCSENCCLEARSA"); + break; + } +} + +void +dstsa(sa) + char *sa; +{ + handlesa(SIOCSENCDSTSA, sa); +} + +void +srcsa(sa) + char *sa; +{ + handlesa(SIOCSENCSRCSA, sa); +} + +void +clearsa(sa) + char *sa; +{ + handlesa(SIOCSENCCLEARSA, sa); } void @@ -1967,7 +2006,9 @@ usage() "[ netmask mask ] ]\n" "\t[media media_type] [mediaopt media_option]\n" "\t[ metric n ]\n" - "\t[ setsa address/spi/protocol ]\n" + "\t[ dstsa address/spi/protocol ]\n" + "\t[ srcsa address/spi/protocol ]\n" + "\t[ clearsa address/spi/protocol ]\n" "\t[ arp | -arp ]\n" "\t[ -802.2 | -802.3 | -802.2tr | -snap | -EtherII ]\n" "\t[ link0 | -link0 ] [ link1 | -link1 ] [ link2 | -link2 ]\n" |