diff --git a/crypto/dist/ipsec-tools/src/setkey/parse.y b/crypto/dist/ipsec-tools/src/setkey/parse.y index 4b211a2b43e4..62c6629aa2d8 100644 --- a/crypto/dist/ipsec-tools/src/setkey/parse.y +++ b/crypto/dist/ipsec-tools/src/setkey/parse.y @@ -1,4 +1,4 @@ -/* $NetBSD: parse.y,v 1.12 2009/03/06 11:45:03 tteras Exp $ */ +/* $NetBSD: parse.y,v 1.13 2010/06/04 13:06:03 vanhu Exp $ */ /* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */ @@ -131,7 +131,7 @@ static int setkeymsg_add __P((unsigned int, unsigned int, %token F_LIFEBYTE_HARD F_LIFEBYTE_SOFT %token DECSTRING QUOTEDSTRING HEXSTRING STRING ANY /* SPD management */ -%token SPDADD SPDDELETE SPDDUMP SPDFLUSH +%token SPDADD SPDUPDATE SPDDELETE SPDDUMP SPDFLUSH %token F_POLICY PL_REQUESTS %token F_AIFLAGS %token TAGGED @@ -170,6 +170,7 @@ command | dump_command | exit_command | spdadd_command + | spdupdate_command | spddelete_command | spddump_command | spdflush_command @@ -572,6 +573,7 @@ extension /* definition about command for SPD management */ /* spdadd */ spdadd_command + /* XXX merge with spdupdate ??? */ : SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT { int status; @@ -624,6 +626,60 @@ spdadd_command } ; +spdupdate_command + /* XXX merge with spdadd ??? */ + : SPDUPDATE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT + { + int status; + struct addrinfo *src, *dst; + +#ifdef HAVE_PFKEY_POLICY_PRIORITY + last_msg_type = SADB_X_SPDUPDATE; +#endif + + /* fixed port fields if ulp is icmp */ + if ($10.buf != NULL) { + if (($9 != IPPROTO_ICMPV6) && + ($9 != IPPROTO_ICMP) && + ($9 != IPPROTO_MH)) + return -1; + free($5.buf); + free($8.buf); + if (fix_portstr(&$10, &$5, &$8)) + return -1; + } + + src = parse_addr($3.buf, $5.buf); + dst = parse_addr($6.buf, $8.buf); + if (!src || !dst) { + /* yyerror is already called */ + return -1; + } + if (src->ai_next || dst->ai_next) { + yyerror("multiple address specified"); + freeaddrinfo(src); + freeaddrinfo(dst); + return -1; + } + + status = setkeymsg_spdaddr(SADB_X_SPDUPDATE, $9, &$12, + src, $4, dst, $7); + freeaddrinfo(src); + freeaddrinfo(dst); + if (status < 0) + return -1; + } + | SPDUPDATE TAGGED QUOTEDSTRING policy_spec EOT + { + int status; + + status = setkeymsg_spdaddr_tag(SADB_X_SPDUPDATE, + $3.buf, &$4); + if (status < 0) + return -1; + } + ; + spddelete_command : SPDDELETE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT { diff --git a/crypto/dist/ipsec-tools/src/setkey/setkey.8 b/crypto/dist/ipsec-tools/src/setkey/setkey.8 index 5195f0ef23a1..409d4860876a 100644 --- a/crypto/dist/ipsec-tools/src/setkey/setkey.8 +++ b/crypto/dist/ipsec-tools/src/setkey/setkey.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: setkey.8,v 1.23 2010/03/05 06:47:58 tteras Exp $ +.\" $NetBSD: setkey.8,v 1.24 2010/06/04 13:06:03 vanhu Exp $ .\" .\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. .\" All rights reserved. @@ -195,6 +195,15 @@ Add an SPD entry based on a PF tag. .Ar tag must be a string surrounded by double quotes. .\" +.It Li spdupdate Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ +Ar label Ar policy Li ; +Updates an SPD entry. +.\" +.It Li spdupdate tagged Ar tag Ar policy Li ; +Update an SPD entry based on a PF tag. +.Ar tag +must be a string surrounded by double quotes. +.\" .It Li spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \ Fl P Ar direction Li ; Delete an SPD entry. diff --git a/crypto/dist/ipsec-tools/src/setkey/token.l b/crypto/dist/ipsec-tools/src/setkey/token.l index 6a6d3ab5588f..ad3d8431d776 100644 --- a/crypto/dist/ipsec-tools/src/setkey/token.l +++ b/crypto/dist/ipsec-tools/src/setkey/token.l @@ -1,4 +1,4 @@ -/* $NetBSD: token.l,v 1.14 2009/10/29 14:34:27 christos Exp $ */ +/* $NetBSD: token.l,v 1.15 2010/06/04 13:06:03 vanhu Exp $ */ /* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */ @@ -127,6 +127,7 @@ bye { return(EXIT); } /* for management SPD */ spdadd { return(SPDADD); } +spdupdate { return(SPDUPDATE); } spddelete { return(SPDDELETE); } spddump { return(SPDDUMP); } spdflush { return(SPDFLUSH); }