Allow `ip4'' as an `upperspec'' value, and update the man

page with *all* the permissible values.

This should really be spelt ipencap (as /etc/protocols does),
but a precedent has already been set by the ipproto array in
setkey.c.

It would be nice if /etc/protocols was parsed for the upperspec
field, but I don't do yacc/lex...

This change allows policies that only encrypt the encapsulated
packets passing between the endpoints of a gif tunnel.  Setting
such a policy means that you can still talk directly (and
unencrypted) between the public IP numbers with (say) ssh.

MFC after:	1 week
This commit is contained in:
Brian Somers 2001-05-17 15:30:49 +00:00
parent 10d865720b
commit f1b1c5da22
4 changed files with 8 additions and 0 deletions
sbin/setkey
usr.sbin/setkey

@ -366,6 +366,9 @@ They must be in numeric form.
.It Ar upperspec
Upper-layer protocol to be used.
Currently
.Li icmp ,
.Li icmp6 ,
.Li ip4 ,
.Li tcp ,
.Li udp
and

@ -200,6 +200,7 @@ nocyclic-seq { PREPROC; return(NOCYCLICSEQ); }
/* upper layer protocols */
icmp { PREPROC; yylval.num = IPPROTO_ICMP; return(UP_PROTO); }
icmp6 { PREPROC; yylval.num = IPPROTO_ICMPV6; return(UP_PROTO); }
ip4 { PREPROC; yylval.num = IPPROTO_IPV4; return(UP_PROTO); }
tcp { PREPROC; yylval.num = IPPROTO_TCP; return(UP_PROTO); }
udp { PREPROC; yylval.num = IPPROTO_UDP; return(UP_PROTO); }

@ -366,6 +366,9 @@ They must be in numeric form.
.It Ar upperspec
Upper-layer protocol to be used.
Currently
.Li icmp ,
.Li icmp6 ,
.Li ip4 ,
.Li tcp ,
.Li udp
and

@ -200,6 +200,7 @@ nocyclic-seq { PREPROC; return(NOCYCLICSEQ); }
/* upper layer protocols */
icmp { PREPROC; yylval.num = IPPROTO_ICMP; return(UP_PROTO); }
icmp6 { PREPROC; yylval.num = IPPROTO_ICMPV6; return(UP_PROTO); }
ip4 { PREPROC; yylval.num = IPPROTO_IPV4; return(UP_PROTO); }
tcp { PREPROC; yylval.num = IPPROTO_TCP; return(UP_PROTO); }
udp { PREPROC; yylval.num = IPPROTO_UDP; return(UP_PROTO); }