diff options
author | brian <brian@FreeBSD.org> | 2001-05-17 15:30:49 +0000 |
---|---|---|
committer | brian <brian@FreeBSD.org> | 2001-05-17 15:30:49 +0000 |
commit | 8ed702383fb71581fa139a8a70b92984f6b9ba38 (patch) | |
tree | 5ad413386f45e25c8c44635dac76b213f2373fb8 /sbin/setkey/token.l | |
parent | 1ea506c6d50714fd6bf6e73f85fe3a892dcdd2f1 (diff) | |
download | FreeBSD-src-8ed702383fb71581fa139a8a70b92984f6b9ba38.zip FreeBSD-src-8ed702383fb71581fa139a8a70b92984f6b9ba38.tar.gz |
Allow ``ip4'' as an ``upperspec'' value, and update the man
page with *all* the permissible values.
This should really be spelt ipencap (as /etc/protocols does),
but a precedent has already been set by the ipproto array in
setkey.c.
It would be nice if /etc/protocols was parsed for the upperspec
field, but I don't do yacc/lex...
This change allows policies that only encrypt the encapsulated
packets passing between the endpoints of a gif tunnel. Setting
such a policy means that you can still talk directly (and
unencrypted) between the public IP numbers with (say) ssh.
MFC after: 1 week
Diffstat (limited to 'sbin/setkey/token.l')
-rw-r--r-- | sbin/setkey/token.l | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l index 8916fdd..c2eaad5 100644 --- a/sbin/setkey/token.l +++ b/sbin/setkey/token.l @@ -200,6 +200,7 @@ nocyclic-seq { PREPROC; return(NOCYCLICSEQ); } /* upper layer protocols */ icmp { PREPROC; yylval.num = IPPROTO_ICMP; return(UP_PROTO); } icmp6 { PREPROC; yylval.num = IPPROTO_ICMPV6; return(UP_PROTO); } +ip4 { PREPROC; yylval.num = IPPROTO_IPV4; return(UP_PROTO); } tcp { PREPROC; yylval.num = IPPROTO_TCP; return(UP_PROTO); } udp { PREPROC; yylval.num = IPPROTO_UDP; return(UP_PROTO); } |