diff options
Diffstat (limited to 'programs/tncfg')
| -rw-r--r-- | programs/tncfg/.cvsignore | 1 | ||||
| -rw-r--r-- | programs/tncfg/Makefile | 52 | ||||
| -rw-r--r-- | programs/tncfg/tncfg.5 | 109 | ||||
| -rw-r--r-- | programs/tncfg/tncfg.8 | 113 | ||||
| -rw-r--r-- | programs/tncfg/tncfg.c | 393 |
5 files changed, 0 insertions, 668 deletions
diff --git a/programs/tncfg/.cvsignore b/programs/tncfg/.cvsignore deleted file mode 100644 index c05ca8d9a..000000000 --- a/programs/tncfg/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -tncfg diff --git a/programs/tncfg/Makefile b/programs/tncfg/Makefile deleted file mode 100644 index ded364dbf..000000000 --- a/programs/tncfg/Makefile +++ /dev/null @@ -1,52 +0,0 @@ -# Makefile for the KLIPS interface utilities -# Copyright (C) 1998, 1999 Henry Spencer. -# Copyright (C) 1999, 2000, 2001 Richard Guy Briggs -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:31 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM:=tncfg -EXTRA5PROC=${PROGRAM}.5 - -LIBS:=${FREESWANLIB} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:31 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.4 2002/06/03 20:25:31 mcr -# man page for files actually existant in /proc/net changed back to -# ipsec_foo via new EXTRA5PROC process. -# -# Revision 1.3 2002/06/02 21:51:41 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.2 2002/04/26 01:21:26 mcr -# while tracking down a missing (not installed) /etc/ipsec.conf, -# MCR has decided that it is not okay for each program subdir to have -# some subset (determined with -f) of possible files. -# Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -# Optional PROGRAM.5 files have been added to the makefiles. -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# diff --git a/programs/tncfg/tncfg.5 b/programs/tncfg/tncfg.5 deleted file mode 100644 index e4de862c6..000000000 --- a/programs/tncfg/tncfg.5 +++ /dev/null @@ -1,109 +0,0 @@ -.TH IPSEC_TNCFG 5 "27 Jun 2000" -.\" -.\" RCSID $Id: tncfg.5,v 1.1 2004/03/15 20:35:31 as Exp $ -.\" -.SH NAME -ipsec_tncfg \- lists IPSEC virtual interfaces attached to real interfaces -.SH SYNOPSIS -.B ipsec -.B tncfg -.PP -.B cat -.B /proc/net/ipsec_tncfg -.SH DESCRIPTION -.I /proc/net/ipsec_tncfg -is a read-only file which lists which IPSEC virtual interfaces are -attached to which real interfaces, through which packets will be -forwarded once processed by IPSEC. -.PP -Each line lists one ipsec I/F. -A table entry consists of: -.IP + 3 -an ipsec virtual I/F name -.IP + -a visual and machine parsable separator '->', separating the virtual I/F -and the physical I/F, -.IP + -a physical I/F name, to which the ipsec virtual I/F is attached or NULL -if it is not attached, -.IP + -the keyword -.BR mtu= , -.IP + -the MTU of the ipsec virtual I/F, -.IP + -the automatically adjusted effective MTU for PMTU discovery, in brackets, -.IP + -a visual and machine parsable separator '->', separating the virtual I/F -MTU and the physical I/F MTU, -.IP + -the MTU of the attached physical I/F. -.BR -.SH EXAMPLES -.TP -.B ipsec2 -> eth3 mtu=16260(1443) -> 1500 -.LP -shows that virtual device -.B ipsec2 -with an MTU of -.B 16260 -is connected to physical device -.B eth3 -with an MTU of -.B 1500 -and that the effective MTU as a result of PMTU discovery has been -automatically set to -.BR 1443. -.TP -.B ipsec0 \-> wvlan0 mtu=1400(16260) \-> 1500 -.LP -shows that virtual device -.B ipsec0 -with an MTU of -.B 1400 -is connected to physical device -.B wvlan0 -with an MTU of -.B 1500 -and no PMTU packets have gotten far enough to bump down the effective MTU -from its default of 16260. -.TP -.B ipsec3 \-> NULL mtu=0(0) \-> 0 -.LP -shows that virtual device -.B ipsec3 -is not connected to any physical device. -.LP -.SH "FILES" -/proc/net/ipsec_tncfg, /usr/local/bin/ipsec -.SH "SEE ALSO" -ipsec(8), ipsec_manual(8), ipsec_eroute(5), ipsec_spi(5), -ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_tncfg(8), ipsec_version(5), -ipsec_pf_key(5) -.SH HISTORY -Written for the Linux FreeS/WAN project -<http://www.freeswan.org/> -by Richard Guy Briggs. -.\" -.\" $Log: tncfg.5,v $ -.\" Revision 1.1 2004/03/15 20:35:31 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.5 2002/04/24 07:35:41 mcr -.\" Moved from ./klips/utils/tncfg.5,v -.\" -.\" Revision 1.4 2001/05/29 05:15:53 rgb -.\" Added PMTU to output format. -.\" -.\" Revision 1.3 2000/06/30 18:21:55 rgb -.\" Update SEE ALSO sections to include ipsec_version(5) and ipsec_pf_key(5) -.\" and correct FILES sections to no longer refer to /dev/ipsec which has -.\" been removed since PF_KEY does not use it. -.\" -.\" Revision 1.2 2000/06/28 12:44:12 henry -.\" format touchup -.\" -.\" Revision 1.1 2000/06/28 05:43:01 rgb -.\" Added manpages for all 5 klips utils. -.\" -.\" diff --git a/programs/tncfg/tncfg.8 b/programs/tncfg/tncfg.8 deleted file mode 100644 index f888f2539..000000000 --- a/programs/tncfg/tncfg.8 +++ /dev/null @@ -1,113 +0,0 @@ -.TH IPSEC_TNCFG 8 "21 Jun 2000" -.\" -.\" RCSID $Id: tncfg.8,v 1.1 2004/03/15 20:35:31 as Exp $ -.\" -.SH NAME -ipsec tncfg \- associate IPSEC virtual interface with physical interface -.SH SYNOPSIS -.B ipsec -.B tncfg -.PP -.B ipsec -.B tncfg -.B \-\-attach -.B \-\-virtual -virtual -.B \-\-physical -physical -.PP -.B ipsec -.B tncfg -.B \-\-detach -.B \-\-virtual -virtual -.PP -.B ipsec -.B tncfg -.B \-\-clear -.PP -.B ipsec -.B tncfg -.B \-\-version -.PP -.B ipsec -.B tncfg -.B \-\-help -.SH DESCRIPTION -.I Tncfg -attaches/detaches IPSEC virtual interfaces to/from -physical interfaces, -through which packets will be forwarded once processed by IPSEC. -.PP -The form with no additional arguments lists the contents of -/proc/net/ipsec_tncfg. The format of /proc/net/ipsec_tncfg is discussed -in ipsec_tncfg(5). -The -.B \-\-attach -form attaches the -.I virtual -interface to the -.I physical -one. -The -.B \-\-detach -form detaches the -.I virtual -interface from whichever physical interface it is attached to. -The -.B \-\-clear -form clears all the -.I virtual -interfaces from whichever physical interfaces they were attached to. -.PP -Virtual interfaces typically have names like -.BR ipsec0 , -while physical interfaces typically have names like -.B eth0 -or -.BR ppp0 . -.SH EXAMPLES -.TP -.B ipsec tncfg \-\-attach \-\-virtual ipsec0 \-\-physical eth0 -attaches the -.B ipsec0 -virtual device to the -.B eth0 -physical device. -.LP -.SH "FILES" -/proc/net/ipsec_tncfg, /usr/local/bin/ipsec -.SH "SEE ALSO" -ipsec(8), ipsec_manual(8), ipsec_eroute(8), ipsec_spi(8), -ipsec_spigrp(8), ipsec_klipsdebug(8), ipsec_tncfg(5) -.SH HISTORY -Written for the Linux FreeS/WAN project -<http://www.freeswan.org/> -by Richard Guy Briggs. -.\" -.\" $Log: tncfg.8,v $ -.\" Revision 1.1 2004/03/15 20:35:31 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.15 2002/04/24 07:35:41 mcr -.\" Moved from ./klips/utils/tncfg.8,v -.\" -.\" Revision 1.14 2000/09/12 13:09:04 rgb -.\" Fixed real/physical discrepancy between tncfg.8 and tncfg.c. -.\" -.\" Revision 1.13 2000/06/30 18:21:55 rgb -.\" Update SEE ALSO sections to include ipsec_version(5) and ipsec_pf_key(5) -.\" and correct FILES sections to no longer refer to /dev/ipsec which has -.\" been removed since PF_KEY does not use it. -.\" -.\" Revision 1.12 2000/06/21 16:54:58 rgb -.\" Added 'no additional args' text for listing contents of -.\" /proc/net/ipsec_* files. -.\" -.\" Revision 1.11 1999/07/19 18:47:25 henry -.\" fix slightly-misformed comments -.\" -.\" Revision 1.10 1999/04/06 04:54:39 rgb -.\" Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes -.\" patch shell fixes. -.\" diff --git a/programs/tncfg/tncfg.c b/programs/tncfg/tncfg.c deleted file mode 100644 index f6aeae0e2..000000000 --- a/programs/tncfg/tncfg.c +++ /dev/null @@ -1,393 +0,0 @@ -/* - * IPSEC interface configuration - * Copyright (C) 1996 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -char tncfg_c_version[] = "RCSID $Id: tncfg.c,v 1.1 2004/03/15 20:35:31 as Exp $"; - - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> /* system(), strtoul() */ -#include <unistd.h> /* getuid() */ -#include <linux/types.h> -#include <sys/ioctl.h> /* ioctl() */ - -#include <freeswan.h> -#ifdef NET_21 /* from freeswan.h */ -#include <linux/sockios.h> -#include <sys/socket.h> -#endif /* NET_21 */ /* from freeswan.h */ - -#if 0 -#include <linux/if.h> -#else -#include <net/if.h> -#endif -#include <sys/types.h> -#include <errno.h> -#include <getopt.h> - -#include "freeswan/ipsec_tunnel.h" - -static void -usage(char *name) -{ - fprintf(stdout,"%s --attach --virtual <virtual-device> --physical <physical-device>\n", - name); - fprintf(stdout,"%s --detach --virtual <virtual-device>\n", - name); - fprintf(stdout,"%s --clear\n", - name); - fprintf(stdout,"%s --help\n", - name); - fprintf(stdout,"%s --version\n", - name); - fprintf(stdout,"%s\n", - name); - fprintf(stdout, " [ --debug ] is optional to any %s command.\n", name); - fprintf(stdout, " [ --label <label> ] is optional to any %s command.\n", name); - exit(1); -} - -static struct option const longopts[] = -{ - {"virtual", 1, 0, 'V'}, - {"physical", 1, 0, 'P'}, - {"attach", 0, 0, 'a'}, - {"detach", 0, 0, 'd'}, - {"clear", 0, 0, 'c'}, - {"help", 0, 0, 'h'}, - {"version", 0, 0, 'v'}, - {"label", 1, 0, 'l'}, - {"optionsfrom", 1, 0, '+'}, - {"debug", 0, 0, 'g'}, - {0, 0, 0, 0} -}; - -int -main(int argc, char *argv[]) -{ - struct ifreq ifr; - struct ipsectunnelconf *shc=(struct ipsectunnelconf *)&ifr.ifr_data; - int s; - int c, previous = -1; - char *program_name; - int debug = 0; - int argcount = argc; - - memset(&ifr, 0, sizeof(ifr)); - program_name = argv[0]; - - while((c = getopt_long_only(argc, argv, ""/*"adchvV:P:l:+:"*/, longopts, 0)) != EOF) { - switch(c) { - case 'g': - debug = 1; - argcount--; - break; - case 'a': - if(shc->cf_cmd) { - fprintf(stderr, "%s: exactly one of '--attach', '--detach' or '--clear' options must be specified.\n", program_name); - exit(1); - } - shc->cf_cmd = IPSEC_SET_DEV; - break; - case 'd': - if(shc->cf_cmd) { - fprintf(stderr, "%s: exactly one of '--attach', '--detach' or '--clear' options must be specified.\n", program_name); - exit(1); - } - shc->cf_cmd = IPSEC_DEL_DEV; - break; - case 'c': - if(shc->cf_cmd) { - fprintf(stderr, "%s: exactly one of '--attach', '--detach' or '--clear' options must be specified.\n", program_name); - exit(1); - } - shc->cf_cmd = IPSEC_CLR_DEV; - break; - case 'h': - usage(program_name); - break; - case 'v': - if(optarg) { - fprintf(stderr, "%s: warning; '-v' and '--version' options don't expect arguments, arg '%s' found, perhaps unintended.\n", - program_name, optarg); - } - fprintf(stdout, "%s, %s\n", program_name, tncfg_c_version); - exit(1); - break; - case 'V': - strcpy(ifr.ifr_name, optarg); - break; - case 'P': - strcpy(shc->cf_name, optarg); - break; - case 'l': - program_name = malloc(strlen(argv[0]) - + 10 /* update this when changing the sprintf() */ - + strlen(optarg)); - sprintf(program_name, "%s --label %s", - argv[0], - optarg); - argcount -= 2; - break; - case '+': /* optionsfrom */ - optionsfrom(optarg, &argc, &argv, optind, stderr); - /* no return on error */ - break; - default: - usage(program_name); - break; - } - previous = c; - } - - if(argcount == 1) { - system("cat /proc/net/ipsec_tncfg"); - exit(0); - } - - switch(shc->cf_cmd) { - case IPSEC_SET_DEV: - if(!shc->cf_name) { - fprintf(stderr, "%s: physical I/F parameter missing.\n", - program_name); - exit(1); - } - case IPSEC_DEL_DEV: - if(!ifr.ifr_name) { - fprintf(stderr, "%s: virtual I/F parameter missing.\n", - program_name); - exit(1); - } - break; - case IPSEC_CLR_DEV: - strcpy(ifr.ifr_name, "ipsec0"); - break; - default: - fprintf(stderr, "%s: exactly one of '--attach', '--detach' or '--clear' options must be specified.\n" - "Try %s --help' for usage information.\n", - program_name, program_name); - exit(1); - } - - s=socket(AF_INET, SOCK_DGRAM,0); - if(s==-1) - { - fprintf(stderr, "%s: Socket creation failed -- ", program_name); - switch(errno) - { - case EACCES: - if(getuid()==0) - fprintf(stderr, "Root denied permission!?!\n"); - else - fprintf(stderr, "Run as root user.\n"); - break; - case EPROTONOSUPPORT: - fprintf(stderr, "Internet Protocol not enabled"); - break; - case EMFILE: - case ENFILE: - case ENOBUFS: - fprintf(stderr, "Insufficient system resources.\n"); - break; - case ENODEV: - fprintf(stderr, "No such device. Is the virtual device valid? Is the ipsec module linked into the kernel or loaded as a module?\n"); - break; - default: - fprintf(stderr, "Unknown socket error %d.\n", errno); - } - exit(1); - } - if(ioctl(s, shc->cf_cmd, &ifr)==-1) - { - if(shc->cf_cmd == IPSEC_SET_DEV) { - fprintf(stderr, "%s: Socket ioctl failed on attach -- ", program_name); - switch(errno) - { - case EINVAL: - fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n"); - break; - case ENODEV: - fprintf(stderr, "No such device. Is the virtual device valid? Is the ipsec module linked into the kernel or loaded as a module?\n"); - break; - case ENXIO: - fprintf(stderr, "No such device. Is the physical device valid?\n"); - break; - case EBUSY: - fprintf(stderr, "Device busy. Virtual device %s is already attached to a physical device -- Use detach first.\n", - ifr.ifr_name); - break; - default: - fprintf(stderr, "Unknown socket error %d.\n", errno); - } - exit(1); - } - if(shc->cf_cmd == IPSEC_DEL_DEV) { - fprintf(stderr, "%s: Socket ioctl failed on detach -- ", program_name); - switch(errno) - { - case EINVAL: - fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n"); - break; - case ENODEV: - fprintf(stderr, "No such device. Is the virtual device valid? The ipsec module may not be linked into the kernel or loaded as a module.\n"); - break; - case ENXIO: - fprintf(stderr, "Device requested is not linked to any physical device.\n"); - break; - default: - fprintf(stderr, "Unknown socket error %d.\n", errno); - } - exit(1); - } - if(shc->cf_cmd == IPSEC_CLR_DEV) { - fprintf(stderr, "%s: Socket ioctl failed on clear -- ", program_name); - switch(errno) - { - case EINVAL: - fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n"); - break; - case ENODEV: - fprintf(stderr, "Failed. Is the ipsec module linked into the kernel or loaded as a module?.\n"); - break; - default: - fprintf(stderr, "Unknown socket error %d.\n", errno); - } - exit(1); - } - } - exit(0); -} - -/* - * $Log: tncfg.c,v $ - * Revision 1.1 2004/03/15 20:35:31 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.30 2002/04/24 07:55:32 mcr - * #include patches and Makefiles for post-reorg compilation. - * - * Revision 1.29 2002/04/24 07:35:41 mcr - * Moved from ./klips/utils/tncfg.c,v - * - * Revision 1.28 2002/03/08 21:44:05 rgb - * Update for all GNU-compliant --version strings. - * - * Revision 1.27 2001/06/14 19:35:15 rgb - * Update copyright date. - * - * Revision 1.26 2001/05/21 02:02:55 rgb - * Eliminate 1-letter options. - * - * Revision 1.25 2001/05/16 05:07:20 rgb - * Fixed --label option in KLIPS manual utils to add the label to the - * command name rather than replace it in error text. - * Fix 'print table' non-option in KLIPS manual utils to deal with --label - * and --debug options. - * - * Revision 1.24 2000/09/12 13:09:05 rgb - * Fixed real/physical discrepancy between tncfg.8 and tncfg.c. - * - * Revision 1.23 2000/08/27 01:48:30 rgb - * Update copyright. - * - * Revision 1.22 2000/07/26 03:41:46 rgb - * Changed all printf's to fprintf's. Fixed tncfg's usage to stderr. - * - * Revision 1.21 2000/06/21 16:51:27 rgb - * Added no additional argument option to usage text. - * - * Revision 1.20 2000/01/21 06:26:31 rgb - * Added --debug switch to command line. - * - * Revision 1.19 1999/12/08 20:32:41 rgb - * Cleaned out unused cruft. - * Changed include file, limiting scope, to avoid conflicts in 2.0.xx - * kernels. - * - * Revision 1.18 1999/12/07 18:27:10 rgb - * Added headers to silence fussy compilers. - * Converted local functions to static to limit scope. - * - * Revision 1.17 1999/11/18 04:09:21 rgb - * Replaced all kernel version macros to shorter, readable form. - * - * Revision 1.16 1999/05/25 01:45:36 rgb - * Fix version macros for 2.0.x as a module. - * - * Revision 1.15 1999/05/05 22:02:34 rgb - * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. - * - * Revision 1.14 1999/04/15 15:37:28 rgb - * Forward check changes from POST1_00 branch. - * - * Revision 1.10.6.2 1999/04/13 20:58:10 rgb - * Add argc==1 --> /proc/net/ipsec_*. - * - * Revision 1.10.6.1 1999/03/30 17:01:36 rgb - * Make main() return type explicit. - * - * Revision 1.13 1999/04/11 00:12:09 henry - * GPL boilerplate - * - * Revision 1.12 1999/04/06 04:54:39 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.11 1999/03/17 15:40:54 rgb - * Make explicit main() return type of int. - * - * Revision 1.10 1998/11/12 21:08:04 rgb - * Add --label option to identify caller from scripts. - * - * Revision 1.9 1998/10/09 18:47:30 rgb - * Add 'optionfrom' to get more options from a named file. - * - * Revision 1.8 1998/10/09 04:36:55 rgb - * Changed help output from stderr to stdout. - * Deleted old commented out cruft. - * - * Revision 1.7 1998/08/28 03:15:14 rgb - * Add some manual long options to the usage text. - * - * Revision 1.6 1998/08/05 22:29:00 rgb - * Change includes to accomodate RH5.x. - * Force long option names. - * Add ENXIO error return code to narrow down error reporting. - * - * Revision 1.5 1998/07/29 21:45:28 rgb - * Convert to long option names. - * - * Revision 1.4 1998/07/09 18:14:11 rgb - * Added error checking to IP's and keys. - * Made most error messages more specific rather than spamming usage text. - * Added more descriptive kernel error return codes and messages. - * Converted all spi translations to unsigned. - * Removed all invocations of perror. - * - * Revision 1.3 1998/05/27 18:48:20 rgb - * Adding --help and --version directives. - * - * Revision 1.2 1998/04/23 21:11:39 rgb - * Fixed 0 argument usage case to prevent sigsegv. - * - * Revision 1.1.1.1 1998/04/08 05:35:09 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.5 1997/06/03 04:31:55 ji - * New file. - * - */ |