aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMiloslav Trmac <mitr@volny.cz>2006-05-16 17:17:32 +0000
committerMiloslav Trmac <mitr@volny.cz>2006-05-16 17:17:32 +0000
commit95782f9d6b973a6edecdbf685fb8c6a756ee4470 (patch)
tree6dbbe504ffbaee9a3e0990cb126f9b6b228a22df
parentb620326341af18b1b575cdce21c70db93490f37a (diff)
downloadinitscripts-95782f9d6b973a6edecdbf685fb8c6a756ee4470.tar
initscripts-95782f9d6b973a6edecdbf685fb8c6a756ee4470.tar.gz
initscripts-95782f9d6b973a6edecdbf685fb8c6a756ee4470.tar.bz2
initscripts-95782f9d6b973a6edecdbf685fb8c6a756ee4470.tar.xz
initscripts-95782f9d6b973a6edecdbf685fb8c6a756ee4470.zip
* ifup-ipsec:
- Fix key handling when AH or ESP is not used (#166257, patch by Tarhon-Onu Victor <mituc@iasi.rdsnet.ro>) - Allow manual tunnel mode without using AH or ESP * ifdown-ipsec: - Fix syntax errors in manual mode when AH or ESP is not used
-rwxr-xr-xsysconfig/network-scripts/ifdown-ipsec8
-rwxr-xr-xsysconfig/network-scripts/ifup-ipsec22
2 files changed, 17 insertions, 13 deletions
diff --git a/sysconfig/network-scripts/ifdown-ipsec b/sysconfig/network-scripts/ifdown-ipsec
index ffaaa3a3..7a861c59 100755
--- a/sysconfig/network-scripts/ifdown-ipsec
+++ b/sysconfig/network-scripts/ifdown-ipsec
@@ -46,10 +46,10 @@ fi
if [ "$KEYING" = "manual" ]; then
setkey -c << EOF
-delete $SRC $DST ah $SPI_AH_OUT;
-delete $DST $SRC ah $SPI_AH_IN;
-delete $SRC $DST esp $SPI_ESP_OUT;
-delete $DST $SRC esp $SPI_ESP_IN;
+${SPI_AH_OUT:+delete $SRC $DST ah $SPI_AH_OUT;}
+${SPI_AH_IN:+delete $DST $SRC ah $SPI_AH_IN;}
+${SPI_ESP_OUT:+delete $SRC $DST esp $SPI_ESP_OUT;}
+${SPI_ESP_IN:+delete $DST $SRC esp $SPI_ESP_IN;}
EOF
fi
diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec
index c4e2974c..00943045 100755
--- a/sysconfig/network-scripts/ifup-ipsec
+++ b/sysconfig/network-scripts/ifup-ipsec
@@ -53,11 +53,15 @@ handle_keys() {
if [ -z "$KEY_ESP_OUT" -a -n "$KEY_ESP" ]; then
KEY_ESP_OUT=$KEY_ESP
fi
-
- [ "$KEY_AH_IN" = "${KEY_AH_IN##0x}" ] && KEY_AH_IN=\"$KEY_AH_IN\"
- [ "$KEY_AH_OUT" = "${KEY_AH_OUT##0x}" ] && KEY_AH_OUT=\"$KEY_AH_OUT\"
- [ "$KEY_ESP_IN" = "${KEY_ESP_IN##0x}" ] && KEY_ESP_IN=\"$KEY_ESP_IN\"
- [ "$KEY_ESP_OUT" = "${KEY_ESP_OUT##0x}" ] && KEY_ESP_OUT=\"$KEY_ESP_OUT\"
+
+ [ -n "$KEY_AH_IN" -a "$KEY_AH_IN" = "${KEY_AH_IN##0x}" ] \
+ && KEY_AH_IN=\"$KEY_AH_IN\"
+ [ -n "$KEY_AH_OUT" -a "$KEY_AH_OUT" = "${KEY_AH_OUT##0x}" ] \
+ && KEY_AH_OUT=\"$KEY_AH_OUT\"
+ [ -n "$KEY_ESP_IN" -a "$KEY_ESP_IN" = "${KEY_ESP_IN##0x}" ] \
+ && KEY_ESP_IN=\"$KEY_ESP_IN\"
+ [ -n "$KEY_ESP_OUT" -a "$KEY_ESP_OUT" = "${KEY_ESP_OUT##0x}" ] \
+ && KEY_ESP_OUT=\"$KEY_ESP_OUT\"
}
. /etc/init.d/functions
@@ -151,10 +155,10 @@ EOF
ip route add to $DSTNET via $SRCGW src $SRCGW
/sbin/setkey -c >/dev/null 2>&1 << EOF
-delete $SRC $DST ah $SPI_AH_OUT;
-delete $DST $SRC ah $SPI_AH_IN;
-delete $SRC $DST esp $SPI_ESP_OUT;
-delete $DST $SRC esp $SPI_ESP_IN;
+${SPI_AH_OUT:+delete $SRC $DST ah $SPI_AH_OUT;}
+${SPI_AH_IN:+delete $DST $SRC ah $SPI_AH_IN;}
+${SPI_ESP_OUT:+delete $SRC $DST esp $SPI_ESP_OUT;}
+${SPI_ESP_IN:+delete $DST $SRC esp $SPI_ESP_IN;}
spddelete $SRCNET $DSTNET any -P out;
spddelete $DSTNET $SRCNET any -P in;