diff options
author | Miloslav Trmac <mitr@volny.cz> | 2006-05-16 17:17:32 +0000 |
---|---|---|
committer | Miloslav Trmac <mitr@volny.cz> | 2006-05-16 17:17:32 +0000 |
commit | 95782f9d6b973a6edecdbf685fb8c6a756ee4470 (patch) | |
tree | 6dbbe504ffbaee9a3e0990cb126f9b6b228a22df | |
parent | b620326341af18b1b575cdce21c70db93490f37a (diff) | |
download | initscripts-95782f9d6b973a6edecdbf685fb8c6a756ee4470.tar initscripts-95782f9d6b973a6edecdbf685fb8c6a756ee4470.tar.gz initscripts-95782f9d6b973a6edecdbf685fb8c6a756ee4470.tar.bz2 initscripts-95782f9d6b973a6edecdbf685fb8c6a756ee4470.tar.xz initscripts-95782f9d6b973a6edecdbf685fb8c6a756ee4470.zip |
* ifup-ipsec:
- Fix key handling when AH or ESP is not used (#166257, patch by
Tarhon-Onu Victor <mituc@iasi.rdsnet.ro>)
- Allow manual tunnel mode without using AH or ESP
* ifdown-ipsec:
- Fix syntax errors in manual mode when AH or ESP is not used
-rwxr-xr-x | sysconfig/network-scripts/ifdown-ipsec | 8 | ||||
-rwxr-xr-x | sysconfig/network-scripts/ifup-ipsec | 22 |
2 files changed, 17 insertions, 13 deletions
diff --git a/sysconfig/network-scripts/ifdown-ipsec b/sysconfig/network-scripts/ifdown-ipsec index ffaaa3a3..7a861c59 100755 --- a/sysconfig/network-scripts/ifdown-ipsec +++ b/sysconfig/network-scripts/ifdown-ipsec @@ -46,10 +46,10 @@ fi if [ "$KEYING" = "manual" ]; then setkey -c << EOF -delete $SRC $DST ah $SPI_AH_OUT; -delete $DST $SRC ah $SPI_AH_IN; -delete $SRC $DST esp $SPI_ESP_OUT; -delete $DST $SRC esp $SPI_ESP_IN; +${SPI_AH_OUT:+delete $SRC $DST ah $SPI_AH_OUT;} +${SPI_AH_IN:+delete $DST $SRC ah $SPI_AH_IN;} +${SPI_ESP_OUT:+delete $SRC $DST esp $SPI_ESP_OUT;} +${SPI_ESP_IN:+delete $DST $SRC esp $SPI_ESP_IN;} EOF fi diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec index c4e2974c..00943045 100755 --- a/sysconfig/network-scripts/ifup-ipsec +++ b/sysconfig/network-scripts/ifup-ipsec @@ -53,11 +53,15 @@ handle_keys() { if [ -z "$KEY_ESP_OUT" -a -n "$KEY_ESP" ]; then KEY_ESP_OUT=$KEY_ESP fi - - [ "$KEY_AH_IN" = "${KEY_AH_IN##0x}" ] && KEY_AH_IN=\"$KEY_AH_IN\" - [ "$KEY_AH_OUT" = "${KEY_AH_OUT##0x}" ] && KEY_AH_OUT=\"$KEY_AH_OUT\" - [ "$KEY_ESP_IN" = "${KEY_ESP_IN##0x}" ] && KEY_ESP_IN=\"$KEY_ESP_IN\" - [ "$KEY_ESP_OUT" = "${KEY_ESP_OUT##0x}" ] && KEY_ESP_OUT=\"$KEY_ESP_OUT\" + + [ -n "$KEY_AH_IN" -a "$KEY_AH_IN" = "${KEY_AH_IN##0x}" ] \ + && KEY_AH_IN=\"$KEY_AH_IN\" + [ -n "$KEY_AH_OUT" -a "$KEY_AH_OUT" = "${KEY_AH_OUT##0x}" ] \ + && KEY_AH_OUT=\"$KEY_AH_OUT\" + [ -n "$KEY_ESP_IN" -a "$KEY_ESP_IN" = "${KEY_ESP_IN##0x}" ] \ + && KEY_ESP_IN=\"$KEY_ESP_IN\" + [ -n "$KEY_ESP_OUT" -a "$KEY_ESP_OUT" = "${KEY_ESP_OUT##0x}" ] \ + && KEY_ESP_OUT=\"$KEY_ESP_OUT\" } . /etc/init.d/functions @@ -151,10 +155,10 @@ EOF ip route add to $DSTNET via $SRCGW src $SRCGW /sbin/setkey -c >/dev/null 2>&1 << EOF -delete $SRC $DST ah $SPI_AH_OUT; -delete $DST $SRC ah $SPI_AH_IN; -delete $SRC $DST esp $SPI_ESP_OUT; -delete $DST $SRC esp $SPI_ESP_IN; +${SPI_AH_OUT:+delete $SRC $DST ah $SPI_AH_OUT;} +${SPI_AH_IN:+delete $DST $SRC ah $SPI_AH_IN;} +${SPI_ESP_OUT:+delete $SRC $DST esp $SPI_ESP_OUT;} +${SPI_ESP_IN:+delete $DST $SRC esp $SPI_ESP_IN;} spddelete $SRCNET $DSTNET any -P out; spddelete $DSTNET $SRCNET any -P in; |