From: provos <provos@openbsd.org>
Date: Sat, 1 Mar 1997 15:08:18 +0000 (+0000)
Subject: Unified ipsec prgs in ipsecadm
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=31a40c7ec127043f396de0bedf54f7060ba70dd3;p=openbsd

Unified ipsec prgs in ipsecadm
---

diff --git a/sbin/ipsec/Makefile b/sbin/ipsec/Makefile
index 2e3bc3431f9..d3649584700 100644
--- a/sbin/ipsec/Makefile
+++ b/sbin/ipsec/Makefile
@@ -1,6 +1,6 @@
-#	$OpenBSD: Makefile,v 1.1 1997/02/21 23:17:19 niklas Exp $
+#	$OpenBSD: Makefile,v 1.2 1997/03/01 15:08:18 provos Exp $
 
 SUBDIR=	delspi pfr rt rtdelete sah sahhmac sesp sesp3md5 sespmd5 sgrp shahmac \
-	si4
+	si4 ipsecadm
 
 .include <bsd.subdir.mk>
diff --git a/sbin/ipsec/ipsecadm/Makefile b/sbin/ipsec/ipsecadm/Makefile
new file mode 100644
index 00000000000..a0100685414
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/Makefile
@@ -0,0 +1,8 @@
+#	$OpenBSD: Makefile,v 1.1 1997/03/01 15:08:24 provos Exp $
+
+PROG= ipsecadm
+SRCS= ipsecadm.c xf_espdes.c xf_esp3desmd5.c xf_ahmd5.c xf_ahhmacmd5.c \
+	xf_ahhmacsha1.c xf_ip4.c xf_espdesmd5.c kernel.c xf_grp.c \
+	xf_delspi.c xf_pfr.c
+
+.include <bsd.prog.mk>
diff --git a/sbin/ipsec/ipsecadm/ipsecadm.c b/sbin/ipsec/ipsecadm/ipsecadm.c
new file mode 100644
index 00000000000..757d7ffa7b0
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/ipsecadm.c
@@ -0,0 +1,123 @@
+/* $OpenBSD: ipsecadm.c,v 1.1 1997/03/01 15:08:24 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+#include "netinet/ip_ipsp.h"
+#include "netinet/ip_esp.h"
+
+typedef struct {
+	char *name;
+	int    (*func) (int, char **);
+}       transform;
+
+int xf_espdes __P((int, char **));
+int xf_esp3desmd5 __P((int, char **));
+int xf_espdesmd5 __P((int, char **));
+int xf_ahmd5 __P((int, char **));
+int xf_ahhmacmd5 __P((int, char **));
+int xf_ahhmacsha1 __P((int, char **));
+int xf_ip4 __P((int, char **));
+int xf_grp __P((int, char **));
+int xf_delspi __P((int, char **));
+int xf_pfr __P((int, char **));
+
+transform xf[] = {
+	{"des", xf_espdes},
+	{"3desmd5", xf_esp3desmd5},
+	{"desmd5", xf_espdesmd5},
+	{"md5", xf_ahmd5},
+	{"hmacmd5", xf_ahhmacmd5},
+	{"hmacsha1", xf_ahhmacsha1},
+	{"ip4", xf_ip4},
+	{"grp", xf_grp},
+	{"delspi", xf_delspi},
+	{"pfr", xf_pfr}
+};
+
+char    buf[1024];
+
+int
+x2i(char *s)
+{
+	char    ss[3];
+	ss[0] = s[0];
+	ss[1] = s[1];
+	ss[2] = 0;
+
+	return strtol(ss, NULL, 16);
+}
+
+void
+usage()
+{
+	fprintf( stderr, "usage: ipsecadm <operation> <args...>\n\n" );
+}
+
+int
+main(argc, argv)
+	int     argc;
+	char  **argv;
+{
+	int     i;
+	if (argc < 2) {
+		usage();
+		exit(1);
+	}
+	/* Find the proper transform */
+
+	for (i = sizeof(xf) / sizeof(transform) - 1; i >= 0; i--)
+		if (!strcmp(xf[i].name, argv[1])) {
+			(*(xf[i].func)) (argc - 1, argv + 1);
+			return 1;
+
+		}
+	usage();
+        for (i = sizeof(xf) / sizeof(transform) - 1; i >= 0; i--)
+        	(*(xf[i].func)) (1, &(xf[i].name));
+	return 0;	
+}
diff --git a/sbin/ipsec/ipsecadm/kernel.c b/sbin/ipsec/ipsecadm/kernel.c
new file mode 100644
index 00000000000..8a0798c9c71
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/kernel.c
@@ -0,0 +1,68 @@
+/* $OpenBSD: kernel.c,v 1.1 1997/03/01 15:08:25 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *	
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+
+int
+xf_set(em)
+	struct encap_msghdr *em;
+{
+	int sd;
+
+	sd = socket(AF_ENCAP, SOCK_RAW, AF_UNSPEC);
+	if (sd < 0) {
+	  perror("socket");
+	  return 0;
+	}
+	
+	if (write(sd, (char *)em, em->em_msglen) != em->em_msglen) {
+	  perror("write");
+	  return 0;
+	}
+	return 1;
+}
diff --git a/sbin/ipsec/ipsecadm/xf_ahhmacmd5.c b/sbin/ipsec/ipsecadm/xf_ahhmacmd5.c
new file mode 100644
index 00000000000..27c97adbeee
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/xf_ahhmacmd5.c
@@ -0,0 +1,95 @@
+/* $OpenBSD: xf_ahhmacmd5.c,v 1.1 1997/03/01 15:08:25 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *	
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+#include "netinet/ip_ipsp.h"
+#include "netinet/ip_ah.h"
+
+extern char buf[]; 
+
+int xf_set __P(( struct encap_msghdr *));
+int x2i __P((char *));
+
+int
+xf_ahhmacmd5(argc, argv)
+int argc;
+char **argv;
+{
+	int klen, i;
+
+	struct encap_msghdr *em;
+	struct ahhmacmd5_xencap *xd;
+
+	if (argc != 4) {
+	  fprintf(stderr, "usage: %s dst spi key\n", argv[0]);
+	  return 0;
+	}
+
+	klen = strlen(argv[3])/2;
+
+	em = (struct encap_msghdr *)&buf[0];
+	
+	em->em_msglen = EMT_SETSPI_FLEN + 4 + AHHMACMD5_KMAX;
+	em->em_version = 0;
+	em->em_type = EMT_SETSPI;
+	em->em_spi = htonl(strtol(argv[2], NULL, 16));
+	em->em_if = 1;
+	em->em_dst.s_addr = inet_addr(argv[1]);
+	em->em_alg = XF_AHHMACMD5;
+	xd = (struct ahhmacmd5_xencap *)(em->em_dat);
+
+	xd->amx_alen = 16;
+	xd->amx_rpl = 1;
+	xd->amx_wnd = 32;
+
+	bzero(xd->amx_key, AHHMACMD5_KMAX);
+	for (i = 0; i < klen; i++ )
+	  xd->amx_key[i] = x2i(&(argv[3][2*i]));
+
+	return xf_set(em);
+}
diff --git a/sbin/ipsec/ipsecadm/xf_ahhmacsha1.c b/sbin/ipsec/ipsecadm/xf_ahhmacsha1.c
new file mode 100644
index 00000000000..11ae5f1184d
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/xf_ahhmacsha1.c
@@ -0,0 +1,94 @@
+/* $OpenBSD: xf_ahhmacsha1.c,v 1.1 1997/03/01 15:08:26 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *	
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+#include "netinet/ip_ipsp.h"
+#include "netinet/ip_ah.h"
+ 
+extern char buf[];
+
+int xf_set __P(( struct encap_msghdr *));
+int x2i __P((char *));
+
+int
+xf_ahhmacsha1(argc, argv)
+int argc;
+char **argv;
+{
+	int klen, i;
+
+	struct encap_msghdr *em;
+	struct ahhmacsha1_xencap *xd;
+
+	if (argc != 4) {
+	  fprintf(stderr, "usage: %s dst spi key\n", argv[0]);
+	  return 0;
+	}
+	
+	klen = strlen(argv[3])/2;
+
+	em = (struct encap_msghdr *)&buf[0];
+	
+	em->em_msglen = EMT_SETSPI_FLEN + 4 + AHHMACSHA1_KMAX;
+	em->em_version = 0;
+	em->em_type = EMT_SETSPI;
+	em->em_spi = htonl(strtol(argv[2], NULL, 16));
+	em->em_if = 1;
+	em->em_dst.s_addr = inet_addr(argv[1]);
+	em->em_alg = XF_AHHMACSHA1;
+	xd = (struct ahhmacsha1_xencap *)(em->em_dat);
+
+	xd->amx_alen = 20;
+	xd->amx_wnd = 32;
+
+	bzero(xd->amx_key, AHHMACSHA1_KMAX);
+	for (i = 0; i < klen; i++ )
+	  xd->amx_key[i] = x2i(&(argv[3][2*i]));
+
+	return xf_set(em);
+}
diff --git a/sbin/ipsec/ipsecadm/xf_ahmd5.c b/sbin/ipsec/ipsecadm/xf_ahmd5.c
new file mode 100644
index 00000000000..4a854778dfe
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/xf_ahmd5.c
@@ -0,0 +1,96 @@
+/* $OpenBSD: xf_ahmd5.c,v 1.1 1997/03/01 15:08:26 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *	
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+#include "netinet/ip_ipsp.h"
+#include "netinet/ip_ah.h"
+ 
+extern char buf[];
+
+int xf_set __P(( struct encap_msghdr *));
+int x2i __P((char *));
+
+int
+xf_ahmd5(argc, argv)
+int argc;
+char **argv;
+{
+	int klen, i;
+
+	struct encap_msghdr *em;
+	struct ahmd5_xdata *xd;
+
+	if (argc != 4) {
+	  fprintf(stderr, "usage: %s dst spi key\n", argv[0]);
+	  return 0;
+	}
+
+	klen = strlen(argv[3])/2;
+
+	em = (struct encap_msghdr *)&buf[0];
+	
+	em->em_msglen = EMT_SETSPI_FLEN + 4 + klen;
+	em->em_version = 0;
+	em->em_type = EMT_SETSPI;
+	em->em_spi = htonl(strtol(argv[2], NULL, 16));
+	em->em_if = 1;
+	em->em_dst.s_addr = inet_addr(argv[1]);
+	em->em_alg = XF_AHMD5;
+	xd = (struct ahmd5_xdata *)(em->em_dat);
+
+	xd->amx_klen = klen;
+	xd->amx_alen = 16;
+	
+
+	for (i = 0; i < klen; i++ )
+	  xd->amx_key[i] = x2i(&(argv[3][2*i]));
+	
+	return xf_set(em);
+}
+
+
diff --git a/sbin/ipsec/ipsecadm/xf_delspi.c b/sbin/ipsec/ipsecadm/xf_delspi.c
new file mode 100644
index 00000000000..4dd25bbbcc3
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/xf_delspi.c
@@ -0,0 +1,90 @@
+/* $OpenBSD: xf_delspi.c,v 1.1 1997/03/01 15:08:27 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *	
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+#include "netinet/ip_ipsp.h"
+
+extern char buf[];
+
+int xf_set __P((struct encap_msghdr *));
+
+int
+xf_delspi(argc, argv)
+int argc;
+char **argv;
+{
+	int chain;
+
+	struct encap_msghdr *em;
+
+	if (argc != 5) {
+	  fprintf(stderr, "usage: %s dst spi chaindelete alg\n", argv[0]);
+	  return 0;
+	}
+
+	chain = atoi(argv[3]);
+	em = (struct encap_msghdr *)&buf[0];
+	
+	if (chain)
+	  em->em_msglen = EMT_DELSPI_FLEN;
+	else
+	  em->em_msglen = EMT_DELSPICHAIN_FLEN;
+	em->em_version = 0;
+	if (chain)
+	  em->em_type = EMT_DELSPICHAIN;
+	else
+	  em->em_type = EMT_DELSPI;
+	em->em_spi = htonl(strtol(argv[2], NULL, 16));
+	em->em_if = 1;
+	em->em_dst.s_addr = inet_addr(argv[1]);
+	em->em_alg = atoi(argv[4]);  /* sanity checking in the kernel */
+
+	return xf_set(em);
+}
+
+
diff --git a/sbin/ipsec/ipsecadm/xf_esp3desmd5.c b/sbin/ipsec/ipsecadm/xf_esp3desmd5.c
new file mode 100644
index 00000000000..27716da4a8f
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/xf_esp3desmd5.c
@@ -0,0 +1,102 @@
+/* $OpenBSD: xf_esp3desmd5.c,v 1.1 1997/03/01 15:08:27 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *	
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+#include "netinet/ip_ipsp.h"
+#include "netinet/ip_esp.h"
+ 
+extern char buf[];
+
+int xf_set __P(( struct encap_msghdr *));
+int x2i __P((char *));
+
+int
+xf_esp3desmd5(argc, argv)
+int argc;
+char **argv;
+{
+	int i;
+
+	struct encap_msghdr *em;
+	struct esp3desmd5_xencap *xd;
+
+	if (argc != 5) {
+	  fprintf(stderr, "usage: %s dst spi iv key\n", argv[0]);
+	  return 0;
+	}
+	
+	em = (struct encap_msghdr *)&buf[0];
+	
+	em->em_msglen = EMT_SETSPI_FLEN + ESP3DESMD5_ULENGTH;
+	em->em_version = 0;
+	em->em_type = EMT_SETSPI;
+	em->em_spi = htonl(strtol(argv[2], NULL, 16));
+	em->em_if = 1;
+	em->em_dst.s_addr = inet_addr(argv[1]);
+	em->em_alg = XF_ESP3DESMD5;
+	xd = (struct esp3desmd5_xencap *)(em->em_dat);
+
+	xd->edx_ivlen = 0;
+	xd->edx_initiator = 1;
+	xd->edx_wnd = 32;
+	xd->edx_keylen = 8;
+
+#if 0
+#define max(_a,_b) (((_a)>(_b))?(_a):(_b))
+
+	memcpy(&(xd->edx_iv[0]), argv[3], max(strlen(argv[3]), 8));
+	memcpy(&(xd->edx_iv[8]), argv[4], max(strlen(argv[4]), 8));
+#endif
+
+	for (i = 0; i < 8; i++)
+	  xd->edx_key[i] = x2i(&(argv[4][2*i]));
+
+	return xf_set(em);
+}
+
+
diff --git a/sbin/ipsec/ipsecadm/xf_espdes.c b/sbin/ipsec/ipsecadm/xf_espdes.c
new file mode 100644
index 00000000000..cc71834b99c
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/xf_espdes.c
@@ -0,0 +1,102 @@
+/* $OpenBSD: xf_espdes.c,v 1.1 1997/03/01 15:08:28 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *	
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+#include "netinet/ip_ipsp.h"
+#include "netinet/ip_esp.h"
+ 
+extern char buf[];
+
+int xf_set __P(( struct encap_msghdr *));
+int x2i __P((char *));
+
+int
+xf_espdes(argc, argv)
+int argc;
+char **argv;
+{
+	int i;
+
+	struct encap_msghdr *em;
+	struct espdes_xdata *xd;
+
+	if (argc != 5) {
+	  fprintf(stderr, "usage: %s dst spi iv key\n", argv[0]);
+	  return 0;
+	}
+	
+	em = (struct encap_msghdr *)&buf[0];
+	
+	em->em_msglen = EMT_SETSPI_FLEN + ESP_ULENGTH;
+	em->em_version = 0;
+	em->em_type = EMT_SETSPI;
+	em->em_spi = htonl(strtol(argv[2], NULL, 16));
+	em->em_if = 1;
+	em->em_dst.s_addr = inet_addr(argv[1]);
+	em->em_alg = XF_ESPDES;
+	xd = (struct espdes_xdata *)(em->em_dat);
+
+	xd->edx_ivlen = 4;
+
+#if 0
+#define max(_a,_b) (((_a)>(_b))?(_a):(_b))
+
+	memcpy(&(xd->edx_iv[0]), argv[3], max(strlen(argv[3]), 8));
+	memcpy(&(xd->edx_iv[8]), argv[4], max(strlen(argv[4]), 8));
+#endif
+
+	for (i = 0; i < 4; i++)
+	  xd->edx_iv[i] = x2i(&(argv[3][2*i]));
+
+	for (i = 0; i < 8; i++)
+	  xd->edx_iv[i+8] = x2i(&(argv[4][2*i]));
+
+	return xf_set(em);
+}
+
+
diff --git a/sbin/ipsec/ipsecadm/xf_espdesmd5.c b/sbin/ipsec/ipsecadm/xf_espdesmd5.c
new file mode 100644
index 00000000000..6502e606c18
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/xf_espdesmd5.c
@@ -0,0 +1,102 @@
+/* $OpenBSD: xf_espdesmd5.c,v 1.1 1997/03/01 15:08:28 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *	
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+#include "netinet/ip_ipsp.h"
+#include "netinet/ip_esp.h"
+ 
+extern char buf[];
+
+int xf_set __P(( struct encap_msghdr *));
+int x2i __P(( char *));
+
+int
+xf_espdesmd5(argc, argv)
+int argc;
+char **argv;
+{
+	int i;
+
+	struct encap_msghdr *em;
+	struct espdesmd5_xencap *xd;
+
+	if (argc != 5) {
+	  fprintf(stderr, "usage: %s dst spi iv key\n", argv[0]);
+	  return 0;
+	}
+
+	em = (struct encap_msghdr *)&buf[0];
+	
+	em->em_msglen = EMT_SETSPI_FLEN + ESPDESMD5_ULENGTH;
+	em->em_version = 0;
+	em->em_type = EMT_SETSPI;
+	em->em_spi = htonl(strtol(argv[2], NULL, 16));
+	em->em_if = 1;
+	em->em_dst.s_addr = inet_addr(argv[1]);
+	em->em_alg = XF_ESPDESMD5;
+	xd = (struct espdesmd5_xencap *)(em->em_dat);
+
+	xd->edx_ivlen = 0;
+	xd->edx_initiator = 1;
+	xd->edx_wnd = 32;
+	xd->edx_keylen = 8;
+
+#if 0
+#define max(_a,_b) (((_a)>(_b))?(_a):(_b))
+
+	memcpy(&(xd->edx_iv[0]), argv[3], max(strlen(argv[3]), 8));
+	memcpy(&(xd->edx_iv[8]), argv[4], max(strlen(argv[4]), 8));
+#endif
+
+	for (i = 0; i < 8; i++)
+	  xd->edx_key[i] = x2i(&(argv[4][2*i]));
+
+	return xf_set(em);
+}
+
+
diff --git a/sbin/ipsec/ipsecadm/xf_grp.c b/sbin/ipsec/ipsecadm/xf_grp.c
new file mode 100644
index 00000000000..4062079262b
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/xf_grp.c
@@ -0,0 +1,100 @@
+/* $OpenBSD: xf_grp.c,v 1.1 1997/03/01 15:08:28 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *	
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+#include "netinet/ip_ipsp.h"
+ 
+extern buf[];
+
+int xf_set __P(( struct encap_msghdr *));
+int x2i __P((char *));
+
+int
+xf_grp(argc, argv)
+int argc;
+char **argv;
+{
+	int nspis;
+
+	struct encap_msghdr *em;
+
+	if ((argc < 3) || (argc > 9) || ((argc % 2) != 1)) {
+	  fprintf(stderr, "usage: %s dst1 spi1 [ dst2 spi2 [ dst3 spi3 [ dst4 spi4 ] ] ] \n", argv[0]);
+	  return 0;
+	}
+
+	nspis = argc / 2;
+	
+	em = (struct encap_msghdr *)&buf[0];
+	
+	em->em_msglen = 4 + nspis * 12;
+	em->em_version = 0;
+	em->em_type = EMT_GRPSPIS;
+
+	switch (nspis)
+	{
+	      case 4:
+		em->em_rel[3].emr_spi = htonl(strtol(argv[8], NULL, 16));
+		em->em_rel[3].emr_dst.s_addr = inet_addr(argv[7]);
+	      case 3:
+		em->em_rel[2].emr_spi = htonl(strtol(argv[6], NULL, 16));
+		em->em_rel[2].emr_dst.s_addr = inet_addr(argv[5]);
+	      case 2:
+		em->em_rel[1].emr_spi = htonl(strtol(argv[4], NULL, 16));
+		em->em_rel[1].emr_dst.s_addr = inet_addr(argv[3]);
+	      case 1:
+		em->em_rel[0].emr_spi = htonl(strtol(argv[2], NULL, 16));
+		em->em_rel[0].emr_dst.s_addr = inet_addr(argv[1]);
+		break;
+	}
+	
+	
+	return xf_set(em);
+}
+
+
diff --git a/sbin/ipsec/ipsecadm/xf_ip4.c b/sbin/ipsec/ipsecadm/xf_ip4.c
new file mode 100644
index 00000000000..20a41a2f5b3
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/xf_ip4.c
@@ -0,0 +1,86 @@
+/* $OpenBSD: xf_ip4.c,v 1.1 1997/03/01 15:08:29 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *	
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+#include "netinet/ip_ipsp.h"
+#include "netinet/ip_ip4.h" 
+
+extern char buf[];
+
+int xf_set __P(( struct encap_msghdr *));
+int x2i __P((char *));
+
+int
+xf_ip4(argc, argv)
+int argc;
+char **argv;
+{
+	struct encap_msghdr *em;
+	struct ip4_xencap *xd;
+	
+	if (argc != 4) {
+	  fprintf(stderr, "usage: %s dst spi ttl\n", argv[0]);
+	  return 0;
+	}
+
+	em = (struct encap_msghdr *)&buf[0];
+	
+	em->em_msglen = EMT_SETSPI_FLEN + sizeof(struct ip4_xencap);
+	em->em_version = 0;
+	em->em_type = EMT_SETSPI;
+	em->em_spi = htonl(strtol(argv[2], NULL, 16));
+	em->em_if = 1;
+	em->em_dst.s_addr = inet_addr(argv[1]);
+	em->em_alg = XF_IP4;
+	xd = (struct ip4_xencap *)em->em_dat;
+	xd->ip4_ttl = atoi(argv[3]);
+
+	return xf_set(em);
+}
+
+
diff --git a/sbin/ipsec/ipsecadm/xf_pfr.c b/sbin/ipsec/ipsecadm/xf_pfr.c
new file mode 100644
index 00000000000..1add17415e5
--- /dev/null
+++ b/sbin/ipsec/ipsecadm/xf_pfr.c
@@ -0,0 +1,76 @@
+/* $OpenBSD: xf_pfr.c,v 1.1 1997/03/01 15:08:29 provos Exp $ */
+/*
+ * The author of this code is John Ioannidis, ji@tla.org,
+ * 	(except when noted otherwise).
+ *
+ * This code was written for BSD/OS in Athens, Greece, in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis, kermit@forthnet.gr.
+ *
+ * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
+ *	
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+#include <netns/ns.h>
+#include <netiso/iso.h>
+#include <netccitt/x25.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <paths.h>
+#include "net/encap.h"
+ 
+extern char buf[];
+
+int xf_set __P((struct encap_msghdr *));
+
+int
+xf_pfr(argc, argv)
+int argc;
+char **argv;
+{
+	struct encap_msghdr *em;
+	
+	if (argc != 3) {
+	  fprintf(stderr, "usage: %s if# ipaddr\n", argv[0]);
+	  return 0;
+	}
+	
+	em = (struct encap_msghdr *)&buf[0];
+	
+	em->em_msglen = EMT_IFADDR_LEN;
+	em->em_version = 0;
+	em->em_type = EMT_IFADDR;
+	em->em_ifa.s_addr = inet_addr(argv[2]);
+	em->em_ifn = atoi(argv[1]);
+	
+	return xf_set(em);
+}