-# $Id: ipsec.tcl,v 1.3.2.5 2007/07/19 00:12:45 marko Exp $
+# $Id: ipsec.tcl,v 1.3.2.6 2007/07/19 04:10:00 marko Exp $
#
# Copyright 2004, 2005 University of Zagreb, Croatia. All rights reserved.
#
# INPUTS
# * w -- ipsec config window
# * node -- node
-# * deleteid -- ipsec-config-id that determines
-# which ipsec-config to delete
-#
-# * edit -- If $edit is set to "1", selected ipsec-config
-# will be just edited. If $edit is set to "0", selected
-# ipsec-config will be deleted.
+# * deleteid -- ipsec-config-id that determines
+# which ipsec-config to delete
+# * edit -- If $edit is set to "1", selected ipsec-config
+# will be just edited. If $edit is set to "0", selected
+# ipsec-config will be deleted.
#****
proc editIpsecCfg { w node deleteid edit phase } {
+ global viewid badentry
- global viewid badentry
-
- $w config -cursor watch; update
- if { $phase == 0 } {
- set badentry 0
- focus .
- after 100 "editIpsecCfg $w $node $deleteid $edit 1"
- return
- } elseif { $badentry } {
- $w config -cursor left_ptr
- return
- }
- set ipsecCfgList [getIpsecConfig $node]
- set i 0
- foreach element $ipsecCfgList {
- set cid [lindex [lsearch -inline $element "ipsec-config-id *"] 1]
- if { $deleteid == $cid } {
- set ipsecCfgList [lreplace $ipsecCfgList $i $i]
- }
- incr i
+ $w config -cursor watch; update
+ if { $phase == 0 } {
+ set badentry 0
+ focus .
+ after 100 "editIpsecCfg $w $node $deleteid $edit 1"
+ return
+ } elseif { $badentry } {
+ $w config -cursor left_ptr
+ return
+ }
+ set ipsecCfgList [getIpsecConfig $node]
+ set i 0
+ foreach element $ipsecCfgList {
+ set cid [lindex [lsearch -inline $element "ipsec-config-id *"] 1]
+ if { $deleteid == $cid } {
+ set ipsecCfgList [lreplace $ipsecCfgList $i $i]
}
+ incr i
+ }
- if { $edit == "1" } {
- set add "0"
- set ipsecCfg [ipsecConfigApply $w $node $add 0]
- set newid [getConfig $ipsecCfg "ipsec-config-id"]
- set viewid $newid
- lappend ipsecCfgList $ipsecCfg
- }
+ if { $edit == "1" } {
+ set add "0"
+ set ipsecCfg [ipsecConfigApply $w $node $add 0]
+ set newid [getConfig $ipsecCfg "ipsec-config-id"]
+ set viewid $newid
+ lappend ipsecCfgList $ipsecCfg
+ }
- removeIpsecConfig $node
- foreach ipsecCfg $ipsecCfgList {
- setIpsecConfig $node $ipsecCfg
- }
- if { $edit != "1" } {
- destroy $w
- set delete "1"
- } else {
- set delete "0"
- }
- set view "1"
- viewIpsecCfg $node $delete $view
+ removeIpsecConfig $node
+ foreach ipsecCfg $ipsecCfgList {
+ setIpsecConfig $node $ipsecCfg
+ }
+ if { $edit != "1" } {
+ destroy $w
+ set delete "1"
+ } else {
+ set delete "0"
+ }
+ set view "1"
+ viewIpsecCfg $node $delete $view
- return
+ return
}
#****f* ipsec.tcl/showIpsecErrors
# NAME
# showIpsecErrors -- show window with errors
-# related to ipsec-config information
+# related to ipsec-config information
# SYNOPSIS
# showIpsecErrors $str
# FUNCTION
# manipulating ipsec-config information.
# INPUTS
# * str -- information about ipsec error that will be
-# written in the error window.
+# written in the error window.
#****
proc showIpsecErrors { str } {
- set error ""
- #foreach element $str {
- # if { $element != "" } {
- # append error $element "\n"
- # }
- #}
- set error $str
- tk_messageBox -message $error -type ok -icon error \
- -title "IPsec configuration error"
+ set error ""
+ set error $str
+ tk_messageBox -message $error -type ok -icon error \
+ -title "IPsec configuration error"
}
proc showIPsecInfo { str } {
- tk_messageBox -message $str -type ok -icon info \
- -title "IPsec configuration notice"
+ tk_messageBox -message $str -type ok -icon info \
+ -title "IPsec configuration notice"
}
#****f* ipsec.tcl/viewIpsecCfg
# ipsec-config structures.
# INPUTS
# * node -- node
-# * delete -- If delete is "1", that means that viewIpsecCfg
-# has been invoked after deleting ipsec-config with
-# defined ipsec-config-id (determined by the global
-# variable viewid). In that case, tk_optionmenu variable
-# will be set to show the first element of the ipsecCfgList.
-# If delete is "0", viewIpsecCfg has been invoked just to
-# show existing ipsec-configs.
-# * view -- If $view is set to "0", viewIpsecCfg is used to add new
-# ipsec-config item. If view is set to "1" viewIpsecCfg is used to
-# edit ipsec-config items.
+# * delete -- If delete is "1", that means that viewIpsecCfg
+# has been invoked after deleting ipsec-config with
+# defined ipsec-config-id (determined by the global
+# variable viewid). In that case, tk_optionmenu variable
+# will be set to show the first element of the ipsecCfgList.
+# If delete is "0", viewIpsecCfg has been invoked just to
+# show existing ipsec-configs.
+# * view -- If $view is set to "0", viewIpsecCfg is used to add new
+# ipsec-config item. If view is set to "1" viewIpsecCfg is used to
+# edit ipsec-config items.
#****
proc viewIpsecCfg { node delete view } {
showIpsecErrors $error
} else {
-
set w .cfgeditor
catch {destroy $w}
toplevel $w -takefocus 1
wm iconname $w "$node"
if { $view == "1" } {
- frame $w.view -borderwidth 4
- label $w.view.label -text "View ipsec-config(s):"
- pack $w.view.label -side left -anchor w
- eval {tk_optionMenu $w.view.viewid viewid} $idlist
- pack $w.view.label $w.view.viewid \
- -side left -anchor w
- pack $w.view -side top -anchor w
- set delete "0"
- button $w.view.id -text View \
+ frame $w.view -borderwidth 4
+ label $w.view.label -text "View ipsec-config(s):"
+ pack $w.view.label -side left -anchor w
+ eval {tk_optionMenu $w.view.viewid viewid} $idlist
+ pack $w.view.label $w.view.viewid -side left -anchor w
+ pack $w.view -side top -anchor w
+ set delete "0"
+ button $w.view.id -text View \
-command "viewIpsecCfg $node $delete $view"
- pack $w.view.id -side right
+ pack $w.view.id -side right
- foreach element $ipsecCfgList {
- set cid [lindex [lsearch -inline $element "ipsec-config-id *"] 1]
+ foreach element $ipsecCfgList {
+ set cid \
+ [lindex [lsearch -inline $element "ipsec-config-id *"] 1]
if { $viewid == $cid } {
- set ipsecCfg $element
+ set ipsecCfg $element
}
- }
+ }
}
#
label $w.sad.sourceSA.label -text "Src SA address:"
pack $w.sad.sourceSA.label -side left -anchor w
entry $w.sad.sourceSA.source -bg white -width 30 \
- -validate focus -invcmd "focusAndFlash %W"
+ -validate focus -invcmd "focusAndFlash %W"
if { $ipsecCfg != "" } {
- set sourceSA [ getConfig $ipsecCfg "SA-source-address"]
+ set sourceSA [ getConfig $ipsecCfg "SA-source-address"]
} else {
- set sourceSA ""
+ set sourceSA ""
}
$w.sad.sourceSA.source insert end $sourceSA
$w.sad.sourceSA.source configure \
- -vcmd {checkSAaddress %P}
+ -vcmd {checkSAaddress %P}
pack $w.sad.sourceSA.source $w.sad.sourceSA.label \
- -side left -padx 4 -pady 0
+ -side left -padx 4 -pady 0
pack $w.sad.sourceSA -side top -anchor w
#
label $w.sad.destSA.label -text "Dst SA address:"
pack $w.sad.destSA.label -side left -anchor w
entry $w.sad.destSA.dest -bg white -width 30 \
- -validate focus -invcmd "focusAndFlash %W"
+ -validate focus -invcmd "focusAndFlash %W"
if { $ipsecCfg != {} } {
- set destSA [ getConfig $ipsecCfg "SA-destination-address"]
+ set destSA [ getConfig $ipsecCfg "SA-destination-address"]
} else {
- set destSA ""
+ set destSA ""
}
$w.sad.destSA.dest insert end $destSA
$w.sad.destSA.dest configure \
- -vcmd {checkSAaddress %P}
+ -vcmd {checkSAaddress %P}
pack $w.sad.destSA.dest $w.sad.destSA.label \
- -side left -padx 4 -pady 0
+ -side left -padx 4 -pady 0
pack $w.sad.destSA -side top -anchor w
#
pack $w.sad.spi.inboundl -side left -anchor w
set inboundspi ""
if { $ipsecCfg != {} } {
- set inboundspi [ getConfig $ipsecCfg "inbound-spi"]
+ set inboundspi [ getConfig $ipsecCfg "inbound-spi"]
} else {
- set inboundspi ""
+ set inboundspi ""
}
spinbox $w.sad.spi.inboundv -bg white -width 10 \
- -validate focus -invcmd "focusAndFlash %W"
+ -validate focus -invcmd "focusAndFlash %W"
$w.sad.spi.inboundv insert 0 $inboundspi
$w.sad.spi.inboundv configure \
- -from 1366 -to 65535 -increment 1 \
- -vcmd {checkIntRange %P 1366 65535}
+ -from 1366 -to 65535 -increment 1 \
+ -vcmd {checkIntRange %P 1366 65535}
pack $w.sad.spi.inboundl $w.sad.spi.inboundv \
- -side left -anchor w
+ -side left -anchor w
# Outbound SPI:
label $w.sad.spi.outboundl -text "Outbound SPI:"
pack $w.sad.spi.outboundl -side left -anchor w
if { $ipsecCfg != {} } {
- set outboundspi [ getConfig $ipsecCfg "outbound-spi"]
+ set outboundspi [ getConfig $ipsecCfg "outbound-spi"]
} else {
- set outboundspi ""
+ set outboundspi ""
}
spinbox $w.sad.spi.outboundv -bg white -width 10 \
- -validate focus -invcmd "focusAndFlash %W"
+ -validate focus -invcmd "focusAndFlash %W"
$w.sad.spi.outboundv insert 0 $outboundspi
$w.sad.spi.outboundv configure \
- -from 1367 -to 65535 -increment 1 \
- -vcmd {checkIntRange %P 1366 65535 }
+ -from 1367 -to 65535 -increment 1 \
+ -vcmd {checkIntRange %P 1366 65535 }
pack $w.sad.spi.outboundl $w.sad.spi.outboundv \
- -side left -anchor w
+ -side left -anchor w
pack $w.sad.spi -side top -anchor w
#
pack $w.sad.ipsecalg.label -side left -anchor w
global ipsecalg
if { $ipsecCfg != {} } {
- set ipsecalg [ getConfig $ipsecCfg "ipsec-algorithm"]
+ set ipsecalg [ getConfig $ipsecCfg "ipsec-algorithm"]
} else {
- set ipsecalg esp
+ set ipsecalg esp
}
# TODO: Add ESP with authenticated payload
tk_optionMenu $w.sad.ipsecalg.alg ipsecalg esp ah
pack $w.sad.ipsecalg.label $w.sad.ipsecalg.alg \
- -side left -anchor w
+ -side left -anchor w
# IP compression:
label $w.sad.ipsecalg.ipcomp -text "IPcomp: "
pack $w.sad.ipsecalg.ipcomp -side left -anchor w
global ipcompalg
if { $ipsecCfg != {} } {
- set ipcompalg [ getConfig $ipsecCfg "IPcomp-algorithm"]
+ set ipcompalg [ getConfig $ipsecCfg "IPcomp-algorithm"]
} else {
- set ipcompalg "no IPcomp"
+ set ipcompalg "no IPcomp"
}
tk_optionMenu $w.sad.ipsecalg.ipcompalg ipcompalg \
- deflate lzs "no IPcomp"
+ deflate lzs "no IPcomp"
pack $w.sad.ipsecalg.ipcomp $w.sad.ipsecalg.ipcompalg \
- -side left -anchor w
+ -side left -anchor w
pack $w.sad.ipsecalg -side top -anchor w
#
global cryptoalgesp
global cryptoalgah
if { $ipsecCfg != {} } {
- set caesp [ getConfig $ipsecCfg "esp-crypto-algorithm"]
- set caah [ getConfig $ipsecCfg "ah-crypto-algorithm"]
+ set caesp [ getConfig $ipsecCfg "esp-crypto-algorithm"]
+ set caah [ getConfig $ipsecCfg "ah-crypto-algorithm"]
} else {
- set caesp 3des-cbc
- set caah hmac-md5
+ set caesp 3des-cbc
+ set caah hmac-md5
}
set cryptoalgesp $caesp
set cryptoalgah $caah
tk_optionMenu $w.sad.cryptoalg.esp cryptoalgesp \
- des-cbc 3des-cbc simple blowfish-cbc cast128-cbc \
- rijndael-cbc null
+ des-cbc 3des-cbc simple blowfish-cbc cast128-cbc \
+ rijndael-cbc null
tk_optionMenu $w.sad.cryptoalg.ah cryptoalgah \
- hmac-md5 hmac-sha1 keyed-md5 keyed-sha1 hmac-sha2-256 \
- hmac-sha2-384 hmac-sha2-512 null
+ hmac-md5 hmac-sha1 keyed-md5 keyed-sha1 hmac-sha2-256 \
+ hmac-sha2-384 hmac-sha2-512 null
pack $w.sad.cryptoalg.label $w.sad.cryptoalg.esp $w.sad.cryptoalg.ah \
- -side left -anchor w
+ -side left -anchor w
pack $w.sad.cryptoalg -side top -anchor w
# Shared secret for key derivation
frame $w.sad.psk -borderwidth 4
label $w.sad.psk.label -text "Shared secret:"
entry $w.sad.psk.text -bg white -width 30 \
- -validate focus -invcmd "focusAndFlash %W"
+ -validate focus -invcmd "focusAndFlash %W"
if { $ipsecCfg != {} } {
- set psk [ getConfig $ipsecCfg "shared-secret"]
+ set psk [ getConfig $ipsecCfg "shared-secret"]
} else {
- set psk ""
+ set psk ""
}
$w.sad.psk.text insert end $psk
- $w.sad.psk.text configure \
- -vcmd {checkSharedSecret %P}
+ $w.sad.psk.text configure -vcmd {checkSharedSecret %P}
pack $w.sad.psk.text $w.sad.psk.label -side right -padx 4 -pady 0
pack $w.sad.psk -side top -anchor w
pack $w.sad -side top -anchor w -fill both
frame $w.spd.sourceSP -borderwidth 4
label $w.spd.sourceSP.label -text "Src SP address:"
entry $w.spd.sourceSP.source -bg white -width 30 \
- -validate focus -invcmd "focusAndFlash %W"
+ -validate focus -invcmd "focusAndFlash %W"
if { $ipsecCfg != "" } {
- set sourceSP [ getConfig $ipsecCfg "SP-source-address"]
+ set sourceSP [ getConfig $ipsecCfg "SP-source-address"]
} else {
- set sourceSP ""
+ set sourceSP ""
}
$w.spd.sourceSP.source insert end $sourceSP
$w.spd.sourceSP.source configure \
- -vcmd {checkSPrange %P}
+ -vcmd {checkSPrange %P}
pack $w.spd.sourceSP.source $w.spd.sourceSP.label \
- -side right -padx 4 -pady 0
+ -side right -padx 4 -pady 0
pack $w.spd.sourceSP -side top -anchor w
#
frame $w.spd.destSP -borderwidth 4
label $w.spd.destSP.label -text "Dst SP address:"
entry $w.spd.destSP.dest -bg white -width 30 \
- -validate focus -invcmd "focusAndFlash %W"
+ -validate focus -invcmd "focusAndFlash %W"
if { $ipsecCfg != "" } {
- set destSP [ getConfig $ipsecCfg "SP-destination-address"]
+ set destSP [ getConfig $ipsecCfg "SP-destination-address"]
} else {
- set destSP ""
+ set destSP ""
}
$w.spd.destSP.dest insert end $destSP
- $w.spd.destSP.dest configure \
- -vcmd {checkSPrange %P}
+ $w.spd.destSP.dest configure -vcmd {checkSPrange %P}
pack $w.spd.destSP.dest $w.spd.destSP.label -side right -padx 4 -pady 0
pack $w.spd.destSP -side top -anchor w
frame $w.spd.sourcesgw -borderwidth 4
label $w.spd.sourcesgw.label -text "Src SGW address:"
entry $w.spd.sourcesgw.source -bg white -width 30 \
- -validate focus -invcmd "focusAndFlash %W"
+ -validate focus -invcmd "focusAndFlash %W"
if { $ipsecCfg != "" } {
- set sourcesgw [ getConfig $ipsecCfg "source-SGW-address"]
+ set sourcesgw [ getConfig $ipsecCfg "source-SGW-address"]
} else {
- set sourcesgw ""
+ set sourcesgw ""
}
$w.spd.sourcesgw.source insert end $sourcesgw
- $w.spd.sourcesgw.source configure \
- -vcmd {checkIPv4Addr %P}
+ $w.spd.sourcesgw.source configure -vcmd {checkIPv4Addr %P}
pack $w.spd.sourcesgw.source $w.spd.sourcesgw.label \
- -side right -padx 4 -pady 0
+ -side right -padx 4 -pady 0
pack $w.spd.sourcesgw -side top -anchor w
#
frame $w.spd.destsgw -borderwidth 4
label $w.spd.destsgw.label -text "Dst SGW address:"
entry $w.spd.destsgw.source -bg white -width 30 \
- -validate focus -invcmd "focusAndFlash %W"
+ -validate focus -invcmd "focusAndFlash %W"
if { $ipsecCfg != "" } {
- set destsgw [ getConfig $ipsecCfg "destination-SGW-address"]
+ set destsgw [ getConfig $ipsecCfg "destination-SGW-address"]
} else {
- set destsgw ""
+ set destsgw ""
}
$w.spd.destsgw.source insert end $destsgw
- $w.spd.destsgw.source configure \
- -vcmd {checkIPv4Addr %P}
+ $w.spd.destsgw.source configure -vcmd {checkIPv4Addr %P}
pack $w.spd.destsgw.source $w.spd.destsgw.label \
-side right -padx 4 -pady 0
pack $w.spd.destsgw -side top -anchor w
pack $w.spd.traffic.label -side left -anchor w
global traffic
if { $ipsecCfg != {} } {
- set traffic [ getConfig $ipsecCfg "traffic-to-process"]
+ set traffic [ getConfig $ipsecCfg "traffic-to-process"]
} else {
- set traffic icmp
+ set traffic icmp
}
tk_optionMenu $w.spd.traffic.value traffic icmp tcp udp any
pack $w.spd.traffic.label $w.spd.traffic.value -side left -anchor w
pack $w.spd.traffic.action -side left -anchor w
global action
if { $ipsecCfg != {} } {
- set action [ getConfig $ipsecCfg "processing-action"]
+ set action [ getConfig $ipsecCfg "processing-action"]
} else {
- set action ipsec
+ set action ipsec
}
tk_optionMenu $w.spd.traffic.actionv action ipsec discard bypass
pack $w.spd.traffic.label $w.spd.traffic.value \
- $w.spd.traffic.action $w.spd.traffic.actionv \
- -side left -anchor w
+ $w.spd.traffic.action $w.spd.traffic.actionv \
+ -side left -anchor w
#
# Processing level:
pack $w.spd.traffic.level -side left -anchor w
global level
if { $ipsecCfg != {} } {
- set level [ getConfig $ipsecCfg "processing-level"]
+ set level [ getConfig $ipsecCfg "processing-level"]
} else {
- set level require
+ set level require
}
tk_optionMenu $w.spd.traffic.levelv level require default use
pack $w.spd.traffic.label $w.spd.traffic.value \
- $w.spd.traffic.action $w.spd.traffic.actionv \
- $w.spd.traffic.level $w.spd.traffic.levelv \
- -side left -anchor w
+ $w.spd.traffic.action $w.spd.traffic.actionv \
+ $w.spd.traffic.level $w.spd.traffic.levelv \
+ -side left -anchor w
pack $w.spd.traffic -side top -anchor w
#
pack $w.spd.algandmode.alg -side left -anchor w
global spipsecalg
if { $ipsecCfg != {} } {
- set spipsecalg [ getConfig $ipsecCfg "SP-ipsec-algorithm"]
+ set spipsecalg [ getConfig $ipsecCfg "SP-ipsec-algorithm"]
} else {
- set spipsecalg esp
+ set spipsecalg esp
}
radiobutton $w.spd.algandmode.esp -text "esp" \
- -variable spipsecalg -value esp
+ -variable spipsecalg -value esp
radiobutton $w.spd.algandmode.ah -text "ah" \
- -variable spipsecalg -value ah
+ -variable spipsecalg -value ah
pack $w.spd.algandmode.esp -side left -anchor w
pack $w.spd.algandmode.ah -side left -anchor w
pack $w.spd.algandmode.mode -side left -anchor w
global mode
if { $ipsecCfg != {} } {
- set mode [ getConfig $ipsecCfg "ipsec-mode"]
+ set mode [ getConfig $ipsecCfg "ipsec-mode"]
} else {
- set mode transport
+ set mode transport
}
radiobutton $w.spd.algandmode.transport -text "transport" \
- -variable mode -value transport
+ -variable mode -value transport
radiobutton $w.spd.algandmode.tunnel -text "tunnel" \
- -variable mode -value tunnel
+ -variable mode -value tunnel
pack $w.spd.algandmode.transport -side top -anchor w
pack $w.spd.algandmode.tunnel -side bottom -anchor w
pack $w.spd.algandmode -side top -anchor w
frame $w.buttons
pack $w.buttons -side bottom
button $w.buttons.close -text Close -command \
- "set badentry -1 ; destroy $w"
+ "set badentry -1 ; destroy $w"
if { $view == "1" } {
- set edit "1"
- button $w.buttons.delete -text Delete \
- -command "deleteIpsecCfg $w $node $viewid $edit"
- button $w.buttons.apply -text Apply \
- -command "editIpsecCfg $w $node $viewid $edit 0"
- focus $w.buttons.apply
- pack $w.buttons.delete $w.buttons.close $w.buttons.apply -side left
+ set edit "1"
+ button $w.buttons.delete -text Delete \
+ -command "deleteIpsecCfg $w $node $viewid $edit"
+ button $w.buttons.apply -text Apply \
+ -command "editIpsecCfg $w $node $viewid $edit 0"
+ focus $w.buttons.apply
+ pack $w.buttons.delete $w.buttons.close $w.buttons.apply -side left
} else {
- set add "1"
- button $w.buttons.apply -text "Apply" \
- -command "ipsecConfigApply $w $node $add 0"
- focus $w.buttons.apply
- pack $w.buttons.apply $w.buttons.close -side left
- }
+ set add "1"
+ button $w.buttons.apply -text "Apply" \
+ -command "ipsecConfigApply $w $node $add 0"
+ focus $w.buttons.apply
+ pack $w.buttons.apply $w.buttons.close -side left
}
- return
+ }
}
#****f* ipsec.tcl/deleteIpsecCfg
# When deleting ipsec-config, $edit has to be set to "0".
# INPUTS
# * w -- ipsec configuration window
-# * node -- node
-# * viewid -- current ipsec-config-id from the
-# tk_optionmenu. viewIpsecCfg always shows the
-# ipsec-config determined by the global variable viewid.
-# * edit -- if edit is set to "0", editIpsecCfg will delete
-# ipsec-config defined by the ipsec-config-id viewid.
+# * node -- node
+# * viewid -- current ipsec-config-id from the
+# tk_optionmenu. viewIpsecCfg always shows the
+# ipsec-config determined by the global variable viewid.
+# * edit -- if edit is set to "0", editIpsecCfg will delete
+# ipsec-config defined by the ipsec-config-id viewid.
#****
proc deleteIpsecCfg { w node viewid edit } {
- set edit "0"
- editIpsecCfg $w $node $viewid $edit 0
- return
+ set edit "0"
+ editIpsecCfg $w $node $viewid $edit 0
}
#****f* ipsec.tcl/ipsecConfigApply
#****
proc ipsecConfigApply { w node add phase } {
- global ipsecalg spipsecalg mode ipcompalg
- global cryptoalgesp cryptoalgah action traffic level
- global badentry
- set ipsecCfg ""
- set error ""
+ global ipsecalg spipsecalg mode ipcompalg
+ global cryptoalgesp cryptoalgah action traffic level
+ global badentry
+ set ipsecCfg ""
+ set error ""
- if { $add == 1 } {
+ if { $add == 1 } {
$w config -cursor watch
update
if { $phase == 0 } {
- set badentry 0
- focus .
- after 100 "ipsecConfigApply $w $node $add 1"
- return
+ set badentry 0
+ focus .
+ after 100 "ipsecConfigApply $w $node $add 1"
+ return
} elseif { $badentry } {
- $w config -cursor left_ptr
- return
- }
+ $w config -cursor left_ptr
+ return
}
+ }
- set id [$w.id.text get]
- set sourceSA [$w.sad.sourceSA.source get]
- set destSA [$w.sad.destSA.dest get]
- set inboundspi [$w.sad.spi.inboundv get]
- set outboundspi [$w.sad.spi.outboundv get]
- set psk [$w.sad.psk.text get]
- set sourceSP [$w.spd.sourceSP.source get]
- set destSP [$w.spd.destSP.dest get]
- set sourcesgw [$w.spd.sourcesgw.source get]
- set destsgw [$w.spd.destsgw.source get]
-
- if { $add == "1" } {
- set error [checkIpsecCfg $node "ipsec-config-id" $id]
- if { $error != "" } {
- destroy $w
- showIpsecErrors $error
- return ""
- }
+ set id [$w.id.text get]
+ set sourceSA [$w.sad.sourceSA.source get]
+ set destSA [$w.sad.destSA.dest get]
+ set inboundspi [$w.sad.spi.inboundv get]
+ set outboundspi [$w.sad.spi.outboundv get]
+ set psk [$w.sad.psk.text get]
+ set sourceSP [$w.spd.sourceSP.source get]
+ set destSP [$w.spd.destSP.dest get]
+ set sourcesgw [$w.spd.sourcesgw.source get]
+ set destsgw [$w.spd.destsgw.source get]
+
+ if { $add == "1" } {
+ set error [checkIpsecCfg $node "ipsec-config-id" $id]
+ if { $error != "" } {
+ destroy $w
+ showIpsecErrors $error
+ return ""
}
+ }
- set ipsecCfg [setConfig $ipsecCfg $id "ipsec-config-id"]
- set ipsecCfg [setConfig $ipsecCfg $sourceSA "SA-source-address"]
- set ipsecCfg [setConfig $ipsecCfg $destSA "SA-destination-address"]
- set ipsecCfg [setConfig $ipsecCfg $ipsecalg "ipsec-algorithm"]
- set ipsecCfg [setConfig $ipsecCfg $ipcompalg "IPcomp-algorithm"]
- set ipsecCfg [setConfig $ipsecCfg $inboundspi "inbound-spi"]
- set ipsecCfg [setConfig $ipsecCfg $outboundspi "outbound-spi"]
- set ipsecCfg [setConfig $ipsecCfg $cryptoalgesp "esp-crypto-algorithm"]
- set ipsecCfg [setConfig $ipsecCfg $cryptoalgah "ah-crypto-algorithm"]
- set ipsecCfg [setConfig $ipsecCfg $psk "shared-secret"]
- set ipsecCfg [setConfig $ipsecCfg $sourceSP "SP-source-address"]
- set ipsecCfg [setConfig $ipsecCfg $destSP "SP-destination-address"]
- set ipsecCfg [setConfig $ipsecCfg $sourcesgw "source-SGW-address"]
- set ipsecCfg [setConfig $ipsecCfg $destsgw "destination-SGW-address"]
- set ipsecCfg [setConfig $ipsecCfg $traffic "traffic-to-process"]
- set ipsecCfg [setConfig $ipsecCfg $action "processing-action"]
- set ipsecCfg [setConfig $ipsecCfg $spipsecalg "SP-ipsec-algorithm"]
- set ipsecCfg [setConfig $ipsecCfg $mode "ipsec-mode"]
- set ipsecCfg [setConfig $ipsecCfg $level "processing-level"]
-
- setIpsecConfig $node $ipsecCfg
- destroy $w
- return $ipsecCfg
+ set ipsecCfg [setConfig $ipsecCfg $id "ipsec-config-id"]
+ set ipsecCfg [setConfig $ipsecCfg $sourceSA "SA-source-address"]
+ set ipsecCfg [setConfig $ipsecCfg $destSA "SA-destination-address"]
+ set ipsecCfg [setConfig $ipsecCfg $ipsecalg "ipsec-algorithm"]
+ set ipsecCfg [setConfig $ipsecCfg $ipcompalg "IPcomp-algorithm"]
+ set ipsecCfg [setConfig $ipsecCfg $inboundspi "inbound-spi"]
+ set ipsecCfg [setConfig $ipsecCfg $outboundspi "outbound-spi"]
+ set ipsecCfg [setConfig $ipsecCfg $cryptoalgesp "esp-crypto-algorithm"]
+ set ipsecCfg [setConfig $ipsecCfg $cryptoalgah "ah-crypto-algorithm"]
+ set ipsecCfg [setConfig $ipsecCfg $psk "shared-secret"]
+ set ipsecCfg [setConfig $ipsecCfg $sourceSP "SP-source-address"]
+ set ipsecCfg [setConfig $ipsecCfg $destSP "SP-destination-address"]
+ set ipsecCfg [setConfig $ipsecCfg $sourcesgw "source-SGW-address"]
+ set ipsecCfg [setConfig $ipsecCfg $destsgw "destination-SGW-address"]
+ set ipsecCfg [setConfig $ipsecCfg $traffic "traffic-to-process"]
+ set ipsecCfg [setConfig $ipsecCfg $action "processing-action"]
+ set ipsecCfg [setConfig $ipsecCfg $spipsecalg "SP-ipsec-algorithm"]
+ set ipsecCfg [setConfig $ipsecCfg $mode "ipsec-mode"]
+ set ipsecCfg [setConfig $ipsecCfg $level "processing-level"]
+
+ setIpsecConfig $node $ipsecCfg
+ destroy $w
+ return $ipsecCfg
}
#****f* ipsec.tcl/checkIpsecCfg
# NAME
# checkIpsecCfg -- Check if there are errors in ipsec
-# configuration input fields in ipsec configuration
-# window.
+# configuration input fields in ipsec configuration
+# window.
# SYNOPSIS
# checkIpsecCfg $node $strd $str
# FUNCTION
-# checkIpsecCfg will be incoked while doing ipsecConfigApply
-# to check new inputs in the ipsec configuration window.
+# checkIpsecCfg will be incoked while doing ipsecConfigApply
+# to check new inputs in the ipsec configuration window.
# INPUTS
-# * node -- node
-# * strd -- string description, that is i.e. "ipsec-config-id",
-# "SA-source-address", etc.
-# * str -- string, that is value related to strd.
+# * node -- node
+# * strd -- string description, that is i.e. "ipsec-config-id",
+# "SA-source-address", etc.
+# * str -- string, that is value related to strd.
# RESULT
-# * valid -- valid is set to 0, if there is an error and
-# 1 otherwise.
+# * valid -- valid is set to 0, if there is an error and
+# 1 otherwise.
#****
# TODO: Add check for the IPv4/IPv6 addresses
# Experiment->Execute in error window.
proc checkIpsecCfg { node strd str } {
- set error ""
- set ipsecCfgList [getIpsecConfig $node]
+ set error ""
+ set ipsecCfgList [getIpsecConfig $node]
- switch $strd {
- ipsec-config-id {
-
- if { $str == "" } {
- set error "Please, enter ipsec-config-id."
- } else {
-
- foreach ipsecCfg $ipsecCfgList {
- set currentid [getConfig $ipsecCfg "ipsec-config-id"]
- if { $str == $currentid } {
- set error "Choose another ipsec-config-id."
- }
- }
- }
+ switch $strd {
+ ipsec-config-id {
+ if { $str == "" } {
+ set error "Please, enter ipsec-config-id."
+ } else {
+ foreach ipsecCfg $ipsecCfgList {
+ set currentid [getConfig $ipsecCfg "ipsec-config-id"]
+ if { $str == $currentid } {
+ set error "Choose another ipsec-config-id."
+ }
}
+ }
}
- return $error
+ }
+ return $error
}
#****f* ipsec.tcl/setConfig
# SYNOPSIS
# setConfig $strlist $str
# FUNCTION
-# Procedure returns requested element that belongs
-# to ipsec-config structure.
+# Procedure returns requested element that belongs
+# to ipsec-config structure.
# INPUTS
-# * strlist -- ipsec-config structure
-# * cfg -- current ipsec-config that will be extended
-# with new elements
-# * str -- new element
+# * strlist -- ipsec-config structure
+# * cfg -- current ipsec-config that will be extended
+# with new elements
+# * str -- new element
# RESULT
-# * strlist -- new ipsec-config sructure
+# * strlist -- new ipsec-config sructure
#****
proc setConfig { strlist cfg str } {
- set i [lsearch $strlist "$str *"]
+ set i [lsearch $strlist "$str *"]
- if { $i < 0 } {
- if { $cfg != {} } {
- set newcfg [list $str $cfg]
- lappend strlist $newcfg
- }
- } else {
- set oldval [lindex [lsearch -inline $strlist "$str *"] 1]
- if { $oldval != $cfg } {
- set strlist [lreplace $strlist $i $i [list $str $cfg]]
- }
+ if { $i < 0 } {
+ if { $cfg != {} } {
+ set newcfg [list $str $cfg]
+ lappend strlist $newcfg
+ }
+ } else {
+ set oldval [lindex [lsearch -inline $strlist "$str *"] 1]
+ if { $oldval != $cfg } {
+ set strlist [lreplace $strlist $i $i [list $str $cfg]]
}
+ }
- return $strlist
+ return $strlist
}
#****f* ipsec.tcl/getConfig
proc getConfig { strlist str } {
- return [lindex [lsearch -inline $strlist "$str *"] 1]
+ return [lindex [lsearch -inline $strlist "$str *"] 1]
}
#****
proc setIpsecConfig { node cfg } {
- global $node
+ global $node
- if { $cfg != {} } {
- lappend $node [list ipsec-config $cfg]
- }
+ if { $cfg != {} } {
+ lappend $node [list ipsec-config $cfg]
+ }
- return
+ return
}
#****f* ipsec.tcl/getIpsecConfig
#****
proc getIpsecConfig { node } {
- global $node
- set ipsecCfg {}
+ global $node
+ set ipsecCfg {}
- set values [lsearch -all -inline [set $node] "ipsec-config *"]
- foreach val $values {
- lappend ipsecCfg [lindex $val 1]
- }
+ set values [lsearch -all -inline [set $node] "ipsec-config *"]
+ foreach val $values {
+ lappend ipsecCfg [lindex $val 1]
+ }
- return $ipsecCfg
+ return $ipsecCfg
}
#****f* ipsec.tcl/removeIpsecConfig
#****
proc removeIpsecConfig { node } {
- global $node
-
- set indices [lsearch -all [set $node] "ipsec-config *"]
- set cnt 0
- foreach i $indices {
- set j [expr $i - $cnt]
- set $node [lreplace [set $node] $j $j]
- incr cnt
- }
- return
+ global $node
+
+ set indices [lsearch -all [set $node] "ipsec-config *"]
+ set cnt 0
+ foreach i $indices {
+ set j [expr $i - $cnt]
+ set $node [lreplace [set $node] $j $j]
+ incr cnt
+ }
+ return
}
#****f* ipsec.tcl/getIpsecEnabled
#****
proc getIpsecEnabled { node } {
- global $node
+ global $node
- if { [lindex [lsearch -inline [set $node] "ipsec-enabled *"] 1] == true } {
+ if { [lindex [lsearch -inline [set $node] "ipsec-enabled *"] 1] == true } {
return true
- } else {
+ } else {
return false
- }
+ }
}
#****f* ipsec.tcl/setIpsecEnabled
#****
proc setIpsecEnabled { node enabled } {
- global $node
+ global $node
- set i [lsearch [set $node] "ipsec-enabled *"]
- if { $i >= 0 } {
+ set i [lsearch [set $node] "ipsec-enabled *"]
+ if { $i >= 0 } {
set $node [lreplace [set $node] $i $i]
- }
- if { $enabled == true } {
+ }
+ if { $enabled == true } {
lappend $node [list ipsec-enabled $enabled]
- }
- return
+ }
+ return
}
#****f* ipsec.tcl/ipsecCfggen
#****
proc ipsecCfggen { node } {
- global $node
-
- set sourceSA ""
- set destSA ""
- set ipsecalg ""
- set ipcompalg ""
- set inboundspi ""
- set outboundspi ""
- set cryptoalgesp ""
- set cryptoalgah ""
- set psk ""
- set sourceSP ""
- set destSP ""
- set sourcesgw ""
- set destsgw ""
- set traffic ""
- set action ""
- set spipsecalg ""
- set mode ""
- set level ""
+ global $node
+
+ set sourceSA ""
+ set destSA ""
+ set ipsecalg ""
+ set ipcompalg ""
+ set inboundspi ""
+ set outboundspi ""
+ set cryptoalgesp ""
+ set cryptoalgah ""
+ set psk ""
+ set sourceSP ""
+ set destSP ""
+ set sourcesgw ""
+ set destsgw ""
+ set traffic ""
+ set action ""
+ set spipsecalg ""
+ set mode ""
+ set level ""
- set cfg {}
- set ipsecCfgList [getIpsecConfig $node]
+ set cfg {}
+ set ipsecCfgList [getIpsecConfig $node]
- lappend cfg "#!/usr/sbin/setkey -f"
- lappend cfg "flush;"
- lappend cfg "spdflush;"
+ lappend cfg "#!/usr/sbin/setkey -f"
+ lappend cfg "flush;"
+ lappend cfg "spdflush;"
- foreach ipsecCfg $ipsecCfgList {
- set cryptoalg ""
+ foreach ipsecCfg $ipsecCfgList {
+ set cryptoalg ""
- set sourceSA [getConfig $ipsecCfg "SA-source-address"]
- set destSA [getConfig $ipsecCfg "SA-destination-address"]
- set ipsecalg [getConfig $ipsecCfg "ipsec-algorithm"]
- set ipcompalg [getConfig $ipsecCfg "IPcomp-algorithm"]
- set inboundspi [getConfig $ipsecCfg "inbound-spi"]
- set outboundspi [getConfig $ipsecCfg "outbound-spi"]
- set cryptoalgesp [getConfig $ipsecCfg "esp-crypto-algorithm"]
- set cryptoalgah [getConfig $ipsecCfg "ah-crypto-algorithm"]
- set psk [getConfig $ipsecCfg "shared-secret"]
- if { $ipsecalg == "esp" } {
- set ipsecalgorithm "esp"
- set ipsecalgmark "-E"
- append cryptoalg $ipsecalgmark " " $cryptoalgesp
- } elseif { $ipsecalg == "ah" } {
- set ipsecalgorithm "ah"
- set ipsecalgmark "-A"
- append cryptoalg $ipsecalgmark " " $cryptoalgah
- #} elseif { $ipsecalg == "esp with auth" } {
- # set ipsecalgorithm "esp"
- # set ipsecalgmark "-E"
- # set ipsecalgmark2 "-A"
- # append cryptoalg $ipsecalgmark " " $cryptoalgesp " " \
- # $ipsecalgmark2 " " $cryptoalgah
- } else {
- return ""
- }
-
- if { $ipcompalg == "defalte" || $ipcompalg == "lzs" } {
- set ipcompalgorithm " -C $ipcompalg"
- append cryptoalg $ipcompalgorithm
- }
+ set sourceSA [getConfig $ipsecCfg "SA-source-address"]
+ set destSA [getConfig $ipsecCfg "SA-destination-address"]
+ set ipsecalg [getConfig $ipsecCfg "ipsec-algorithm"]
+ set ipcompalg [getConfig $ipsecCfg "IPcomp-algorithm"]
+ set inboundspi [getConfig $ipsecCfg "inbound-spi"]
+ set outboundspi [getConfig $ipsecCfg "outbound-spi"]
+ set cryptoalgesp [getConfig $ipsecCfg "esp-crypto-algorithm"]
+ set cryptoalgah [getConfig $ipsecCfg "ah-crypto-algorithm"]
+ set psk [getConfig $ipsecCfg "shared-secret"]
+ if { $ipsecalg == "esp" } {
+ set ipsecalgorithm "esp"
+ set ipsecalgmark "-E"
+ append cryptoalg $ipsecalgmark " " $cryptoalgesp
+ } elseif { $ipsecalg == "ah" } {
+ set ipsecalgorithm "ah"
+ set ipsecalgmark "-A"
+ append cryptoalg $ipsecalgmark " " $cryptoalgah
+ #} elseif { $ipsecalg == "esp with auth" } {
+ # set ipsecalgorithm "esp"
+ # set ipsecalgmark "-E"
+ # set ipsecalgmark2 "-A"
+ # append cryptoalg $ipsecalgmark " " $cryptoalgesp " " \
+ # $ipsecalgmark2 " " $cryptoalgah
+ } else {
+ return ""
+ }
- if { $sourceSA != "" && $destSA != "" && \
- $ipsecalg != "" && $cryptoalg != "" && \
- $psk != "" && $inboundspi != "" && \
- $outboundspi != "" } {
+ if { $ipcompalg == "defalte" || $ipcompalg == "lzs" } {
+ set ipcompalgorithm " -C $ipcompalg"
+ append cryptoalg $ipcompalgorithm
+ }
- lappend cfg "add $sourceSA $destSA $ipsecalgorithm
- $inboundspi $cryptoalg $psk;"
+ if { $sourceSA != "" && $destSA != "" && \
+ $ipsecalg != "" && $cryptoalg != "" && \
+ $psk != "" && $inboundspi != "" && \
+ $outboundspi != "" } {
+ lappend cfg "add $sourceSA $destSA $ipsecalgorithm
+ $inboundspi $cryptoalg $psk;"
- lappend cfg "add $destSA $sourceSA $ipsecalgorithm
- $outboundspi $cryptoalg $psk;"
- }
+ lappend cfg "add $destSA $sourceSA $ipsecalgorithm
+ $outboundspi $cryptoalg $psk;"
+ }
- set sourceSP [getConfig $ipsecCfg "SP-source-address"]
- set destSP [getConfig $ipsecCfg "SP-destination-address"]
- set sourcesgw [getConfig $ipsecCfg "source-SGW-address"]
- set destsgw [getConfig $ipsecCfg "destination-SGW-address"]
- set traffic [getConfig $ipsecCfg "traffic-to-process"]
- set action [getConfig $ipsecCfg "processing-action"]
- set spipsecalg [getConfig $ipsecCfg "SP-ipsec-algorithm"]
- set mode [getConfig $ipsecCfg "ipsec-mode"]
- set level [getConfig $ipsecCfg "processing-level"]
-
- if { $sourceSP != "" && $destSP != "" && \
- $traffic != "" && $action != "" && \
- $spipsecalg != "" && $mode != "" && $level != ""} {
-
- if { $mode == "transport" } {
-
- lappend cfg "spdadd $sourceSP $destSP $traffic -P out
+ set sourceSP [getConfig $ipsecCfg "SP-source-address"]
+ set destSP [getConfig $ipsecCfg "SP-destination-address"]
+ set sourcesgw [getConfig $ipsecCfg "source-SGW-address"]
+ set destsgw [getConfig $ipsecCfg "destination-SGW-address"]
+ set traffic [getConfig $ipsecCfg "traffic-to-process"]
+ set action [getConfig $ipsecCfg "processing-action"]
+ set spipsecalg [getConfig $ipsecCfg "SP-ipsec-algorithm"]
+ set mode [getConfig $ipsecCfg "ipsec-mode"]
+ set level [getConfig $ipsecCfg "processing-level"]
+
+ if { $sourceSP != "" && $destSP != "" && \
+ $traffic != "" && $action != "" && \
+ $spipsecalg != "" && $mode != "" && $level != ""} {
+ if { $mode == "transport" } {
+ lappend cfg "spdadd $sourceSP $destSP $traffic -P out
$action $spipsecalg/$mode//$level;"
- lappend cfg "spdadd $destSP $sourceSP $traffic -P in
+ lappend cfg "spdadd $destSP $sourceSP $traffic -P in
$action $spipsecalg/$mode//$level;"
-
- } elseif { $mode == "tunnel" } {
-
- if { $sourcesgw != "" && $destsgw != "" } {
-
- lappend cfg "spdadd $sourceSP $destSP $traffic -P out
- $action $spipsecalg/$mode/$sourcesgw-$destsgw/$level;"
- lappend cfg "spdadd $destSP $sourceSP $traffic -P in
- $action $spipsecalg/$mode/$destsgw-$sourcesgw/$level;"
-
- }
- }
+ } elseif { $mode == "tunnel" } {
+ if { $sourcesgw != "" && $destsgw != "" } {
+ lappend cfg "spdadd $sourceSP $destSP $traffic -P out
+ $action $spipsecalg/$mode/$sourcesgw-$destsgw/$level;"
+ lappend cfg "spdadd $destSP $sourceSP $traffic -P in
+ $action $spipsecalg/$mode/$destsgw-$sourcesgw/$level;"
}
+ }
}
- return $cfg
+ }
+ return $cfg
}
proc setkeyError { setkeyerror } {
- set str "[lindex [split $setkeyerror "\."] 0]"
- set errorstr "Error in created setkey.conf: "
- append errorstr $str
- showIpsecErrors $errorstr
+ set str "[lindex [split $setkeyerror "\."] 0]"
+ set errorstr "Error in created setkey.conf: "
+ append errorstr $str
+ showIpsecErrors $errorstr
}
# TODO: SP range can be one of the following:
# address/prefixlen[port]
#
proc checkSPrange { SPrange } {
- if { [checkSAaddress $SPrange] == 1 } {
- return 1
- } elseif { [checkSPnet $SPrange] == 1 } {
- return 1
- } elseif { [checkIPv46AddrPort $SPrange] == 1 } {
- return 1
- }
- return 0
+ if { [checkSAaddress $SPrange] == 1 } {
+ return 1
+ } elseif { [checkSPnet $SPrange] == 1 } {
+ return 1
+ } elseif { [checkIPv46AddrPort $SPrange] == 1 } {
+ return 1
+ }
+ return 0
}
# RETURN
if { $str == "" } {
return 1
}
- set addr [lindex [split $str "\["] 0]
- set SAaddress [checkSAaddress $addr]
- set SPnet [checkSPnet $addr]
- if { $SAaddress == 0 && $SPnet == 0 } {
- return 0
+ set addr [lindex [split $str "\["] 0]
+ set SAaddress [checkSAaddress $addr]
+ set SPnet [checkSPnet $addr]
+ if { $SAaddress == 0 && $SPnet == 0 } {
+ return 0
+ } else {
+ set tmp [lindex [split $str "\["] 1]
+ set port [lindex [split $tmp "\]"] 0]
+ if { $port != "" } {
+ return [checkIntRange $port 0 65535]
} else {
- set tmp [lindex [split $str "\["] 1]
- set port [lindex [split $tmp "\]"] 0]
- if { $port != "" } {
- return [checkIntRange $port 0 65535]
- } else {
- return 0
- }
+ return 0
}
+ }
}
#****f* ipsec.tcl/checkSAaddress
if { $str == "" } {
return 1
}
- if { [checkIPv4Addr $str] == 1 } {
- return 1
- } elseif { [checkIPv6Addr $str] == 1 } {
- return 1
- }
- return 0
+ if { [checkIPv4Addr $str] == 1 } {
+ return 1
+ } elseif { [checkIPv6Addr $str] == 1 } {
+ return 1
+ }
+ return 0
}
#****f* ipsec.tcl/checkSPnet
if { $str == "" } {
return 1
}
- if { [checkIPv4Net $str] == 1 } {
- return 1
- } elseif { [checkIPv6Net $str] == 1 } {
- return 1
- }
- return 0
+ if { [checkIPv4Net $str] == 1 } {
+ return 1
+ } elseif { [checkIPv6Net $str] == 1 } {
+ return 1
+ }
+ return 0
}
#****f* ipsec.tcl/checkSharedSecret
#****
proc checkSharedSecret { str } {
- if { $str == "" } {
+ if { $str == "" } {
+ return 1
+ }
+ set hexmark ""
+ set limiter1 ""
+ set limiter2 ""
+ set hexmark [string range $str 0 1]
+ set limiter1 [string index $str 0]
+ set limiter2 [string index $str end]
+ if { $hexmark == "0x" } {
+ set psk [string range $str 2 end]
+ if { $psk != "" } {
+ if { [string is integer $psk] } {
return 1
+ }
}
- set hexmark ""
- set limiter1 ""
- set limiter2 ""
- set hexmark [string range $str 0 1]
- set limiter1 [string index $str 0]
- set limiter2 [string index $str end]
- if { $hexmark == "0x" } {
- set psk [string range $str 2 end]
- if { $psk != "" } {
- if { [string is integer $psk] } {
- return 1
- }
- }
- } elseif { $limiter1 == "\"" && $limiter2 == "\"" } {
- set psk [string replace $str 0 0]
- set pskonly [string replace $psk end end]
- if { $pskonly != "" } {
- return 1
- }
+ }elseif { $limiter1 == "\"" && $limiter2 == "\"" } {
+ set psk [string replace $str 0 0]
+ set pskonly [string replace $psk end end]
+ if { $pskonly != "" } {
+ return 1
}
- return 0
+ }
+ return 0
}
-
-
-
-
-
projects / imunes.git / commitdiff