From: marko Date: Thu, 19 Jul 2007 04:15:47 +0000 (+0000) Subject: Indentation / whitespace cleanup. X-Git-Url: https://git.entuzijast.net/?a=commitdiff_plain;h=f61c297a85e2dca37d8e590ff594458be5ffbad8;p=imunes.git Indentation / whitespace cleanup. Bug found by: Submitted by: Reviewed by: Approved by: Obtained from: --- diff --git a/ipsec.tcl b/ipsec.tcl index aa3724f..df3a880 100755 --- a/ipsec.tcl +++ b/ipsec.tcl @@ -1,4 +1,4 @@ -# $Id: ipsec.tcl,v 1.7 2007/07/19 01:17:05 marko Exp $ +# $Id: ipsec.tcl,v 1.8 2007/07/19 04:15:47 marko Exp $ # # Copyright 2004, 2005 University of Zagreb, Croatia. All rights reserved. # @@ -46,66 +46,64 @@ # INPUTS # * w -- ipsec config window # * node -- node -# * deleteid -- ipsec-config-id that determines -# which ipsec-config to delete. -# -# * edit -- If $edit is set to "1", selected ipsec-config -# will be just edited. If $edit is set to "0", selected -# ipsec-config will be deleted. +# * deleteid -- ipsec-config-id that determines +# which ipsec-config to delete +# * edit -- If $edit is set to "1", selected ipsec-config +# will be just edited. If $edit is set to "0", selected +# ipsec-config will be deleted. #**** proc editIpsecCfg { w node deleteid edit phase } { + global viewid badentry - global viewid badentry - - $w config -cursor watch; update - if { $phase == 0 } { - set badentry 0 - focus . - after 100 "editIpsecCfg $w $node $deleteid $edit 1" - return - } elseif { $badentry } { - $w config -cursor left_ptr - return - } - set ipsecCfgList [getIpsecConfig $node] - set i 0 - foreach element $ipsecCfgList { - set cid [lindex [lsearch -inline $element "ipsec-config-id *"] 1] - if { $deleteid == $cid } { - set ipsecCfgList [lreplace $ipsecCfgList $i $i] - } - incr i + $w config -cursor watch; update + if { $phase == 0 } { + set badentry 0 + focus . + after 100 "editIpsecCfg $w $node $deleteid $edit 1" + return + } elseif { $badentry } { + $w config -cursor left_ptr + return + } + set ipsecCfgList [getIpsecConfig $node] + set i 0 + foreach element $ipsecCfgList { + set cid [lindex [lsearch -inline $element "ipsec-config-id *"] 1] + if { $deleteid == $cid } { + set ipsecCfgList [lreplace $ipsecCfgList $i $i] } + incr i + } - if { $edit == "1" } { - set add "0" - set ipsecCfg [ipsecConfigApply $w $node $add 0] - set newid [getConfig $ipsecCfg "ipsec-config-id"] - set viewid $newid - lappend ipsecCfgList $ipsecCfg - } + if { $edit == "1" } { + set add "0" + set ipsecCfg [ipsecConfigApply $w $node $add 0] + set newid [getConfig $ipsecCfg "ipsec-config-id"] + set viewid $newid + lappend ipsecCfgList $ipsecCfg + } - removeIpsecConfig $node - foreach ipsecCfg $ipsecCfgList { - setIpsecConfig $node $ipsecCfg - } - if { $edit != "1" } { - destroy $w - set delete "1" - } else { - set delete "0" - } - set view "1" - viewIpsecCfg $node $delete $view + removeIpsecConfig $node + foreach ipsecCfg $ipsecCfgList { + setIpsecConfig $node $ipsecCfg + } + if { $edit != "1" } { + destroy $w + set delete "1" + } else { + set delete "0" + } + set view "1" + viewIpsecCfg $node $delete $view - return + return } #****f* ipsec.tcl/showIpsecErrors # NAME # showIpsecErrors -- show window with errors -# related to ipsec-config information +# related to ipsec-config information # SYNOPSIS # showIpsecErrors $str # FUNCTION @@ -113,25 +111,20 @@ proc editIpsecCfg { w node deleteid edit phase } { # manipulating ipsec-config information. # INPUTS # * str -- information about ipsec error that will be -# written in the error window. +# written in the error window. #**** proc showIpsecErrors { str } { - set error "" - #foreach element $str { - # if { $element != "" } { - # append error $element "\n" - # } - #} - set error $str - tk_messageBox -message $error -type ok -icon error \ - -title "IPsec configuration error" + set error "" + set error $str + tk_messageBox -message $error -type ok -icon error \ + -title "IPsec configuration error" } proc showIPsecInfo { str } { - tk_messageBox -message $str -type ok -icon info \ - -title "IPsec configuration notice" + tk_messageBox -message $str -type ok -icon info \ + -title "IPsec configuration notice" } #****f* ipsec.tcl/viewIpsecCfg @@ -145,16 +138,16 @@ proc showIPsecInfo { str } { # ipsec-config structures. # INPUTS # * node -- node -# * delete -- If delete is "1", that means that viewIpsecCfg -# has been invoked after deleting ipsec-config with -# defined ipsec-config-id (determined by the global -# variable viewid). In that case, tk_optionmenu variable -# will be set to show the first element of the ipsecCfgList. -# If delete is "0", viewIpsecCfg has been invoked just to -# show existing ipsec-configs. -# * view -- If $view is set to "0", viewIpsecCfg is used to add new -# ipsec-config item. If view is set to "1" viewIpsecCfg is used to -# edit ipsec-config items. +# * delete -- If delete is "1", that means that viewIpsecCfg +# has been invoked after deleting ipsec-config with +# defined ipsec-config-id (determined by the global +# variable viewid). In that case, tk_optionmenu variable +# will be set to show the first element of the ipsecCfgList. +# If delete is "0", viewIpsecCfg has been invoked just to +# show existing ipsec-configs. +# * view -- If $view is set to "0", viewIpsecCfg is used to add new +# ipsec-config item. If view is set to "1" viewIpsecCfg is used to +# edit ipsec-config items. #**** proc viewIpsecCfg { node delete view } { @@ -181,7 +174,6 @@ proc viewIpsecCfg { node delete view } { showIpsecErrors $error } else { - set w .cfgeditor catch {destroy $w} toplevel $w -takefocus 1 @@ -192,24 +184,24 @@ proc viewIpsecCfg { node delete view } { wm iconname $w "$node" if { $view == "1" } { - frame $w.view -borderwidth 4 - label $w.view.label -text "View ipsec-config(s):" - pack $w.view.label -side left -anchor w - eval {tk_optionMenu $w.view.viewid viewid} $idlist - pack $w.view.label $w.view.viewid \ - -side left -anchor w - pack $w.view -side top -anchor w - set delete "0" - button $w.view.id -text View \ + frame $w.view -borderwidth 4 + label $w.view.label -text "View ipsec-config(s):" + pack $w.view.label -side left -anchor w + eval {tk_optionMenu $w.view.viewid viewid} $idlist + pack $w.view.label $w.view.viewid -side left -anchor w + pack $w.view -side top -anchor w + set delete "0" + button $w.view.id -text View \ -command "viewIpsecCfg $node $delete $view" - pack $w.view.id -side right + pack $w.view.id -side right - foreach element $ipsecCfgList { - set cid [lindex [lsearch -inline $element "ipsec-config-id *"] 1] + foreach element $ipsecCfgList { + set cid \ + [lindex [lsearch -inline $element "ipsec-config-id *"] 1] if { $viewid == $cid } { - set ipsecCfg $element + set ipsecCfg $element } - } + } } # @@ -242,17 +234,17 @@ proc viewIpsecCfg { node delete view } { label $w.sad.sourceSA.label -text "Src SA address:" pack $w.sad.sourceSA.label -side left -anchor w entry $w.sad.sourceSA.source -bg white -width 30 \ - -validate focus -invcmd "focusAndFlash %W" + -validate focus -invcmd "focusAndFlash %W" if { $ipsecCfg != "" } { - set sourceSA [ getConfig $ipsecCfg "SA-source-address"] + set sourceSA [ getConfig $ipsecCfg "SA-source-address"] } else { - set sourceSA "" + set sourceSA "" } $w.sad.sourceSA.source insert end $sourceSA $w.sad.sourceSA.source configure \ - -vcmd {checkSAaddress %P} + -vcmd {checkSAaddress %P} pack $w.sad.sourceSA.source $w.sad.sourceSA.label \ - -side left -padx 4 -pady 0 + -side left -padx 4 -pady 0 pack $w.sad.sourceSA -side top -anchor w # @@ -262,17 +254,17 @@ proc viewIpsecCfg { node delete view } { label $w.sad.destSA.label -text "Dst SA address:" pack $w.sad.destSA.label -side left -anchor w entry $w.sad.destSA.dest -bg white -width 30 \ - -validate focus -invcmd "focusAndFlash %W" + -validate focus -invcmd "focusAndFlash %W" if { $ipsecCfg != {} } { - set destSA [ getConfig $ipsecCfg "SA-destination-address"] + set destSA [ getConfig $ipsecCfg "SA-destination-address"] } else { - set destSA "" + set destSA "" } $w.sad.destSA.dest insert end $destSA $w.sad.destSA.dest configure \ - -vcmd {checkSAaddress %P} + -vcmd {checkSAaddress %P} pack $w.sad.destSA.dest $w.sad.destSA.label \ - -side left -padx 4 -pady 0 + -side left -padx 4 -pady 0 pack $w.sad.destSA -side top -anchor w # @@ -285,35 +277,35 @@ proc viewIpsecCfg { node delete view } { pack $w.sad.spi.inboundl -side left -anchor w set inboundspi "" if { $ipsecCfg != {} } { - set inboundspi [ getConfig $ipsecCfg "inbound-spi"] + set inboundspi [ getConfig $ipsecCfg "inbound-spi"] } else { - set inboundspi "" + set inboundspi "" } spinbox $w.sad.spi.inboundv -bg white -width 10 \ - -validate focus -invcmd "focusAndFlash %W" + -validate focus -invcmd "focusAndFlash %W" $w.sad.spi.inboundv insert 0 $inboundspi $w.sad.spi.inboundv configure \ - -from 1366 -to 65535 -increment 1 \ - -vcmd {checkIntRange %P 1366 65535} + -from 1366 -to 65535 -increment 1 \ + -vcmd {checkIntRange %P 1366 65535} pack $w.sad.spi.inboundl $w.sad.spi.inboundv \ - -side left -anchor w + -side left -anchor w # Outbound SPI: label $w.sad.spi.outboundl -text "Outbound SPI:" pack $w.sad.spi.outboundl -side left -anchor w if { $ipsecCfg != {} } { - set outboundspi [ getConfig $ipsecCfg "outbound-spi"] + set outboundspi [ getConfig $ipsecCfg "outbound-spi"] } else { - set outboundspi "" + set outboundspi "" } spinbox $w.sad.spi.outboundv -bg white -width 10 \ - -validate focus -invcmd "focusAndFlash %W" + -validate focus -invcmd "focusAndFlash %W" $w.sad.spi.outboundv insert 0 $outboundspi $w.sad.spi.outboundv configure \ - -from 1367 -to 65535 -increment 1 \ - -vcmd {checkIntRange %P 1366 65535 } + -from 1367 -to 65535 -increment 1 \ + -vcmd {checkIntRange %P 1366 65535 } pack $w.sad.spi.outboundl $w.sad.spi.outboundv \ - -side left -anchor w + -side left -anchor w pack $w.sad.spi -side top -anchor w # @@ -324,28 +316,28 @@ proc viewIpsecCfg { node delete view } { pack $w.sad.ipsecalg.label -side left -anchor w global ipsecalg if { $ipsecCfg != {} } { - set ipsecalg [ getConfig $ipsecCfg "ipsec-algorithm"] + set ipsecalg [ getConfig $ipsecCfg "ipsec-algorithm"] } else { - set ipsecalg esp + set ipsecalg esp } # TODO: Add ESP with authenticated payload tk_optionMenu $w.sad.ipsecalg.alg ipsecalg esp ah pack $w.sad.ipsecalg.label $w.sad.ipsecalg.alg \ - -side left -anchor w + -side left -anchor w # IP compression: label $w.sad.ipsecalg.ipcomp -text "IPcomp: " pack $w.sad.ipsecalg.ipcomp -side left -anchor w global ipcompalg if { $ipsecCfg != {} } { - set ipcompalg [ getConfig $ipsecCfg "IPcomp-algorithm"] + set ipcompalg [ getConfig $ipsecCfg "IPcomp-algorithm"] } else { - set ipcompalg "no IPcomp" + set ipcompalg "no IPcomp" } tk_optionMenu $w.sad.ipsecalg.ipcompalg ipcompalg \ - deflate lzs "no IPcomp" + deflate lzs "no IPcomp" pack $w.sad.ipsecalg.ipcomp $w.sad.ipsecalg.ipcompalg \ - -side left -anchor w + -side left -anchor w pack $w.sad.ipsecalg -side top -anchor w # @@ -359,22 +351,22 @@ proc viewIpsecCfg { node delete view } { global cryptoalgesp global cryptoalgah if { $ipsecCfg != {} } { - set caesp [ getConfig $ipsecCfg "esp-crypto-algorithm"] - set caah [ getConfig $ipsecCfg "ah-crypto-algorithm"] + set caesp [ getConfig $ipsecCfg "esp-crypto-algorithm"] + set caah [ getConfig $ipsecCfg "ah-crypto-algorithm"] } else { - set caesp 3des-cbc - set caah hmac-md5 + set caesp 3des-cbc + set caah hmac-md5 } set cryptoalgesp $caesp set cryptoalgah $caah tk_optionMenu $w.sad.cryptoalg.esp cryptoalgesp \ - des-cbc 3des-cbc simple blowfish-cbc cast128-cbc \ - rijndael-cbc null + des-cbc 3des-cbc simple blowfish-cbc cast128-cbc \ + rijndael-cbc null tk_optionMenu $w.sad.cryptoalg.ah cryptoalgah \ - hmac-md5 hmac-sha1 keyed-md5 keyed-sha1 hmac-sha2-256 \ - hmac-sha2-384 hmac-sha2-512 null + hmac-md5 hmac-sha1 keyed-md5 keyed-sha1 hmac-sha2-256 \ + hmac-sha2-384 hmac-sha2-512 null pack $w.sad.cryptoalg.label $w.sad.cryptoalg.esp $w.sad.cryptoalg.ah \ - -side left -anchor w + -side left -anchor w pack $w.sad.cryptoalg -side top -anchor w # Shared secret for key derivation @@ -382,15 +374,14 @@ proc viewIpsecCfg { node delete view } { frame $w.sad.psk -borderwidth 4 label $w.sad.psk.label -text "Shared secret:" entry $w.sad.psk.text -bg white -width 30 \ - -validate focus -invcmd "focusAndFlash %W" + -validate focus -invcmd "focusAndFlash %W" if { $ipsecCfg != {} } { - set psk [ getConfig $ipsecCfg "shared-secret"] + set psk [ getConfig $ipsecCfg "shared-secret"] } else { - set psk "" + set psk "" } $w.sad.psk.text insert end $psk - $w.sad.psk.text configure \ - -vcmd {checkSharedSecret %P} + $w.sad.psk.text configure -vcmd {checkSharedSecret %P} pack $w.sad.psk.text $w.sad.psk.label -side right -padx 4 -pady 0 pack $w.sad.psk -side top -anchor w pack $w.sad -side top -anchor w -fill both @@ -410,17 +401,17 @@ proc viewIpsecCfg { node delete view } { frame $w.spd.sourceSP -borderwidth 4 label $w.spd.sourceSP.label -text "Src SP address:" entry $w.spd.sourceSP.source -bg white -width 30 \ - -validate focus -invcmd "focusAndFlash %W" + -validate focus -invcmd "focusAndFlash %W" if { $ipsecCfg != "" } { - set sourceSP [ getConfig $ipsecCfg "SP-source-address"] + set sourceSP [ getConfig $ipsecCfg "SP-source-address"] } else { - set sourceSP "" + set sourceSP "" } $w.spd.sourceSP.source insert end $sourceSP $w.spd.sourceSP.source configure \ - -vcmd {checkSPrange %P} + -vcmd {checkSPrange %P} pack $w.spd.sourceSP.source $w.spd.sourceSP.label \ - -side right -padx 4 -pady 0 + -side right -padx 4 -pady 0 pack $w.spd.sourceSP -side top -anchor w # @@ -429,15 +420,14 @@ proc viewIpsecCfg { node delete view } { frame $w.spd.destSP -borderwidth 4 label $w.spd.destSP.label -text "Dst SP address:" entry $w.spd.destSP.dest -bg white -width 30 \ - -validate focus -invcmd "focusAndFlash %W" + -validate focus -invcmd "focusAndFlash %W" if { $ipsecCfg != "" } { - set destSP [ getConfig $ipsecCfg "SP-destination-address"] + set destSP [ getConfig $ipsecCfg "SP-destination-address"] } else { - set destSP "" + set destSP "" } $w.spd.destSP.dest insert end $destSP - $w.spd.destSP.dest configure \ - -vcmd {checkSPrange %P} + $w.spd.destSP.dest configure -vcmd {checkSPrange %P} pack $w.spd.destSP.dest $w.spd.destSP.label -side right -padx 4 -pady 0 pack $w.spd.destSP -side top -anchor w @@ -447,17 +437,16 @@ proc viewIpsecCfg { node delete view } { frame $w.spd.sourcesgw -borderwidth 4 label $w.spd.sourcesgw.label -text "Src SGW address:" entry $w.spd.sourcesgw.source -bg white -width 30 \ - -validate focus -invcmd "focusAndFlash %W" + -validate focus -invcmd "focusAndFlash %W" if { $ipsecCfg != "" } { - set sourcesgw [ getConfig $ipsecCfg "source-SGW-address"] + set sourcesgw [ getConfig $ipsecCfg "source-SGW-address"] } else { - set sourcesgw "" + set sourcesgw "" } $w.spd.sourcesgw.source insert end $sourcesgw - $w.spd.sourcesgw.source configure \ - -vcmd {checkIPv4Addr %P} + $w.spd.sourcesgw.source configure -vcmd {checkIPv4Addr %P} pack $w.spd.sourcesgw.source $w.spd.sourcesgw.label \ - -side right -padx 4 -pady 0 + -side right -padx 4 -pady 0 pack $w.spd.sourcesgw -side top -anchor w # @@ -466,15 +455,14 @@ proc viewIpsecCfg { node delete view } { frame $w.spd.destsgw -borderwidth 4 label $w.spd.destsgw.label -text "Dst SGW address:" entry $w.spd.destsgw.source -bg white -width 30 \ - -validate focus -invcmd "focusAndFlash %W" + -validate focus -invcmd "focusAndFlash %W" if { $ipsecCfg != "" } { - set destsgw [ getConfig $ipsecCfg "destination-SGW-address"] + set destsgw [ getConfig $ipsecCfg "destination-SGW-address"] } else { - set destsgw "" + set destsgw "" } $w.spd.destsgw.source insert end $destsgw - $w.spd.destsgw.source configure \ - -vcmd {checkIPv4Addr %P} + $w.spd.destsgw.source configure -vcmd {checkIPv4Addr %P} pack $w.spd.destsgw.source $w.spd.destsgw.label \ -side right -padx 4 -pady 0 pack $w.spd.destsgw -side top -anchor w @@ -487,9 +475,9 @@ proc viewIpsecCfg { node delete view } { pack $w.spd.traffic.label -side left -anchor w global traffic if { $ipsecCfg != {} } { - set traffic [ getConfig $ipsecCfg "traffic-to-process"] + set traffic [ getConfig $ipsecCfg "traffic-to-process"] } else { - set traffic icmp + set traffic icmp } tk_optionMenu $w.spd.traffic.value traffic icmp tcp udp any pack $w.spd.traffic.label $w.spd.traffic.value -side left -anchor w @@ -501,14 +489,14 @@ proc viewIpsecCfg { node delete view } { pack $w.spd.traffic.action -side left -anchor w global action if { $ipsecCfg != {} } { - set action [ getConfig $ipsecCfg "processing-action"] + set action [ getConfig $ipsecCfg "processing-action"] } else { - set action ipsec + set action ipsec } tk_optionMenu $w.spd.traffic.actionv action ipsec discard bypass pack $w.spd.traffic.label $w.spd.traffic.value \ - $w.spd.traffic.action $w.spd.traffic.actionv \ - -side left -anchor w + $w.spd.traffic.action $w.spd.traffic.actionv \ + -side left -anchor w # # Processing level: @@ -518,15 +506,15 @@ proc viewIpsecCfg { node delete view } { pack $w.spd.traffic.level -side left -anchor w global level if { $ipsecCfg != {} } { - set level [ getConfig $ipsecCfg "processing-level"] + set level [ getConfig $ipsecCfg "processing-level"] } else { - set level require + set level require } tk_optionMenu $w.spd.traffic.levelv level require default use pack $w.spd.traffic.label $w.spd.traffic.value \ - $w.spd.traffic.action $w.spd.traffic.actionv \ - $w.spd.traffic.level $w.spd.traffic.levelv \ - -side left -anchor w + $w.spd.traffic.action $w.spd.traffic.actionv \ + $w.spd.traffic.level $w.spd.traffic.levelv \ + -side left -anchor w pack $w.spd.traffic -side top -anchor w # @@ -537,14 +525,14 @@ proc viewIpsecCfg { node delete view } { pack $w.spd.algandmode.alg -side left -anchor w global spipsecalg if { $ipsecCfg != {} } { - set spipsecalg [ getConfig $ipsecCfg "SP-ipsec-algorithm"] + set spipsecalg [ getConfig $ipsecCfg "SP-ipsec-algorithm"] } else { - set spipsecalg esp + set spipsecalg esp } radiobutton $w.spd.algandmode.esp -text "esp" \ - -variable spipsecalg -value esp + -variable spipsecalg -value esp radiobutton $w.spd.algandmode.ah -text "ah" \ - -variable spipsecalg -value ah + -variable spipsecalg -value ah pack $w.spd.algandmode.esp -side left -anchor w pack $w.spd.algandmode.ah -side left -anchor w @@ -558,14 +546,14 @@ proc viewIpsecCfg { node delete view } { pack $w.spd.algandmode.mode -side left -anchor w global mode if { $ipsecCfg != {} } { - set mode [ getConfig $ipsecCfg "ipsec-mode"] + set mode [ getConfig $ipsecCfg "ipsec-mode"] } else { - set mode transport + set mode transport } radiobutton $w.spd.algandmode.transport -text "transport" \ - -variable mode -value transport + -variable mode -value transport radiobutton $w.spd.algandmode.tunnel -text "tunnel" \ - -variable mode -value tunnel + -variable mode -value tunnel pack $w.spd.algandmode.transport -side top -anchor w pack $w.spd.algandmode.tunnel -side bottom -anchor w pack $w.spd.algandmode -side top -anchor w @@ -577,24 +565,23 @@ proc viewIpsecCfg { node delete view } { frame $w.buttons pack $w.buttons -side bottom button $w.buttons.close -text Close -command \ - "set badentry -1 ; destroy $w" + "set badentry -1 ; destroy $w" if { $view == "1" } { - set edit "1" - button $w.buttons.delete -text Delete \ - -command "deleteIpsecCfg $w $node $viewid $edit" - button $w.buttons.apply -text Apply \ - -command "editIpsecCfg $w $node $viewid $edit 0" - focus $w.buttons.apply - pack $w.buttons.delete $w.buttons.close $w.buttons.apply -side left + set edit "1" + button $w.buttons.delete -text Delete \ + -command "deleteIpsecCfg $w $node $viewid $edit" + button $w.buttons.apply -text Apply \ + -command "editIpsecCfg $w $node $viewid $edit 0" + focus $w.buttons.apply + pack $w.buttons.delete $w.buttons.close $w.buttons.apply -side left } else { - set add "1" - button $w.buttons.apply -text "Apply" \ - -command "ipsecConfigApply $w $node $add 0" - focus $w.buttons.apply - pack $w.buttons.apply $w.buttons.close -side left - } + set add "1" + button $w.buttons.apply -text "Apply" \ + -command "ipsecConfigApply $w $node $add 0" + focus $w.buttons.apply + pack $w.buttons.apply $w.buttons.close -side left } - return + } } #****f* ipsec.tcl/deleteIpsecCfg @@ -609,18 +596,17 @@ proc viewIpsecCfg { node delete view } { # When deleting ipsec-config, $edit has to be set to "0". # INPUTS # * w -- ipsec configuration window -# * node -- node -# * viewid -- current ipsec-config-id from the -# tk_optionmenu. viewIpsecCfg always shows the -# ipsec-config determined by the global variable viewid. -# * edit -- if edit is set to "0", editIpsecCfg will delete -# ipsec-config defined by the ipsec-config-id viewid. +# * node -- node +# * viewid -- current ipsec-config-id from the +# tk_optionmenu. viewIpsecCfg always shows the +# ipsec-config determined by the global variable viewid. +# * edit -- if edit is set to "0", editIpsecCfg will delete +# ipsec-config defined by the ipsec-config-id viewid. #**** proc deleteIpsecCfg { w node viewid edit } { - set edit "0" - editIpsecCfg $w $node $viewid $edit 0 - return + set edit "0" + editIpsecCfg $w $node $viewid $edit 0 } #****f* ipsec.tcl/ipsecConfigApply @@ -646,89 +632,89 @@ proc deleteIpsecCfg { w node viewid edit } { #**** proc ipsecConfigApply { w node add phase } { - global ipsecalg spipsecalg mode ipcompalg - global cryptoalgesp cryptoalgah action traffic level - global badentry - set ipsecCfg "" - set error "" + global ipsecalg spipsecalg mode ipcompalg + global cryptoalgesp cryptoalgah action traffic level + global badentry + set ipsecCfg "" + set error "" - if { $add == 1 } { + if { $add == 1 } { $w config -cursor watch update if { $phase == 0 } { - set badentry 0 - focus . - after 100 "ipsecConfigApply $w $node $add 1" - return + set badentry 0 + focus . + after 100 "ipsecConfigApply $w $node $add 1" + return } elseif { $badentry } { - $w config -cursor left_ptr - return - } + $w config -cursor left_ptr + return } + } - set id [$w.id.text get] - set sourceSA [$w.sad.sourceSA.source get] - set destSA [$w.sad.destSA.dest get] - set inboundspi [$w.sad.spi.inboundv get] - set outboundspi [$w.sad.spi.outboundv get] - set psk [$w.sad.psk.text get] - set sourceSP [$w.spd.sourceSP.source get] - set destSP [$w.spd.destSP.dest get] - set sourcesgw [$w.spd.sourcesgw.source get] - set destsgw [$w.spd.destsgw.source get] - - if { $add == "1" } { - set error [checkIpsecCfg $node "ipsec-config-id" $id] - if { $error != "" } { - destroy $w - showIpsecErrors $error - return "" - } + set id [$w.id.text get] + set sourceSA [$w.sad.sourceSA.source get] + set destSA [$w.sad.destSA.dest get] + set inboundspi [$w.sad.spi.inboundv get] + set outboundspi [$w.sad.spi.outboundv get] + set psk [$w.sad.psk.text get] + set sourceSP [$w.spd.sourceSP.source get] + set destSP [$w.spd.destSP.dest get] + set sourcesgw [$w.spd.sourcesgw.source get] + set destsgw [$w.spd.destsgw.source get] + + if { $add == "1" } { + set error [checkIpsecCfg $node "ipsec-config-id" $id] + if { $error != "" } { + destroy $w + showIpsecErrors $error + return "" } + } - set ipsecCfg [setConfig $ipsecCfg $id "ipsec-config-id"] - set ipsecCfg [setConfig $ipsecCfg $sourceSA "SA-source-address"] - set ipsecCfg [setConfig $ipsecCfg $destSA "SA-destination-address"] - set ipsecCfg [setConfig $ipsecCfg $ipsecalg "ipsec-algorithm"] - set ipsecCfg [setConfig $ipsecCfg $ipcompalg "IPcomp-algorithm"] - set ipsecCfg [setConfig $ipsecCfg $inboundspi "inbound-spi"] - set ipsecCfg [setConfig $ipsecCfg $outboundspi "outbound-spi"] - set ipsecCfg [setConfig $ipsecCfg $cryptoalgesp "esp-crypto-algorithm"] - set ipsecCfg [setConfig $ipsecCfg $cryptoalgah "ah-crypto-algorithm"] - set ipsecCfg [setConfig $ipsecCfg $psk "shared-secret"] - set ipsecCfg [setConfig $ipsecCfg $sourceSP "SP-source-address"] - set ipsecCfg [setConfig $ipsecCfg $destSP "SP-destination-address"] - set ipsecCfg [setConfig $ipsecCfg $sourcesgw "source-SGW-address"] - set ipsecCfg [setConfig $ipsecCfg $destsgw "destination-SGW-address"] - set ipsecCfg [setConfig $ipsecCfg $traffic "traffic-to-process"] - set ipsecCfg [setConfig $ipsecCfg $action "processing-action"] - set ipsecCfg [setConfig $ipsecCfg $spipsecalg "SP-ipsec-algorithm"] - set ipsecCfg [setConfig $ipsecCfg $mode "ipsec-mode"] - set ipsecCfg [setConfig $ipsecCfg $level "processing-level"] - - setIpsecConfig $node $ipsecCfg - destroy $w - return $ipsecCfg + set ipsecCfg [setConfig $ipsecCfg $id "ipsec-config-id"] + set ipsecCfg [setConfig $ipsecCfg $sourceSA "SA-source-address"] + set ipsecCfg [setConfig $ipsecCfg $destSA "SA-destination-address"] + set ipsecCfg [setConfig $ipsecCfg $ipsecalg "ipsec-algorithm"] + set ipsecCfg [setConfig $ipsecCfg $ipcompalg "IPcomp-algorithm"] + set ipsecCfg [setConfig $ipsecCfg $inboundspi "inbound-spi"] + set ipsecCfg [setConfig $ipsecCfg $outboundspi "outbound-spi"] + set ipsecCfg [setConfig $ipsecCfg $cryptoalgesp "esp-crypto-algorithm"] + set ipsecCfg [setConfig $ipsecCfg $cryptoalgah "ah-crypto-algorithm"] + set ipsecCfg [setConfig $ipsecCfg $psk "shared-secret"] + set ipsecCfg [setConfig $ipsecCfg $sourceSP "SP-source-address"] + set ipsecCfg [setConfig $ipsecCfg $destSP "SP-destination-address"] + set ipsecCfg [setConfig $ipsecCfg $sourcesgw "source-SGW-address"] + set ipsecCfg [setConfig $ipsecCfg $destsgw "destination-SGW-address"] + set ipsecCfg [setConfig $ipsecCfg $traffic "traffic-to-process"] + set ipsecCfg [setConfig $ipsecCfg $action "processing-action"] + set ipsecCfg [setConfig $ipsecCfg $spipsecalg "SP-ipsec-algorithm"] + set ipsecCfg [setConfig $ipsecCfg $mode "ipsec-mode"] + set ipsecCfg [setConfig $ipsecCfg $level "processing-level"] + + setIpsecConfig $node $ipsecCfg + destroy $w + return $ipsecCfg } #****f* ipsec.tcl/checkIpsecCfg # NAME # checkIpsecCfg -- Check if there are errors in ipsec -# configuration input fields in ipsec configuration -# window. +# configuration input fields in ipsec configuration +# window. # SYNOPSIS # checkIpsecCfg $node $strd $str # FUNCTION -# checkIpsecCfg will be incoked while doing ipsecConfigApply -# to check new inputs in the ipsec configuration window. +# checkIpsecCfg will be incoked while doing ipsecConfigApply +# to check new inputs in the ipsec configuration window. # INPUTS -# * node -- node -# * strd -- string description, that is i.e. "ipsec-config-id", -# "SA-source-address", etc. -# * str -- string, that is value related to strd. +# * node -- node +# * strd -- string description, that is i.e. "ipsec-config-id", +# "SA-source-address", etc. +# * str -- string, that is value related to strd. # RESULT -# * valid -- valid is set to 0, if there is an error and -# 1 otherwise. +# * valid -- valid is set to 0, if there is an error and +# 1 otherwise. #**** # TODO: Add check for the IPv4/IPv6 addresses @@ -738,26 +724,24 @@ proc ipsecConfigApply { w node add phase } { # Experiment->Execute in error window. proc checkIpsecCfg { node strd str } { - set error "" - set ipsecCfgList [getIpsecConfig $node] + set error "" + set ipsecCfgList [getIpsecConfig $node] - switch $strd { - ipsec-config-id { - - if { $str == "" } { - set error "Please, enter ipsec-config-id." - } else { - - foreach ipsecCfg $ipsecCfgList { - set currentid [getConfig $ipsecCfg "ipsec-config-id"] - if { $str == $currentid } { - set error "Choose another ipsec-config-id." - } - } - } + switch $strd { + ipsec-config-id { + if { $str == "" } { + set error "Please, enter ipsec-config-id." + } else { + foreach ipsecCfg $ipsecCfgList { + set currentid [getConfig $ipsecCfg "ipsec-config-id"] + if { $str == $currentid } { + set error "Choose another ipsec-config-id." + } } + } } - return $error + } + return $error } #****f* ipsec.tcl/setConfig @@ -767,34 +751,34 @@ proc checkIpsecCfg { node strd str } { # SYNOPSIS # setConfig $strlist $str # FUNCTION -# Procedure returns requested element that belongs -# to ipsec-config structure. +# Procedure returns requested element that belongs +# to ipsec-config structure. # INPUTS -# * strlist -- ipsec-config structure -# * cfg -- current ipsec-config that will be extended -# with new elements -# * str -- new element +# * strlist -- ipsec-config structure +# * cfg -- current ipsec-config that will be extended +# with new elements +# * str -- new element # RESULT -# * strlist -- new ipsec-config sructure +# * strlist -- new ipsec-config sructure #**** proc setConfig { strlist cfg str } { - set i [lsearch $strlist "$str *"] + set i [lsearch $strlist "$str *"] - if { $i < 0 } { - if { $cfg != {} } { - set newcfg [list $str $cfg] - lappend strlist $newcfg - } - } else { - set oldval [lindex [lsearch -inline $strlist "$str *"] 1] - if { $oldval != $cfg } { - set strlist [lreplace $strlist $i $i [list $str $cfg]] - } + if { $i < 0 } { + if { $cfg != {} } { + set newcfg [list $str $cfg] + lappend strlist $newcfg + } + } else { + set oldval [lindex [lsearch -inline $strlist "$str *"] 1] + if { $oldval != $cfg } { + set strlist [lreplace $strlist $i $i [list $str $cfg]] } + } - return $strlist + return $strlist } #****f* ipsec.tcl/getConfig @@ -812,7 +796,7 @@ proc setConfig { strlist cfg str } { proc getConfig { strlist str } { - return [lindex [lsearch -inline $strlist "$str *"] 1] + return [lindex [lsearch -inline $strlist "$str *"] 1] } @@ -829,13 +813,13 @@ proc getConfig { strlist str } { #**** proc setIpsecConfig { node cfg } { - global $node + global $node - if { $cfg != {} } { - lappend $node [list ipsec-config $cfg] - } + if { $cfg != {} } { + lappend $node [list ipsec-config $cfg] + } - return + return } #****f* ipsec.tcl/getIpsecConfig @@ -852,15 +836,15 @@ proc setIpsecConfig { node cfg } { #**** proc getIpsecConfig { node } { - global $node - set ipsecCfg {} + global $node + set ipsecCfg {} - set values [lsearch -all -inline [set $node] "ipsec-config *"] - foreach val $values { - lappend ipsecCfg [lindex $val 1] - } + set values [lsearch -all -inline [set $node] "ipsec-config *"] + foreach val $values { + lappend ipsecCfg [lindex $val 1] + } - return $ipsecCfg + return $ipsecCfg } #****f* ipsec.tcl/removeIpsecConfig @@ -876,16 +860,16 @@ proc getIpsecConfig { node } { #**** proc removeIpsecConfig { node } { - global $node - - set indices [lsearch -all [set $node] "ipsec-config *"] - set cnt 0 - foreach i $indices { - set j [expr $i - $cnt] - set $node [lreplace [set $node] $j $j] - incr cnt - } - return + global $node + + set indices [lsearch -all [set $node] "ipsec-config *"] + set cnt 0 + foreach i $indices { + set j [expr $i - $cnt] + set $node [lreplace [set $node] $j $j] + incr cnt + } + return } #****f* ipsec.tcl/getIpsecEnabled @@ -903,13 +887,13 @@ proc removeIpsecConfig { node } { #**** proc getIpsecEnabled { node } { - global $node + global $node - if { [lindex [lsearch -inline [set $node] "ipsec-enabled *"] 1] == true } { + if { [lindex [lsearch -inline [set $node] "ipsec-enabled *"] 1] == true } { return true - } else { + } else { return false - } + } } #****f* ipsec.tcl/setIpsecEnabled @@ -925,16 +909,16 @@ proc getIpsecEnabled { node } { #**** proc setIpsecEnabled { node enabled } { - global $node + global $node - set i [lsearch [set $node] "ipsec-enabled *"] - if { $i >= 0 } { + set i [lsearch [set $node] "ipsec-enabled *"] + if { $i >= 0 } { set $node [lreplace [set $node] $i $i] - } - if { $enabled == true } { + } + if { $enabled == true } { lappend $node [list ipsec-enabled $enabled] - } - return + } + return } #****f* ipsec.tcl/ipsecCfggen @@ -952,123 +936,116 @@ proc setIpsecEnabled { node enabled } { #**** proc ipsecCfggen { node } { - global $node - - set sourceSA "" - set destSA "" - set ipsecalg "" - set ipcompalg "" - set inboundspi "" - set outboundspi "" - set cryptoalgesp "" - set cryptoalgah "" - set psk "" - set sourceSP "" - set destSP "" - set sourcesgw "" - set destsgw "" - set traffic "" - set action "" - set spipsecalg "" - set mode "" - set level "" + global $node + + set sourceSA "" + set destSA "" + set ipsecalg "" + set ipcompalg "" + set inboundspi "" + set outboundspi "" + set cryptoalgesp "" + set cryptoalgah "" + set psk "" + set sourceSP "" + set destSP "" + set sourcesgw "" + set destsgw "" + set traffic "" + set action "" + set spipsecalg "" + set mode "" + set level "" - set cfg {} - set ipsecCfgList [getIpsecConfig $node] + set cfg {} + set ipsecCfgList [getIpsecConfig $node] - lappend cfg "#!/usr/sbin/setkey -f" - lappend cfg "flush;" - lappend cfg "spdflush;" + lappend cfg "#!/usr/sbin/setkey -f" + lappend cfg "flush;" + lappend cfg "spdflush;" - foreach ipsecCfg $ipsecCfgList { - set cryptoalg "" + foreach ipsecCfg $ipsecCfgList { + set cryptoalg "" - set sourceSA [getConfig $ipsecCfg "SA-source-address"] - set destSA [getConfig $ipsecCfg "SA-destination-address"] - set ipsecalg [getConfig $ipsecCfg "ipsec-algorithm"] - set ipcompalg [getConfig $ipsecCfg "IPcomp-algorithm"] - set inboundspi [getConfig $ipsecCfg "inbound-spi"] - set outboundspi [getConfig $ipsecCfg "outbound-spi"] - set cryptoalgesp [getConfig $ipsecCfg "esp-crypto-algorithm"] - set cryptoalgah [getConfig $ipsecCfg "ah-crypto-algorithm"] - set psk [getConfig $ipsecCfg "shared-secret"] - if { $ipsecalg == "esp" } { - set ipsecalgorithm "esp" - set ipsecalgmark "-E" - append cryptoalg $ipsecalgmark " " $cryptoalgesp - } elseif { $ipsecalg == "ah" } { - set ipsecalgorithm "ah" - set ipsecalgmark "-A" - append cryptoalg $ipsecalgmark " " $cryptoalgah - #} elseif { $ipsecalg == "esp with auth" } { - # set ipsecalgorithm "esp" - # set ipsecalgmark "-E" - # set ipsecalgmark2 "-A" - # append cryptoalg $ipsecalgmark " " $cryptoalgesp " " \ - # $ipsecalgmark2 " " $cryptoalgah - } else { - return "" - } - - if { $ipcompalg == "defalte" || $ipcompalg == "lzs" } { - set ipcompalgorithm " -C $ipcompalg" - append cryptoalg $ipcompalgorithm - } + set sourceSA [getConfig $ipsecCfg "SA-source-address"] + set destSA [getConfig $ipsecCfg "SA-destination-address"] + set ipsecalg [getConfig $ipsecCfg "ipsec-algorithm"] + set ipcompalg [getConfig $ipsecCfg "IPcomp-algorithm"] + set inboundspi [getConfig $ipsecCfg "inbound-spi"] + set outboundspi [getConfig $ipsecCfg "outbound-spi"] + set cryptoalgesp [getConfig $ipsecCfg "esp-crypto-algorithm"] + set cryptoalgah [getConfig $ipsecCfg "ah-crypto-algorithm"] + set psk [getConfig $ipsecCfg "shared-secret"] + if { $ipsecalg == "esp" } { + set ipsecalgorithm "esp" + set ipsecalgmark "-E" + append cryptoalg $ipsecalgmark " " $cryptoalgesp + } elseif { $ipsecalg == "ah" } { + set ipsecalgorithm "ah" + set ipsecalgmark "-A" + append cryptoalg $ipsecalgmark " " $cryptoalgah + #} elseif { $ipsecalg == "esp with auth" } { + # set ipsecalgorithm "esp" + # set ipsecalgmark "-E" + # set ipsecalgmark2 "-A" + # append cryptoalg $ipsecalgmark " " $cryptoalgesp " " \ + # $ipsecalgmark2 " " $cryptoalgah + } else { + return "" + } - if { $sourceSA != "" && $destSA != "" && \ - $ipsecalg != "" && $cryptoalg != "" && \ - $psk != "" && $inboundspi != "" && \ - $outboundspi != "" } { + if { $ipcompalg == "defalte" || $ipcompalg == "lzs" } { + set ipcompalgorithm " -C $ipcompalg" + append cryptoalg $ipcompalgorithm + } - lappend cfg "add $sourceSA $destSA $ipsecalgorithm - $inboundspi $cryptoalg $psk;" + if { $sourceSA != "" && $destSA != "" && \ + $ipsecalg != "" && $cryptoalg != "" && \ + $psk != "" && $inboundspi != "" && \ + $outboundspi != "" } { + lappend cfg "add $sourceSA $destSA $ipsecalgorithm + $inboundspi $cryptoalg $psk;" - lappend cfg "add $destSA $sourceSA $ipsecalgorithm - $outboundspi $cryptoalg $psk;" - } + lappend cfg "add $destSA $sourceSA $ipsecalgorithm + $outboundspi $cryptoalg $psk;" + } - set sourceSP [getConfig $ipsecCfg "SP-source-address"] - set destSP [getConfig $ipsecCfg "SP-destination-address"] - set sourcesgw [getConfig $ipsecCfg "source-SGW-address"] - set destsgw [getConfig $ipsecCfg "destination-SGW-address"] - set traffic [getConfig $ipsecCfg "traffic-to-process"] - set action [getConfig $ipsecCfg "processing-action"] - set spipsecalg [getConfig $ipsecCfg "SP-ipsec-algorithm"] - set mode [getConfig $ipsecCfg "ipsec-mode"] - set level [getConfig $ipsecCfg "processing-level"] - - if { $sourceSP != "" && $destSP != "" && \ - $traffic != "" && $action != "" && \ - $spipsecalg != "" && $mode != "" && $level != ""} { - - if { $mode == "transport" } { - - lappend cfg "spdadd $sourceSP $destSP $traffic -P out + set sourceSP [getConfig $ipsecCfg "SP-source-address"] + set destSP [getConfig $ipsecCfg "SP-destination-address"] + set sourcesgw [getConfig $ipsecCfg "source-SGW-address"] + set destsgw [getConfig $ipsecCfg "destination-SGW-address"] + set traffic [getConfig $ipsecCfg "traffic-to-process"] + set action [getConfig $ipsecCfg "processing-action"] + set spipsecalg [getConfig $ipsecCfg "SP-ipsec-algorithm"] + set mode [getConfig $ipsecCfg "ipsec-mode"] + set level [getConfig $ipsecCfg "processing-level"] + + if { $sourceSP != "" && $destSP != "" && \ + $traffic != "" && $action != "" && \ + $spipsecalg != "" && $mode != "" && $level != ""} { + if { $mode == "transport" } { + lappend cfg "spdadd $sourceSP $destSP $traffic -P out $action $spipsecalg/$mode//$level;" - lappend cfg "spdadd $destSP $sourceSP $traffic -P in + lappend cfg "spdadd $destSP $sourceSP $traffic -P in $action $spipsecalg/$mode//$level;" - - } elseif { $mode == "tunnel" } { - - if { $sourcesgw != "" && $destsgw != "" } { - - lappend cfg "spdadd $sourceSP $destSP $traffic -P out - $action $spipsecalg/$mode/$sourcesgw-$destsgw/$level;" - lappend cfg "spdadd $destSP $sourceSP $traffic -P in - $action $spipsecalg/$mode/$destsgw-$sourcesgw/$level;" - - } - } + } elseif { $mode == "tunnel" } { + if { $sourcesgw != "" && $destsgw != "" } { + lappend cfg "spdadd $sourceSP $destSP $traffic -P out + $action $spipsecalg/$mode/$sourcesgw-$destsgw/$level;" + lappend cfg "spdadd $destSP $sourceSP $traffic -P in + $action $spipsecalg/$mode/$destsgw-$sourcesgw/$level;" } + } } - return $cfg + } + return $cfg } proc setkeyError { setkeyerror } { - set str "[lindex [split $setkeyerror "\."] 0]" - set errorstr "Error in created setkey.conf: " - append errorstr $str - showIpsecErrors $errorstr + set str "[lindex [split $setkeyerror "\."] 0]" + set errorstr "Error in created setkey.conf: " + append errorstr $str + showIpsecErrors $errorstr } # TODO: SP range can be one of the following: @@ -1078,14 +1055,14 @@ proc setkeyError { setkeyerror } { # address/prefixlen[port] # proc checkSPrange { SPrange } { - if { [checkSAaddress $SPrange] == 1 } { - return 1 - } elseif { [checkSPnet $SPrange] == 1 } { - return 1 - } elseif { [checkIPv46AddrPort $SPrange] == 1 } { - return 1 - } - return 0 + if { [checkSAaddress $SPrange] == 1 } { + return 1 + } elseif { [checkSPnet $SPrange] == 1 } { + return 1 + } elseif { [checkIPv46AddrPort $SPrange] == 1 } { + return 1 + } + return 0 } # RETURN @@ -1116,20 +1093,20 @@ proc checkIPv46AddrPort { str } { if { $str == "" } { return 1 } - set addr [lindex [split $str "\["] 0] - set SAaddress [checkSAaddress $addr] - set SPnet [checkSPnet $addr] - if { $SAaddress == 0 && $SPnet == 0 } { - return 0 + set addr [lindex [split $str "\["] 0] + set SAaddress [checkSAaddress $addr] + set SPnet [checkSPnet $addr] + if { $SAaddress == 0 && $SPnet == 0 } { + return 0 + } else { + set tmp [lindex [split $str "\["] 1] + set port [lindex [split $tmp "\]"] 0] + if { $port != "" } { + return [checkIntRange $port 0 65535] } else { - set tmp [lindex [split $str "\["] 1] - set port [lindex [split $tmp "\]"] 0] - if { $port != "" } { - return [checkIntRange $port 0 65535] - } else { - return 0 - } + return 0 } + } } #****f* ipsec.tcl/checkSAaddress @@ -1151,12 +1128,12 @@ proc checkSAaddress { str } { if { $str == "" } { return 1 } - if { [checkIPv4Addr $str] == 1 } { - return 1 - } elseif { [checkIPv6Addr $str] == 1 } { - return 1 - } - return 0 + if { [checkIPv4Addr $str] == 1 } { + return 1 + } elseif { [checkIPv6Addr $str] == 1 } { + return 1 + } + return 0 } #****f* ipsec.tcl/checkSPnet @@ -1177,12 +1154,12 @@ proc checkSPnet { str } { if { $str == "" } { return 1 } - if { [checkIPv4Net $str] == 1 } { - return 1 - } elseif { [checkIPv6Net $str] == 1 } { - return 1 - } - return 0 + if { [checkIPv4Net $str] == 1 } { + return 1 + } elseif { [checkIPv6Net $str] == 1 } { + return 1 + } + return 0 } #****f* ipsec.tcl/checkSharedSecret @@ -1205,33 +1182,28 @@ proc checkSPnet { str } { #**** proc checkSharedSecret { str } { - if { $str == "" } { + if { $str == "" } { + return 1 + } + set hexmark "" + set limiter1 "" + set limiter2 "" + set hexmark [string range $str 0 1] + set limiter1 [string index $str 0] + set limiter2 [string index $str end] + if { $hexmark == "0x" } { + set psk [string range $str 2 end] + if { $psk != "" } { + if { [string is integer $psk] } { return 1 + } } - set hexmark "" - set limiter1 "" - set limiter2 "" - set hexmark [string range $str 0 1] - set limiter1 [string index $str 0] - set limiter2 [string index $str end] - if { $hexmark == "0x" } { - set psk [string range $str 2 end] - if { $psk != "" } { - if { [string is integer $psk] } { - return 1 - } - } - } elseif { $limiter1 == "\"" && $limiter2 == "\"" } { - set psk [string replace $str 0 0] - set pskonly [string replace $psk end end] - if { $pskonly != "" } { - return 1 - } + }elseif { $limiter1 == "\"" && $limiter2 == "\"" } { + set psk [string replace $str 0 0] + set pskonly [string replace $psk end end] + if { $pskonly != "" } { + return 1 } - return 0 + } + return 0 } - - - - -