Commit Graph

50 Commits

Author SHA1 Message Date
Ruslan Ermilov
86ab142d10 Back out last delta, it just unpolitely reverted some local changes. 2004-07-01 17:13:15 +00:00
Bruce M Simpson
1922fd129e Initial import of RFC 2385 (TCP-MD5) digest support.
This is the second of two commits; bring in the userland support to finish.

Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.

Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.

Sponsored by:	sentex.net
2004-02-11 04:34:34 +00:00
Hajimu UMEMOTO
bd9f52d566 - plug memory leak.
- fixed a length of the sadb extension in the case of pfkey_send_x5().
- used getprotobynumber() for printing a upper layer protocol name.
- modified the output format against the change of the setkey syntax
  about a icmp6 type/code.
- don't enumerate reserved fields.  use memset.

Obtained from:	KAME
2003-11-05 09:41:23 +00:00
Hajimu UMEMOTO
9713f5c170 - errx() doesn't need `\n'.
- use %u for unsigned variable.

Obtained from:	KAME
2003-10-26 12:00:27 +00:00
Hajimu UMEMOTO
d24cb2490d stop use of NI_WITHSCOPEID. it was deprecated.
Obtained from:	KAME
2003-10-21 20:11:47 +00:00
Hajimu UMEMOTO
b42ac57f4f - support AES counter mode for ESP.
- use size_t as return type of schedlen(), as there's no error
  check needed.
- clear key schedule buffer before freeing.

Obtained from:	KAME
2003-10-13 14:57:41 +00:00
Hajimu UMEMOTO
c65ee7c758 - support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8

Obtained from:	KAME
2003-10-13 04:54:51 +00:00
Hajimu UMEMOTO
492528c051 - RIPEMD160 support
- pass size arg to ah->result (avoid assuming result buffer size)

Obtained from:	KAME
2003-10-12 09:41:42 +00:00
Ruslan Ermilov
743d5d518c mdoc(7): Properly mark C headers. 2003-09-10 19:24:35 +00:00
David E. O'Brien
4f4a104ee8 style.Makefile(5) 2003-08-18 15:25:39 +00:00
Gordon Tetlow
41d8423f71 Stage 3 of dynamic root support. Make all the libraries needed to run
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.
2003-08-17 08:28:46 +00:00
Munechika SUMIKAWA
296e054f23 Buffer size is not enough in the previous commit. Use 128.
Pointed out by:	nectar
MFC after:	1 week
2003-04-17 07:20:00 +00:00
Munechika SUMIKAWA
6089e562ff Make character buffer more bigger.
Obtained from:	KAME
MFC after:	1 week
2003-04-16 11:21:12 +00:00
Philippe Charnier
0552350ecc The .Fn function 2003-03-24 16:02:05 +00:00
Philippe Charnier
bd99773b0c The .Fn function. Spelling. 2003-02-06 11:29:40 +00:00
Jens Schweikhardt
9d5abbddbf Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
Jens Schweikhardt
57bd0fc6e8 english(4) police. 2002-12-27 12:15:40 +00:00
Peter Wemm
224af215a6 Zap now-unused SHLIB_MINOR 2002-09-28 00:25:32 +00:00
SUZUKI Shinsuke
88ff5695c1 just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.
(based on freebsd4-snap-20020128)

Reviewed by:	ume
MFC after:	1 week
2002-04-19 04:46:24 +00:00
David E. O'Brien
1372519b15 Remove multi-line __P() usage. 2002-03-22 09:22:15 +00:00
David E. O'Brien
69160b1eb7 Remove __P() usage. 2002-03-21 23:54:04 +00:00
Ruslan Ermilov
32eef9aeb1 mdoc(7) police: Use the new .In macro for #include statements. 2001-10-01 16:09:29 +00:00
Matthew Dillon
46a50f4e34 Add __FBSDID()s to libipsec 2001-09-30 21:43:45 +00:00
Ruslan Ermilov
c75526d5a0 mdoc(7) police: fixed the "new sentence" bogons. 2001-08-10 15:03:10 +00:00
Ruslan Ermilov
c4d9468ea0 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
Hajimu UMEMOTO
232bdaf61f printed current sequence number of the SA. accordingly, changed
into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure.  Also the output of setkey is changed.  sequence number
of the sadb is replaced to the end of the output.

Obtained from:	KAME
2001-08-06 19:40:01 +00:00
Dima Dorfman
7ebcc426ef Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
Hajimu UMEMOTO
3384154590 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
Ruslan Ermilov
4a558355e5 MAN[1-9] -> MAN. 2001-03-27 17:27:19 +00:00
Ruslan Ermilov
d0353b836e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
Ben Smithurst
b9d4121572 Fix typo: ispec -> ipsec
PR:		24005
Submitted by:	Jimmy Olgeni <olgeni@uli.it>
2001-01-01 23:26:16 +00:00
David E. O'Brien
a8e642f574 Change the spelling of .' to .' from .OBJDIR since `.' really is where
generated files land.  Also give precedence to generated files.
2000-12-05 22:10:43 +00:00
David E. O'Brien
2c5569d6ff The GCC 2.96 snapshots have slightly different rules for finding include
files.  Mostly -I${.CURDIR} was needed -- especially for YACC generated
files as the new cpp does not look in the ultimate source file
(ie, the .y file)'s directory as told by the "#line" directive.  Some were
misspellings of "-I${.CURDIR}" as "-I.".
2000-12-01 09:39:28 +00:00
Jun-ichiro itojun Hagino
3c62e87aa3 synchronize with latest kame tree.
behavior change: policy syntax was changed.  you may need to update your
setkey(8) configuration files.
2000-07-04 16:22:05 +00:00
Alexey Zelkin
ea1a3a92fe Fix typo.
Noticed by:	hoek
2000-05-06 14:07:35 +00:00
Alexey Zelkin
f894c43f10 . remove some unneeded comments
. replace .Os value with empty value since this library is not KAME only
anymore
. add a note about IPv6 and IPsec integration to the FreeBSD
2000-05-01 14:42:09 +00:00
Alexey Zelkin
6be6c65006 . add a note about IPv6/IPsec integration to the FreeBSD
. replace .Po/.Pc pairs with .Pq
. remove some unneeded comments
. .Lb-ify
2000-05-01 14:40:06 +00:00
Steve Price
4f9bc6c6b7 Don't try to compile in INET6 support when NOINET6 is defined. 2000-04-15 20:45:52 +00:00
Yoshinobu Inoue
f018cfad89 Replace the prefix for yylval to less confusing one.
(Sorry, this should be committed with previous commit to Makefile.)
2000-04-02 05:08:07 +00:00
Yoshinobu Inoue
1f0118b915 Replace the prefix for yylval to less confusing one.
Suggested by: bruce
2000-04-01 22:28:36 +00:00
Brian Feldman
fe69f87383 Actually, ${LIBY}/-ly aren't needed either. This should finish unbreaking
the world build.
2000-03-29 00:54:06 +00:00
Yoshinobu Inoue
4b89b76f24 Remove libl related dependencies, because it is not necessary, and even more,
it cause building world failure.

Specified by: Nickolay Dudorov <nnd@mail.nsk.ru>
2000-03-28 11:41:18 +00:00
Bruce Evans
e39c55ae3e Fixed missing DPADD.
Fixed style bug for LDADD (don't use += for variables defined only once).
2000-03-27 15:16:06 +00:00
Yoshinobu Inoue
f63e7634ac Initialize mbuf pointer at getting ipsec policy.
Without this, kernel will panic at getsockopt() of IPSEC_POLICY.
Also make compilable libipsec/test-policy.c which tries getsockopt() of
IPSEC_POLICY.

Approved by: jkh

Submitted by: sakane@kame.net
2000-03-09 14:57:16 +00:00
Nik Clayton
c979f70672 s/ispec/ipsec/, and add a missing comma.
PR:             docs/16995
Submitted by:   Benno Rice <benno@netizen.com.au>
2000-03-07 13:58:25 +00:00
Yoshinobu Inoue
0ca229d64d Change IPv6 scoped addr format again based on recent standard discussion.
Sorry for the flapping, but no change will be done for 4.0 anymore.
Official standard will be published around April or later.
If different format would be adopted at that time, then support for
the new format will be added to the succeeding FreeBSD 4.x.

Approved by: jkh
2000-02-19 16:10:16 +00:00
Yoshinobu Inoue
ab08b2ee08 Set libipsec shared library number to 0
When libipsec library is created, no SHLIB numbers are
   specified in the Makefile. Then the library version was set
   to 2.(by default?)
   So change it to 0.
   For now it should not be problem, because the contents are same.
   I'll also prepare an entry for UPDATING.
2000-02-03 10:06:53 +00:00
Bruce Evans
e231122d79 Fixed missing include and missing arg in synopsis. 2000-01-13 10:22:50 +00:00
Bruce Evans
f92c744fd8 Fixed missing include in synopsis. 2000-01-13 10:21:25 +00:00
Yoshinobu Inoue
9a4365d0e0 libipsec and IPsec related apps. (and some KAME related man pages)
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
2000-01-06 12:40:54 +00:00