Commit Graph

49 Commits

Author SHA1 Message Date
ru
acf39e5db0 Fixed the misplaced $FreeBSD$. 2005-02-09 18:07:17 +00:00
ru
21331566c5 Added the EXIT STATUS section where appropriate. 2005-01-17 07:44:44 +00:00
ru
2a083bdb25 Fixed display type. 2005-01-15 12:26:29 +00:00
ru
5c36e4ee65 Reapply traditionally lost fixes, fixed some more.
This manpage needs an English clenup.
2004-06-05 20:22:15 +00:00
ume
5ebe90b6c8 check if the null encryption is supported or not.
Requested by:	bms
Obtained from:	KAME
2004-05-13 15:46:28 +00:00
bms
0f0c91f8a6 Fix regression in setkey whereby parser would fail to recognise tcp as
both a security protocol and an upper level protocol for encapsulation.

PR:		bin/63616
Submitted by:	ume@
2004-03-31 18:38:02 +00:00
bde
71f4d3aee0 Fixed mispellings of '\0' as NULL. 2004-03-11 11:41:54 +00:00
bms
20570d493e Initial import of RFC 2385 (TCP-MD5) digest support.
This is the second of two commits; bring in the userland support to finish.

Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.

Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.

Sponsored by:	sentex.net
2004-02-11 04:34:34 +00:00
ume
d872f32a68 enable aes-xcbc-mac and aes-ctr, again. 2003-11-10 10:39:14 +00:00
ume
dae00f60dc - do hexdump on send. set length field properly
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
  is specified.
- changed the syntax how to define a policy of a ICMPv6 type and/or a
  code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none;
- random cleanup in parser.
- use yyfatal, or return -1 after yyerror.
- deal with strdup() failure.
- permit scope notation in policy string (-P
  esp/tunnel/foo%scope-bar%scope/use)
- simplify /prefix and [port].
- g/c some unused symbols.

Obtained from:	KAME
2003-11-05 09:47:54 +00:00
ume
b8da492cd0 - style
- rename variable
- use strlcpy
- const'fy

Obtained from:	KAME
2003-10-17 11:43:44 +00:00
ume
f4517f9a06 - support AES counter mode for ESP.
- use size_t as return type of schedlen(), as there's no error
  check needed.
- clear key schedule buffer before freeing.

Obtained from:	KAME
2003-10-13 14:57:41 +00:00
ume
7dd5a14621 - support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8

Obtained from:	KAME
2003-10-13 04:54:51 +00:00
ume
c9ac7566f1 - RIPEMD160 support
- pass size arg to ah->result (avoid assuming result buffer size)

Obtained from:	KAME
2003-10-12 09:41:42 +00:00
sumikawa
8e30ef90ad Use NI_xxx macros.
Obtained from:	KAME
MFC after:	1 week
2003-04-16 09:53:29 +00:00
schweikh
c353aec149 Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
schweikh
2505bee728 english(4) police. 2002-12-27 12:15:40 +00:00
fenner
2c90faf535 Fix spacing for -P (policy) examples. 2002-07-27 21:06:06 +00:00
blackend
d25d2c98c9 s/IPSEC/IPsec according to RFCs
PR:		in part docs/38668
Reviewed by:	charnier
MFC after:	10 days
2002-07-23 08:38:03 +00:00
charnier
90baea60d8 The .Nm utility 2002-07-14 14:47:15 +00:00
ume
d37ff8d07d Don't install scriptdump which is written in Perl. This is
corresponding to removal of Perl from base system.
2002-05-16 15:44:08 +00:00
ru
9174553bc8 mdoc(7) police: protect trailing full stops of abbreviations
with a trailing zero-width space: `e.g.\&'.
2001-08-10 13:45:36 +00:00
sheldonh
a10ed321dd can not -> cannot 2001-08-08 18:32:06 +00:00
ru
09d142dfd5 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
ume
bba85c595a printed current sequence number of the SA. accordingly, changed
into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure.  Also the output of setkey is changed.  sequence number
of the sadb is replaced to the end of the output.

Obtained from:	KAME
2001-08-06 19:40:01 +00:00
obrien
4b92fa588b Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.
2001-07-20 06:20:32 +00:00
dd
7d1013753f Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
ru
884f4c52f0 mdoc(7) police: sort SEE ALSO xrefs (sort -b -f +2 -3 +1 -2). 2001-07-06 16:46:48 +00:00
ume
0a280413cc Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
brian
3e2f3351c6 Allow `ip4'' as an `upperspec'' value, and update the man
page with *all* the permissible values.

This should really be spelt ipencap (as /etc/protocols does),
but a precedent has already been set by the ipproto array in
setkey.c.

It would be nice if /etc/protocols was parsed for the upperspec
field, but I don't do yacc/lex...

This change allows policies that only encrypt the encapsulated
packets passing between the endpoints of a gif tunnel.  Setting
such a policy means that you can still talk directly (and
unencrypted) between the public IP numbers with (say) ssh.

MFC after:	1 week
2001-05-17 15:30:49 +00:00
ru
1db489053b mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
ru
2ac87222ba beforeinstall -> SCRIPTS. 2001-04-07 11:21:35 +00:00
ru
b15a893144 - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:42:20 +00:00
ru
42350947e7 Set the default manual section for usr.sbin/ to 8. 2001-03-20 18:17:26 +00:00
ru
606eb8b7a4 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:44:04 +00:00
ben
bc4e0ca581 Minor layout fixes.
PR:		24004
Submitted by:	Jimmy Olgeni <olgeni@uli.it>
2001-01-01 23:30:51 +00:00
obrien
81f987433a Change the spelling of .' to .' from .OBJDIR since `.' really is where
generated files land.  Also give precedence to generated files.
2000-12-05 22:10:43 +00:00
obrien
e34517e29d The GCC 2.96 snapshots have slightly different rules for finding include
files.  Mostly -I${.CURDIR} was needed -- especially for YACC generated
files as the new cpp does not look in the ultimate source file
(ie, the .y file)'s directory as told by the "#line" directive.  Some were
misspellings of "-I${.CURDIR}" as "-I.".
2000-12-01 09:39:28 +00:00
ru
c3189e713e mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
itojun
933a5c57b3 synchronize with latest kame tree.
behavior change: policy syntax was changed.  you may need to update your
setkey(8) configuration files.
2000-07-04 16:22:05 +00:00
hoek
3b00c204d9 Typo: "ealgo" -> "aalgo"
PR:		docs/18547 (OKAZAKI Tetsurou <okazaki@be.to>)
2000-05-15 14:16:30 +00:00
phantom
c4211e84ab Fix typo
Noticed by:	hoek
2000-05-06 14:20:07 +00:00
phantom
606061f18e . clear `.Os' macro value since this tool is not KAME only anymore
. add integration note
2000-05-01 14:57:04 +00:00
bde
790c9b68cc Fixed missing DPADDs.
Fixed style bug for LDADD (don't use += for initial definitions).
2000-03-27 16:40:59 +00:00
shin
279f008fa7 Add missing end of semi colon of an example setkey command.
Submitted by: kuriyama
2000-03-13 01:38:46 +00:00
shin
b37e836085 Typo fix. s/SAD/SPD/.
Specified by: jdp
2000-03-12 19:56:30 +00:00
sheldonh
840cf958b8 Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 14:09:25 +00:00
shin
7666c88382 Change IPv6 scoped addr format again based on recent standard discussion.
Sorry for the flapping, but no change will be done for 4.0 anymore.
Official standard will be published around April or later.
If different format would be adopted at that time, then support for
the new format will be added to the succeeding FreeBSD 4.x.

Approved by: jkh
2000-02-19 16:10:16 +00:00
shin
268d3bca4c libipsec and IPsec related apps. (and some KAME related man pages)
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
2000-01-06 12:40:54 +00:00