freebsd-dev/lib/libipsec
Andrey V. Elsukov 4e0e8f3107 Add large replay widow support to setkey(8) and libipsec.
When the replay window size is large than UINT8_MAX, add to the request
the SADB_X_EXT_SA_REPLAY extension header that was added in r309144.

Also add support of SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
SADB_X_EXT_SA_REPLAY, SADB_X_EXT_NEW_ADDRESS_SRC, SADB_X_EXT_NEW_ADDRESS_DST
extension headers to the key_debug that is used by `setkey -x`.

Modify kdebug_sockaddr() to use inet_ntop() for IP addresses formatting.
And modify kdebug_sadb_x_policy() to show policy scope and priority.

Reviewed by:	gnn, Emeric Poupon
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D10375
2017-04-13 14:44:17 +00:00
..
ipsec_dump_policy.c Add a missing break in the TCP case. 2014-04-17 10:27:18 +00:00
ipsec_get_policylen.c
ipsec_set_policy.3
ipsec_strerror.3 - change "is is" to "is" or "it is" 2011-10-16 14:30:28 +00:00
ipsec_strerror.c
ipsec_strerror.h
libpfkey.h
Makefile Fix two CURDIR references in comments that should be SRCTOP 2017-03-12 18:59:05 +00:00
Makefile.depend DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
pfkey_dump.c Introduce the concept of IPsec security policies scope. 2017-03-07 00:13:53 +00:00
pfkey.c Add large replay widow support to setkey(8) and libipsec. 2017-04-13 14:44:17 +00:00
policy_parse.y remove redundant yyparse declarations 2012-12-05 20:28:44 +00:00
policy_token.l Improve compatibility with recent flex from flex.sourceforge.net. 2013-05-03 23:51:32 +00:00
test-policy.c Make this more compilable. 2013-03-15 09:19:19 +00:00