freebsd-dev/sbin/setkey
Andrey V. Elsukov 4e0e8f3107 Add large replay widow support to setkey(8) and libipsec.
When the replay window size is large than UINT8_MAX, add to the request
the SADB_X_EXT_SA_REPLAY extension header that was added in r309144.

Also add support of SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
SADB_X_EXT_SA_REPLAY, SADB_X_EXT_NEW_ADDRESS_SRC, SADB_X_EXT_NEW_ADDRESS_DST
extension headers to the key_debug that is used by `setkey -x`.

Modify kdebug_sockaddr() to use inet_ntop() for IP addresses formatting.
And modify kdebug_sadb_x_policy() to show policy scope and priority.

Reviewed by:	gnn, Emeric Poupon
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D10375
2017-04-13 14:44:17 +00:00
..
Makefile Add large replay widow support to setkey(8) and libipsec. 2017-04-13 14:44:17 +00:00
Makefile.depend
parse.y Add large replay widow support to setkey(8) and libipsec. 2017-04-13 14:44:17 +00:00
sample.cf
scriptdump.pl
setkey.8 Make setkey(8) more clear about anti-replay window size option semantics. 2017-04-09 15:17:55 +00:00
setkey.c Introduce the concept of IPsec security policies scope. 2017-03-07 00:13:53 +00:00
test-pfkey.c
test-policy.c Use nitems() from sys/param.h. 2016-04-19 09:43:51 +00:00
token.l
vchar.h