freebsd-nq/lib/libipsec
Andrey V. Elsukov 4e0e8f3107 Add large replay widow support to setkey(8) and libipsec.
When the replay window size is large than UINT8_MAX, add to the request
the SADB_X_EXT_SA_REPLAY extension header that was added in r309144.

Also add support of SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
SADB_X_EXT_SA_REPLAY, SADB_X_EXT_NEW_ADDRESS_SRC, SADB_X_EXT_NEW_ADDRESS_DST
extension headers to the key_debug that is used by `setkey -x`.

Modify kdebug_sockaddr() to use inet_ntop() for IP addresses formatting.
And modify kdebug_sadb_x_policy() to show policy scope and priority.

Reviewed by:	gnn, Emeric Poupon
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D10375
2017-04-13 14:44:17 +00:00
..
ipsec_dump_policy.c
ipsec_get_policylen.c
ipsec_set_policy.3
ipsec_strerror.3
ipsec_strerror.c
ipsec_strerror.h
libpfkey.h
Makefile Fix two CURDIR references in comments that should be SRCTOP 2017-03-12 18:59:05 +00:00
Makefile.depend
pfkey_dump.c Introduce the concept of IPsec security policies scope. 2017-03-07 00:13:53 +00:00
pfkey.c Add large replay widow support to setkey(8) and libipsec. 2017-04-13 14:44:17 +00:00
policy_parse.y
policy_token.l
test-policy.c