Allow `ip4'' as an `upperspec'' value, and update the man

page with *all* the permissible values.

This should really be spelt ipencap (as /etc/protocols does),
but a precedent has already been set by the ipproto array in
setkey.c.

It would be nice if /etc/protocols was parsed for the upperspec
field, but I don't do yacc/lex...

This change allows policies that only encrypt the encapsulated
packets passing between the endpoints of a gif tunnel.  Setting
such a policy means that you can still talk directly (and
unencrypted) between the public IP numbers with (say) ssh.

MFC after:	1 week

sbin/setkey/setkey.8

@@ -366,6 +366,9 @@ They must be in numeric form.
 .It Ar upperspec
 Upper-layer protocol to be used.
 Currently
+.Li icmp ,
+.Li icmp6 ,
+.Li ip4 ,
 .Li tcp ,
 .Li udp
 and

sbin/setkey/token.l

@@ -200,6 +200,7 @@ nocyclic-seq	{ PREPROC; return(NOCYCLICSEQ); }
 	/* upper layer protocols */
 icmp		{ PREPROC; yylval.num = IPPROTO_ICMP; return(UP_PROTO); }
 icmp6		{ PREPROC; yylval.num = IPPROTO_ICMPV6; return(UP_PROTO); }
+ip4		{ PREPROC; yylval.num = IPPROTO_IPV4; return(UP_PROTO); }
 tcp		{ PREPROC; yylval.num = IPPROTO_TCP; return(UP_PROTO); }
 udp		{ PREPROC; yylval.num = IPPROTO_UDP; return(UP_PROTO); }
 

usr.sbin/setkey/setkey.8

@@ -366,6 +366,9 @@ They must be in numeric form.
 .It Ar upperspec
 Upper-layer protocol to be used.
 Currently
+.Li icmp ,
+.Li icmp6 ,
+.Li ip4 ,
 .Li tcp ,
 .Li udp
 and

usr.sbin/setkey/token.l

@@ -200,6 +200,7 @@ nocyclic-seq	{ PREPROC; return(NOCYCLICSEQ); }
 	/* upper layer protocols */
 icmp		{ PREPROC; yylval.num = IPPROTO_ICMP; return(UP_PROTO); }
 icmp6		{ PREPROC; yylval.num = IPPROTO_ICMPV6; return(UP_PROTO); }
+ip4		{ PREPROC; yylval.num = IPPROTO_IPV4; return(UP_PROTO); }
 tcp		{ PREPROC; yylval.num = IPPROTO_TCP; return(UP_PROTO); }
 udp		{ PREPROC; yylval.num = IPPROTO_UDP; return(UP_PROTO); }