Commit Graph

15 Commits

Author SHA1 Message Date
bms
9ce9891eda Initial import of RFC 2385 (TCP-MD5) digest support.
This is the second of two commits; bring in the userland support to finish.

Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.

Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.

Sponsored by:	sentex.net
2004-02-11 04:34:34 +00:00
ume
1b0d2b237e - plug memory leak.
- fixed a length of the sadb extension in the case of pfkey_send_x5().
- used getprotobynumber() for printing a upper layer protocol name.
- modified the output format against the change of the setkey syntax
  about a icmp6 type/code.
- don't enumerate reserved fields.  use memset.

Obtained from:	KAME
2003-11-05 09:41:23 +00:00
ume
5d571f04bf - errx() doesn't need `\n'.
- use %u for unsigned variable.

Obtained from:	KAME
2003-10-26 12:00:27 +00:00
ume
bf741bc603 stop use of NI_WITHSCOPEID. it was deprecated.
Obtained from:	KAME
2003-10-21 20:11:47 +00:00
ume
fd41336ef5 - support AES counter mode for ESP.
- use size_t as return type of schedlen(), as there's no error
  check needed.
- clear key schedule buffer before freeing.

Obtained from:	KAME
2003-10-13 14:57:41 +00:00
ume
de427fb9bf - support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8

Obtained from:	KAME
2003-10-13 04:54:51 +00:00
ume
2da6bcd326 - RIPEMD160 support
- pass size arg to ah->result (avoid assuming result buffer size)

Obtained from:	KAME
2003-10-12 09:41:42 +00:00
sumikawa
c48484a7fe Buffer size is not enough in the previous commit. Use 128.
Pointed out by:	nectar
MFC after:	1 week
2003-04-17 07:20:00 +00:00
sumikawa
dea571d781 Make character buffer more bigger.
Obtained from:	KAME
MFC after:	1 week
2003-04-16 11:21:12 +00:00
obrien
fd9d7ac0ed Remove __P() usage. 2002-03-21 23:54:04 +00:00
dillon
06293dece1 Add __FBSDID()s to libipsec 2001-09-30 21:43:45 +00:00
ume
840f9b9d5f printed current sequence number of the SA. accordingly, changed
into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure.  Also the output of setkey is changed.  sequence number
of the sadb is replaced to the end of the output.

Obtained from:	KAME
2001-08-06 19:40:01 +00:00
ume
832f8d2249 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
itojun
0bbd943f40 synchronize with latest kame tree.
behavior change: policy syntax was changed.  you may need to update your
setkey(8) configuration files.
2000-07-04 16:22:05 +00:00
shin
9b5932fc47 libipsec and IPsec related apps. (and some KAME related man pages)
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
2000-01-06 12:40:54 +00:00