Initial import of RFC 2385 (TCP-MD5) digest support.

This is the second of two commits; bring in the userland support to finish. Teach libipsec and setkey about the tcp-md5 class of security associations, thus allowing administrators to add per-host keys to the SADB for use by the tcpsignature_compute() function. Document that a single SPI must be used until such time as the code which adds support to the SPD to specify flows for tcp-md5 treatment is suitable for production. Sponsored by: sentex.net
author: bms <bms@FreeBSD.org> 2004-02-11 04:34:34 +0000
committer: bms <bms@FreeBSD.org> 2004-02-11 04:34:34 +0000
commit: 9ce9891eda27e795842235191242d30adbed875f (patch)
tree: a0a78792b610ea5a9a0f7dfb08f47c3816efb276 /lib/libipsec/policy_token.l
parent: 903cdeea1a6d0c99fecc1d8aeeab65bdfbab46d7 (diff)
download: FreeBSD-src-9ce9891eda27e795842235191242d30adbed875f.zip
FreeBSD-src-9ce9891eda27e795842235191242d30adbed875f.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/libipsec/policy_token.l b/lib/libipsec/policy_token.l
index ced57b3..f957569 100644
--- a/lib/libipsec/policy_token.l
+++ b/lib/libipsec/policy_token.l
@@ -97,6 +97,7 @@ entrust		{ yylval.num = IPSEC_POLICY_ENTRUST; return(ACTION); }
 esp		{ yylval.num = IPPROTO_ESP; return(PROTOCOL); }
 ah		{ yylval.num = IPPROTO_AH; return(PROTOCOL); }
 ipcomp		{ yylval.num = IPPROTO_IPCOMP; return(PROTOCOL); }
+tcp		{ yylval.num = IPPROTO_TCP; return(PROTOCOL); }
 
 transport	{ yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
 tunnel		{ yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
author	bms <bms@FreeBSD.org>	2004-02-11 04:34:34 +0000
committer	bms <bms@FreeBSD.org>	2004-02-11 04:34:34 +0000
commit	9ce9891eda27e795842235191242d30adbed875f (patch)
tree	a0a78792b610ea5a9a0f7dfb08f47c3816efb276 /lib/libipsec/policy_token.l
parent	903cdeea1a6d0c99fecc1d8aeeab65bdfbab46d7 (diff)
download	FreeBSD-src-9ce9891eda27e795842235191242d30adbed875f.zip FreeBSD-src-9ce9891eda27e795842235191242d30adbed875f.tar.gz