- do hexdump on send. set length field properly

- check for encryption/authentication key together with algorithm. - warned if a deprecated encryption algorithm (that includes "simple") is specified. - changed the syntax how to define a policy of a ICMPv6 type and/or a code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none; - random cleanup in parser. - use yyfatal, or return -1 after yyerror. - deal with strdup() failure. - permit scope notation in policy string (-P esp/tunnel/foo%scope-bar%scope/use) - simplify /prefix and [port]. - g/c some unused symbols. Obtained from: KAME
author: ume <ume@FreeBSD.org> 2003-11-05 09:47:54 +0000
committer: ume <ume@FreeBSD.org> 2003-11-05 09:47:54 +0000
commit: 832d3f0af5caaf598c2d5fad02933d42fad01078 (patch)
tree: f650d6c8624acdedbc28ef079442ba99097fdba0 /sbin/setkey/sample.cf
parent: 1b0d2b237ef5dc12f3fb211efc7b75ca8569ceea (diff)
download: FreeBSD-src-832d3f0af5caaf598c2d5fad02933d42fad01078.zip
FreeBSD-src-832d3f0af5caaf598c2d5fad02933d42fad01078.tar.gz
1 files changed, 18 insertions, 18 deletions
diff --git a/sbin/setkey/sample.cf b/sbin/setkey/sample.cf
index 3318f9b..c534fa1 100644
--- a/sbin/setkey/sample.cf
+++ b/sbin/setkey/sample.cf
@@ -45,9 +45,9 @@
 #
 # At Host-A and Host-B,
 spdadd fec0::10[any] fec0::11[110] tcp -P out ipsec
-	esp/transport/fec0::10-fec0::11/use ;
+	esp/transport//use ;
 spdadd fec0::11[110] fec0::10[any] tcp -P in ipsec
-	esp/transport/fec0::11-fec0::10/use ;
+	esp/transport//use ;
 add fec0::10 fec0::11 esp 0x10001
 	-m transport
 	-E blowfish-cbc "kamekame"
@@ -112,10 +112,10 @@ add 172.16.0.2 172.16.0.1 ah-old 0x10004
 # At Gateway-A:
 spdadd fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out ipsec
 	esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require
-	ah/transport/fec0:0:0:1::1-fec0:0:0:2::1/require ;
+	ah/transport//require ;
 spdadd fec0:0:0:2::/64 fec0:0:0:1::/64 any -P in ipsec
 	esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require
-	ah/transport/fec0:0:0:2::1-fec0:0:0:1::1/require ;
+	ah/transport//require ;
 add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10001
 	-m tunnel
 	-E 3des-cbc "kamekame12341234kame1234"
@@ -146,10 +146,10 @@ add fec0:0:0:2::1 fec0:0:0:1::1 ah 0x10001
 #
 # At Host-A:
 spdadd fec0:0:0:1::1[any] fec0:0:0:2::2[80] tcp -P out ipsec
-	esp/transport/fec0:0:0:1::1-fec0:0:0:2::2/use
+	esp/transport//use
 	esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require ;
 spdadd fec0:0:0:2::1[80] fec0:0:0:1::1[any] tcp -P in ipsec
-	esp/transport/fec0:0:0:2::2-fec0:0:0:1::1/use
+	esp/transport//use
 	esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require ;
 add fec0:0:0:1::1 fec0:0:0:2::2 esp 0x10001
 	-m transport
@@ -166,10 +166,10 @@ add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004
 	-E rc5-cbc "kamekame"
 	-A hmac-md5 "this is the test" ;
 
-# By "get" command, you can get an entry of either SP or SA.
+# By "get" command, you can get a entry of either SP or SA.
 get fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ;
 
-# Also delete command, you can delete an entry of either SP or SA.
+# Also delete command, you can delete a entry of either SP or SA.
 spddelete fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out;
 delete fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ;
 
@@ -188,24 +188,24 @@ dump esp ;
 flush ah ;
 
 # XXX
-add ::1 ::1 esp 10001 -m transport -E simple ;
+add ::1 ::1 esp 10001 -m transport -E null ;
 add ::1 ::1 esp 10002 -m transport -E des-deriv "12341234" ;
 add ::1 ::1 esp-old 10003 -m transport -E des-32iv "12341234" ;
-add ::1 ::1 esp 10004 -m transport -E simple -A null ;
-add ::1 ::1 esp 10005 -m transport -E simple -A hmac-md5 "1234123412341234" ;
-add ::1 ::1 esp 10006 -m tunnel -E simple -A hmac-sha1 "12341234123412341234" ;
-add ::1 ::1 esp 10007 -m transport -E simple -A keyed-md5 "1234123412341234" ;
-add ::1 ::1 esp 10008 -m any -E simple -A keyed-sha1 "12341234123412341234" ;
+add ::1 ::1 esp 10004 -m transport -E null -A null ;
+add ::1 ::1 esp 10005 -m transport -E null -A hmac-md5 "1234123412341234" ;
+add ::1 ::1 esp 10006 -m tunnel -E null -A hmac-sha1 "12341234123412341234" ;
+add ::1 ::1 esp 10007 -m transport -E null -A keyed-md5 "1234123412341234" ;
+add ::1 ::1 esp 10008 -m any -E null -A keyed-sha1 "12341234123412341234" ;
 add ::1 ::1 esp 10009 -m transport -E des-cbc "testtest" ;
 add ::1 ::1 esp 10010 -m transport -E 3des-cbc "testtest12341234testtest" ;
 add ::1 ::1 esp 10011 -m tunnel -E cast128-cbc "testtest1234" ;
 add ::1 ::1 esp 10012 -m tunnel -E blowfish-cbc "testtest1234" ;
 add ::1 ::1 esp 10013 -m tunnel -E rc5-cbc "testtest1234" ;
 add ::1 ::1 esp 10014 -m any -E rc5-cbc "testtest1234" ;
-add ::1 ::1 esp 10015 -m transport -f zero-pad -E simple ;
-add ::1 ::1 esp 10016 -m tunnel -f random-pad -r 8 -lh 100 -ls 80 -E simple ;
-add ::1 ::1 esp 10017 -m transport -f seq-pad -f nocyclic-seq -E simple ;
-add ::1 ::1 esp 10018 -m transport -E simple ;
+add ::1 ::1 esp 10015 -m transport -f zero-pad -E null ;
+add ::1 ::1 esp 10016 -m tunnel -f random-pad -r 8 -lh 100 -ls 80 -E null ;
+add ::1 ::1 esp 10017 -m transport -f seq-pad -f nocyclic-seq -E null ;
+add ::1 ::1 esp 10018 -m transport -E null ;
 #add ::1 ::1 ah 20000 -m transport -A null ;
 add ::1 ::1 ah 20001 -m any -A hmac-md5 "1234123412341234";
 add ::1 ::1 ah 20002 -m tunnel -A hmac-sha1 "12341234123412341234";
author	ume <ume@FreeBSD.org>	2003-11-05 09:47:54 +0000
committer	ume <ume@FreeBSD.org>	2003-11-05 09:47:54 +0000
commit	832d3f0af5caaf598c2d5fad02933d42fad01078 (patch)
tree	f650d6c8624acdedbc28ef079442ba99097fdba0 /sbin/setkey/sample.cf
parent	1b0d2b237ef5dc12f3fb211efc7b75ca8569ceea (diff)
download	FreeBSD-src-832d3f0af5caaf598c2d5fad02933d42fad01078.zip FreeBSD-src-832d3f0af5caaf598c2d5fad02933d42fad01078.tar.gz