Initial import of RFC 2385 (TCP-MD5) digest support.

This is the second of two commits; bring in the userland support to finish.

Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.

Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.

Sponsored by:	sentex.net

1 files changed, 2 insertions, 0 deletions

diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l
index f065fd3..9bea6ae 100644
--- a/sbin/setkey/token.l
+++ b/sbin/setkey/token.l
@@ -139,6 +139,7 @@ esp		{ yylval.num = 0; return(PR_ESP); }
 ah-old		{ yylval.num = 1; return(PR_AH); }
 esp-old		{ yylval.num = 1; return(PR_ESP); }
 ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
+tcp		{ yylval.num = 0; return(PR_TCP); }
 
 	/* authentication alogorithm */
 {hyphen}A	{ BEGIN S_AUTHALG; return(F_AUTH); }
@@ -151,6 +152,7 @@ ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
 <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>tcp-md5	{ yylval.num = SADB_X_AALG_TCP_MD5; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
 
 	/* encryption alogorithm */