diff options
author | bms <bms@FreeBSD.org> | 2004-02-11 04:34:34 +0000 |
---|---|---|
committer | bms <bms@FreeBSD.org> | 2004-02-11 04:34:34 +0000 |
commit | 9ce9891eda27e795842235191242d30adbed875f (patch) | |
tree | a0a78792b610ea5a9a0f7dfb08f47c3816efb276 /sbin/setkey/token.l | |
parent | 903cdeea1a6d0c99fecc1d8aeeab65bdfbab46d7 (diff) | |
download | FreeBSD-src-9ce9891eda27e795842235191242d30adbed875f.zip FreeBSD-src-9ce9891eda27e795842235191242d30adbed875f.tar.gz |
Initial import of RFC 2385 (TCP-MD5) digest support.
This is the second of two commits; bring in the userland support to finish.
Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.
Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.
Sponsored by: sentex.net
Diffstat (limited to 'sbin/setkey/token.l')
-rw-r--r-- | sbin/setkey/token.l | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l index f065fd3..9bea6ae 100644 --- a/sbin/setkey/token.l +++ b/sbin/setkey/token.l @@ -139,6 +139,7 @@ esp { yylval.num = 0; return(PR_ESP); } ah-old { yylval.num = 1; return(PR_AH); } esp-old { yylval.num = 1; return(PR_ESP); } ipcomp { yylval.num = 0; return(PR_IPCOMP); } +tcp { yylval.num = 0; return(PR_TCP); } /* authentication alogorithm */ {hyphen}A { BEGIN S_AUTHALG; return(F_AUTH); } @@ -151,6 +152,7 @@ ipcomp { yylval.num = 0; return(PR_IPCOMP); } <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); } <S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); } <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); } +<S_AUTHALG>tcp-md5 { yylval.num = SADB_X_AALG_TCP_MD5; BEGIN INITIAL; return(ALG_AUTH); } <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); } /* encryption alogorithm */ |