fast ipsec protocols

1 files changed, 105 insertions, 0 deletions

diff --git a/share/man/man4/fast_ipsec.4 b/share/man/man4/fast_ipsec.4
new file mode 100644
index 0000000..ae20129
--- /dev/null
+++ b/share/man/man4/fast_ipsec.4
@@ -0,0 +1,105 @@
+.\" Copyright (c) 2003
+.\"	Sam Leffler <sam@errno.com>. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by Bill Paul.
+.\" 4. Neither the name of the author nor the names of any co-contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"   without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY Sam Leffler AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+.\" THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd January 20, 2003
+.Dt FAST_IPSEC 4
+.Os
+.Sh NAME
+.Nm "Fast IPsec"
+.Nd Hardware-accelerated IP Security Protocols
+.Sh SYNOPSIS
+.Cd "options FAST_IPSEC"
+.Cd "device crypto"
+.Pp
+.Cd net.inet.esp.enable
+.Cd net.inet.ah.enable
+.Cd net.inet.ipcomp.enable
+.El
+.Sh DESCRIPTION
+.Tn IPsec
+is a set of protocols,
+.Tn ESP
+(for Encapsulating Security Payload)
+.Tn AH
+(for Authentication Header),
+and
+.Tn IPComp
+(for IP Payload Compression Protocol)
+that provide security services for IP datagrams.
+.Tn Fast IPsec
+is an experimental implementation of these protocols that uses the
+.Xr crypto 4
+subsystem to carry out cryptographic operations.
+This means, in particular, that cryptograph hardware devices are
+employed whenever possible to optimize the performance of these protocols.
+.Pp
+In general the
+.Tn Fast IPsec
+implementation is intended to be compatible with the
+KAME
+.Tn IPsec
+implementation.
+This documentation concentrates on differences from that software.
+The user should refer to
+.Xr ipsec 4
+for basic information on setting up and using these protocols.
+.Pp
+System configuration requires the crypto subsystem.
+When the
+.Tn Fast IPsec
+protocols are configured for use all protocols are included in the system.
+To selectively enable/disable protocols use
+.Xr sysctl 8 .
+.Sh DIAGNOSTICS
+To be added.
+.Sh BUGS
+There is presently no support for IPv6.
+The IPcomp protocol support does not work.
+Certain legacy authentication algorithms are not supported because of
+issues with the crypto subsystem.
+This documentation is incomplete.
+.Sh SEE ALSO
+.Xr ipsec 4 ,
+.Xr setkey 8 ,
+.Xr sysctl 8
+.Sh HISTORY
+The protocols draw heavily on the OpenBSD implementation of the
+.Tn IPsec
+protocols.
+The policy management code is derived from the KAME implementation found
+in their
+.Tn IPsec
+protocols.
+The
+.Tn Fast IPsec
+protocols first appeared in
+.Fx 5.0 .