Allow ``ip4'' as an ``upperspec'' value, and update the man

page with *all* the permissible values. This should really be spelt ipencap (as /etc/protocols does), but a precedent has already been set by the ipproto array in setkey.c. It would be nice if /etc/protocols was parsed for the upperspec field, but I don't do yacc/lex... This change allows policies that only encrypt the encapsulated packets passing between the endpoints of a gif tunnel. Setting such a policy means that you can still talk directly (and unencrypted) between the public IP numbers with (say) ssh. MFC after: 1 week
author: brian <brian@FreeBSD.org> 2001-05-17 15:30:49 +0000
committer: brian <brian@FreeBSD.org> 2001-05-17 15:30:49 +0000
commit: 8ed702383fb71581fa139a8a70b92984f6b9ba38 (patch)
tree: 5ad413386f45e25c8c44635dac76b213f2373fb8 /usr.sbin/setkey/setkey.8
parent: 1ea506c6d50714fd6bf6e73f85fe3a892dcdd2f1 (diff)
download: FreeBSD-src-8ed702383fb71581fa139a8a70b92984f6b9ba38.zip
FreeBSD-src-8ed702383fb71581fa139a8a70b92984f6b9ba38.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/usr.sbin/setkey/setkey.8 b/usr.sbin/setkey/setkey.8
index 3bfcada..7921800 100644
--- a/usr.sbin/setkey/setkey.8
+++ b/usr.sbin/setkey/setkey.8
@@ -366,6 +366,9 @@ They must be in numeric form.
 .It Ar upperspec
 Upper-layer protocol to be used.
 Currently
+.Li icmp ,
+.Li icmp6 ,
+.Li ip4 ,
 .Li tcp ,
 .Li udp
 and
author	brian <brian@FreeBSD.org>	2001-05-17 15:30:49 +0000
committer	brian <brian@FreeBSD.org>	2001-05-17 15:30:49 +0000
commit	8ed702383fb71581fa139a8a70b92984f6b9ba38 (patch)
tree	5ad413386f45e25c8c44635dac76b213f2373fb8 /usr.sbin/setkey/setkey.8
parent	1ea506c6d50714fd6bf6e73f85fe3a892dcdd2f1 (diff)
download	FreeBSD-src-8ed702383fb71581fa139a8a70b92984f6b9ba38.zip FreeBSD-src-8ed702383fb71581fa139a8a70b92984f6b9ba38.tar.gz