| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the second of two commits; bring in the userland support to finish.
Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.
Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.
Sponsored by: sentex.net
|
|
|
|
|
|
|
|
|
|
| |
- fixed a length of the sadb extension in the case of pfkey_send_x5().
- used getprotobynumber() for printing a upper layer protocol name.
- modified the output format against the change of the setkey syntax
about a icmp6 type/code.
- don't enumerate reserved fields. use memset.
Obtained from: KAME
|
|
|
|
|
|
| |
- use %u for unsigned variable.
Obtained from: KAME
|
|
|
|
| |
Obtained from: KAME
|
|
|
|
|
|
|
|
| |
- use size_t as return type of schedlen(), as there's no error
check needed.
- clear key schedule buffer before freeing.
Obtained from: KAME
|
|
|
|
|
|
| |
- correct SADB_X_AALG_RIPEMD160HMAC to 8
Obtained from: KAME
|
|
|
|
|
|
| |
- pass size arg to ah->result (avoid assuming result buffer size)
Obtained from: KAME
|
| |
|
| |
|
|
|
|
|
|
| |
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.
|
|
|
|
|
| |
Pointed out by: nectar
MFC after: 1 week
|
|
|
|
|
| |
Obtained from: KAME
MFC after: 1 week
|
| |
|
| |
|
|
|
|
| |
especially in troff files.
|
| |
|
| |
|
|
|
|
|
|
|
| |
(based on freebsd4-snap-20020128)
Reviewed by: ume
MFC after: 1 week
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
|
|
|
|
|
|
|
|
| |
into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure. Also the output of setkey is changed. sequence number
of the sadb is replaced to the end of the output.
Obtained from: KAME
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
|
| |
|
| |
|
|
|
|
|
| |
PR: 24005
Submitted by: Jimmy Olgeni <olgeni@uli.it>
|
|
|
|
| |
generated files land. Also give precedence to generated files.
|
|
|
|
|
|
|
| |
files. Mostly -I${.CURDIR} was needed -- especially for YACC generated
files as the new cpp does not look in the ultimate source file
(ie, the .y file)'s directory as told by the "#line" directive. Some were
misspellings of "-I${.CURDIR}" as "-I.".
|
|
|
|
|
| |
behavior change: policy syntax was changed. you may need to update your
setkey(8) configuration files.
|
|
|
|
| |
Noticed by: hoek
|
|
|
|
|
|
| |
. replace .Os value with empty value since this library is not KAME only
anymore
. add a note about IPv6 and IPsec integration to the FreeBSD
|
|
|
|
|
|
| |
. replace .Po/.Pc pairs with .Pq
. remove some unneeded comments
. .Lb-ify
|
| |
|
|
|
|
| |
(Sorry, this should be committed with previous commit to Makefile.)
|
|
|
|
| |
Suggested by: bruce
|
|
|
|
| |
the world build.
|
|
|
|
|
|
| |
it cause building world failure.
Specified by: Nickolay Dudorov <nnd@mail.nsk.ru>
|
|
|
|
| |
Fixed style bug for LDADD (don't use += for variables defined only once).
|
|
|
|
|
|
|
|
|
|
| |
Without this, kernel will panic at getsockopt() of IPSEC_POLICY.
Also make compilable libipsec/test-policy.c which tries getsockopt() of
IPSEC_POLICY.
Approved by: jkh
Submitted by: sakane@kame.net
|
|
|
|
|
| |
PR: docs/16995
Submitted by: Benno Rice <benno@netizen.com.au>
|
|
|
|
|
|
|
|
|
| |
Sorry for the flapping, but no change will be done for 4.0 anymore.
Official standard will be published around April or later.
If different format would be adopted at that time, then support for
the new format will be added to the succeeding FreeBSD 4.x.
Approved by: jkh
|
|
|
|
|
|
|
|
|
| |
When libipsec library is created, no SHLIB numbers are
specified in the Makefile. Then the library version was set
to 2.(by default?)
So change it to 0.
For now it should not be problem, because the contents are same.
I'll also prepare an entry for UPDATING.
|
| |
|
| |
|
|
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|