summaryrefslogtreecommitdiffstats
path: root/sbin/setkey/parse.y
Commit message (Collapse)AuthorAgeFilesLines
* MFC r286143:Luiz Otavio O Souza2015-10-201-0/+23
| | | | | | | | | | | | Add support for keys that include 4 byte SALT values, including GCM and ICM/CTR modes for AES. Reviewed by: jmg MFC after: 1 week Sponsored by: Rubicon Communications (Netgate) TAG: IPSEC-HEAD Issue: #4841
* o Allow setkey(8) to recognize esp as a protocoal name for spdadd.maxim2008-01-121-0/+1
| | | | | | PR: bin/107392 Submitted by: Eugene Grosbein MFC after: 1 month
* Cleanup of userland __P usekevlo2007-11-071-19/+19
|
* Commit IPv6 support for FAST_IPSEC to the tree.gnn2007-07-011-2/+2
| | | | | | | | This commit includes all remaining changes for the time being including user space updates. Submitted by: bz Approved by: re
* fixed a crush when either -lh or -ls option is used.ume2005-10-131-3/+3
| | | | Obtained from: KAME
* check if the null encryption is supported or not.ume2004-05-131-1/+11
| | | | | Requested by: bms Obtained from: KAME
* Fix regression in setkey whereby parser would fail to recognise tcp asbms2004-03-311-0/+1
| | | | | | | both a security protocol and an upper level protocol for encapsulation. PR: bin/63616 Submitted by: ume@
* Initial import of RFC 2385 (TCP-MD5) digest support.bms2004-02-111-4/+13
| | | | | | | | | | | | | | This is the second of two commits; bring in the userland support to finish. Teach libipsec and setkey about the tcp-md5 class of security associations, thus allowing administrators to add per-host keys to the SADB for use by the tcpsignature_compute() function. Document that a single SPI must be used until such time as the code which adds support to the SPD to specify flows for tcp-md5 treatment is suitable for production. Sponsored by: sentex.net
* - do hexdump on send. set length field properlyume2003-11-051-534/+848
| | | | | | | | | | | | | | | | | - check for encryption/authentication key together with algorithm. - warned if a deprecated encryption algorithm (that includes "simple") is specified. - changed the syntax how to define a policy of a ICMPv6 type and/or a code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none; - random cleanup in parser. - use yyfatal, or return -1 after yyerror. - deal with strdup() failure. - permit scope notation in policy string (-P esp/tunnel/foo%scope-bar%scope/use) - simplify /prefix and [port]. - g/c some unused symbols. Obtained from: KAME
* Sync with recent KAME.ume2001-06-111-27/+58
| | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
* synchronize with latest kame tree.itojun2000-07-041-158/+273
| | | | | behavior change: policy syntax was changed. you may need to update your setkey(8) configuration files.
* libipsec and IPsec related apps. (and some KAME related man pages)shin2000-01-061-0/+787
Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
OpenPOWER on IntegriCloud