summaryrefslogtreecommitdiffstats
path: root/usr.sbin/setkey/parse.y
Commit message (Collapse)AuthorAgeFilesLines
* check if the null encryption is supported or not.ume2004-05-131-1/+11
| | | | | Requested by: bms Obtained from: KAME
* Fix regression in setkey whereby parser would fail to recognise tcp asbms2004-03-311-0/+1
| | | | | | | both a security protocol and an upper level protocol for encapsulation. PR: bin/63616 Submitted by: ume@
* Initial import of RFC 2385 (TCP-MD5) digest support.bms2004-02-111-4/+13
| | | | | | | | | | | | | | This is the second of two commits; bring in the userland support to finish. Teach libipsec and setkey about the tcp-md5 class of security associations, thus allowing administrators to add per-host keys to the SADB for use by the tcpsignature_compute() function. Document that a single SPI must be used until such time as the code which adds support to the SPD to specify flows for tcp-md5 treatment is suitable for production. Sponsored by: sentex.net
* - do hexdump on send. set length field properlyume2003-11-051-534/+848
| | | | | | | | | | | | | | | | | - check for encryption/authentication key together with algorithm. - warned if a deprecated encryption algorithm (that includes "simple") is specified. - changed the syntax how to define a policy of a ICMPv6 type and/or a code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none; - random cleanup in parser. - use yyfatal, or return -1 after yyerror. - deal with strdup() failure. - permit scope notation in policy string (-P esp/tunnel/foo%scope-bar%scope/use) - simplify /prefix and [port]. - g/c some unused symbols. Obtained from: KAME
* Sync with recent KAME.ume2001-06-111-27/+58
| | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
* synchronize with latest kame tree.itojun2000-07-041-158/+273
| | | | | behavior change: policy syntax was changed. you may need to update your setkey(8) configuration files.
* libipsec and IPsec related apps. (and some KAME related man pages)shin2000-01-061-0/+787
Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
OpenPOWER on IntegriCloud