| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This will allow for NFS mount of /usr over IPsec.
Discussed on: arch@
|
| |
|
| |
|
| |
|
|
|
|
| |
This manpage needs an English clenup.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the second of two commits; bring in the userland support to finish.
Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.
Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.
Sponsored by: sentex.net
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
is specified.
- changed the syntax how to define a policy of a ICMPv6 type and/or a
code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none;
- random cleanup in parser.
- use yyfatal, or return -1 after yyerror.
- deal with strdup() failure.
- permit scope notation in policy string (-P
esp/tunnel/foo%scope-bar%scope/use)
- simplify /prefix and [port].
- g/c some unused symbols.
Obtained from: KAME
|
|
|
|
|
|
|
|
| |
- use size_t as return type of schedlen(), as there's no error
check needed.
- clear key schedule buffer before freeing.
Obtained from: KAME
|
|
|
|
|
|
| |
- correct SADB_X_AALG_RIPEMD160HMAC to 8
Obtained from: KAME
|
|
|
|
|
|
| |
- pass size arg to ah->result (avoid assuming result buffer size)
Obtained from: KAME
|
|
|
|
| |
especially in troff files.
|
| |
|
| |
|
|
|
|
|
|
| |
PR: in part docs/38668
Reviewed by: charnier
MFC after: 10 days
|
| |
|
|
|
|
| |
with a trailing zero-width space: `e.g.\&'.
|
| |
|
|
|
|
|
|
|
| |
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
page with *all* the permissible values.
This should really be spelt ipencap (as /etc/protocols does),
but a precedent has already been set by the ipproto array in
setkey.c.
It would be nice if /etc/protocols was parsed for the upperspec
field, but I don't do yacc/lex...
This change allows policies that only encrypt the encapsulated
packets passing between the endpoints of a gif tunnel. Setting
such a policy means that you can still talk directly (and
unencrypted) between the public IP numbers with (say) ssh.
MFC after: 1 week
|
| |
|
| |
|
|
|
|
|
| |
PR: 24004
Submitted by: Jimmy Olgeni <olgeni@uli.it>
|
| |
|
|
|
|
|
| |
behavior change: policy syntax was changed. you may need to update your
setkey(8) configuration files.
|
|
|
|
| |
PR: docs/18547 (OKAZAKI Tetsurou <okazaki@be.to>)
|
|
|
|
| |
Noticed by: hoek
|
|
|
|
| |
. add integration note
|
|
|
|
| |
Submitted by: kuriyama
|
|
|
|
| |
Specified by: jdp
|
|
|
|
|
| |
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
|
|
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|