Import ipsec-tools ipsec-tools-0_6-20050224
This commit is contained in:
parent
d242353e08
commit
6159f46a8d
9
crypto/dist/ipsec-tools/ChangeLog
vendored
9
crypto/dist/ipsec-tools/ChangeLog
vendored
@ -1,3 +1,12 @@
|
||||
2005-02-24 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
* src/racoon/privsep.c: safety check port numbers given by the
|
||||
unprivilegied instance.
|
||||
* src/libipsec/libpfkey.h: prefer __inline to inline
|
||||
* src/racoon/racoonctl.8: display fixes in racoonctl(8)
|
||||
* src/racoon/{cfparse.y|cftoken.l|localconf.c|localconf.h|privsep.c}
|
||||
src/racoon/racoon.conf.5: Add chroot capability
|
||||
|
||||
2005-02-23 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
* configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
|
||||
|
2
crypto/dist/ipsec-tools/configure.ac
vendored
2
crypto/dist/ipsec-tools/configure.ac
vendored
@ -2,7 +2,7 @@ dnl -*- mode: m4 -*-
|
||||
dnl Id: configure.ac,v 1.47.2.2 2005/02/22 23:56:08 manubsd Exp
|
||||
|
||||
AC_PREREQ(2.52)
|
||||
AC_INIT(ipsec-tools, 0.6-20050223)
|
||||
AC_INIT(ipsec-tools, 0.5pre)
|
||||
AC_CONFIG_SRCDIR([configure.ac])
|
||||
AM_CONFIG_HEADER(config.h)
|
||||
|
||||
|
111
crypto/dist/ipsec-tools/netbsd-import.sh
vendored
Executable file
111
crypto/dist/ipsec-tools/netbsd-import.sh
vendored
Executable file
@ -0,0 +1,111 @@
|
||||
#! /bin/sh
|
||||
#
|
||||
# $NetBSD: netbsd-import.sh,v 1.1.1.1 2005/02/24 20:52:27 manu Exp $
|
||||
#
|
||||
# Copyright (c) 2000-2005 The NetBSD Foundation, Inc.
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
# 3. All advertising materials mentioning features or use of this software
|
||||
# must display the following acknowledgement:
|
||||
# This product includes software developed by the NetBSD
|
||||
# Foundation, Inc. and its contributors.
|
||||
# 4. Neither the name of The NetBSD Foundation nor the names of its
|
||||
# contributors may be used to endorse or promote products derived
|
||||
# from this software without specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
||||
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
||||
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
# POSSIBILITY OF SUCH DAMAGE.
|
||||
#
|
||||
# netbsd-import: prepare ipsec-tools distribution for import
|
||||
# in the NetBSD tree, under src/crypto/dist/ipsec-tools
|
||||
# Based on bind2netbsd.
|
||||
#
|
||||
# Instructions for importing a newer ipsec-tools release:
|
||||
#
|
||||
# $ tag=ipsec-tools-0_6-20050224
|
||||
# $ cd /tmp
|
||||
# $ cvs -danoncvs@cvs.sf.net:/cvsroot/ipsec-tools co -r $tag ipsec-tools
|
||||
# $ cd ipsec-tools
|
||||
# $ /usr/src/crypto/dist/ipsec-tools/netbsd-import.sh $tag `pwd` /usr/src
|
||||
# $ cvs -d`whoami`@cvs.netbsd.org:/cvsroot import -m \
|
||||
# "Import ipsec-tools $tag" src/crypto/dist/ipsec-tools \
|
||||
# IPSEC_TOOLS $tag
|
||||
# $ cd /usr/src/lib/libipsec
|
||||
# $ cvs -d`whoami`@cvs.netbsd.org:/cvsroot commit -m \
|
||||
# "update ipsec-tools version" package_version.h
|
||||
#
|
||||
|
||||
test $# -ne 3 && \
|
||||
echo "usage: netbsd-import.sh tag ipsec-tools-src netbsdsrc" && \
|
||||
exit
|
||||
|
||||
SCRIPTNAME=$0
|
||||
RELEASE=`echo $1|sed 's/^ipsec-tools-//; s/_/\./'`
|
||||
DISTSRC=$2
|
||||
NETBSDSRC=$3
|
||||
|
||||
### Remove CVS directories and .cvsignore files
|
||||
find ${DISTSRC} -type d -name CVS -print | while read d ; do \
|
||||
rm -R $d && echo "removed $d" ; \
|
||||
done
|
||||
find ${DISTSRC} -type f -name .cvsignore -print | while read f ; do \
|
||||
rm $f && echo "removed $f" ; \
|
||||
done
|
||||
|
||||
### Remove the $'s around RCS tags
|
||||
find ${DISTSRC} -type f -print | \
|
||||
xargs egrep -l '\$(Id|Created|Header)' | while read f; do
|
||||
sed -e 's/\$\(Id.*\) \$/\1/' \
|
||||
-e 's/\$\(Created.*\) \$/\1/' \
|
||||
-e 's/\$\(Header.*\) \$/\1/' \
|
||||
< $f > /tmp/ipsec1f$$ && mv /tmp/ipsec1f$$ $f && \
|
||||
echo "removed \$RCS tag from $f"
|
||||
done
|
||||
|
||||
### Add our NetBSD RCS Id
|
||||
find ${DISTSRC} -type f -name '*.[chly]' -print | while read c; do
|
||||
sed 1q < $c | grep -q '\$NetBSD' || (
|
||||
echo "/* \$NetBSD\$ */" >/tmp/ipsec3n$$
|
||||
echo "" >>/tmp/ipsec3n$$
|
||||
cat $c >> /tmp/ipsec3n$$
|
||||
mv /tmp/ipsec3n$$ $c && echo "added NetBSD RCS tag to $c"
|
||||
)
|
||||
done
|
||||
|
||||
find ${DISTSRC} -type f -name '*.[0-9]' -print | while read m; do
|
||||
sed 1q < $m | grep -q '\$NetBSD' || (
|
||||
echo ".\\\" \$NetBSD\$" >/tmp/ipsec2m$$
|
||||
echo ".\\\"" >>/tmp/ipsec2m$$
|
||||
cat $m >> /tmp/ipsec2m$$
|
||||
mv /tmp/ipsec2m$$ $m && echo "added NetBSD RCS tag to $m"
|
||||
)
|
||||
done
|
||||
|
||||
sed " \
|
||||
s/^\(#define TOP_PACKAGE_VERSION \).*/\1 \"${RELEASE}\"/; \
|
||||
s/^\(#define TOP_PACKAGE_STRING \).*/\1 \"ipsec-tools ${RELEASE}\"/;\
|
||||
" ${NETBSDSRC}/lib/libipsec/package_version.h > /tmp/ipsec5
|
||||
mv /tmp/ipsec5 ${NETBSDSRC}/lib/libipsec/package_version.h && \
|
||||
echo "Updated version in lib/libipsec/package_version.h"
|
||||
|
||||
cp ${SCRIPTNAME} ${DISTSRC} && echo "copied ${SCRIPTNAME} to ${DISTSRC}"
|
||||
|
||||
echo "done, don't forget to cvs commit src/lib/libipsec/package_version.h"
|
||||
|
7
crypto/dist/ipsec-tools/src/racoon/cfparse.y
vendored
7
crypto/dist/ipsec-tools/src/racoon/cfparse.y
vendored
@ -1,6 +1,6 @@
|
||||
/* $NetBSD: cfparse.y,v 1.1.1.2 2005/02/23 14:54:11 manu Exp $ */
|
||||
/* $NetBSD: cfparse.y,v 1.1.1.3 2005/02/24 20:52:46 manu Exp $ */
|
||||
|
||||
/* Id: cfparse.y,v 1.37 2005/02/11 06:59:01 manubsd Exp */
|
||||
/* Id: cfparse.y,v 1.37.2.1 2005/02/24 18:31:55 manubsd Exp */
|
||||
|
||||
%{
|
||||
/*
|
||||
@ -179,7 +179,7 @@ static int fix_lifebyte __P((u_long));
|
||||
}
|
||||
|
||||
/* privsep */
|
||||
%token PRIVSEP USER GROUP
|
||||
%token PRIVSEP USER GROUP CHROOT
|
||||
/* path */
|
||||
%token PATH PATHTYPE
|
||||
/* include */
|
||||
@ -301,6 +301,7 @@ privsep_stmt
|
||||
}
|
||||
EOS
|
||||
| GROUP NUMBER { lcconf->gid = $2; } EOS
|
||||
| CHROOT QUOTEDSTRING { lcconf->chroot = $2->v; } EOS
|
||||
;
|
||||
|
||||
/* path */
|
||||
|
5
crypto/dist/ipsec-tools/src/racoon/cftoken.l
vendored
5
crypto/dist/ipsec-tools/src/racoon/cftoken.l
vendored
@ -1,6 +1,6 @@
|
||||
/* $NetBSD: cftoken.l,v 1.1.1.2 2005/02/23 14:54:12 manu Exp $ */
|
||||
/* $NetBSD: cftoken.l,v 1.1.1.3 2005/02/24 20:52:47 manu Exp $ */
|
||||
|
||||
/* Id: cftoken.l,v 1.31 2005/02/11 06:59:01 manubsd Exp */
|
||||
/* Id: cftoken.l,v 1.31.2.1 2005/02/24 18:31:56 manubsd Exp */
|
||||
|
||||
%{
|
||||
/*
|
||||
@ -154,6 +154,7 @@ hexstring 0x{hexdigit}+
|
||||
<S_PRIV>{bcl} { return(BOC); }
|
||||
<S_PRIV>user { YYD; return(USER); }
|
||||
<S_PRIV>group { YYD; return(GROUP); }
|
||||
<S_PRIV>chroot { YYD; return(CHROOT); }
|
||||
<S_PRIV>{ecl} { BEGIN S_INI; return(EOC); }
|
||||
|
||||
/* path */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: localconf.c,v 1.1.1.2 2005/02/23 14:54:22 manu Exp $ */
|
||||
/* $NetBSD: localconf.c,v 1.1.1.3 2005/02/24 20:53:34 manu Exp $ */
|
||||
|
||||
/* $KAME: localconf.c,v 1.33 2001/08/09 07:32:19 sakane Exp $ */
|
||||
|
||||
@ -104,6 +104,7 @@ setdefault()
|
||||
{
|
||||
lcconf->uid = 0;
|
||||
lcconf->gid = 0;
|
||||
lcconf->chroot = NULL;
|
||||
lcconf->autograbaddr = 1;
|
||||
lcconf->port_isakmp = PORT_ISAKMP;
|
||||
lcconf->port_isakmp_natt = PORT_ISAKMP_NATT;
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* $NetBSD: localconf.h,v 1.1.1.2 2005/02/23 14:54:22 manu Exp $ */
|
||||
/* $NetBSD: localconf.h,v 1.1.1.3 2005/02/24 20:53:34 manu Exp $ */
|
||||
|
||||
/* Id: localconf.h,v 1.9 2005/02/11 06:59:01 manubsd Exp */
|
||||
/* Id: localconf.h,v 1.9.2.1 2005/02/24 18:31:56 manubsd Exp */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -69,6 +69,7 @@ struct localconf {
|
||||
|
||||
uid_t uid;
|
||||
gid_t gid;
|
||||
char *chroot; /* chroot path */
|
||||
u_int16_t port_isakmp; /* port for isakmp as default */
|
||||
u_int16_t port_isakmp_natt; /* port for NAT-T use */
|
||||
u_int16_t port_admin; /* port for admin */
|
||||
|
74
crypto/dist/ipsec-tools/src/racoon/privsep.c
vendored
74
crypto/dist/ipsec-tools/src/racoon/privsep.c
vendored
@ -1,6 +1,6 @@
|
||||
/* $NetBSD: privsep.c,v 1.1.1.2 2005/02/23 14:54:25 manu Exp $ */
|
||||
/* $NetBSD: privsep.c,v 1.1.1.3 2005/02/24 20:53:50 manu Exp $ */
|
||||
|
||||
/* Id: privsep.c,v 1.6 2005/02/10 02:02:56 manubsd Exp */
|
||||
/* Id: privsep.c,v 1.6.2.2 2005/02/24 18:31:56 manubsd Exp */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2004 Emmanuel Dreyfus
|
||||
@ -69,6 +69,7 @@ static int privsep_sock[2] = { -1, -1 };
|
||||
static int privsep_recv(int, struct privsep_com_msg **, size_t *);
|
||||
static int privsep_send(int, struct privsep_com_msg *, size_t);
|
||||
static int safety_check(struct privsep_com_msg *, int i);
|
||||
static int port_check(int);
|
||||
static int unsafe_env(char *const *);
|
||||
static int unknown_name(int);
|
||||
static int unknown_script(int);
|
||||
@ -182,10 +183,48 @@ privsep_init(void)
|
||||
break;
|
||||
|
||||
case 0: /* Child: drop privileges */
|
||||
setgid(lcconf->gid);
|
||||
setegid(lcconf->gid);
|
||||
setuid(lcconf->uid);
|
||||
seteuid(lcconf->uid);
|
||||
if (lcconf->chroot != NULL) {
|
||||
if (chdir(lcconf->chroot) != 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"Cannot chdir(%s): %s\n", lcconf->chroot,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if (chroot(lcconf->chroot) != 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"Cannot chroot(%s): %s\n", lcconf->chroot,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (setgid(lcconf->gid) != 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"Cannot setgid(%d): %s\n", lcconf->gid,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (setegid(lcconf->gid) != 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"Cannot setegid(%d): %s\n", lcconf->gid,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (setuid(lcconf->uid) != 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"Cannot setuid(%d): %s\n", lcconf->uid,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (seteuid(lcconf->uid) != 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"Cannot seteuid(%d): %s\n", lcconf->uid,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
break;
|
||||
@ -462,6 +501,9 @@ privsep_init(void)
|
||||
memcpy(&port, bufs[0], sizeof(port));
|
||||
memcpy(&inout, bufs[1], sizeof(inout));
|
||||
|
||||
if (port_check(port) != 0)
|
||||
break;
|
||||
|
||||
errno = 0;
|
||||
if (isakmp_cfg_accounting_pam(port, inout) != 0) {
|
||||
if (errno == 0)
|
||||
@ -491,6 +533,9 @@ privsep_init(void)
|
||||
bufs[2][combuf->bufs.buflen[2] - 1] = '\0';
|
||||
bufs[3][combuf->bufs.buflen[3] - 1] = '\0';
|
||||
|
||||
if (port_check(port) != 0)
|
||||
break;
|
||||
|
||||
errno = 0;
|
||||
if (xauth_login_pam(port,
|
||||
raddr, bufs[2], bufs[3]) != 0) {
|
||||
@ -510,6 +555,9 @@ privsep_init(void)
|
||||
|
||||
memcpy(&port, bufs[0], sizeof(port));
|
||||
|
||||
if (port_check(port) != 0)
|
||||
break;
|
||||
|
||||
cleanup_pam(port);
|
||||
reply->hdr.ac_errno = 0;
|
||||
|
||||
@ -829,6 +877,20 @@ privsep_xauth_login_system(usr, pwd)
|
||||
}
|
||||
#endif /* ENABLE_HYBRID */
|
||||
|
||||
static int
|
||||
port_check(port)
|
||||
int port;
|
||||
{
|
||||
if ((port < 0) || (port >= isakmp_cfg_config.pool_size)) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"privsep: port %d outsied of allowed range [0,%d]\n",
|
||||
port, isakmp_cfg_config.pool_size - 1);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
safety_check(msg, index)
|
||||
struct privsep_com_msg *msg;
|
||||
|
32
crypto/dist/ipsec-tools/src/racoon/racoon.conf.5
vendored
32
crypto/dist/ipsec-tools/src/racoon/racoon.conf.5
vendored
@ -1,6 +1,6 @@
|
||||
.\" $NetBSD: racoon.conf.5,v 1.1.1.2 2005/02/23 14:54:26 manu Exp $
|
||||
.\" $NetBSD: racoon.conf.5,v 1.1.1.3 2005/02/24 20:53:56 manu Exp $
|
||||
.\"
|
||||
.\" Id: racoon.conf.5,v 1.27 2005/02/11 06:59:01 manubsd Exp
|
||||
.\" Id: racoon.conf.5,v 1.27.2.1 2005/02/24 18:31:56 manubsd Exp
|
||||
.\"
|
||||
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
.\" All rights reserved.
|
||||
@ -129,17 +129,39 @@ is one of following:
|
||||
.Ss Privilege separation
|
||||
.Bl -tag -width Ds -compact
|
||||
.It Ic privsep { Ar statements Ic }
|
||||
specifies privilege separation parameters.
|
||||
specifies privilege separation parameters. When enabled, these enable
|
||||
.Xr racoon 8
|
||||
to operate with an unprivilegied instance doing most of the work, while
|
||||
a privilegied instance take care of performing the following operations
|
||||
as root: reading PSK and private keys, launching hook scripts, and
|
||||
validating passwords against system database or against PAM.
|
||||
.Pp
|
||||
.Bl -tag -width Ds -compact
|
||||
.It Ic user Ar user ;
|
||||
The user
|
||||
The user the unprivilegied instance of
|
||||
.Xr racoon 8 ,
|
||||
should switch to. This can be a quoted user name or a numeric UID.
|
||||
.It Ic group Ar group ;
|
||||
The group
|
||||
The group the unprivilegied instance of
|
||||
.Xr racoon 8 ,
|
||||
should switch to. This can be a quoted group name or a numeric GID.
|
||||
.It Ic chroot Ar path ;
|
||||
A directory where the unprivilegied instance of
|
||||
.Xr racoon 8
|
||||
should
|
||||
.Xr chroot 2
|
||||
to. This directory should hold a tree where the following files must be
|
||||
reachable:
|
||||
.Bl -tag -width Ds -compact
|
||||
.It Pa /dev/random
|
||||
.It Pa /dev/urandom
|
||||
.It The certificates.
|
||||
.It The file containing the Xauth banner.
|
||||
.El
|
||||
.Pp
|
||||
The PSK file, the private keys, and the hook scripts are accessed through
|
||||
.Xr racoon 8
|
||||
privilegied instance and do not need to be reachable in the chrooted tree.
|
||||
.El
|
||||
.El
|
||||
.Ss Path Specification
|
||||
|
54
crypto/dist/ipsec-tools/src/racoon/racoonctl.8
vendored
54
crypto/dist/ipsec-tools/src/racoon/racoonctl.8
vendored
@ -1,6 +1,6 @@
|
||||
.\" $NetBSD: racoonctl.8,v 1.1.1.2 2005/02/23 14:54:26 manu Exp $
|
||||
.\" $NetBSD: racoonctl.8,v 1.1.1.3 2005/02/24 20:53:56 manu Exp $
|
||||
.\"
|
||||
.\" Id: racoonctl.8,v 1.2 2004/11/21 16:46:53 manubsd Exp
|
||||
.\" Id: racoonctl.8,v 1.2.4.1 2005/02/24 18:04:42 manubsd Exp
|
||||
.\"
|
||||
.\" Copyright (C) 2004 Emmanuel Dreyfus
|
||||
.\" All rights reserved.
|
||||
@ -98,7 +98,10 @@ to increase verbosity.
|
||||
.It flush-sa Op isakmp|esp|ah|ipsec
|
||||
is used to flush all SA if no SA class is provided, or a class of SA,
|
||||
either ISAKMP SA, IPsec ESP SA, or IPsec AH SA, or all IPsec SA.
|
||||
.It establish-sa Oo Fl u Ar username Oc Ar saopts
|
||||
.It Xo establish-sa
|
||||
.Oo Fl u Ar username
|
||||
.Oc Ar saopts
|
||||
.Xc
|
||||
Establish a SA, either a ISAKMP SA, IPsec ESP SA, or IPsec AH SA. The
|
||||
optionnal
|
||||
.Fl u Ar username
|
||||
@ -115,7 +118,10 @@ can have the following formats:
|
||||
.It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port
|
||||
{icmp|tcp|udp|any}
|
||||
.El
|
||||
.It vpn-connect Oo Fl u Ar username Oc Ar vpn_gateway
|
||||
.It Xo vpn-connect
|
||||
.Oo Fl u Ar username
|
||||
.Oc Ar vpn_gateway
|
||||
.Xc
|
||||
This is a particular case of the previous command. It will establish an ISAKMP
|
||||
SA with
|
||||
.Ar vpn_gateway .
|
||||
@ -138,35 +144,26 @@ awaiting and reporting new events.
|
||||
.El
|
||||
.Pp
|
||||
Command shortcuts are available:
|
||||
.Bl -tag
|
||||
.It rc
|
||||
reload-config
|
||||
.It ss
|
||||
show-sa
|
||||
.It sc
|
||||
show-schedule
|
||||
.It fs
|
||||
flush-sa
|
||||
.It ds
|
||||
delete-sa
|
||||
.It es
|
||||
establish-sa
|
||||
.It vc
|
||||
vpn-connect
|
||||
.It vd
|
||||
vpn-disconnect
|
||||
.It se
|
||||
show-event
|
||||
.Bl -tag -width Bl
|
||||
.It rc reload-config
|
||||
.It ss show-sa
|
||||
.It sc show-schedule
|
||||
.It fs flush-sa
|
||||
.It ds delete-sa
|
||||
.It es establish-sa
|
||||
.It vc vpn-connect
|
||||
.It vd vpn-disconnect
|
||||
.It se show-event
|
||||
.El
|
||||
.\"
|
||||
.Sh RETURN VALUES
|
||||
The command should exit with 0 on success, and non-zero on errors.
|
||||
.\"
|
||||
.Sh FILES
|
||||
.Bl -tag
|
||||
.It Pa /var/racoon/racoon.sock
|
||||
.Xr racoon 8
|
||||
control socket.
|
||||
.Bl -tag -width Bl
|
||||
.It Pa /var/racoon/racoon.sock or Pa /var/run/racoon.sock
|
||||
.Xr racoon 8
|
||||
control socket.
|
||||
.El
|
||||
.\"
|
||||
.Sh SEE ALSO
|
||||
@ -176,6 +173,7 @@ control socket.
|
||||
Once was
|
||||
.Xr kmpstat 8
|
||||
in the KAME project. It turned into
|
||||
.Xr racoonctl 8 but remained undocumented for a while.
|
||||
.Xr racoonctl 8
|
||||
but remained undocumented for a while.
|
||||
.An Emmanuel Dreyfus Aq manu@netbsd.org
|
||||
wrote this man page.
|
||||
|
Loading…
Reference in New Issue
Block a user