Commit Graph

46 Commits

Author SHA1 Message Date
itojun
ce87a439ff deal with policy without selector. sync w/ kame 2003-09-08 10:16:31 +00:00
itojun
e4b5e8fb10 protect SADB_X_EXT_TAG with #ifdef 2003-08-26 03:49:05 +00:00
itojun
1bb4de9b71 typo 2003-08-26 03:37:25 +00:00
itojun
182a98314c support new algorithms 2003-07-25 10:06:09 +00:00
itojun
0ee6664ebd support hmac-sha2 2003-07-22 03:33:10 +00:00
itojun
26585fc6b8 don't explicitly clear "reserved" field. instead clear "id" field. 2003-07-22 03:32:58 +00:00
itojun
24389b0290 plug memory leak 2003-07-22 03:32:17 +00:00
itojun
536967658d cosmetic 2003-07-22 03:31:44 +00:00
itojun
7a580d5968 clear malloc'ed memory. sync w/kame 2003-06-27 03:40:44 +00:00
wiz
472351e13d Use
.In header.h
instead of
.Fd #include \*[Lt]header.h\*[Gt]
Much easier to read and write, and supported by groff for ages.
Okayed by ross.
2003-04-16 13:34:34 +00:00
lukem
8bf240ccae use __RCSID() 2003-03-09 01:03:54 +00:00
christos
aa229efdc3 Avoid memory leak. Pointed out by Patrick Latifi <patrickl at secureops dot com> 2003-03-04 18:30:58 +00:00
lukem
ec5dbc56b8 Explicitly move setting of NOxxx and USE_SHLIBDIR to the top of the
Makefile (before including <bsd.own.mk>)
2002-08-19 14:55:14 +00:00
lukem
ebb6fc9eb8 Use ${NETBSDSRCDIR}/some/path instead of ${.CURDIR}/../../some/path (etc).
(Reduces make output by ~ 20%)
2002-08-19 09:41:27 +00:00
itojun
2cd481ef73 plug memory leak. from ebisawa@iij, sync w/kame 2002-07-31 07:00:22 +00:00
itojun
2169d69bcf correct %d/%u mismatch. sync w/kame 2002-06-27 14:39:45 +00:00
itojun
33fe7af9a4 sync with latest kame setkey(8), modulo icmp6 hack.
pfkey.c is now more picky about buffer length validation.
spddump (setkey -DP) will print lifetime information.
2002-05-14 11:24:20 +00:00
itojun
1d965dd4fe typo 2002-05-14 11:03:39 +00:00
ross
814f296b77 Generate <>& symbolically. 2002-02-07 07:00:09 +00:00
wiz
b9661d6129 Whitespace nits. 2002-01-15 02:47:02 +00:00
lukem
efcc9a4c9d * Add user-controlled mk.conf variables
- SHLIBDIR	Location to install shared libraries if ${USE_SHLIBDIR}
			is "yes".  Defaults to "/usr/lib".

	- USE_SHLIBDIR	If "yes", install shared libraries in ${SHLIBDIR}
			instead of ${LIBDIR}.  Defaults to "no".
			Sets ${_LIBSODIR} to the appropriate value.
			This may be set by individual Makefiles as well.

	- SHLINKDIR	Location of shared linker.  Defaults to "/usr/libexec".
			If != "/usr/libexec", change the dynamic-linker
			encoded in shared programs

* Set USE_SHLIBDIR for libraries used by /bin and /sbin:
	libc libcrypt libcrypto libedit libipsec libkvm libm libmi387
	libtermcap libutil libz

* If ${_LIBSODIR} != ${LIBDIR}, add symlinks from ${LIBDIR}/${LIB}.so*
  to ${_LIBSODIR}/${LIB}.so* for compatibility.

* Always install /sbin/init statically (for now)


The net effect of these changes depends on how the variables are set:

  1.)	If nothing is set or changed, there is no change from the
	current behaviour:
		- Static /bin, /sbin, and bits of /usr/*
		- Dynamic rest
		- Shared linker is /usr/libexec/ld*so

  2.)	If the following make variables are set:
		LDSTATIC=
		SHLINKDIR=/lib
		SHLIBDIR=/lib
	Then the behaviour becomes:
		- Dynamic tools
		- .so libraries used by /bin and /sbin are installed to /lib,
		  with symlinks from /usr/lib/lib*so to -> /lib/lib*so
		  where appropriate
		- Shared linker is /lib/ld*so

  3.)	As per 2.), but add the following variable:
		USE_SHLIBDIR=yes
	This forces all .so's to be instaleld in /lib (with compat
	symlinks), not just those tagged by their Makefiles to be.
	Again, compat symlinks are installed
2001-12-28 01:32:37 +00:00
wiz
456dff6cb8 Spell 'occurred' with two 'r's. 2001-09-16 16:34:23 +00:00
itojun
89c23ae51c sync manpage with latest kame. 2001-08-31 09:53:23 +00:00
itojun
39e1f5e4ef description for "discard" was missing. sync with kame 2001-04-06 07:04:31 +00:00
agc
6b3108e0aa Revert previous overzealous change, committed in error. 2001-03-30 16:12:44 +00:00
agc
ab498e3d7f Put back prototype of yyparse(), since the function name is modified
by the Makefile

	YPREFIX+=__libyy

setting, and we thus get an unprototyped function.
2001-03-30 15:17:47 +00:00
christos
291a545230 remove redundant declaration of yyparse. 2001-02-04 19:50:51 +00:00
itojun
ffc758331e support rijndael-cbc 2000-10-03 23:00:54 +00:00
itojun
5e8b5a35e4 make ipsec_strerror(3) to return const char *, not char *. sync with kame. 2000-07-30 02:38:35 +00:00
itojun
c8a0922045 do not rely upon algorithm ordering in pfkey spec. sync with kame 2000-07-20 09:51:40 +00:00
itojun
aa0b8be4f4 move ipsec_{hex,bin}dump() into #ifdef wrapper.
libipsec: remove unnecessary #include key_debug.h.
2000-07-04 04:41:54 +00:00
matt
6ac8d1ec06 More include cleanup. Remvoe (p) from #undef in libipsec. 2000-07-03 03:56:20 +00:00
itojun
92e64a4a0d sync with almost-latest KAME IPsec. full changelog would be too big
to mention here.  notable changes are like below.

kernel:
- make PF_KEY kernel interface more robust against broken input stream.
  it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
  in struct sadb_msg.  we cannot just change these standard structs.
  sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
  these functions are not supplied in /usr/lib.

setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
  specify it)
- spddelete takes direction specification
2000-06-12 10:40:37 +00:00
thorpej
14dfd80261 Need -I${.CURDIR} for ipsec_strerror.h 2000-05-09 05:52:54 +00:00
itojun
8ab75e23f4 hide shouldn't-be-exported symbols from the outside.
don't compile pfkey*, since we expect tons of changes in the near future.

bump shlib major (due to less exported APIs than before - am I correct here?).
2000-03-13 21:23:55 +00:00
itojun
667dbda449 use proper include path (net/pfkeyv2.h) 2000-02-08 13:17:51 +00:00
itojun
28dacfc3da don't include in6.h directly. 2000-02-08 13:14:35 +00:00
itojun
ffd73d1d87 sorry, forgot to cvs add new files 2000-02-01 03:08:36 +00:00
itojun
e5e6464767 upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major

XXX some of programs will become not buildable - will commit shortly
2000-01-31 14:15:30 +00:00
itojun
320dc0884c s/.Os KAME/.Os/
From: Klaus Klein <kleink@ira.uka.de>
1999-12-21 14:17:18 +00:00
itojun
64061af71d temporary workaround against KAME PR 154.
http://www2.kame.net/dev/query-pr.cgi?pr=154

This allows many keys to be dumped via "setkey -D", or many keys
to be configured by single "setkey -c < foo" command.
1999-09-16 04:20:03 +00:00
itojun
0516428837 add NetBSD RCS ID on the top.
retain KAME RCS ID where there was one.
1999-07-04 01:36:12 +00:00
itojun
834a62973d add LIBRARY section into libipsec manpages.
add ".Lb libipsec" for this.
1999-07-04 01:27:19 +00:00
itojun
95fa2d90fb s/CFLAGS/CPPFLAGS/ for -D and -I.
remove lint error.
1999-07-03 06:59:28 +00:00
simonb
3f777e28cc More trailing white space. 1999-07-02 15:58:35 +00:00
itojun
85685e0177 ipsec support library.
mainly for debugging, and policy text->binary conversion.  NO crypto code
is included so it is export safe.
1999-07-01 20:15:26 +00:00