Commit Graph

31 Commits

Author SHA1 Message Date
itojun
2169d69bcf correct %d/%u mismatch. sync w/kame 2002-06-27 14:39:45 +00:00
itojun
33fe7af9a4 sync with latest kame setkey(8), modulo icmp6 hack.
pfkey.c is now more picky about buffer length validation.
spddump (setkey -DP) will print lifetime information.
2002-05-14 11:24:20 +00:00
itojun
1d965dd4fe typo 2002-05-14 11:03:39 +00:00
ross
814f296b77 Generate <>& symbolically. 2002-02-07 07:00:09 +00:00
wiz
b9661d6129 Whitespace nits. 2002-01-15 02:47:02 +00:00
lukem
efcc9a4c9d * Add user-controlled mk.conf variables
- SHLIBDIR	Location to install shared libraries if ${USE_SHLIBDIR}
			is "yes".  Defaults to "/usr/lib".

	- USE_SHLIBDIR	If "yes", install shared libraries in ${SHLIBDIR}
			instead of ${LIBDIR}.  Defaults to "no".
			Sets ${_LIBSODIR} to the appropriate value.
			This may be set by individual Makefiles as well.

	- SHLINKDIR	Location of shared linker.  Defaults to "/usr/libexec".
			If != "/usr/libexec", change the dynamic-linker
			encoded in shared programs

* Set USE_SHLIBDIR for libraries used by /bin and /sbin:
	libc libcrypt libcrypto libedit libipsec libkvm libm libmi387
	libtermcap libutil libz

* If ${_LIBSODIR} != ${LIBDIR}, add symlinks from ${LIBDIR}/${LIB}.so*
  to ${_LIBSODIR}/${LIB}.so* for compatibility.

* Always install /sbin/init statically (for now)


The net effect of these changes depends on how the variables are set:

  1.)	If nothing is set or changed, there is no change from the
	current behaviour:
		- Static /bin, /sbin, and bits of /usr/*
		- Dynamic rest
		- Shared linker is /usr/libexec/ld*so

  2.)	If the following make variables are set:
		LDSTATIC=
		SHLINKDIR=/lib
		SHLIBDIR=/lib
	Then the behaviour becomes:
		- Dynamic tools
		- .so libraries used by /bin and /sbin are installed to /lib,
		  with symlinks from /usr/lib/lib*so to -> /lib/lib*so
		  where appropriate
		- Shared linker is /lib/ld*so

  3.)	As per 2.), but add the following variable:
		USE_SHLIBDIR=yes
	This forces all .so's to be instaleld in /lib (with compat
	symlinks), not just those tagged by their Makefiles to be.
	Again, compat symlinks are installed
2001-12-28 01:32:37 +00:00
wiz
456dff6cb8 Spell 'occurred' with two 'r's. 2001-09-16 16:34:23 +00:00
itojun
89c23ae51c sync manpage with latest kame. 2001-08-31 09:53:23 +00:00
itojun
39e1f5e4ef description for "discard" was missing. sync with kame 2001-04-06 07:04:31 +00:00
agc
6b3108e0aa Revert previous overzealous change, committed in error. 2001-03-30 16:12:44 +00:00
agc
ab498e3d7f Put back prototype of yyparse(), since the function name is modified
by the Makefile

	YPREFIX+=__libyy

setting, and we thus get an unprototyped function.
2001-03-30 15:17:47 +00:00
christos
291a545230 remove redundant declaration of yyparse. 2001-02-04 19:50:51 +00:00
itojun
ffc758331e support rijndael-cbc 2000-10-03 23:00:54 +00:00
itojun
5e8b5a35e4 make ipsec_strerror(3) to return const char *, not char *. sync with kame. 2000-07-30 02:38:35 +00:00
itojun
c8a0922045 do not rely upon algorithm ordering in pfkey spec. sync with kame 2000-07-20 09:51:40 +00:00
itojun
aa0b8be4f4 move ipsec_{hex,bin}dump() into #ifdef wrapper.
libipsec: remove unnecessary #include key_debug.h.
2000-07-04 04:41:54 +00:00
matt
6ac8d1ec06 More include cleanup. Remvoe (p) from #undef in libipsec. 2000-07-03 03:56:20 +00:00
itojun
92e64a4a0d sync with almost-latest KAME IPsec. full changelog would be too big
to mention here.  notable changes are like below.

kernel:
- make PF_KEY kernel interface more robust against broken input stream.
  it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
  in struct sadb_msg.  we cannot just change these standard structs.
  sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
  these functions are not supplied in /usr/lib.

setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
  specify it)
- spddelete takes direction specification
2000-06-12 10:40:37 +00:00
thorpej
14dfd80261 Need -I${.CURDIR} for ipsec_strerror.h 2000-05-09 05:52:54 +00:00
itojun
8ab75e23f4 hide shouldn't-be-exported symbols from the outside.
don't compile pfkey*, since we expect tons of changes in the near future.

bump shlib major (due to less exported APIs than before - am I correct here?).
2000-03-13 21:23:55 +00:00
itojun
667dbda449 use proper include path (net/pfkeyv2.h) 2000-02-08 13:17:51 +00:00
itojun
28dacfc3da don't include in6.h directly. 2000-02-08 13:14:35 +00:00
itojun
ffd73d1d87 sorry, forgot to cvs add new files 2000-02-01 03:08:36 +00:00
itojun
e5e6464767 upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major

XXX some of programs will become not buildable - will commit shortly
2000-01-31 14:15:30 +00:00
itojun
320dc0884c s/.Os KAME/.Os/
From: Klaus Klein <kleink@ira.uka.de>
1999-12-21 14:17:18 +00:00
itojun
64061af71d temporary workaround against KAME PR 154.
http://www2.kame.net/dev/query-pr.cgi?pr=154

This allows many keys to be dumped via "setkey -D", or many keys
to be configured by single "setkey -c < foo" command.
1999-09-16 04:20:03 +00:00
itojun
0516428837 add NetBSD RCS ID on the top.
retain KAME RCS ID where there was one.
1999-07-04 01:36:12 +00:00
itojun
834a62973d add LIBRARY section into libipsec manpages.
add ".Lb libipsec" for this.
1999-07-04 01:27:19 +00:00
itojun
95fa2d90fb s/CFLAGS/CPPFLAGS/ for -D and -I.
remove lint error.
1999-07-03 06:59:28 +00:00
simonb
3f777e28cc More trailing white space. 1999-07-02 15:58:35 +00:00
itojun
85685e0177 ipsec support library.
mainly for debugging, and policy text->binary conversion.  NO crypto code
is included so it is export safe.
1999-07-01 20:15:26 +00:00