to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
don't compile pfkey*, since we expect tons of changes in the near future.
bump shlib major (due to less exported APIs than before - am I correct here?).
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major
XXX some of programs will become not buildable - will commit shortly
itojun