Commit Graph

62 Commits

Author SHA1 Message Date
drochner
3712f81ced -consistently use "char *" for the compiled policy buffer in the
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
 in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
 differences between KAME ans FAST_IPSEC
2012-01-04 15:55:35 +00:00
christos
05a0c94cec no need for noinput 2009-10-29 14:34:06 +00:00
drochner
0fa7059102 define YY_NO_INPUT where appropriate, from Kurt J. Lidl per PR misc/41160 2009-04-20 16:05:29 +00:00
lukem
ef685eeea9 Enable WARNS=4 by default except for:
dump  dump_lfs  fsck_ffs  fsck_lfs  fsdb  mount_smbfs
	newfs_ext2fs  newfs_lfs  resize_lfs  setkey
2009-04-11 07:58:11 +00:00
jmc
06b42f5e66 Redo previous rework to generate yacc/lex output again and remove generated
copies from the import as they don't compile clean across all archs.
2005-12-16 16:25:07 +00:00
jmc
32415dbb57 Don't yacc/lex here as dist includes generated copies already and depending
on timestamps it's possible for gcc2 on vax to get confused on which .h
to use.
2005-12-15 14:27:21 +00:00
christos
2c6eadc9ce Move WARNS=3 to the Makefile.inc, and add a little const to the remaining
programs that did not compile before.
2005-06-27 01:00:04 +00:00
manu
be15b99c92 Define SADB_X_EALG_AESCBC=SADB_X_EALG_AES, as we define SADB_X_EALG_AES
in <net/pfkeyv2.h> while ipsec-tools uses SADB_X_EALG_AESCBC in the code.
2005-02-24 13:45:08 +00:00
thorpej
c5aea678b7 Additional cleanup pass. 2005-02-19 16:58:26 +00:00
thorpej
354f2a1004 Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
2005-02-19 16:55:02 +00:00
xtraeme
0b39b8da10 Kill __P(), use ANSI function declarations. 2005-02-17 15:17:44 +00:00
dsl
404e35b651 Add (unsigned char) cast to ctype function, reworked to fit on one line 2004-10-29 19:32:22 +00:00
yamt
5272b4dd6e ignore promiscuous messages by checking sadb_msg_pid.
ok'ed by itojun.
2004-07-23 12:47:55 +00:00
wiz
6819fbfefc Bump date for previous. 2004-04-29 12:46:06 +00:00
jonathan
887b782b0b Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP).  Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net.  Shortening of the setsockopt() name
attributed to Vincent Jardin.

This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct.  Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).


NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures.  Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary.  Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.

In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:

sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15

Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-25 22:25:03 +00:00
jmmv
b635f565e7 Homogenize usage messages: make the 'usage' word all lowercase, as this seems
to be the most common practice in our tree.
2004-01-05 23:23:32 +00:00
itojun
dda2494d07 aes-xcbc-mac is now an RFC. bump date. 2003-10-21 07:20:11 +00:00
fvdl
83c93c70ba Don't assign NULL to a char. 2003-10-21 02:38:15 +00:00
itojun
e1d953a832 support DUMP by sysctl 2003-09-12 07:45:21 +00:00
itojun
0398a95f59 make it possible to use /kern/ipsec{sp,sa} for dumping policy/SA. it will
workaround the issue with socket buffer size in PF_KEY SADB_DUMP.
2003-09-08 12:34:29 +00:00
wiz
da332882ea Add file ... mode to usage. 2003-09-08 07:09:53 +00:00
wiz
c557470784 Punctuation nit; bump date for previous. 2003-09-08 07:09:13 +00:00
itojun
4380703631 make it possible to process files. 2003-09-08 06:18:49 +00:00
itojun
9effb481fb "tagged" policy is not introduced to netbsd-current yet 2003-09-07 22:21:01 +00:00
itojun
967747c406 committed by mistake 2003-09-07 22:20:05 +00:00
itojun
643b0ddea3 warn that port-number does not work for gateway config. PR kern/22715
add reference.  bump date.
2003-09-07 22:18:58 +00:00
mrg
5a777a5e59 add another (void *) cast to appease gcc3.3 2003-07-26 15:28:24 +00:00
itojun
182a98314c support new algorithms 2003-07-25 10:06:09 +00:00
itojun
aada1051de support hmac-sha2 2003-07-22 03:38:14 +00:00
itojun
453e29a18a cleanup 2003-07-22 03:37:59 +00:00
wiz
6e047dae78 Bump date for last. 2003-07-04 13:09:58 +00:00
itojun
5af08a4965 more error traps on malloc failure. accept "-E null".
various pedantic checks.  from kame
2003-07-01 07:20:12 +00:00
wiz
9f3dc3febc Remove unnecessary space before dot. 2003-06-30 11:48:05 +00:00
itojun
1fc7a4943e correct bad RFC ref. KAME problem report 480 2003-05-27 02:37:24 +00:00
itojun
eb44a81d7f permit scoped addr notation in policy string (-P esp/tunnel/foo%scope-bar%scope/use). from francis dupont. sync w/kame 2003-05-22 04:01:49 +00:00
itojun
781846fcdb use NI_MAX*. 10 is not enough for port number. sync w/kame 2003-04-15 07:32:06 +00:00
wiz
4163cb2aee Fix some typos. From Igor Sobrado in PR 20722. 2003-03-15 22:25:37 +00:00
thorpej
92896efa64 Avoid strict alias warnings. 2002-12-06 02:20:43 +00:00
lukem
7360d7b6ae Use ${NETBSDSRCDIR}/some/path instead of ${.CURDIR}/../../some/path 2002-08-19 10:16:51 +00:00
itojun
33fe7af9a4 sync with latest kame setkey(8), modulo icmp6 hack.
pfkey.c is now more picky about buffer length validation.
spddump (setkey -DP) will print lifetime information.
2002-05-14 11:24:20 +00:00
wiz
83634e4e14 Slightly improve markup in two places, sort sections. 2001-11-16 12:10:06 +00:00
wiz
4ce43ae0cd Whitespace nits 2001-11-16 10:25:42 +00:00
lukem
895db4cb83 fix -Wshadow warnings 2001-11-02 03:57:25 +00:00
toshii
0ea3ab3e14 Fix a typo which prevented manual keying from working. 2001-09-20 00:01:10 +00:00
itojun
3fdd7a9bab upgrade to the latest KAME setkey(8). allows FQDN hostname in commands.
"add localhost localhost esp 9999 -E des-cbc hogehoge" adds two keys,
for 127.0.0.1 and ::1
2001-09-07 04:12:10 +00:00
itojun
733748c930 we have never supported lzs. sync with kame 2001-08-16 06:39:09 +00:00
itojun
f0a37a3a91 sync with latest kame. clarifies hex key and other things. 2001-08-12 09:38:18 +00:00
wiz
cbd2a2a6a6 Drop trailing dot in Nd. 2001-06-05 12:46:08 +00:00
kleink
017a840cd9 getopt(3): EOF -> -1. 2001-05-07 14:51:46 +00:00
thorpej
617bd311bc Add a "deleteall" command that takes a src/dst/protocol. 2001-02-16 23:55:05 +00:00