1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-22 11:17:19 +00:00
freebsd/sbin/setkey
Andrey V. Elsukov 4e0e8f3107 Add large replay widow support to setkey(8) and libipsec.
When the replay window size is large than UINT8_MAX, add to the request
the SADB_X_EXT_SA_REPLAY extension header that was added in r309144.

Also add support of SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
SADB_X_EXT_SA_REPLAY, SADB_X_EXT_NEW_ADDRESS_SRC, SADB_X_EXT_NEW_ADDRESS_DST
extension headers to the key_debug that is used by `setkey -x`.

Modify kdebug_sockaddr() to use inet_ntop() for IP addresses formatting.
And modify kdebug_sadb_x_policy() to show policy scope and priority.

Reviewed by:	gnn, Emeric Poupon
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D10375
2017-04-13 14:44:17 +00:00
..
Makefile Add large replay widow support to setkey(8) and libipsec. 2017-04-13 14:44:17 +00:00
Makefile.depend DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
parse.y Add large replay widow support to setkey(8) and libipsec. 2017-04-13 14:44:17 +00:00
sample.cf
scriptdump.pl
setkey.8 Make setkey(8) more clear about anti-replay window size option semantics. 2017-04-09 15:17:55 +00:00
setkey.c Introduce the concept of IPsec security policies scope. 2017-03-07 00:13:53 +00:00
test-pfkey.c
test-policy.c Use nitems() from sys/param.h. 2016-04-19 09:43:51 +00:00
token.l Add support for keys that include 4 byte SALT values, 2015-07-31 23:40:18 +00:00
vchar.h