[src/trunk]: src Retire fast_ipsec.4

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src Retire fast_ipsec.4
From: ozaki-r <ozaki-r%NetBSD.org@localhost>
Date: Wed, 13 Jun 2018 05:29:50 +0000
details:   https://anonhg.NetBSD.org/src/rev/0fc8726c1b1b
branches:  trunk
changeset: 319825:0fc8726c1b1b
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Wed Jun 13 03:28:36 2018 +0000

description:
Retire fast_ipsec.4

We switched to Fast IPsec at NetBSD 6.0 and that's the IPsec implementation of
us now.  So we don't need to have a separate manual.  Merge fast_ipsec.4 into
ipsec.4 and remove fast_ipsec.4.

diffstat:

 distrib/sets/lists/man/mi   |    8 +-
 share/man/man4/Makefile     |    4 +-
 share/man/man4/fast_ipsec.4 |  117 --------------------------------------------
 share/man/man4/hifn.4       |    8 +-
 share/man/man4/ipsec.4      |   74 +++++++++++++++++++++++----
 share/man/man4/nsp.4        |    6 +-
 share/man/man4/options.4    |    6 +-
 share/man/man4/ubsec.4      |    8 +-
 8 files changed, 83 insertions(+), 148 deletions(-)

diffs (truncated from 440 to 300 lines):

diff -r e7d6b2979ab2 -r 0fc8726c1b1b distrib/sets/lists/man/mi
--- a/distrib/sets/lists/man/mi Wed Jun 13 02:09:09 2018 +0000
+++ b/distrib/sets/lists/man/mi Wed Jun 13 03:28:36 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1593 2018/05/31 00:25:38 kamil Exp $
+# $NetBSD: mi,v 1.1594 2018/06/13 03:28:36 ozaki-r Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -1088,7 +1088,7 @@
 ./usr/share/man/cat4/ex.0                      man-sys-catman          .cat
 ./usr/share/man/cat4/exphy.0                   man-sys-catman          .cat
 ./usr/share/man/cat4/faith.0                   man-sys-catman          .cat
-./usr/share/man/cat4/fast_ipsec.0              man-sys-catman          .cat
+./usr/share/man/cat4/fast_ipsec.0              man-obsolete            obsolete
 ./usr/share/man/cat4/fd.0                      man-sys-catman          .cat
 ./usr/share/man/cat4/fea.0                     man-sys-catman          .cat
 ./usr/share/man/cat4/filemon.0                 man-sys-catman          .cat
@@ -4233,7 +4233,7 @@
 ./usr/share/man/html4/ex.html                  man-sys-htmlman         html
 ./usr/share/man/html4/exphy.html               man-sys-htmlman         html
 ./usr/share/man/html4/faith.html               man-sys-htmlman         html
-./usr/share/man/html4/fast_ipsec.html          man-sys-htmlman         html
+./usr/share/man/html4/fast_ipsec.html          man-obsolete            obsolete
 ./usr/share/man/html4/fd.html                  man-sys-htmlman         html
 ./usr/share/man/html4/fea.html                 man-sys-htmlman         html
 ./usr/share/man/html4/filemon.html             man-sys-htmlman         html
@@ -7150,7 +7150,7 @@
 ./usr/share/man/man4/ex.4                      man-sys-man             .man
 ./usr/share/man/man4/exphy.4                   man-sys-man             .man
 ./usr/share/man/man4/faith.4                   man-sys-man             .man
-./usr/share/man/man4/fast_ipsec.4              man-sys-man             .man
+./usr/share/man/man4/fast_ipsec.4              man-obsolete            obsolete
 ./usr/share/man/man4/fd.4                      man-sys-man             .man
 ./usr/share/man/man4/fea.4                     man-sys-man             .man
 ./usr/share/man/man4/filemon.4                 man-sys-man             .man
diff -r e7d6b2979ab2 -r 0fc8726c1b1b share/man/man4/Makefile
--- a/share/man/man4/Makefile   Wed Jun 13 02:09:09 2018 +0000
+++ b/share/man/man4/Makefile   Wed Jun 13 03:28:36 2018 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.655 2018/05/27 05:31:20 thorpej Exp $
+#      $NetBSD: Makefile,v 1.656 2018/06/13 03:28:36 ozaki-r Exp $
 #      @(#)Makefile    8.1 (Berkeley) 6/18/93
 
 MAN=   aac.4 ac97.4 acardide.4 aceride.4 acphy.4 \
@@ -23,7 +23,7 @@
        dmphy.4 dpt.4 dpti.4 drm.4 drum.4 drvctl.4 dtv.4 dtviic.4 dwctwo.4 \
        eap.4 ebus.4 edc.4 elmc.4 emuxki.4 en.4 envsys.4 ep.4 esh.4 \
        esa.4 esiop.4 esm.4 eso.4 et.4 etherip.4 etphy.4 exphy.4 \
-       fast_ipsec.4 fd.4 filemon.4 finsio.4 flash.4 fpa.4 fms.4 fss.4 \
+       fd.4 filemon.4 finsio.4 flash.4 fpa.4 fms.4 fss.4 \
        fujbp.4 full.4 fxp.4 \
        gcscaudio.4 gem.4 genfb.4 gentbi.4 geodeide.4 \
        glxtphy.4 gpib.4 gpio.4 gpioirq.4 gpiolock.4 gpiopps.4 gpiopwm.4 \
diff -r e7d6b2979ab2 -r 0fc8726c1b1b share/man/man4/fast_ipsec.4
--- a/share/man/man4/fast_ipsec.4       Wed Jun 13 02:09:09 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,117 +0,0 @@
-.\"    $NetBSD: fast_ipsec.4,v 1.14 2013/06/05 23:08:10 christos Exp $
-.\"    $FreeBSD: fast_ipsec.4,v 1.2 2003/03/03 11:51:30 ru Exp $
-.\"
-.\" Copyright (c) 2004
-.\"    Jonathan Stone <jonathan%dsg.stanford.edu@localhost>. All rights reserved.
-.\"
-.\" Copyright (c) 2003
-.\"    Sam Leffler <sam%errno.com@localhost>. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY Sam Leffler AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
-.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-.\" THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd June 5, 2013
-.Dt FAST_IPSEC 4
-.Os
-.Sh NAME
-.Nm fast_ipsec
-.Nd Fast IPsec hardware-accelerated IP Security Protocols
-.Sh SYNOPSIS
-.Cd "options IPSEC"
-.Cd "options IPSEC_DEBUG"
-.Sh DESCRIPTION
-.Tn IPsec
-is a set of protocols,
-.Tn ESP
-(for Encapsulating Security Payload)
-.Tn AH
-(for Authentication Header),
-and
-.Tn IPComp
-(for IP Payload Compression Protocol)
-that provide security services for IP datagrams.
-Fast IPsec
-is an implementation of these protocols that uses the
-.Xr opencrypto 9
-subsystem to carry out cryptographic operations.
-This means, in particular, that cryptographic hardware devices are
-employed whenever possible to optimize the performance of these protocols.
-.Pp
-In general, the
-Fast IPsec
-implementation is intended to be compatible with the
-.Tn KAME IPsec
-implementation.
-The user should refer to
-.Xr ipsec 4
-for basic information on setting up and using these protocols.
-.Pp
-System configuration requires the
-.Xr opencrypto 9
-subsystem.
-When the
-Fast IPsec
-protocols are configured for use, all protocols are included in the system.
-To selectively enable/disable protocols, use
-.Xr sysctl 8 .
-.Sh DIAGNOSTICS
-To be added.
-.Sh SEE ALSO
-.Xr setkey 8 ,
-.Xr sysctl 8 ,
-.Xr opencrypto 9
-.Sh HISTORY
-The protocols draw heavily on the
-.Ox
-implementation of the
-.Tn IPsec
-protocols.
-The policy management code is derived from the
-.Tn KAME
-implementation found in their
-.Tn IPsec
-protocols.
-The
-Fast IPsec
-protocols are based on code which appeared in
-.Fx 4.7 .
-The
-.Nx
-version is a close copy of the
-.Fx
-original, and first appeared in
-.Nx 2.0 .
-.Pp
-Support for IPv6 and
-.Tn IPcomp
-protocols has been added in
-.Nx 4.0 .
-.Pp
-Support Network Address Translator Traversal as
-described in RFCs 3947 and 3948 has been added in
-.Nx 5.0 .
-.Sh BUGS
-Certain legacy authentication algorithms are not supported because of
-issues with the
-.Xr opencrypto 9
-subsystem.
-.Pp
-This documentation is incomplete.
diff -r e7d6b2979ab2 -r 0fc8726c1b1b share/man/man4/hifn.4
--- a/share/man/man4/hifn.4     Wed Jun 13 02:09:09 2018 +0000
+++ b/share/man/man4/hifn.4     Wed Jun 13 03:28:36 2018 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: hifn.4,v 1.7 2012/03/13 19:25:40 njoly Exp $
+.\"    $NetBSD: hifn.4,v 1.8 2018/06/13 03:28:36 ozaki-r Exp $
 .\"    $OpenBSD: hifn.4,v 1.32 2002/09/26 07:55:40 miod Exp $
 .\"    $FreeBSD: src/share/man/man4/hifn.4,v 1.1.2.2 2003/10/08 23:57:50 sam Exp $
 .\"
@@ -28,7 +28,7 @@
 .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd October 8, 2003
+.Dd June 13, 2018
 .Dt HIFN 4
 .Os
 .Sh NAME
@@ -68,7 +68,7 @@
 MD5-HMAC, SHA1, and SHA1-HMAC operations for
 .Xr opencrypto 9 ,
 and thus for
-.Xr fast_ipsec 4
+.Xr ipsec 4
 and
 .Xr crypto 4 .
 .Pp
@@ -83,7 +83,7 @@
 subsystem.
 .Sh SEE ALSO
 .Xr crypto 4 ,
-.Xr fast_ipsec 4 ,
+.Xr ipsec 4 ,
 .Xr intro 4 ,
 .Xr rnd 4 ,
 .Xr opencrypto 9
diff -r e7d6b2979ab2 -r 0fc8726c1b1b share/man/man4/ipsec.4
--- a/share/man/man4/ipsec.4    Wed Jun 13 02:09:09 2018 +0000
+++ b/share/man/man4/ipsec.4    Wed Jun 13 03:28:36 2018 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: ipsec.4,v 1.43 2018/01/10 12:16:39 wiz Exp $
+.\"    $NetBSD: ipsec.4,v 1.44 2018/06/13 03:28:36 ozaki-r Exp $
 .\"    $KAME: ipsec.4,v 1.17 2001/06/27 15:25:10 itojun Exp $
 .\"
 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -28,12 +28,15 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd January 10, 2018
+.Dd June 13, 2018
 .Dt IPSEC 4
 .Os
 .Sh NAME
 .Nm ipsec
 .Nd IP security protocol
+.Sh SYNOPSIS
+.Cd "options IPSEC"
+.Cd "options IPSEC_DEBUG"
 .Sh DESCRIPTION
 This manual pages describes the IPsec protocol.
 For the network device driver please see
@@ -49,7 +52,7 @@
 .Xr inet6 4
 .Pc .
 .Nm
-consists of two sub-protocols:
+consists of three sub-protocols:
 .Bl -hang
 .It Em Encapsulated Security Payload Pq ESP
 protects IP payloads from wire-tapping (interception) by encrypting them with
@@ -58,6 +61,8 @@
 guarantees the integrity of IP packets
 and protects them from intermediate alteration or impersonation,
 by attaching cryptographic checksums computed by one-way hash functions.
+.It Em IP Payload Compression Protocol Pq IPComp
+increases the communication performance by compressing the datagrams.
 .El
 .Pp
 .Nm
@@ -70,13 +75,6 @@
 and is designed for security gateways, as in Virtual Private Network (VPN)
 configurations.
 .El
-.Pp
-Since version 6,
-.Nx
-uses the IPsec implementation formerly known as FAST_IPSEC.
-Its specifics and kernel options are described in the
-.Xr fast_ipsec 4
-manual page.
 .Ss Kernel interface
 .Nm
 is controlled by two engines in the kernel: one for key management
@@ -252,6 +250,22 @@
 tree have similar meanings to their
 .Li net.inet.ipsec
 counterparts.
+.Ss Cryptographic operations
+The current IPsec implementation, formerly called Fast IPsec,
+uses the
+.Xr opencrypto 9
+subsystem to carry out cryptographic operations.
+This means, in particular, that cryptographic hardware devices are
+employed whenever possible to optimize the performance of sub-protocols.
+.Pp
+System configuration requires the
+.Xr opencrypto 9
+subsystem.
+When the
+Fast IPsec
+protocols are configured for use, all protocols are included in the system.
+To selectively enable/disable protocols, use
+.Xr sysctl 8 .
 .\"
 .Sh PROTOCOLS
 The
@@ -282,7 +296,6 @@
 .Xr ioctl 2 ,
 .Xr socket 2 ,
 .Xr ipsec_set_policy 3 ,
-.Xr fast_ipsec 4 ,
 .Xr icmp6 4 ,
 .Xr intro 4 ,
 .Xr ip6 4 ,
Prev by Date: [src/trunk]: src/doc Refer ipsec(4) instead of fast_ipsec(4)
Next by Date: [src/pgoyette-compat]: src/sys/dev/wscons Keep up with -HEAD
Previous by Thread: [src/trunk]: src/doc Refer ipsec(4) instead of fast_ipsec(4)
Next by Thread: [src/pgoyette-compat]: src/sys/dev/wscons Keep up with -HEAD
Indexes:
Home | Main Index | Thread Index | Old Index