[src/trunk]: src/usr.sbin/setkey sync with latest kame.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/usr.sbin/setkey sync with latest kame.
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 06:52:19 +0000
details:   https://anonhg.NetBSD.org/src/rev/6ddc6a6feb0f
branches:  trunk
changeset: 483646:6ddc6a6feb0f
user:      itojun <itojun%NetBSD.org@localhost>
date:      Wed Mar 15 00:24:30 2000 +0000

description:
sync with latest kame.
- fix examples and wording in setkey.8
- allow scoped IPv6 notation (kernel side may not be really ready for this)

diffstat:

 usr.sbin/setkey/setkey.8 |  89 ++++++++++++++++++++++++-----------------------
 usr.sbin/setkey/setkey.c |   4 +-
 usr.sbin/setkey/token.l  |   4 +-
 3 files changed, 50 insertions(+), 47 deletions(-)

diffs (truncated from 305 to 300 lines):

diff -r 62b7b612be96 -r 6ddc6a6feb0f usr.sbin/setkey/setkey.8
--- a/usr.sbin/setkey/setkey.8  Tue Mar 14 23:13:12 2000 +0000
+++ b/usr.sbin/setkey/setkey.8  Wed Mar 15 00:24:30 2000 +0000
@@ -25,12 +25,12 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"    $NetBSD: setkey.8,v 1.6 2000/01/31 14:22:43 itojun Exp $
-.\"    KAME Id: setkey.8,v 1.18 2000/01/14 01:28:27 itojun Exp
+.\"    $NetBSD: setkey.8,v 1.7 2000/03/15 00:24:30 itojun Exp $
+.\"     KAME Id: setkey.8,v 1.23 2000/03/13 05:33:53 itojun Exp
 .\"
 .Dd May 17, 1998
 .Dt SETKEY 8
-.Os KAME
+.Os
 .\" 
 .Sh NAME
 .Nm setkey
@@ -55,16 +55,17 @@
 .\" 
 .Sh DESCRIPTION
 .Nm
-updates, or lists the content of, Security Association Database (SAD) entries
-in the kernel as well as Security Policy Database (SPD) entries.
+addes, updates, dumpes, or flushes
+Security Association Database (SAD) entries
+as well as Security Policy Database (SPD) entries in the kernel.
 .Pp
 .Nm
-takes a series of operation from standard input
+takes a series of operations from the standard input
 .Po
 if invoked with
 .Fl c
 .Pc
-or file named
+or the file named
 .Ar filename
 .Po
 if invoked with
@@ -77,21 +78,23 @@
 .Fl P ,
 the SPD entries are dumped.
 .It Fl F
-Flush the SAD.
+Flush the SAD entries.
 If with
 .Fl P ,
-the SPD are flushed.
+the SPD entries are flushed.
 .It Fl a
 .Nm
-usually do not display dead SAD entries on
+usually does not display dead SAD entries with
 .Fl D .
-With
+If with
 .Fl a ,
-dead SAD entries will be displayed as well.
-Dead SAD entries are kept in the kernel,
-when they are referenced from any of SPD entries in the kernel.
+the dead SAD entries will be displayed as well.
+A dead SAD entry means that
+it has been expired but remains
+because it is referenced by SPD entries.
 .It Fl d
-Enable debugging messages.
+Enable to print debugging messages for command parser,
+without talking to kernel.  It is not used usually.
 .It Fl x
 Loop forever and dump all the messages transmitted to
 .Dv PF_KEY
@@ -112,9 +115,8 @@
 .Pc .
 .El
 .Pp
-Operation has the following grammar. Note that lines, that start with a
-hashmark ('#') are treated as comment lines.
-Description of meta-arguments follows.
+Operations have the following grammar. Note that lines starting with
+hashmarks ('#') are treated as comment lines.
 .Bl -tag -width Ds
 .It Xo
 .Li add
@@ -123,7 +125,7 @@
 .Ar algorithm...
 .Li ;
 .Xc
-Add a SAD entry.
+Add an SAD entry.
 .\"
 .It Xo
 .Li get
@@ -131,7 +133,7 @@
 .Op Fl m Ar mode
 .Li ;
 .Xc
-Show a SAD entry.
+Show an SAD entry.
 .\"
 .It Xo
 .Li delete
@@ -139,35 +141,35 @@
 .Op Fl m Ar mode
 .Li ;
 .Xc
-Remove a SAD entry.
+Remove an SAD entry.
 .\"
 .It Xo
 .Li flush
 .Op Ar protocol
 .Li ;
 .Xc
-Clear all SAD entries that matches the options.
+Clear all SAD entries matched by the options.
 .\"
 .It Xo
 .Li dump
 .Op Ar protocol
 .Li ;
 .Xc
-Dumps all SAD entries that matches the options.
+Dumps all SAD entries matched by the options.
 .\"
 .It Xo
 .Li spdadd
 .Ar src_range Ar dst_range Ar upperspec Ar policy
 .Li ;
 .Xc
-Add a SPD entry.
+Add an SPD entry.
 .\"
 .It Xo
 .Li spddelete
-.Ar src_range Ar dst_range Ar upperspec
+.Ar src_range Ar dst_range Ar upperspec Fl P Ar direction
 .Li ;
 .Xc
-Delete a SPD entry.
+Delete an SPD entry.
 .\"
 .It Xo
 .Li spdflush
@@ -179,7 +181,7 @@
 .Li spddump
 .Li ;
 .Xc
-Dumps all SAD entries.
+Dumps all SPD entries.
 .El
 .\"
 .Pp
@@ -215,7 +217,7 @@
 .\"
 .Pp
 .It Ar spi
-Security Parameter Index (SPI) for the SA and SPD.
+Security Parameter Index (SPI) for the SAD and the SPD.
 It must be decimal number or hexadecimal number
 .Po
 with
@@ -225,17 +227,18 @@
 .\"
 .Pp
 .It Ar extensions
-takes some of the following:
+take some of the following:
 .Bl -tag -width Fl -compact 
 .\"
 .It Fl m Ar mode
-Specify an security protocol mode for use.  By default,
-.Li any .
+Specify a security protocol mode for use.  
 .Ar mode
 is one of following:
 .Li transport , tunnel
 or
 .Li any .
+The default value is
+.Li any .
 .\"
 .It Fl r Ar size
 Specify window size of bytes for replay prevention.
@@ -320,7 +323,7 @@
 only.
 .Pp
 .Ar key
-must be double-quoted character string or a series of hexadecimal digits.
+must be double-quoted character string or series of hexadecimal digits.
 .Pp
 Possible values for
 .Ar ealgo ,
@@ -331,7 +334,7 @@
 .\"
 .It Ar src_range
 .It Ar dst_range
-These are selection of the secure communication is specified as
+These are selections of the secure communication specified as
 IPv4/v6 address or IPv4/v6 address range, and it may accompany
 TCP/UDP port specification.
 This takes the following form:
@@ -374,7 +377,7 @@
 .Ar upperspec
 does not work against forwarding case at this moment,
 as it requires extra reassembly at forwarding node
-.Pq not implemented as this moment .
+.Pq not implemented at this moment .
 .\"
 .It Ar policy
 .Ar policy
@@ -436,15 +439,15 @@
 or
 .Li require .
 .Li default
-means kernel consults to the system wide default against protocol you
+means the kernel consults to the system wide default against protocol you
 specified, e.g.
 .Li esp_trans_deflev
-sysctl variable, when kernel processes the packet.
+sysctl variable, when the kernel processes the packet.
 .Li use
-means that kernel use a SA if it's available,
-otherwise kernel keeps normal operation.
+means that the kernel use a SA if it's available,
+otherwise the kernel keeps normal operation.
 .Li require
-means SA is required whenever kernel deals with the packet.
+means SA is required whenever the kernel deals with the packet.
 Note that
 .Dq Li discard
 and
@@ -465,7 +468,7 @@
 and
 .Sy algorithm
 are almost orthogonal.
-Following are the list of authentication algorithms that can be used as
+Followings are the list of authentication algorithms that can be used as
 .Ar aalgo
 in
 .Fl A Ar aalgo
@@ -486,7 +489,7 @@
 null           0 to 2048       for debugging
 .Ed
 .Pp
-Following are the list of encryption algorithms that can be used as
+Followings are the list of encryption algorithms that can be used as
 .Ar ealgo
 in
 .Fl E Ar ealgo
@@ -506,7 +509,7 @@
 3des-deriv     192             no document
 .Ed
 .Pp
-Following are the list of compression algorithms that can be used as
+Followings are the list of compression algorithms that can be used as
 .Ar calgo
 in
 .Fl C Ar calgo
@@ -523,7 +526,7 @@
 .Sh EXAMPLES
 .Bd -literal -offset
 add    3ffe:501:4819::1 3ffe:501:481d::1 esp 123457
-               -E des-cbc "ESP SA!!"
+               -E des-cbc "ESP SA!!" ;
 
 add    3ffe:501:4819::1 3ffe:501:481d::1 ah 123456
                -A hmac-sha1 "AH SA configuration!" ;
diff -r 62b7b612be96 -r 6ddc6a6feb0f usr.sbin/setkey/setkey.c
--- a/usr.sbin/setkey/setkey.c  Tue Mar 14 23:13:12 2000 +0000
+++ b/usr.sbin/setkey/setkey.c  Wed Mar 15 00:24:30 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: setkey.c,v 1.4 2000/02/06 11:21:48 itojun Exp $        */
+/*     $NetBSD: setkey.c,v 1.5 2000/03/15 00:24:31 itojun Exp $        */
 
 /*
  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -28,7 +28,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
-/* KAME Id: setkey.c,v 1.8 1999/12/02 05:23:59 sakane Exp */
+/* KAME Id: setkey.c,v 1.9 2000/02/06 10:56:11 itojun Exp */
 
 #include <sys/types.h>
 #include <sys/param.h>
diff -r 62b7b612be96 -r 6ddc6a6feb0f usr.sbin/setkey/token.l
--- a/usr.sbin/setkey/token.l   Tue Mar 14 23:13:12 2000 +0000
+++ b/usr.sbin/setkey/token.l   Wed Mar 15 00:24:30 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: token.l,v 1.5 2000/02/06 11:21:49 itojun Exp $ */
+/*     $NetBSD: token.l,v 1.6 2000/03/15 00:24:31 itojun Exp $ */
 
 /*
  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -108,7 +108,7 @@
 octetstring    {octet}({dot}{octet})+
 ipaddress      {ipv4addr}|{ipv6addr}
 ipv4addr       {digit}{1,3}({dot}{digit}{1,3}){0,3}
Prev by Date: [src/trunk]: src/distrib/utils/sysinst Convert ask_sizemult to take an argume...
Next by Date: [src/trunk]: src/sys/sys Add SLIST.
Previous by Thread: [src/trunk]: src/distrib/utils/sysinst Convert ask_sizemult to take an argume...
Next by Thread: [src/trunk]: src/sys/sys Add SLIST.
Indexes:
Home | Main Index | Thread Index | Old Index