Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src Pull up following revision(s) (requested by ozaki-r in ti...
details: https://anonhg.NetBSD.org/src/rev/169223964dcc
branches: netbsd-8
changeset: 851357:169223964dcc
user: snj <snj%NetBSD.org@localhost>
date: Sun Feb 11 21:17:33 2018 +0000
description:
Pull up following revision(s) (requested by ozaki-r in ticket #536):
distrib/sets/lists/base/shl.mi: 1.825
distrib/sets/lists/comp/mi: 1.2168-1.2169
distrib/sets/lists/comp/shl.mi: 1.310
distrib/sets/lists/debug/mi: 1.234
distrib/sets/lists/debug/shl.mi: 1.188
distrib/sets/lists/man/mi: 1.1570
distrib/sets/lists/tests/mi: 1.772
etc/mtree/NetBSD.dist.tests: 1.150
share/man/man4/Makefile: 1.650
share/man/man4/ipsec.4: 1.42-1.43
share/man/man4/ipsecif.4: 1.1-1.5
sys/arch/amd64/conf/ALL: 1.77
sys/arch/amd64/conf/GENERIC: 1.480
sys/conf/files: 1.1191
sys/net/Makefile: 1.34
sys/net/files.net: 1.14
sys/net/if.c: 1.404
sys/net/if.h: 1.248
sys/net/if_gif.c: 1.135
sys/net/if_ipsec.c: 1.1-1.3
sys/net/if_ipsec.h: 1.1
sys/net/if_l2tp.c: 1.16
sys/net/if_types.h: 1.28
sys/netinet/in.c: 1.214
sys/netinet/in.h: 1.103
sys/netinet/in_gif.c: 1.92
sys/netinet/ip_var.h: 1.122
sys/netinet6/in6.c: 1.257
sys/netinet6/in6.h: 1.88
sys/netinet6/in6_gif.c: 1.90
sys/netinet6/ip6_var.h: 1.75
sys/netipsec/Makefile: 1.6
sys/netipsec/files.netipsec: 1.13
sys/netipsec/ipsec.h: 1.62
sys/netipsec/ipsecif.c: 1.1
sys/netipsec/ipsecif.h: 1.1
sys/netipsec/key.c: 1.246-1.247
sys/netipsec/key.h: 1.34
sys/rump/net/Makefile.rumpnetcomp: 1.20
sys/rump/net/lib/libipsec/IPSEC.ioconf: 1.1
sys/rump/net/lib/libipsec/Makefile: 1.1
sys/rump/net/lib/libipsec/ipsec_component.c: 1.1
tests/net/Makefile: 1.34
tests/net/if_ipsec/Makefile: 1.1
tests/net/if_ipsec/t_ipsec.sh: 1.1-1.2
Don't touch an SP without a reference to it
unify processing to check nesting count for some tunnel protocols.
add ipsec(4) interface, which is used for route-based VPN.
man and ATF are added later, please see man for details.
reviewed by christos@n.o, joerg@n.o and ozaki-r@n.o, thanks.
https://mail-index.netbsd.org/tech-net/2017/12/18/msg006557.html
ipsec(4) interface supports rump now.
add ipsec(4) interface ATF.
add ipsec(4) interface man as ipsecif.4.
add ipsec(4) interface to amd64/GENERIC and amd64/ALL configs.
apply in{,6}_tunnel_validate() to gif(4).
Spell IPsec that way. Simplify macro usage. Sort SEE ALSO. Bump
date for previous.
Improve wording and macro use.
Some parts are not clear to me, so someone with knowledge of ipsecif(4)
should improve this some more.
Improve ipsecif.4. Default port ipsec(4) NAT-T is tested now.
pointed out by wiz@n.o and suggested by ozaki-r@n.o, thanks.
Change the prefix of test names to ipsecif_ to distinguish from tests for ipsec(4)
New sentence, new line. Remove empty macro.
Fix PR kern/52920. Pointed out by David Binderman, thanks.
Improve wording, and put a new drawing, from me and Kengo Nakahara.
apply a little more #ifdef INET/INET6. fixes !INET6 builds.
diffstat:
distrib/sets/lists/base/shl.mi | 5 +-
distrib/sets/lists/comp/mi | 6 +-
distrib/sets/lists/comp/shl.mi | 3 +-
distrib/sets/lists/debug/mi | 3 +-
distrib/sets/lists/debug/shl.mi | 3 +-
distrib/sets/lists/man/mi | 5 +-
distrib/sets/lists/tests/mi | 6 +-
etc/mtree/NetBSD.dist.tests | 3 +-
share/man/man4/Makefile | 4 +-
share/man/man4/ipsec.4 | 14 +-
share/man/man4/ipsecif.4 | 198 +++
sys/arch/amd64/conf/ALL | 5 +-
sys/arch/amd64/conf/GENERIC | 5 +-
sys/conf/files | 3 +-
sys/net/Makefile | 4 +-
sys/net/files.net | 3 +-
sys/net/if.c | 41 +-
sys/net/if.h | 4 +-
sys/net/if_gif.c | 32 +-
sys/net/if_ipsec.c | 1748 +++++++++++++++++++++++++++
sys/net/if_ipsec.h | 231 +++
sys/net/if_l2tp.c | 39 +-
sys/net/if_types.h | 3 +-
sys/netinet/in.c | 42 +-
sys/netinet/in.h | 5 +-
sys/netinet/in_gif.c | 33 +-
sys/netinet/ip_var.h | 5 +-
sys/netinet6/in6.c | 22 +-
sys/netinet6/in6.h | 6 +-
sys/netinet6/in6_gif.c | 14 +-
sys/netinet6/ip6_var.h | 5 +-
sys/netipsec/Makefile | 3 +-
sys/netipsec/files.netipsec | 5 +-
sys/netipsec/ipsec.h | 6 +-
sys/netipsec/ipsecif.c | 933 ++++++++++++++
sys/netipsec/ipsecif.h | 47 +
sys/netipsec/key.c | 235 ++-
sys/netipsec/key.h | 18 +-
sys/rump/net/Makefile.rumpnetcomp | 4 +-
sys/rump/net/lib/libipsec/IPSEC.ioconf | 7 +
sys/rump/net/lib/libipsec/Makefile | 15 +
sys/rump/net/lib/libipsec/ipsec_component.c | 42 +
tests/net/Makefile | 4 +-
tests/net/if_ipsec/Makefile | 14 +
tests/net/if_ipsec/t_ipsec.sh | 925 ++++++++++++++
45 files changed, 4564 insertions(+), 194 deletions(-)
diffs (truncated from 5624 to 300 lines):
diff -r b35d982a5e60 -r 169223964dcc distrib/sets/lists/base/shl.mi
--- a/distrib/sets/lists/base/shl.mi Sat Feb 10 04:13:26 2018 +0000
+++ b/distrib/sets/lists/base/shl.mi Sun Feb 11 21:17:33 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.817.2.3 2017/12/04 10:55:19 snj Exp $
+# $NetBSD: shl.mi,v 1.817.2.4 2018/02/11 21:17:33 snj Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -703,6 +703,9 @@
./usr/lib/librumpnet_gif.so base-rump-shlib rump
./usr/lib/librumpnet_gif.so.0 base-rump-shlib rump
./usr/lib/librumpnet_gif.so.0.0 base-rump-shlib rump
+./usr/lib/librumpnet_ipsec.so base-rump-shlib rump
+./usr/lib/librumpnet_ipsec.so.0 base-rump-shlib rump
+./usr/lib/librumpnet_ipsec.so.0.0 base-rump-shlib rump
./usr/lib/librumpnet_l2tp.so base-rump-shlib rump
./usr/lib/librumpnet_l2tp.so.0 base-rump-shlib rump
./usr/lib/librumpnet_l2tp.so.0.0 base-rump-shlib rump
diff -r b35d982a5e60 -r 169223964dcc distrib/sets/lists/comp/mi
--- a/distrib/sets/lists/comp/mi Sat Feb 10 04:13:26 2018 +0000
+++ b/distrib/sets/lists/comp/mi Sun Feb 11 21:17:33 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.2138.2.4 2017/12/04 19:48:55 snj Exp $
+# $NetBSD: mi,v 1.2138.2.5 2018/02/11 21:17:33 snj Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
./etc/mtree/set.comp comp-sys-root
@@ -2218,6 +2218,7 @@
./usr/include/net/if_hippi.h comp-c-include
./usr/include/net/if_ieee1394.h comp-c-include
./usr/include/net/if_ieee80211.h comp-obsolete obsolete
+./usr/include/net/if_ipsec.h comp-c-include
./usr/include/net/if_l2tp.h comp-c-include
./usr/include/net/if_llc.h comp-c-include
./usr/include/net/if_media.h comp-c-include
@@ -2376,6 +2377,7 @@
./usr/include/netipsec/ipcomp_var.h comp-c-include
./usr/include/netipsec/ipip_var.h comp-c-include
./usr/include/netipsec/ipsec.h comp-c-include
+./usr/include/netipsec/ipsecif.h comp-c-include
./usr/include/netipsec/ipsec_var.h comp-c-include
./usr/include/netipsec/keydb.h comp-obsolete obsolete
./usr/include/netipsec/keysock.h comp-c-include
@@ -3560,6 +3562,8 @@
./usr/lib/librumpnet_bridge_p.a comp-c-proflib rump,profile
./usr/lib/librumpnet_gif.a comp-c-lib rump
./usr/lib/librumpnet_gif_p.a comp-c-proflib rump,profile
+./usr/lib/librumpnet_ipsec.a comp-c-lib rump
+./usr/lib/librumpnet_ipsec_p.a comp-c-proflib rump,profile
./usr/lib/librumpnet_l2tp.a comp-c-lib rump
./usr/lib/librumpnet_l2tp_p.a comp-c-proflib rump,profile
./usr/lib/librumpnet_local.a comp-c-lib rump
diff -r b35d982a5e60 -r 169223964dcc distrib/sets/lists/comp/shl.mi
--- a/distrib/sets/lists/comp/shl.mi Sat Feb 10 04:13:26 2018 +0000
+++ b/distrib/sets/lists/comp/shl.mi Sun Feb 11 21:17:33 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.306.2.2 2017/11/23 11:02:16 martin Exp $
+# $NetBSD: shl.mi,v 1.306.2.3 2018/02/11 21:17:33 snj Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -219,6 +219,7 @@
./usr/lib/librumpnet_bpfjit_pic.a comp-c-piclib picinstall,rump,sljit
./usr/lib/librumpnet_bridge_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_gif_pic.a comp-c-piclib picinstall,rump
+./usr/lib/librumpnet_ipsec_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_l2tp_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_local_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_net80211_pic.a comp-c-piclib picinstall,rump
diff -r b35d982a5e60 -r 169223964dcc distrib/sets/lists/debug/mi
--- a/distrib/sets/lists/debug/mi Sat Feb 10 04:13:26 2018 +0000
+++ b/distrib/sets/lists/debug/mi Sun Feb 11 21:17:33 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.216.2.8 2018/01/16 13:01:10 martin Exp $
+# $NetBSD: mi,v 1.216.2.9 2018/02/11 21:17:33 snj Exp $
./etc/mtree/set.debug comp-sys-root
./usr/lib comp-sys-usr compatdir
./usr/lib/i18n/libBIG5_g.a comp-c-debuglib debuglib,compatfile
@@ -211,6 +211,7 @@
./usr/lib/librumpnet_bridge_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_g.a comp-c-debuglib debuglib,compatfile,rump
./usr/lib/librumpnet_gif_g.a comp-c-debuglib debuglib,rump
+./usr/lib/librumpnet_ipsec_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_l2tp_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_local_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_net80211_g.a comp-c-debuglib debuglib,rump
diff -r b35d982a5e60 -r 169223964dcc distrib/sets/lists/debug/shl.mi
--- a/distrib/sets/lists/debug/shl.mi Sat Feb 10 04:13:26 2018 +0000
+++ b/distrib/sets/lists/debug/shl.mi Sun Feb 11 21:17:33 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.176.2.5 2017/12/04 10:55:19 snj Exp $
+# $NetBSD: shl.mi,v 1.176.2.6 2018/02/11 21:17:33 snj Exp $
./usr/lib/libbfd_g.a comp-c-debuglib debuglib,compatfile,binutils
./usr/libdata/debug/lib base-sys-usr debug,dynamicroot,compatdir
./usr/libdata/debug/lib/libblacklist.so.0.0.debug comp-sys-debug debug,dynamicroot
@@ -240,6 +240,7 @@
./usr/libdata/debug/usr/lib/librumpnet_bpfjit.so.0.0.debug comp-rump-debug debug,rump,sljit
./usr/libdata/debug/usr/lib/librumpnet_bridge.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_gif.so.0.0.debug comp-rump-debug debug,rump
+./usr/libdata/debug/usr/lib/librumpnet_ipsec.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_l2tp.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_local.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_net.so.0.0.debug comp-rump-debug debug,rump
diff -r b35d982a5e60 -r 169223964dcc distrib/sets/lists/man/mi
--- a/distrib/sets/lists/man/mi Sat Feb 10 04:13:26 2018 +0000
+++ b/distrib/sets/lists/man/mi Sun Feb 11 21:17:33 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1557.2.1 2018/02/05 13:06:54 martin Exp $
+# $NetBSD: mi,v 1.1557.2.2 2018/02/11 21:17:33 snj Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -1323,6 +1323,7 @@
./usr/share/man/cat4/ipnat.0 man-ipf-catman ipfilter,.cat
./usr/share/man/cat4/ippp.0 man-sys-catman .cat
./usr/share/man/cat4/ipsec.0 man-sys-catman .cat
+./usr/share/man/cat4/ipsecif.0 man-sys-catman .cat
./usr/share/man/cat4/ipw.0 man-sys-catman .cat
./usr/share/man/cat4/irda.0 man-sys-catman .cat
./usr/share/man/cat4/irframe.0 man-sys-catman .cat
@@ -4407,6 +4408,7 @@
./usr/share/man/html4/ipnat.html man-ipf-htmlman ipfilter,html
./usr/share/man/html4/ippp.html man-sys-htmlman html
./usr/share/man/html4/ipsec.html man-sys-htmlman html
+./usr/share/man/html4/ipsecif.html man-sys-htmlman html
./usr/share/man/html4/ipw.html man-sys-htmlman html
./usr/share/man/html4/irda.html man-sys-htmlman html
./usr/share/man/html4/irframe.html man-sys-htmlman html
@@ -7329,6 +7331,7 @@
./usr/share/man/man4/ipnat.4 man-sys-man ipfilter,.man
./usr/share/man/man4/ippp.4 man-sys-man .man
./usr/share/man/man4/ipsec.4 man-sys-man .man
+./usr/share/man/man4/ipsecif.4 man-sys-man .man
./usr/share/man/man4/ipw.4 man-sys-man .man
./usr/share/man/man4/irda.4 man-sys-man .man
./usr/share/man/man4/irframe.4 man-sys-man .man
diff -r b35d982a5e60 -r 169223964dcc distrib/sets/lists/tests/mi
--- a/distrib/sets/lists/tests/mi Sat Feb 10 04:13:26 2018 +0000
+++ b/distrib/sets/lists/tests/mi Sun Feb 11 21:17:33 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.752.2.8 2018/01/16 13:01:10 martin Exp $
+# $NetBSD: mi,v 1.752.2.9 2018/02/11 21:17:34 snj Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -3284,6 +3284,10 @@
./usr/tests/net/if_gif/Atffile tests-net-tests atf,rump
./usr/tests/net/if_gif/Kyuafile tests-net-tests atf,rump,kyua
./usr/tests/net/if_gif/t_gif tests-net-tests atf,rump
+./usr/tests/net/if_ipsec tests-net-tests compattestfile,atf
+./usr/tests/net/if_ipsec/Atffile tests-net-tests atf,rump
+./usr/tests/net/if_ipsec/Kyuafile tests-net-tests atf,rump,kyua
+./usr/tests/net/if_ipsec/t_ipsec tests-net-tests atf,rump
./usr/tests/net/if_l2tp tests-net-tests compattestfile,atf
./usr/tests/net/if_l2tp/Atffile tests-net-tests atf,rump
./usr/tests/net/if_l2tp/Kyuafile tests-net-tests atf,rump,kyua
diff -r b35d982a5e60 -r 169223964dcc etc/mtree/NetBSD.dist.tests
--- a/etc/mtree/NetBSD.dist.tests Sat Feb 10 04:13:26 2018 +0000
+++ b/etc/mtree/NetBSD.dist.tests Sun Feb 11 21:17:33 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: NetBSD.dist.tests,v 1.147.2.2 2017/11/17 20:43:11 snj Exp $
+# $NetBSD: NetBSD.dist.tests,v 1.147.2.3 2018/02/11 21:17:34 snj Exp $
./usr/libdata/debug/usr/tests
./usr/libdata/debug/usr/tests/atf
@@ -332,6 +332,7 @@
./usr/tests/net/if
./usr/tests/net/if_bridge
./usr/tests/net/if_gif
+./usr/tests/net/if_ipsec
./usr/tests/net/if_l2tp
./usr/tests/net/if_loop
./usr/tests/net/if_pppoe
diff -r b35d982a5e60 -r 169223964dcc share/man/man4/Makefile
--- a/share/man/man4/Makefile Sat Feb 10 04:13:26 2018 +0000
+++ b/share/man/man4/Makefile Sun Feb 11 21:17:33 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.637 2017/05/27 21:02:55 bouyer Exp $
+# $NetBSD: Makefile,v 1.637.2.1 2018/02/11 21:17:34 snj Exp $
# @(#)Makefile 8.1 (Berkeley) 6/18/93
MAN= aac.4 ac97.4 acardide.4 aceride.4 acphy.4 \
@@ -141,7 +141,7 @@
MAN += hil.4 hilkbd.4 hilid.4 hilms.4
# IPv6/IPsec
-MAN+= faith.4 gif.4 inet6.4 icmp6.4 ip6.4 ipsec.4 stf.4
+MAN+= faith.4 gif.4 inet6.4 icmp6.4 ip6.4 ipsec.4 ipsecif.4 stf.4
# ISDN devices
MAN+= daic.4 isdntrc.4 isdntel.4 isdnbchan.4 ippp.4 irip.4 isdnctl.4 isdn.4 \
diff -r b35d982a5e60 -r 169223964dcc share/man/man4/ipsec.4
--- a/share/man/man4/ipsec.4 Sat Feb 10 04:13:26 2018 +0000
+++ b/share/man/man4/ipsec.4 Sun Feb 11 21:17:33 2018 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: ipsec.4,v 1.41 2017/05/21 09:13:46 wiz Exp $
+.\" $NetBSD: ipsec.4,v 1.41.2.1 2018/02/11 21:17:34 snj Exp $
.\" $KAME: ipsec.4,v 1.17 2001/06/27 15:25:10 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -28,13 +28,17 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd March 6, 2017
+.Dd January 10, 2018
.Dt IPSEC 4
.Os
.Sh NAME
.Nm ipsec
.Nd IP security protocol
.Sh DESCRIPTION
+This manual pages describes the IPsec protocol.
+For the network device driver please see
+.Xr ipsecif 4 .
+.Pp
.Nm
is a security protocol in the Internet Protocol (IP) layer.
.Nm
@@ -63,14 +67,13 @@
is for protecting peer-to-peer communication between end nodes.
.It Em Tunnel mode
includes IP-in-IP encapsulation operation
-and is designed for security gateways, as in Virtual Private Network
-.Pq Tn VPN
+and is designed for security gateways, as in Virtual Private Network (VPN)
configurations.
.El
.Pp
Since version 6,
.Nx
-uses the IPSEC implementation formerly known as FAST_IPSEC.
+uses the IPsec implementation formerly known as FAST_IPSEC.
Its specifics and kernel options are described in the
.Xr fast_ipsec 4
manual page.
@@ -283,6 +286,7 @@
.Xr icmp6 4 ,
.Xr intro 4 ,
.Xr ip6 4 ,
+.Xr ipsecif 4 ,
.Xr racoon 8 ,
.Xr setkey 8 ,
.Xr sysctl 8
diff -r b35d982a5e60 -r 169223964dcc share/man/man4/ipsecif.4
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/share/man/man4/ipsecif.4 Sun Feb 11 21:17:33 2018 +0000
@@ -0,0 +1,198 @@
+.\" $NetBSD: ipsecif.4,v 1.5.2.2 2018/02/11 21:17:34 snj Exp $
+.\"
+.\" Copyright (C) 2017 Internet Initiative Japan Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the project nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd January 25, 2018
+.Dt IPSECIF 4
+.Os
+.Sh NAME
+.Nm ipsecif
+.Nd IPsec interface
+.Sh SYNOPSIS
+.Cd "pseudo-device ipsecif"
+.Sh DESCRIPTION
+The
+.Nm
+interface is targeted for route-based VPNs.
+It can tunnel IPv4 and IPv6 traffic over either IPv4 or IPv6 and
+secure it with ESP.
+.Pp
+.Nm
+interfaces are dynamically created and destroyed with the
+.Xr ifconfig 8
+.Cm create
+and
+.Cm destroy
+subcommands.
Home |
Main Index |
Thread Index |
Old Index