[Midnightbsd-cvs] src: lib/libipsec: Merge changes.

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Thu Oct 30 17:31:08 EDT 2008 

Log Message:
-----------
Merge changes.

Modified Files:
--------------
    src/lib/libipsec:
        ipsec_set_policy.3 (r1.2 -> r1.3)
        ipsec_strerror.3 (r1.2 -> r1.3)

-------------- next part --------------
Index: ipsec_strerror.3
===================================================================
RCS file: /home/cvs/src/lib/libipsec/ipsec_strerror.3,v
retrieving revision 1.2
retrieving revision 1.3
diff -L lib/libipsec/ipsec_strerror.3 -L lib/libipsec/ipsec_strerror.3 -u -r1.2 -r1.3
--- lib/libipsec/ipsec_strerror.3
+++ lib/libipsec/ipsec_strerror.3
@@ -27,7 +27,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $FreeBSD: src/lib/libipsec/ipsec_strerror.3,v 1.13.2.1 2006/03/09 12:41:34 gnn Exp $
+.\" $FreeBSD: src/lib/libipsec/ipsec_strerror.3,v 1.15 2007/07/01 12:08:05 gnn Exp $
 .\"
 .Dd February 14, 2006
 .Dt IPSEC_STRERROR 3
@@ -38,12 +38,12 @@
 .Nd error messages for the IPsec policy manipulation library
 .\"
 .Sh SYNOPSIS
-.In netinet6/ipsec.h
+.In netipsec/ipsec.h
 .Ft "const char *"
 .Fn ipsec_strerror
 .\"
 .Sh DESCRIPTION
-.In netinet6/ipsec.h
+.In netipsec/ipsec.h
 declares
 .Pp
 .Dl extern int ipsec_errcode;
Index: ipsec_set_policy.3
===================================================================
RCS file: /home/cvs/src/lib/libipsec/ipsec_set_policy.3,v
retrieving revision 1.2
retrieving revision 1.3
diff -L lib/libipsec/ipsec_set_policy.3 -L lib/libipsec/ipsec_set_policy.3 -u -r1.2 -r1.3
--- lib/libipsec/ipsec_set_policy.3
+++ lib/libipsec/ipsec_set_policy.3
@@ -27,7 +27,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $FreeBSD: src/lib/libipsec/ipsec_set_policy.3,v 1.20.2.1 2006/03/09 12:41:34 gnn Exp $
+.\" $FreeBSD: src/lib/libipsec/ipsec_set_policy.3,v 1.23 2007/07/01 12:08:05 gnn Exp $
 .\"
 .Dd February 14, 2006
 .Dt IPSEC_SET_POLICY 3
@@ -41,7 +41,7 @@
 .Sh LIBRARY
 .Lb libipsec
 .Sh SYNOPSIS
-.In netinet6/ipsec.h
+.In netipsec/ipsec.h
 .Ft "char *"
 .Fn ipsec_set_policy "char *policy" "int len"
 .Ft int
@@ -51,13 +51,13 @@
 .Sh DESCRIPTION
 The
 .Fn ipsec_set_policy
-function generates an IPsec policy specification structure, 
+function generates an IPsec policy specification structure,
 .Li struct sadb_x_policy
 and/or
 .Li struct sadb_x_ipsecrequest
 from a human-readable policy specification.
-The policy specification must be given as a C string, 
-passed in the 
+The policy specification must be given as a C string,
+passed in the
 .Fa policy
 argument and the length of the string, given as
 .Fa len .
@@ -66,7 +66,7 @@
 function returns pointer to a buffer which contains a properly formed
 IPsec policy specification structure.
 The buffer is dynamically allocated, and must be freed by using the
-.Xr free 3 
+.Xr free 3
 library function.
 .Pp
 The
@@ -94,13 +94,13 @@
 .Fn ipsec_dump_policy
 function returns a pointer to dynamically allocated string.
 It is the caller's responsibility to free the returned pointer using the
-.Xr free 3 
+.Xr free 3
 library call.
 .Pp
-A 
+A
 .Fa policy
 is given in the following way:
-.Bl -tag  -width "discard"
+.Bl -tag -width "discard"
 .It Ar direction Li discard
 The
 .Ar direction
@@ -108,7 +108,7 @@
 .Li in
 or
 .Li out
-and 
+and
 specifies which direction the policy needs to be applied, either on
 inbound or outbound packets.
 When the
@@ -121,10 +121,11 @@
 in the kernel, as controlled by
 .Xr setkey 8 .
 .It Ar direction Li bypass
-A direction of 
+A direction of
 .Li bypass
 indicates that IPsec processing should not occur and that the
-packet will be transmitted in clear.  The bypass option is only
+packet will be transmitted in clear.
+The bypass option is only
 available to privileged sockets.
 .It Xo
 .Ar direction
@@ -138,7 +139,7 @@
 can be followed by one or more
 .Ar request
 string, which is formatted as:
-.Bl -tag  -width "discard"
+.Bl -tag -width "discard"
 .It Xo
 .Ar protocol
 .Li /
@@ -164,8 +165,8 @@
 is either
 .Li transport
 or
-.Li tunnel 
-the meanings of both modes are described in 
+.Li tunnel
+the meanings of both modes are described in
 .Xr ipsec 4 .
 .Pp
 The
@@ -210,9 +211,10 @@
 means that the kernel should consult the default security policies as
 defined by a set of
 .Xr sysctl 8 ,
-variables.  The relevant
-.Xr sysctl 8 
-variables are described in 
+variables.
+The relevant
+.Xr sysctl 8
+variables are described in
 .Xr ipsec 4 .
 .Pp
 When
@@ -221,15 +223,16 @@
 (SA)
 can be used when available but is not necessary.
 If the SA is available then packets will be handled by IPsec,
-i.e. encrypted and/or authenticated but if an SA is not available then
-packets will be transmitted in the clear.  The
+i.e., encrypted and/or authenticated but if an SA is not available then
+packets will be transmitted in the clear.
+The
 .Li use
 option is not recommended because it allows for accidental
 mis-configurations where encrypted or authenticated link becomes
 unencrypted or unauthenticated, the
 .Li require
 keyword is recommended instead of
-.Li use 
+.Li use
 where possible.
 Using the
 .Li require
@@ -250,7 +253,7 @@
 .Li unique
 keyword in this way:
 .Li unique : number ,
-where 
+where
 .Li number
 must be between 1 and 32767.
 .Pp
@@ -270,7 +273,7 @@
 .El
 .Pp
 Note that there is a difference between the specification allowed here
-and in 
+and in
 .Xr setkey 8 .
 When specifying security policies with
 .Xr setkey 8 ,
@@ -278,42 +281,16 @@
 Refer to
 .Xr setkey 8
 for details.
-.Sh EXAMPLES
-Set a policy that all inbound packets are discarded.
-.Bd -literal -offset indent
-in discard
-
-.Ed
-.\"
-All outbound packets are required to be processed by IPsec and
-transported using ESP.
-.Bd -literal -offset indent
-out ipsec esp/transport//require
-
-.Ed
-.\"
-All inbound packets are required to be authenticated using the AH protocol.
-.Bd -literal -offset indent
-in ipsec ah/transport//require
-
-.Ed
-.\"
-Tunnel packets outbound through the endpoints at 10.1.1.2 and 10.1.1.1.
-.Bd -literal -offset indent
-out ipsec esp/tunnel/10.1.1.2-10.1.1.1/require
-
-.Ed
-.\"
 .Sh RETURN VALUES
 The
 .Fn ipsec_set_policy
 function returns a pointer to the allocated buffer containing a the
 policy specification if successful; otherwise a NULL pointer is
-returned.  
+returned.
 .Pp
 The
 .Fn ipsec_get_policylen
-function returns a positive value, 
+function returns a positive value,
 indicating the buffer size,
 on success, and a negative value on error.
 .Pp
@@ -323,6 +300,26 @@
 containing a human readable security policy on success, and
 .Dv NULL
 on error.
+.Sh EXAMPLES
+Set a policy that all inbound packets are discarded.
+.Pp
+.Dl "in discard"
+.Pp
+.\"
+All outbound packets are required to be processed by IPsec and
+transported using ESP.
+.Pp
+.Dl "out ipsec esp/transport//require"
+.Pp
+.\"
+All inbound packets are required to be authenticated using the AH protocol.
+.Pp
+.Dl "in ipsec ah/transport//require"
+.Pp
+.\"
+Tunnel packets outbound through the endpoints at 10.1.1.2 and 10.1.1.1.
+.Pp
+.Dl "out ipsec esp/tunnel/10.1.1.2-10.1.1.1/require"
 .Sh SEE ALSO
 .Xr ipsec_strerror 3 ,
 .Xr ipsec 4 ,
@@ -332,4 +329,4 @@
 .Pp
 IPv6 and IPsec support based on the KAME Project (http://www.kame.net/) stack
 was initially integrated into
-.Fx 4.0
+.Fx 4.0 .

More information about the Midnightbsd-cvs mailing list