Module Name: src Committed By: martin Date: Thu Jul 25 08:58:21 UTC 2019
Modified Files: src/crypto/dist/ipsec-tools/src/setkey [netbsd-8]: parse.y token.l src/sys/netipsec [netbsd-8]: key.c src/tests/net/ipsec [netbsd-8]: t_ipsec_misc.sh Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1306): crypto/dist/ipsec-tools/src/setkey/parse.y: revision 1.23 sys/netipsec/key.c: revision 1.265 crypto/dist/ipsec-tools/src/setkey/token.l: revision 1.23 tests/net/ipsec/t_ipsec_misc.sh: revision 1.23 ipsec: fix a regression of the update API The update API updates an SA by creating a new SA and removing an existing SA. The previous change removed a newly added SA wrongly if an existing SA had been created by the getspi API. setkey: enable to use the getspi API If a specified SPI is not zero, tell the kernel to use the SPI by using SADB_EXT_SPIRANGE. Otherwise, the kernel picks a random SPI. It enables to mimic racoon. tests: add tests for getspi and udpate To generate a diff of this commit: cvs rdiff -u -r1.18.4.1 -r1.18.4.2 \ src/crypto/dist/ipsec-tools/src/setkey/parse.y cvs rdiff -u -r1.19.8.1 -r1.19.8.2 \ src/crypto/dist/ipsec-tools/src/setkey/token.l cvs rdiff -u -r1.163.2.11 -r1.163.2.12 src/sys/netipsec/key.c cvs rdiff -u -r1.6.2.3 -r1.6.2.4 src/tests/net/ipsec/t_ipsec_misc.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.