Module Name: src
Committed By: ozaki-r
Date: Mon Nov 19 04:54:37 UTC 2018
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: setkey.8
Log Message:
Use Cm instead of Li or Ar for fixed command strings
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/crypto/dist/ipsec-tools/src/setkey/setkey.8
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/setkey/setkey.8
diff -u src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.34 src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.35
--- src/crypto/dist/ipsec-tools/src/setkey/setkey.8:1.34 Sat Feb 18 13:51:29 2012
+++ src/crypto/dist/ipsec-tools/src/setkey/setkey.8 Mon Nov 19 04:54:37 2018
@@ -1,4 +1,4 @@
-.\" $NetBSD: setkey.8,v 1.34 2012/02/18 13:51:29 wiz Exp $
+.\" $NetBSD: setkey.8,v 1.35 2018/11/19 04:54:37 ozaki-r Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd February 18, 2012
+.Dd November 19, 2018
.Dt SETKEY 8
.Os
.\"
@@ -160,60 +160,60 @@ Lines starting with hash signs
.Pq Sq #
are treated as comment lines.
.Bl -tag -width Ds
-.It Li add Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi \
+.It Cm add Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi \
Oo Ar extensions Oc Ar algorithm ... Li ;
Add an SAD entry.
-.Li add
+.Cm add
can fail for multiple reasons, including when the key length does
not match the specified algorithm.
.\"
-.It Li get Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ;
+.It Cm get Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ;
Show an SAD entry.
.\"
-.It Li delete Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ;
+.It Cm delete Oo Fl 46n Oc Ar src Ar dst Ar protocol Ar spi Li ;
Remove an SAD entry.
.\"
-.It Li deleteall Oo Fl 46n Oc Ar src Ar dst Ar protocol Li ;
+.It Cm deleteall Oo Fl 46n Oc Ar src Ar dst Ar protocol Li ;
Remove all SAD entries that match the specification.
.\"
-.It Li flush Oo Ar protocol Oc Li ;
+.It Cm flush Oo Ar protocol Oc Li ;
Clear all SAD entries matched by the options.
.Fl F
on the command line achieves the same functionality.
.\"
-.It Li dump Oo Ar protocol Oc Li ;
+.It Cm dump Oo Ar protocol Oc Li ;
Dumps all SAD entries matched by the options.
.Fl D
on the command line achieves the same functionality.
.\"
-.It Li spdadd Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
+.It Cm spdadd Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
Ar label Ar policy Li ;
Add an SPD entry.
.\"
-.It Li spdadd tagged Ar tag Ar policy Li ;
+.It Cm spdadd tagged Ar tag Ar policy Li ;
Add an SPD entry based on a PF tag.
.Ar tag
must be a string surrounded by double quotes.
.\"
-.It Li spdupdate Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
+.It Cm spdupdate Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
Ar label Ar policy Li ;
Updates an SPD entry.
.\"
-.It Li spdupdate tagged Ar tag Ar policy Li ;
+.It Cm spdupdate tagged Ar tag Ar policy Li ;
Update an SPD entry based on a PF tag.
.Ar tag
must be a string surrounded by double quotes.
.\"
-.It Li spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
+.It Cm spddelete Oo Fl 46n Oc Ar src_range Ar dst_range Ar upperspec \
Fl P Ar direction Li ;
Delete an SPD entry.
.\"
-.It Li spdflush Li ;
+.It Cm spdflush Li ;
Clear all SPD entries.
.Fl FP
on the command line achieves the same functionality.
.\"
-.It Li spddump Li ;
+.It Cm spddump Li ;
Dumps all SPD entries.
.Fl DP
on the command line achieves the same functionality.
@@ -251,19 +251,19 @@ avoids FQDN resolution and requires addr
.Ar protocol
is one of following:
.Bl -tag -width Fl -compact
-.It Li esp
+.It Cm esp
ESP based on rfc2406
-.It Li esp-old
+.It Cm esp-old
ESP based on rfc1827
-.It Li esp-udp
+.It Cm esp-udp
UDP encapsulated ESP for NAT traversal (rfc3948)
-.It Li ah
+.It Cm ah
AH based on rfc2402
-.It Li ah-old
+.It Cm ah-old
AH based on rfc1826
-.It Li ipcomp
+.It Cm ipcomp
IPComp
-.It Li tcp
+.It Cm tcp
TCP-MD5 based on rfc2385
.El
.\"
@@ -290,11 +290,11 @@ take some of the following:
Specify a security protocol mode for use.
.Ar mode
is one of following:
-.Li transport , tunnel ,
+.Cm transport , tunnel ,
or
-.Li any .
+.Cm any .
The default value is
-.Li any .
+.Cm any .
.\"
.It Fl r Ar size
Specify window size of bytes for replay prevention.
@@ -314,11 +314,11 @@ defines the content of the ESP padding.
.Ar pad_option
is one of following:
.Bl -tag -width random-pad -compact
-.It Li zero-pad
+.It Cm zero-pad
All the paddings are zero.
-.It Li random-pad
+.It Cm random-pad
A series of randomized values are used.
-.It Li seq-pad
+.It Cm seq-pad
A series of sequential increasing numbers started from 1 are used.
.El
.\"
@@ -433,12 +433,12 @@ You can use one of the words in
as
.Ar upperspec ,
or
-.Li icmp6 ,
-.Li ip4 ,
-.Li gre ,
+.Cm icmp6 ,
+.Cm ip4 ,
+.Cm gre ,
or
-.Li any .
-.Li any
+.Cm any .
+.Cm any
stands for
.Dq any protocol .
You can also use the protocol number.
@@ -500,21 +500,21 @@ The string representation of the label t
is in one of the following three formats:
.Bl -item -compact
.It
-.Fl P Ar direction [priority specification] Li discard
+.Fl P Ar direction [priority specification] Cm discard
.It
-.Fl P Ar direction [priority specification] Li none
+.Fl P Ar direction [priority specification] Cm none
.It
-.Fl P Ar direction [priority specification] Li ipsec
+.Fl P Ar direction [priority specification] Cm ipsec
.Ar protocol/mode/src-dst/level Op ...
.El
.Pp
You must specify the direction of its policy as
.Ar direction .
Either
-.Ar out ,
-.Ar in ,
+.Cm out ,
+.Cm in ,
or
-.Ar fwd
+.Cm fwd
can be used.
.Pp
.Ar priority specification
@@ -539,10 +539,12 @@ is an integer in the range from \-214748
.It Ar {priority,prio} base {+,\-} offset
.Ar base
is either
-.Li low (\-1073741824) ,
-.Li def (0) ,
-or
-.Li high (1073741824)
+.Cm low
+(\-1073741824),
+.Cm def
+(0), or
+.Cm high
+(1073741824)
.Pp
.Ar offset
is an unsigned integer.
@@ -550,32 +552,32 @@ It can be up to 1073741824 for
positive offsets, and up to 1073741823 for negative offsets.
.El
.Pp
-.Li discard
+.Cm discard
means the packet matching indexes will be discarded.
-.Li none
+.Cm none
means that IPsec operation will not take place onto the packet.
-.Li ipsec
+.Cm ipsec
means that IPsec operation will take place onto the packet.
.Pp
The
.Ar protocol/mode/src-dst/level
part specifies the rule how to process the packet.
Either
-.Li ah ,
-.Li esp ,
+.Cm ah ,
+.Cm esp ,
or
-.Li ipcomp
+.Cm ipcomp
must be used as
.Ar protocol .
.Ar mode
is either
-.Li transport
+.Cm transport
or
-.Li tunnel .
+.Cm tunnel .
If
.Ar mode
is
-.Li tunnel ,
+.Cm tunnel ,
you must specify the end-point addresses of the SA as
.Ar src
and
@@ -586,7 +588,7 @@ between these addresses, which is used t
If
.Ar mode
is
-.Li transport ,
+.Cm transport ,
both
.Ar src
and
@@ -594,39 +596,39 @@ and
can be omitted.
.Ar level
is to be one of the following:
-.Li default , use , require ,
+.Cm default , use , require ,
or
-.Li unique .
+.Cm unique .
If the SA is not available in every level, the kernel will
ask the key exchange daemon to establish a suitable SA.
-.Li default
+.Cm default
means the kernel consults the system wide default for the protocol
you specified, e.g. the
-.Li esp_trans_deflev
+.Cm esp_trans_deflev
sysctl variable, when the kernel processes the packet.
-.Li use
+.Cm use
means that the kernel uses an SA if it's available,
otherwise the kernel keeps normal operation.
-.Li require
+.Cm require
means SA is required whenever the kernel sends a packet matched
with the policy.
-.Li unique
+.Cm unique
is the same as
-.Li require ;
+.Cm require ;
in addition, it allows the policy to match the unique out-bound SA.
You just specify the policy level
-.Li unique ,
+.Cm unique ,
.Xr racoon 8
will configure the SA for the policy.
If you configure the SA by manual keying for that policy,
you can put a decimal number as the policy identifier after
-.Li unique
+.Cm unique
separated by a colon
.Sq \&:
like:
-.Li unique:number
+.Cm unique : Ns Ar number
in order to bind this policy to the SA.
-.Li number
+.Ar number
must be between 1 and 32767.
It corresponds to
.Ar extensions Fl u
@@ -658,9 +660,9 @@ They can be displayed in SPD dump using
.Fl DPp .
.Pp
Note that
-.Dq Li discard
+.Cm discard
and
-.Dq Li none
+.Cm none
are not in the syntax described in
.Xr ipsec_set_policy 3 .
There are a few differences in the syntax.
@@ -733,13 +735,13 @@ aes-gmac 160/224/288 rfc4543
.Ed
.Pp
Note that the first 128/192/256 bits of a key for
-.Li aes-ctr ,
-.Li aes-gcm-16
+.Cm aes-ctr ,
+.Cm aes-gcm-16
or
-.Li aes-gmac
+.Cm aes-gmac
will be used as AES key, and the remaining 32 bits will be used as nonce.
Also note that
-.Li aes-gmac
+.Cm aes-gmac
does not encrypt the payload, it only provides authentication.
.Pp
These compression algorithms can be used as
@@ -757,9 +759,9 @@ deflate rfc2394
.\"
.Ss RFC vs Linux kernel semantics
The Linux kernel uses the
-.Ar fwd
+.Cm fwd
policy instead of the
-.Ar in
+.Cm in
policy for packets what are forwarded through that particular box.
.Pp
In
@@ -775,13 +777,13 @@ mode,
.Bl -item
.It
creates
-.Ar fwd
+.Cm fwd
policies for every
-.Ar in
+.Cm in
policy inserted
.It
(not implemented yet) filters out all
-.Ar fwd
+.Cm fwd
policies
.El
.Sh RETURN VALUES
