Home | History | Annotate | Download | only in man4
History log of /src/share/man/man4/ipsec.4
RevisionDateAuthorComments
 1.46  18-Mar-2024  gutteridge ipsec.4: minor grammatical improvements
 1.45  15-Jun-2018  wiz Add missing word.
 1.44  13-Jun-2018  ozaki-r Retire fast_ipsec.4

We switched to Fast IPsec at NetBSD 6.0 and that's the IPsec implementation of
us now. So we don't need to have a separate manual. Merge fast_ipsec.4 into
ipsec.4 and remove fast_ipsec.4.
 1.43  10-Jan-2018  wiz branches: 1.43.2;
Spell IPsec that way. Simplify macro usage. Sort SEE ALSO. Bump
date for previous.
 1.42  10-Jan-2018  knakahara add ipsec(4) interface man as ipsecif.4.
 1.41  21-May-2017  wiz branches: 1.41.2;
Remove superfluous Pp.
 1.40  06-Mar-2017  snj bump date, improve english
 1.39  06-Mar-2017  knakahara add "net.inet.ipsec.crypto_support" man
 1.38  22-Mar-2012  drochner branches: 1.38.14; 1.38.18;
remove KAME IPSEC, replaced by FAST_IPSEC
 1.37  23-Jan-2012  wiz Improve wording.
 1.36  17-Jan-2012  wiz New sentence, new line. Bump date for previous. Sort SEE ALSO.
 1.35  16-Jan-2012  drochner move kame_ipsec.4 almost completely into ipsec.4 because it is valid
for fast_ipsec as well
 1.34  09-Jan-2012  wiz Fix another reference to point to kame_ipsec for setup instructions (for now).
 1.33  09-Jan-2012  drochner fix confusing references, from wiz
 1.32  09-Jan-2012  drochner Make FAST_IPSEC the default IPSEC implementation which is built
into the kernel if the "IPSEC" kernel option is given.
The old implementation is still available as KAME_IPSEC.
Do some minimal manpage adjustment -- kame_ipsec(4) is a copy
of the old ipsec(4) and the latter is now a copy of fast_ipsec(4).
 1.31  17-May-2009  fair branches: 1.31.8;
Eliminate many groff warnings seen in build.
Restructure opening description for clarity.

This man page is very sparse and assumes a lot of knowledge.
We should consider adopting text from the OpenBSD ipsec(4).
 1.30  11-Oct-2006  hubertf xref fast_ipsec(4)
 1.29  20-Feb-2005  wiz Grammar fix.
 1.28  20-Feb-2005  wiz Bump date for IPSEC_NAT_T.
 1.27  20-Feb-2005  wiz Drop trailing whitespace.
 1.26  12-Feb-2005  manu Add support for IPsec Network Address Translator traversal (NAT-T), as
described by RFC 3947 and 3948.
 1.25  21-Oct-2003  itojun mention sysctl(8) interface for SADB_DUMP
 1.24  27-May-2003  wiz Remove .Pp before .Sh.
 1.23  27-May-2003  itojun remove reference to draft-mcdonald-*, as we actually implement different API
from the document.
 1.22  16-Apr-2003  wiz Use
.In header.h
instead of
.Fd #include \*[Lt]header.h\*[Gt]
Much easier to read and write, and supported by groff for ages.
Okayed by ross.
 1.21  09-Apr-2003  jmmv ... and bump date.
 1.20  09-Apr-2003  jmmv Move description of IPSEC* related options from options(4) to ipsec(4) and
add them to the SYNOPSIS section. Closes my own PR misc/17634.
 1.19  31-Mar-2003  perry inbonud->inbound (Igor Sobrado, PR misc/19811)
 1.18  04-Sep-2002  wiz tunneled with one l only.
 1.17  13-Feb-2002  ross Generate <>& symbolically. I'm avoiding .../dist/... directories for now.
 1.16  22-Sep-2001  wiz Sort SEE ALSO, sort sections, drop some .Pp, and improve markup in some
places.
 1.15  27-Jun-2001  itojun clarify issues with AH with encapsulation, and inbound "require" policy.
we now have racoon(8). sync with kame.
 1.14  12-Jun-2001  wiz Typos/whitespace/punctuation.
 1.13  04-Apr-2001  wiz setsockopt lives in 2, not 3.
 1.12  22-Jan-2001  itojun correct RFC # for DF bit behavior
 1.11  26-Oct-2000  sommerfeld fix misc/11315: stale cross-ref to racoon(8)
 1.10  15-Jun-2000  itojun branches: 1.10.2;
remove obsolete sysctl MIB net.inet.ipsec.inbound_call_ike.
(sync with kame)
 1.9  14-Jun-2000  itojun describe more sysctl variables.
 1.8  14-Jun-2000  itojun document issue with SADB_{,SPD}DUMP in BUGS section. (socket buffer full)
 1.7  12-Jun-2000  itojun tiny nroff nit. correct order of sections. (sync with kame)
 1.6  20-Apr-2000  itojun branches: 1.6.2;
correct description on ipsec AH twist.
 1.5  20-Apr-2000  itojun sync with latest kame coc. add AH tunnel twist in caveat section.
 1.4  19-Jan-2000  itojun sync with kame. add full reference info for RFC.
some other cosmetics (remove trailing dot in SEE ALSO .Xr references)
 1.3  17-Jul-1999  itojun add NetBSD RCS ID. retain KAME RCS ID (quoted).
 1.2  01-Jul-1999  itojun s/.Os KAME/.Os/
 1.1  01-Jul-1999  itojun introductory manpage for IPsec and IPv6.
 1.6.2.1  22-Jun-2000  minoura Sync w/ netbsd-1-5-base.
 1.10.2.2  26-Apr-2001  he Pull up revision 1.13 (requested by wiz):
Correct setsockopt(2) reference.
 1.10.2.1  26-Oct-2000  tv Pullup 1.11 [sommerfeld]:
fix misc/11315: stale cross-ref to racoon(8)
 1.31.8.1  17-Apr-2012  yamt sync with head
 1.38.18.1  21-Apr-2017  bouyer Sync with HEAD
 1.38.14.1  20-Mar-2017  pgoyette Sync with HEAD
 1.41.2.1  11-Feb-2018  snj Pull up following revision(s) (requested by ozaki-r in ticket #536):
distrib/sets/lists/base/shl.mi: 1.825
distrib/sets/lists/comp/mi: 1.2168-1.2169
distrib/sets/lists/comp/shl.mi: 1.310
distrib/sets/lists/debug/mi: 1.234
distrib/sets/lists/debug/shl.mi: 1.188
distrib/sets/lists/man/mi: 1.1570
distrib/sets/lists/tests/mi: 1.772
etc/mtree/NetBSD.dist.tests: 1.150
share/man/man4/Makefile: 1.650
share/man/man4/ipsec.4: 1.42-1.43
share/man/man4/ipsecif.4: 1.1-1.5
sys/arch/amd64/conf/ALL: 1.77
sys/arch/amd64/conf/GENERIC: 1.480
sys/conf/files: 1.1191
sys/net/Makefile: 1.34
sys/net/files.net: 1.14
sys/net/if.c: 1.404
sys/net/if.h: 1.248
sys/net/if_gif.c: 1.135
sys/net/if_ipsec.c: 1.1-1.3
sys/net/if_ipsec.h: 1.1
sys/net/if_l2tp.c: 1.16
sys/net/if_types.h: 1.28
sys/netinet/in.c: 1.214
sys/netinet/in.h: 1.103
sys/netinet/in_gif.c: 1.92
sys/netinet/ip_var.h: 1.122
sys/netinet6/in6.c: 1.257
sys/netinet6/in6.h: 1.88
sys/netinet6/in6_gif.c: 1.90
sys/netinet6/ip6_var.h: 1.75
sys/netipsec/Makefile: 1.6
sys/netipsec/files.netipsec: 1.13
sys/netipsec/ipsec.h: 1.62
sys/netipsec/ipsecif.c: 1.1
sys/netipsec/ipsecif.h: 1.1
sys/netipsec/key.c: 1.246-1.247
sys/netipsec/key.h: 1.34
sys/rump/net/Makefile.rumpnetcomp: 1.20
sys/rump/net/lib/libipsec/IPSEC.ioconf: 1.1
sys/rump/net/lib/libipsec/Makefile: 1.1
sys/rump/net/lib/libipsec/ipsec_component.c: 1.1
tests/net/Makefile: 1.34
tests/net/if_ipsec/Makefile: 1.1
tests/net/if_ipsec/t_ipsec.sh: 1.1-1.2
Don't touch an SP without a reference to it
unify processing to check nesting count for some tunnel protocols.
add ipsec(4) interface, which is used for route-based VPN.
man and ATF are added later, please see man for details.
reviewed by christos@n.o, joerg@n.o and ozaki-r@n.o, thanks.
https://mail-index.netbsd.org/tech-net/2017/12/18/msg006557.html
ipsec(4) interface supports rump now.
add ipsec(4) interface ATF.
add ipsec(4) interface man as ipsecif.4.
add ipsec(4) interface to amd64/GENERIC and amd64/ALL configs.
apply in{,6}_tunnel_validate() to gif(4).
Spell IPsec that way. Simplify macro usage. Sort SEE ALSO. Bump
date for previous.
Improve wording and macro use.
Some parts are not clear to me, so someone with knowledge of ipsecif(4)
should improve this some more.
Improve ipsecif.4. Default port ipsec(4) NAT-T is tested now.
pointed out by wiz@n.o and suggested by ozaki-r@n.o, thanks.
Change the prefix of test names to ipsecif_ to distinguish from tests for ipsec(4)
New sentence, new line. Remove empty macro.
Fix PR kern/52920. Pointed out by David Binderman, thanks.
Improve wording, and put a new drawing, from me and Kengo Nakahara.
apply a little more #ifdef INET/INET6. fixes !INET6 builds.
 1.43.2.1  25-Jun-2018  pgoyette Sync with HEAD

RSS XML Feed