Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src/crypto/dist/ipsec-tools/src/setkey Pull up revision 1.7 (...
details: https://anonhg.NetBSD.org/src/rev/57bc36f32de2
branches: netbsd-3
changeset: 575629:57bc36f32de2
user: tron <tron%NetBSD.org@localhost>
date: Sun May 01 10:56:01 2005 +0000
description:
Pull up revision 1.7 (requested by manu in ticket #215):
Improve english, improve formatting, sort options.
diffstat:
crypto/dist/ipsec-tools/src/setkey/setkey.8 | 291 ++++++++++++++-------------
1 files changed, 149 insertions(+), 142 deletions(-)
diffs (truncated from 666 to 300 lines):
diff -r 641a8209321c -r 57bc36f32de2 crypto/dist/ipsec-tools/src/setkey/setkey.8
--- a/crypto/dist/ipsec-tools/src/setkey/setkey.8 Sun May 01 10:53:42 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/setkey/setkey.8 Sun May 01 10:56:01 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: setkey.8,v 1.1.1.2.2.5 2005/05/01 10:53:42 tron Exp $
+.\" $NetBSD: setkey.8,v 1.1.1.2.2.6 2005/05/01 10:56:01 tron Exp $
.\"
.\" $KAME: setkey.8,v 1.93 2003/09/24 23:44:46 itojun Exp $
.\"
@@ -39,16 +39,16 @@
.\"
.Sh SYNOPSIS
.Nm setkey
-.Op Fl nvrk
+.Op Fl knrv
.Ar file ...
.Nm setkey
-.Op Fl nvrk
+.Op Fl knrv
.Fl c
.Nm setkey
-.Op Fl vrk
+.Op Fl krv
.Fl f Ar filename
.Nm setkey
-.Op Fl aPlvrk
+.Op Fl aklPrv
.Fl D
.Nm setkey
.Op Fl Pv
@@ -57,8 +57,7 @@
.Op Fl H
.Fl x
.Nm setkey
-.Op Fl ?
-.Op Fl V
+.Op Fl ?V
.\"
.Sh DESCRIPTION
.Nm
@@ -67,7 +66,7 @@
as well as Security Policy Database (SPD) entries in the kernel.
.Pp
.Nm
-takes a series of operations from the standard input
+takes a series of operations from standard input
.Po
if invoked with
.Fl c
@@ -82,28 +81,29 @@
.It (no flag)
Dump the SAD entries or SPD entries contained in the specified
.Ar file .
-.It Fl D
-Dump the SAD entries.
-If with
-.Fl P ,
-the SPD entries are dumped.
-.It Fl F
-Flush the SAD entries.
-If with
-.Fl P ,
-the SPD entries are flushed.
+.It Fl ?
+Print short help.
.It Fl a
.Nm
usually does not display dead SAD entries with
.Fl D .
-If with
-.Fl a ,
-the dead SAD entries will be displayed as well.
-A dead SAD entry means that
-it has been expired but remains in the system
-because it is referenced by some SPD entries.
+If
+.Fl a
+is also specified, the dead SAD entries will be displayed as well.
+A dead SAD entry is one that has expired but remains in the
+system because it is referenced by some SPD entries.
+.It Fl D
+Dump the SAD entries.
+If
+.Fl P
+is also specified, the SPD entries are dumped.
+.It Fl F
+Flush the SAD entries.
+If
+.Fl P
+is also specified, the SPD entries are dumped.
.It Fl H
-Add hexadecimal dump on
+Add hexadecimal dump in
.Fl x
mode.
.It Fl h
@@ -113,37 +113,39 @@
.Fl H .
On other systems, synonym for
.Fl ? .
+.It Fl k
+Use semantics used in kernel.
+Available only in Linux.
+See also
+.Fl r .
.It Fl l
Loop forever with short output on
.Fl D .
-.It Fl v
-Be verbose.
-The program will dump messages exchanged on
-.Dv PF_KEY
-socket, including messages sent from other processes to the kernel.
.It Fl n
No action.
-The program will check validity of input, but no changes to the SPD will
-be made.
+The program will check validity of the input, but no changes to
+the SPD will be made.
.It Fl r
Use semantics described in IPsec RFCs.
This mode is default.
For details see section
.Sx RFC vs Linux kernel semantics .
Available only in Linux.
-.It Fl k
-Use semantics used in kernel.
-Available only in Linux.
+See also
+.Fl k .
.It Fl x
-Loop forever and dump all the messages transmitted to
+Loop forever and dump all the messages transmitted to the
.Dv PF_KEY
socket.
.Fl xx
-makes each timestamps unformatted.
-.It Fl ?
-Print short help.
+prints the unformatted timestamps.
.It Fl V
Print version string.
+.It Fl v
+Be verbose.
+The program will dump messages exchanged on the
+.Dv PF_KEY
+socket, including messages sent from other processes to the kernel.
.El
.Ss Configuration syntax
With
@@ -153,7 +155,9 @@
on the command line,
.Nm
accepts the following configuration syntax.
-Lines starting with hash signs ('#') are treated as comment lines.
+Lines starting with hash signs
+.Pq Sq #
+are treated as comment lines.
.Bl -tag -width Ds
.It Xo
.Li add
@@ -165,8 +169,8 @@
.Xc
Add an SAD entry.
.Li add
-can fail with multiple reasons,
-including when the key length does not match the specified algorithm.
+can fail for multiple reasons, including when the key length does
+not match the specified algorithm.
.\"
.It Xo
.Li get
@@ -223,7 +227,7 @@
.Ar tag Ar policy
.Li ;
.Xc
-Add an SPD entry based on PF tag.
+Add an SPD entry based on a PF tag.
.Ar tag
must be a string surrounded by double quotes.
.\"
@@ -259,7 +263,7 @@
.It Ar src
.It Ar dst
Source/destination of the secure communication is specified as
-IPv4/v6 address.
+an IPv4/v6 address.
.Nm
can resolve a FQDN into numeric addresses.
If the FQDN resolves into multiple addresses,
@@ -267,10 +271,10 @@
will install multiple SAD/SPD entries into the kernel
by trying all possible combinations.
.Fl 4 ,
-.Fl 6
+.Fl 6 ,
and
.Fl n
-restricts the address resolution of FQDN in certain ways.
+restrict the address resolution of FQDN in certain ways.
.Fl 4
and
.Fl 6
@@ -303,11 +307,11 @@
.Pq SPI
for the SAD and the SPD.
.Ar spi
-must be a decimal number, or a hexadecimal number with
+must be a decimal number, or a hexadecimal number with a
.Dq Li 0x
prefix.
SPI values between 0 and 255 are reserved for future use by IANA
-and they cannot be used.
+and cannot be used.
TCP-MD5 associations must use 0x1000 and therefore only have per-host
granularity at this time.
.\"
@@ -320,7 +324,7 @@
Specify a security protocol mode for use.
.Ar mode
is one of following:
-.Li transport , tunnel
+.Li transport , tunnel ,
or
.Li any .
The default value is
@@ -332,10 +336,10 @@
must be decimal number in 32-bit word.
If
.Ar size
-is zero or not specified, replay check don't take place.
+is zero or not specified, replay checks don't take place.
.\"
.It Fl u Ar id
-Specify the identifier of the policy entry in SPD.
+Specify the identifier of the policy entry in the SPD.
See
.Ar policy .
.\"
@@ -345,15 +349,15 @@
is one of following:
.Bl -tag -width random-pad -compact
.It Li zero-pad
-All of the padding are zero.
+All the paddings are zero.
.It Li random-pad
-A series of randomized values are set.
+A series of randomized values are used.
.It Li seq-pad
-A series of sequential increasing numbers started from 1 are set.
+A series of sequential increasing numbers started from 1 are used.
.El
.\"
.It Fl f Li nocyclic-seq
-Don't allow cyclic sequence number.
+Don't allow cyclic sequence numbers.
.\"
.It Fl lh Ar time
.It Fl ls Ar time
@@ -368,14 +372,14 @@
.It Ar algorithm
.Bl -tag -width Fl -compact
.It Fl E Ar ealgo Ar key
-Specify a encryption algorithm
+Specify an encryption algorithm
.Ar ealgo
for ESP.
.It Xo
.Fl E Ar ealgo Ar key
.Fl A Ar aalgo Ar key
.Xc
-Specify a encryption algorithm
+Specify an encryption algorithm
.Ar ealgo ,
as well as a payload authentication algorithm
.Ar aalgo ,
@@ -386,11 +390,11 @@
Specify a compression algorithm for IPComp.
If
.Fl R
-is specified,
+is specified, the
.Ar spi
field value will be used as the IPComp CPI
.Pq compression parameter index
-on wire as is.
+on wire as-is.
If
.Fl R
is not specified,
@@ -400,23 +404,25 @@
.El
.Pp
.Ar key
-must be double-quoted character string, or a series of hexadecimal digits
-preceded by
+must be a double-quoted character string, or a series of hexadecimal
+digits preceded by
.Dq Li 0x .
.Pp
Home |
Main Index |
Thread Index |
Old Index