diff options
-rw-r--r-- | sbin/ipsecadm/ipsecadm.8 | 16 | ||||
-rw-r--r-- | sbin/isakmpd/DESIGN-NOTES | 22 | ||||
-rw-r--r-- | sbin/isakmpd/README | 6 | ||||
-rw-r--r-- | sbin/isakmpd/TO-DO | 8 | ||||
-rw-r--r-- | sbin/isakmpd/connection.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/dnssec.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec.c | 10 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec.h | 4 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec_doi.h | 4 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec_fld.fld | 6 | ||||
-rw-r--r-- | sbin/isakmpd/isakmp_doi.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/isakmpd.8 | 4 | ||||
-rw-r--r-- | sbin/isakmpd/isakmpd.conf.5 | 54 | ||||
-rw-r--r-- | sbin/isakmpd/pf_encap.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 8 | ||||
-rw-r--r-- | sbin/isakmpd/samples/VPN-3way-template.conf | 10 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep/linux/README | 6 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep/linux/klips.c | 6 | ||||
-rw-r--r-- | sbin/mount_kernfs/mount_kernfs.8 | 4 | ||||
-rw-r--r-- | sbin/photurisd/README | 2 | ||||
-rw-r--r-- | sbin/photurisd/README.howtouse | 12 | ||||
-rw-r--r-- | sbin/photurisd/kernel.c | 14 | ||||
-rw-r--r-- | sbin/photurisd/photurisd.8 | 4 | ||||
-rw-r--r-- | sbin/ping6/ping6.c | 4 |
24 files changed, 110 insertions, 110 deletions
diff --git a/sbin/ipsecadm/ipsecadm.8 b/sbin/ipsecadm/ipsecadm.8 index 6c49ed53190..3121314eb95 100644 --- a/sbin/ipsecadm/ipsecadm.8 +++ b/sbin/ipsecadm/ipsecadm.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsecadm.8,v 1.38 2001/06/26 20:44:22 itojun Exp $ +.\" $OpenBSD: ipsecadm.8,v 1.39 2001/06/27 03:31:38 angelos Exp $ .\" .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. @@ -35,7 +35,7 @@ .Os .Sh NAME .Nm ipsecadm -.Nd interface to setup IPSec +.Nd interface to setup IPsec .Sh SYNOPSIS .Nm ipsecadm .Op command @@ -43,14 +43,14 @@ .Sh NOTE Before .Xr ipsecadm 8 -can be used, IPSec must be enabled by setting one or more of the following +can be used, IPsec must be enabled by setting one or more of the following .Xr sysctl 3 variables: .Bl -tag -width xxxxxxxxxxxxxxxxxxxxx .It net.inet.esp.enable -Enable the ESP IPSec protocol +Enable the ESP IPsec protocol .It net.inet.ah.enable -Enable the AH IPSec protocol +Enable the AH IPsec protocol .El .Pp To enable these operations across reboots, see @@ -64,7 +64,7 @@ to be used with .Xr ipsec 4 . It can be used to specify the encryption and authentication algorithms and key material for the network layer security -provided by IPSec. +provided by IPsec. The possible commands are: .Bl -tag -width new_esp .It new esp @@ -251,7 +251,7 @@ A .Nm bypass or .Nm permit -flow is used to specify a flow for which IPSec processing will be +flow is used to specify a flow for which IPsec processing will be bypassed, i.e packets will/need not be processed by any SAs. For .Nm permit @@ -535,7 +535,7 @@ For create or delete a .Nm bypass flow. -Packets matching this flow will not be processed by IPSec. +Packets matching this flow will not be processed by IPsec. .It Fl deny For .Nm flow , diff --git a/sbin/isakmpd/DESIGN-NOTES b/sbin/isakmpd/DESIGN-NOTES index 43a1e953f7d..ee405fdb8c7 100644 --- a/sbin/isakmpd/DESIGN-NOTES +++ b/sbin/isakmpd/DESIGN-NOTES @@ -1,4 +1,4 @@ -$OpenBSD: DESIGN-NOTES,v 1.15 1999/08/26 22:30:46 niklas Exp $ +$OpenBSD: DESIGN-NOTES,v 1.16 2001/06/27 03:31:39 angelos Exp $ $EOM: DESIGN-NOTES,v 1.48 1999/08/12 22:34:25 niklas Exp $ General coding conventions @@ -61,9 +61,9 @@ ike_quick_mode.c IKE's quick mode logic. init.c Initialization of all modules (might be autogenned in the future). -ipsec.c The IPSec DOI. -ipsec_fld.fld Description of IPSec DOI-specific packet layouts. -ipsec_num.cst Constants defined by the IPSec DOI. +ipsec.c The IPsec DOI. +ipsec_fld.fld Description of IPsec DOI-specific packet layouts. +ipsec_num.cst Constants defined by the IPsec DOI. isakmp_doi.c The ISAKMP pseudo-DOI. isakmp_fld.fld Generic packet layout. isakmp_num.cst ISAKMP constants. @@ -74,8 +74,8 @@ math_2n.c Polynomial math. math_ec2n.c Elliptic curve math. math_group.c Group math. message.c Generic message handling. -pf_encap.c Interface with PF_ENCAP sockets (for use with IPSEC). -pf_key_v2.c Interface with PF_KEY sockets (for use with IPSEC). +pf_encap.c Interface with PF_ENCAP sockets (for use with IPsec). +pf_key_v2.c Interface with PF_KEY sockets (for use with IPsec). pkcs.c PKCS#1: RSA Encryption Standard. policy.c Keynote glue. prf.c Pseudo random functions. @@ -101,9 +101,9 @@ struct exchange A description of an exchange while it is performed. struct field A description of an ISAKMP field. struct group A class abstracting out Oakley group operations struct hash A hashing class -struct ipsec_exch IPSec-specific exchange fields. -struct ipsec_proto IPSec-specific protocol attributes. -struct ipsec_sa IPSec-specific SA stuff. +struct ipsec_exch IPsec-specific exchange fields. +struct ipsec_proto IPsec-specific protocol attributes. +struct ipsec_sa IPsec-specific SA stuff. struct message A generic ISAKMP message. struct payload A "fat" payload reference pointing into message buffers struct prf A pseudo random function class @@ -199,10 +199,10 @@ Design "errors" --------------- Currently there are two "errors" in our design. The first one is that the -coupling between the IPSEC DOI and IKE is tight. It should be separated by +coupling between the IPsec DOI and IKE is tight. It should be separated by a clean interface letting other key exchange models fit in instead of IKE. The second problem is that we need a protocol-specific opaque SA part -in the DOI specific one. Now both IPSEC ESP attributes takes place even +in the DOI specific one. Now both IPsec ESP attributes takes place even in ISAKMP SA structures. User control diff --git a/sbin/isakmpd/README b/sbin/isakmpd/README index ebd36ab20fa..aa019dfd38d 100644 --- a/sbin/isakmpd/README +++ b/sbin/isakmpd/README @@ -1,4 +1,4 @@ -$OpenBSD: README,v 1.16 2001/01/27 11:16:16 niklas Exp $ +$OpenBSD: README,v 1.17 2001/06/27 03:31:39 angelos Exp $ $EOM: README,v 1.28 1999/10/10 22:53:24 angelos Exp $ This is isakmpd, a BSD-licensed ISAKMP/Oakley (a.k.a. IKE) @@ -29,13 +29,13 @@ under gdb with args similar to: -d -n -p5000 -DA=99 -f/tmp/isakmpd.fifo -csamples/VPN-east.conf That will run isakmpd in the foreground, not connected to any application -(like an IPSEC implementation) logging to stderr with full debugging ouput, +(like an IPsec implementation) logging to stderr with full debugging ouput, listening on UDP port 5000, accepting control commands via the named pipe called /tmp/isakmpd.fifo and reading its configuration from the VPN-east.conf file (found in the isakmpd/samples directory). If you are root you can try to run without -n -p5000 thus getting it to -talk to your IPSec stack and use the standard port 500 instead. +talk to your IPsec stack and use the standard port 500 instead. The logging classes are Miscellaneous = 0, Transports = 1, Messages = 2, Crypto = 3, Timers = 4, System Dependencies = 5, Security Associations = 6, diff --git a/sbin/isakmpd/TO-DO b/sbin/isakmpd/TO-DO index af66d330d10..4325f49ae16 100644 --- a/sbin/isakmpd/TO-DO +++ b/sbin/isakmpd/TO-DO @@ -1,4 +1,4 @@ -$OpenBSD: TO-DO,v 1.21 2001/06/12 21:53:19 niklas Exp $ +$OpenBSD: TO-DO,v 1.22 2001/06/27 03:31:40 angelos Exp $ $EOM: TO-DO,v 1.45 2000/04/07 22:47:38 niklas Exp $ This file mixes small nitpicks with large projects to be done. @@ -34,11 +34,11 @@ This file mixes small nitpicks with large projects to be done. * Finish main mode exchange [done] -* Separation of key exchange from the IPSEC DOI, i.e. factor out IKE details. +* Separation of key exchange from the IPsec DOI, i.e. factor out IKE details. -* Setup the IPSEC situation field in the main mode. [done] +* Setup the IPsec situation field in the main mode. [done] -* Kernel interface for IPSEC parameter passing. [done] +* Kernel interface for IPsec parameter passing. [done] * Notify of unsupported situations. diff --git a/sbin/isakmpd/connection.c b/sbin/isakmpd/connection.c index 629dd41bb52..26cb5127ce3 100644 --- a/sbin/isakmpd/connection.c +++ b/sbin/isakmpd/connection.c @@ -1,4 +1,4 @@ -/* $OpenBSD: connection.c,v 1.17 2001/03/14 21:13:24 tholo Exp $ */ +/* $OpenBSD: connection.c,v 1.18 2001/06/27 03:31:40 angelos Exp $ */ /* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */ /* @@ -359,7 +359,7 @@ connection_record_passive (char *name) goto fail; } - /* XXX IPSec DOI-specific. */ + /* XXX IPsec DOI-specific. */ conn->local_id = ipsec_build_id (local_id, &conn->local_sz); if (!conn->local_id) goto fail; diff --git a/sbin/isakmpd/dnssec.c b/sbin/isakmpd/dnssec.c index 2203d99ef4d..e6738a2bf6d 100644 --- a/sbin/isakmpd/dnssec.c +++ b/sbin/isakmpd/dnssec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dnssec.c,v 1.3 2001/01/27 15:39:54 ho Exp $ */ +/* $OpenBSD: dnssec.c,v 1.4 2001/06/27 03:31:40 angelos Exp $ */ /* * Copyright (c) 2001 Håkan Olsson. All rights reserved. @@ -164,7 +164,7 @@ dns_get_key (int type, struct message *msg, int *keylen) if (key_rr.protocol != DNS_KEYPROTO_IPSEC) { - LOG_DBG ((LOG_MISC, 50, "dns_get_key: ignored non-IPSEC key")); + LOG_DBG ((LOG_MISC, 50, "dns_get_key: ignored non-IPsec key")); continue; } diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index eee615af86b..bb96f2bc841 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.45 2001/05/05 00:52:50 angelos Exp $ */ +/* $OpenBSD: ipsec.c,v 1.46 2001/06/27 03:31:40 angelos Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -74,7 +74,7 @@ #define NI_MAXHOST 1025 #endif -/* The replay window size used for all IPSec protocols if not overridden. */ +/* The replay window size used for all IPsec protocols if not overridden. */ #define DEFAULT_REPLAY_WINDOW 16 struct ipsec_decode_arg { @@ -257,7 +257,7 @@ ipsec_sa_check_flow (struct sa *sa, void *v_arg) } /* - * Do IPSec DOI specific finalizations task for the exchange where MSG was + * Do IPsec DOI specific finalizations task for the exchange where MSG was * the final message. */ static void @@ -1260,7 +1260,7 @@ ipsec_decode_transform (struct message *msg, struct sa *sa, } /* - * Delete the IPSec SA represented by the INCOMING direction in protocol PROTO + * Delete the IPsec SA represented by the INCOMING direction in protocol PROTO * of the IKE security association SA. */ static void @@ -1857,7 +1857,7 @@ ipsec_clone_id (u_int8_t **did, size_t *did_len, u_int8_t *id, size_t id_len) } /* - * IPSec-specific PROTO initializations. SECTION is only set if we are the + * IPsec-specific PROTO initializations. SECTION is only set if we are the * initiator thus only usable there. * XXX I want to fix this later. */ diff --git a/sbin/isakmpd/ipsec.h b/sbin/isakmpd/ipsec.h index 69d8ff9897e..5f46c5d0599 100644 --- a/sbin/isakmpd/ipsec.h +++ b/sbin/isakmpd/ipsec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.h,v 1.15 2000/12/12 01:44:59 niklas Exp $ */ +/* $OpenBSD: ipsec.h,v 1.16 2001/06/27 03:31:41 angelos Exp $ */ /* $EOM: ipsec.h,v 1.42 2000/12/03 07:58:20 angelos Exp $ */ /* @@ -50,7 +50,7 @@ struct proto; struct sa; /* - * IPSEC-specific data to be linked into the exchange struct. + * IPsec-specific data to be linked into the exchange struct. * XXX Should probably be two different structs, one for phase 1 and one * for phase 2 parameters. */ diff --git a/sbin/isakmpd/ipsec_doi.h b/sbin/isakmpd/ipsec_doi.h index c41d1a7ba64..4c88276f698 100644 --- a/sbin/isakmpd/ipsec_doi.h +++ b/sbin/isakmpd/ipsec_doi.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_doi.h,v 1.5 1999/04/19 19:54:54 niklas Exp $ */ +/* $OpenBSD: ipsec_doi.h,v 1.6 2001/06/27 03:31:41 angelos Exp $ */ /* $EOM: ipsec_doi.h,v 1.10 1999/04/02 00:57:51 niklas Exp $ */ /* @@ -40,7 +40,7 @@ #include "ipsec_fld.h" #include "ipsec_num.h" -/* The SPI size of all IPSEC protocols. XXX Correct? */ +/* The SPI size of all IPsec protocols. XXX Correct? */ #define IPSEC_SPI_SIZE 4 /* The low limit if valid SPI values. */ diff --git a/sbin/isakmpd/ipsec_fld.fld b/sbin/isakmpd/ipsec_fld.fld index d4b73451293..6f069004817 100644 --- a/sbin/isakmpd/ipsec_fld.fld +++ b/sbin/isakmpd/ipsec_fld.fld @@ -1,4 +1,4 @@ -# $OpenBSD: ipsec_fld.fld,v 1.3 1998/11/17 11:10:14 niklas Exp $ +# $OpenBSD: ipsec_fld.fld,v 1.4 2001/06/27 03:31:41 angelos Exp $ # $EOM: ipsec_fld.fld,v 1.1 1998/08/02 20:12:02 niklas Exp $ # @@ -36,7 +36,7 @@ # XXX There are num-declared fields below that really are csts. -# IPSEC's situation field's subdivision. +# IPsec's situation field's subdivision. IPSEC_SIT SIT mask 4 ipsec_sit_cst LABELED_DOMAIN_ID num 4 @@ -58,7 +58,7 @@ IPSEC_SIT # alignment on top of the aforementioned offset. . -# IPSEC's layout of the identification payload's DOI data field. +# IPsec's layout of the identification payload's DOI data field. IPSEC_ID PROTO num 1 PORT num 2 diff --git a/sbin/isakmpd/isakmp_doi.c b/sbin/isakmpd/isakmp_doi.c index 42d788be710..7af52bc43b2 100644 --- a/sbin/isakmpd/isakmp_doi.c +++ b/sbin/isakmpd/isakmp_doi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmp_doi.c,v 1.11 2000/10/07 06:59:24 niklas Exp $ */ +/* $OpenBSD: isakmp_doi.c,v 1.12 2001/06/27 03:31:41 angelos Exp $ */ /* $EOM: isakmp_doi.c,v 1.42 2000/09/12 16:29:41 ho Exp $ */ /* @@ -36,7 +36,7 @@ /* * XXX This DOI is very fuzzily defined, and should perhaps be short-circuited - * to the IPSEC DOI instead. At the moment I will have it as its own DOI, + * to the IPsec DOI instead. At the moment I will have it as its own DOI, * as the ISAKMP architecture seems to imply it should be done like this. */ diff --git a/sbin/isakmpd/isakmpd.8 b/sbin/isakmpd/isakmpd.8 index e9cd95ad5d6..a66a6f6bb65 100644 --- a/sbin/isakmpd/isakmpd.8 +++ b/sbin/isakmpd/isakmpd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.8,v 1.27 2001/05/24 15:59:30 ho Exp $ +.\" $OpenBSD: isakmpd.8,v 1.28 2001/06/27 03:31:42 angelos Exp $ .\" $EOM: isakmpd.8,v 1.23 2000/05/02 00:30:23 niklas Exp $ .\" .\" Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. @@ -171,7 +171,7 @@ When the .Fl n option is given, the kernel will not take part in the negotiations. This is a non-destructive mode so to say, in that it won't alter any -SAs in the IPSEC stack. +SAs in the IPsec stack. .It Fl p Ar listen-port The .Fl p diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index 4d7e8b841e1..a50e560f641 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.53 2001/06/05 11:20:28 angelos Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.54 2001/06/27 03:31:42 angelos Exp $ .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -44,7 +44,7 @@ is the configuration file for the .Nm isakmpd daemon managing security association and key management for the -IPSEC layer of the kernel's networking stack. +IPsec layer of the kernel's networking stack. .Pp The file is of a well known type of format called .INI style, named after the suffix used by an overrated windowing environment for its configuration @@ -197,19 +197,19 @@ Look at <ISAKMP-peer> below. IPsec SA negotiation parameter root .Bl -tag -width 12n .It Em Connections -A list of directed IPSec "connection" names that should be brought up +A list of directed IPsec "connection" names that should be brought up automatically, either on first use if the system supports it, or at startup of the daemon. These names are section names where further information can be found. -Look at <IPSec-connection> below. +Look at <IPsec-connection> below. Normally any connection mentioned here are treated as part of the "Passive-connection" list we present below, however there is a flag: "Active-only" that disables this behaviour. -This too is mentioned in the <IPSec-connection> section, in the "Flags" tag. +This too is mentioned in the <IPsec-connection> section, in the "Flags" tag. .It Em Passive-connections -A list of IPSec "connection" names we recognize and accept initiations for. +A list of IPsec "connection" names we recognize and accept initiations for. These names are section names where further information can be found. -Look at <IPSec-connection> below. +Look at <IPsec-connection> below. Currently only the Local-ID and Remote-ID tags are looked at in those sections, as they are matched against the IDs given by the initiator. @@ -277,7 +277,7 @@ Parameters for negotiation with an ISAKMP peer .It Em Phase The constant .Li 1 , -as ISAKMP-peers and IPSec-connections +as ISAKMP-peers and IPsec-connections really are handled by the same code inside isakmpd. .It Em Transport The name of the transport protocol, defaults to @@ -414,12 +414,12 @@ Notice that this field may NOT be set to ANY. An offer/accept kind of value, see above. Can also be set to ANY. .El -.It Em <IPSec-connection> +.It Em <IPsec-connection> .Bl -tag -width 12n .It Em Phase The constant .Li 2 , -as ISAKMP-peers and IPSec-connections +as ISAKMP-peers and IPsec-connections really are handled by the same code inside isakmpd. .It Em ISAKMP-peer The name of the ISAKMP-peer which to talk to in order to @@ -427,32 +427,32 @@ set up this connection. The value is the name of an <ISAKMP-peer> section. See above. .It Em Configuration -The name of the IPSec-configuration section to use. -Look at <IPSec-configuration> below. +The name of the IPsec-configuration section to use. +Look at <IPsec-configuration> below. .It Em Local-ID If existent, the name of the section that describes the optional local client ID that we should present to our peer. It is also used when we act as responders to find out what -<IPSec-connection> we are dealing with. -Look at <IPSec-ID> below. +<IPsec-connection> we are dealing with. +Look at <IPsec-ID> below. .It Em Remote-ID If existent, the name of the section that describes the optional remote client ID that we should present to our peer. It is also used when we act as responders to find out what -<IPSec-connection> we are dealing with. -Look at <IPSec-ID> below. +<IPsec-connection> we are dealing with. +Look at <IPsec-ID> below. .It Em Flags A comma-separated list of flags controlling the further -handling of the IPSec SA. +handling of the IPsec SA. Currently only one flag is defined: .Bl -tag -width 12n .It Em Active-only -If this flag is given and this <IPSec-connection> is part of the phase 2 +If this flag is given and this <IPsec-connection> is part of the phase 2 connections we automatically keep up, it will not automatically be used for accepting connections from the peer. .El .El -.It Em <IPSec-configuration> +.It Em <IPsec-configuration> .Bl -tag -width 12n .It Em DOI The domain of interpretation as given by the RFCs. @@ -467,18 +467,18 @@ For quick mode this is .It Em Suites A list of protection suites (bundles of protocols) usable for protecting the IP traffic. -Each of the list elements is a name of an <IPSec-suite> section. +Each of the list elements is a name of an <IPsec-suite> section. See below. .El -.It Em <IPSec-suite> +.It Em <IPsec-suite> .Bl -tag -width 12n .It Em Protocols A list of the protocols included in this protection suite. -Each of the list elements is a name of an <IPSec-protocol> +Each of the list elements is a name of an <IPsec-protocol> section. See below. .El -.It Em <IPSec-protocol> +.It Em <IPsec-protocol> .Bl -tag -width 12n .It Em PROTOCOL_ID The protocol as given by the RFCs. @@ -488,7 +488,7 @@ and .Li IPSEC_ESP . .It Em Transforms A list of transforms usable for implementing the protocol. -Each of the list elements is a name of an <IPSec-transform> +Each of the list elements is a name of an <IPsec-transform> section. See below. .It Em ReplayWindow @@ -500,7 +500,7 @@ and .Nm AH RFCs for a better description. .El -.It Em <IPSec-transform> +.It Em <IPsec-transform> .Bl -tag -width 12n .It Em TRANSFORM_ID The transform ID as given by the RFCs. @@ -518,11 +518,11 @@ in <ISAKMP-transform> sections shown above. .It Em Life List of lifetimes, each element is a <Lifetime> section name. .El -.It Em <IPSec-ID> +.It Em <IPsec-ID> .Bl -tag -width 12n .It Em ID-type The ID type as given by the RFCs. -For IPSec this is currently +For IPsec this is currently .Li IPV4_ADDR or .Li IPV4_ADDR_SUBNET . diff --git a/sbin/isakmpd/pf_encap.c b/sbin/isakmpd/pf_encap.c index 4fa5bdd68cb..14322ff8d53 100644 --- a/sbin/isakmpd/pf_encap.c +++ b/sbin/isakmpd/pf_encap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_encap.c,v 1.21 2001/04/09 22:09:52 ho Exp $ */ +/* $OpenBSD: pf_encap.c,v 1.22 2001/06/27 03:31:42 angelos Exp $ */ /* $EOM: pf_encap.c,v 1.73 2000/12/04 04:46:34 angelos Exp $ */ /* @@ -665,7 +665,7 @@ pf_encap_set_spi (struct sa *sa, struct proto *proto, int incoming) } /* - * Delete the IPSec SA represented by the INCOMING direction in protocol PROTO + * Delete the IPsec SA represented by the INCOMING direction in protocol PROTO * of the IKE security association SA. */ int diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index 01983762168..e4fbf459ddc 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.66 2001/06/27 00:48:21 angelos Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.67 2001/06/27 03:31:43 angelos Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -524,7 +524,7 @@ pf_key_v2_open () struct sadb_msg msg; struct pf_key_v2_msg *regmsg = 0, *ret = 0; - /* Open the socket we use to speak to IPSec. */ + /* Open the socket we use to speak to IPSec. */ pf_key_v2_socket = -1; fd = socket (PF_KEY, SOCK_RAW, PF_KEY_V2); if (fd == -1) @@ -2148,7 +2148,7 @@ pf_key_v2_disable_sa (struct sa *sa, int incoming) } /* - * Delete the IPSec SA represented by the INCOMING direction in protocol PROTO + * Delete the IPsec SA represented by the INCOMING direction in protocol PROTO * of the IKE security association SA. Also delete potential flows tied to it. */ int @@ -3574,7 +3574,7 @@ pf_key_v2_handler (int fd) } /* - * Group 2 IPSec SAs given by the PROTO1 and PROTO2 protocols of the SA IKE + * Group 2 IPsec SAs given by the PROTO1 and PROTO2 protocols of the SA IKE * security association in a chain. * XXX Assumes OpenBSD GRPSPIS extension. Should probably be moved to sysdep.c */ diff --git a/sbin/isakmpd/samples/VPN-3way-template.conf b/sbin/isakmpd/samples/VPN-3way-template.conf index 72e7d25cad1..fa64242f153 100644 --- a/sbin/isakmpd/samples/VPN-3way-template.conf +++ b/sbin/isakmpd/samples/VPN-3way-template.conf @@ -1,4 +1,4 @@ -# $OpenBSD: VPN-3way-template.conf,v 1.7 2000/10/09 23:27:29 niklas Exp $ +# $OpenBSD: VPN-3way-template.conf,v 1.8 2001/06/27 03:31:43 angelos Exp $ # $EOM: VPN-3way-template.conf,v 1.8 2000/10/09 22:08:30 angelos Exp $ # # A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. @@ -30,7 +30,7 @@ # keying. In the three-way VPN, each node knows two connections. [Phase 2] -Connections= IPSec-Conn-XXX-YYY,IPSec-Conn-XXX-ZZZ +Connections= IPsec-Conn-XXX-YYY,IPsec-Conn-XXX-ZZZ # ISAKMP Phase 1 peer sections ############################## @@ -49,17 +49,17 @@ Address= 192.168.ZZZ.nnn Configuration= Default-main-mode Authentication= yoursharedsecretwithZZZ -# IPSec Phase 2 sections +# IPsec Phase 2 sections ######################## -[IPSec-Conn-XXX-YYY] +[IPsec-Conn-XXX-YYY] Phase= 2 ISAKMP-peer= ISAKMP-peer-node-YYY Configuration= Default-quick-mode Local-ID= MyNet-XXX Remote-ID= OtherNet-YYY -[IPSec-Conn-XXX-ZZZ] +[IPsec-Conn-XXX-ZZZ] Phase= 2 ISAKMP-peer= ISAKMP-peer-node-ZZZ Configuration= Default-quick-mode diff --git a/sbin/isakmpd/sysdep/linux/README b/sbin/isakmpd/sysdep/linux/README index d0660f227cd..aa1ebc6199d 100644 --- a/sbin/isakmpd/sysdep/linux/README +++ b/sbin/isakmpd/sysdep/linux/README @@ -1,13 +1,13 @@ -$OpenBSD: README,v 1.2 2001/01/28 22:38:48 niklas Exp $ +$OpenBSD: README,v 1.3 2001/06/27 03:31:44 angelos Exp $ -Currently, you have to manually configure any ipsec interfaces and do the +Currently, you have to manually configure any IPsec interfaces and do the association betweent these and the physical ones. This is done like this in FreeS/WAN: ipsec tncfg --attach --virtual ipsec0 --physical eth0 ifconfig ipsec0 A.B.C.D netmask E.F.G.H -Then there is one special configuration option in the IPSec-connection +Then there is one special configuration option in the IPsec-connection sections for Phase 2 of the configuration file, named Next-hop, which should be set to the next hop's IP address along the way to the peer: diff --git a/sbin/isakmpd/sysdep/linux/klips.c b/sbin/isakmpd/sysdep/linux/klips.c index bfa83e3a068..a1e76efda61 100644 --- a/sbin/isakmpd/sysdep/linux/klips.c +++ b/sbin/isakmpd/sysdep/linux/klips.c @@ -1,4 +1,4 @@ -/* $OpenBSD: klips.c,v 1.5 2001/05/05 00:51:48 angelos Exp $ */ +/* $OpenBSD: klips.c,v 1.6 2001/06/27 03:31:44 angelos Exp $ */ /* * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. @@ -385,7 +385,7 @@ klips_set_spi (struct sa *sa, struct proto *proto, int incoming, free (emsg); /* - * Grouping the IP-in-IP SA with the IPSec one means we must be careful + * Grouping the IP-in-IP SA with the IPsec one means we must be careful * in klips_group_spis so that we'll remove duplicate IP-in-IP SAs * and get everything grouped in the right order. * @@ -427,7 +427,7 @@ klips_set_spi (struct sa *sa, struct proto *proto, int incoming, } /* - * Delete the IPSec SA represented by the INCOMING direction in protocol PROTO + * Delete the IPsec SA represented by the INCOMING direction in protocol PROTO * of the IKE security association SA. */ int diff --git a/sbin/mount_kernfs/mount_kernfs.8 b/sbin/mount_kernfs/mount_kernfs.8 index 0f1304dd440..409a807b7d4 100644 --- a/sbin/mount_kernfs/mount_kernfs.8 +++ b/sbin/mount_kernfs/mount_kernfs.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount_kernfs.8,v 1.15 2001/06/08 13:46:48 aaron Exp $ +.\" $OpenBSD: mount_kernfs.8,v 1.16 2001/06/27 03:31:45 angelos Exp $ .\" $NetBSD: mount_kernfs.8,v 1.6 1995/03/18 14:57:24 cgd Exp $ .\" .\" Copyright (c) 1992, 1993, 1994 @@ -114,7 +114,7 @@ Behaves like a hostname. .It Pa hz Frequency of the system clock (decimal ASCII). .It Pa ipsec -The currently configured IPSec Security Associations. +The currently configured IPsec Security Associations. .It Pa loadavg The 1, 5 and 15 minute load average in kernel fixed-point format. The final integer is the fix-point scaling factor. diff --git a/sbin/photurisd/README b/sbin/photurisd/README index 59f7880e55e..3d421aa4211 100644 --- a/sbin/photurisd/README +++ b/sbin/photurisd/README @@ -7,7 +7,7 @@ For quick installation instructions read INSTALL, or otherwise README.howtouse for more complete information. At the moment only the PF_ENCAP kernel interface for John Ioannidis' -and Angelos D. Keromytis' IPSec as to be found in OpenBSD is supported. +and Angelos D. Keromytis' IPsec as to be found in OpenBSD is supported. It should be fairly easy to adapt the daemon to other implementations, just look at the sections found by 'grep IPSEC *.c' diff --git a/sbin/photurisd/README.howtouse b/sbin/photurisd/README.howtouse index 49c0c819741..12a93fa10ba 100644 --- a/sbin/photurisd/README.howtouse +++ b/sbin/photurisd/README.howtouse @@ -1,13 +1,13 @@ - How to use Photuris with IPSec ? + How to use Photuris with IPsec ? -What is IPSec ? +What is IPsec ? IP Security is a framework providing authentication/integrity and privacy to network traffic. Authenticated data can not be modified by third parties and encryption conceals the content of packets. -What has Photuris to do with IPSec ? +What has Photuris to do with IPsec ? In order to transmit encrypted or authenticated data between two hosts, those two hosts have to agree on session keys which are used @@ -40,8 +40,8 @@ How to get it working ? exchange of values now and finally the shared secret from which the session keys are derived. - If you compiled the photuris daemon with -IPSEC and also have a kernel - with IPSEC compiled into it, you could start for example + If you compiled the photuris daemon with -DIPSEC and also have a kernel + with IPsec compiled into it, you could start for example 8. tcpdump proto 51 & 9. telnet host1 @@ -54,7 +54,7 @@ How to get it working ? will show you some information also. - Enabling IPSEC in the OpenBSD kernel + Enabling IPsec in the OpenBSD kernel Add the following two lines into your kernel config file: config IPSEC diff --git a/sbin/photurisd/kernel.c b/sbin/photurisd/kernel.c index 598843f17ff..b3c2784a300 100644 --- a/sbin/photurisd/kernel.c +++ b/sbin/photurisd/kernel.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kernel.c,v 1.22 2001/06/05 00:17:48 niklas Exp $ */ +/* $OpenBSD: kernel.c,v 1.23 2001/06/27 03:31:46 angelos Exp $ */ /* * Copyright 1997-2000 Niels Provos <provos@citi.umich.edu> @@ -33,7 +33,7 @@ /* * The following functions handle the interaction of the Photuris daemon - * with the PF_ENCAP interface as used by OpenBSD's IPSec implementation. + * with the PF_ENCAP interface as used by OpenBSD's IPsec implementation. * This is the only file which needs to be changed for making Photuris * work with other kernel interfaces. * The SPI object here can actually hold two SPIs, one for encryption @@ -41,7 +41,7 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: kernel.c,v 1.22 2001/06/05 00:17:48 niklas Exp $"; +static char rcsid[] = "$OpenBSD: kernel.c,v 1.23 2001/06/27 03:31:46 angelos Exp $"; #endif #include <time.h> @@ -230,7 +230,7 @@ init_kernel(void) TAILQ_INIT(&pfqueue); if ((sd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) == -1) - log_fatal(__FUNCTION__": socket(PF_KEY) for IPSec keyengine"); + log_fatal(__FUNCTION__": socket(PF_KEY) for IPsec key engine"); if ((regsd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) == -1) log_fatal(__FUNCTION__": socket() for PFKEY register"); @@ -262,13 +262,13 @@ kernel_set_socket_policy(int sd) level = IPSEC_LEVEL_BYPASS; /* Did I mention I'm privileged? */ if (setsockopt(sd, IPPROTO_IP, IP_AUTH_LEVEL, (char *)&level, sizeof (int)) == -1) - log_fatal("setsockopt: can not bypass ipsec authentication policy"); + log_fatal("setsockopt: can not bypass IPsec authentication policy"); if (setsockopt(sd, IPPROTO_IP, IP_ESP_TRANS_LEVEL, (char *)&level, sizeof (int)) == -1) - log_fatal("setsockopt: can not bypass ipsec esp transport policy"); + log_fatal("setsockopt: can not bypass IPsec ESP transport policy"); if (setsockopt(sd, IPPROTO_IP, IP_ESP_NETWORK_LEVEL, (char *)&level, sizeof (int)) == -1) - log_fatal("setsockopt: can not bypass ipsec esp network policy"); + log_fatal("setsockopt: can not bypass IPsec ESP network policy"); } struct sadb_ext * diff --git a/sbin/photurisd/photurisd.8 b/sbin/photurisd/photurisd.8 index 706b370807d..496042dbd22 100644 --- a/sbin/photurisd/photurisd.8 +++ b/sbin/photurisd/photurisd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: photurisd.8,v 1.8 2000/12/11 20:32:15 provos Exp $ +.\" $OpenBSD: photurisd.8,v 1.9 2001/06/27 03:31:48 angelos Exp $ .\" .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. @@ -35,7 +35,7 @@ .Os .Sh NAME .Nm photurisd -.Nd IPSec key management daemon +.Nd IPsec key management daemon .Sh SYNOPSIS .Nm photurisd .Op Fl ci diff --git a/sbin/ping6/ping6.c b/sbin/ping6/ping6.c index bba008c12b3..bf8db96729c 100644 --- a/sbin/ping6/ping6.c +++ b/sbin/ping6/ping6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ping6.c,v 1.30 2001/06/22 13:20:21 itojun Exp $ */ +/* $OpenBSD: ping6.c,v 1.31 2001/06/27 03:31:48 angelos Exp $ */ /* $KAME: ping6.c,v 1.129 2001/06/22 13:16:02 itojun Exp $ */ /* @@ -2576,7 +2576,7 @@ setpolicy(so, policy) errx(1, "%s", ipsec_strerror()); if (setsockopt(s, IPPROTO_IPV6, IPV6_IPSEC_POLICY, buf, ipsec_get_policylen(buf)) < 0) - warnx("Unable to set IPSec policy"); + warnx("Unable to set IPsec policy"); free(buf); return 0; |