CVS commit: src

Ryota Ozaki Tue, 12 Jun 2018 20:28:46 -0700

Module Name:    src
Committed By:   ozaki-r
Date:           Wed Jun 13 03:28:36 UTC 2018


Modified Files:
        src/distrib/sets/lists/man: mi
        src/share/man/man4: Makefile hifn.4 ipsec.4 nsp.4 options.4 ubsec.4
Removed Files:
        src/share/man/man4: fast_ipsec.4

Log Message:
Retire fast_ipsec.4

We switched to Fast IPsec at NetBSD 6.0 and that's the IPsec implementation of
us now.  So we don't need to have a separate manual.  Merge fast_ipsec.4 into
ipsec.4 and remove fast_ipsec.4.


To generate a diff of this commit:
cvs rdiff -u -r1.1593 -r1.1594 src/distrib/sets/lists/man/mi
cvs rdiff -u -r1.655 -r1.656 src/share/man/man4/Makefile
cvs rdiff -u -r1.14 -r0 src/share/man/man4/fast_ipsec.4
cvs rdiff -u -r1.7 -r1.8 src/share/man/man4/hifn.4
cvs rdiff -u -r1.43 -r1.44 src/share/man/man4/ipsec.4
cvs rdiff -u -r1.2 -r1.3 src/share/man/man4/nsp.4
cvs rdiff -u -r1.487 -r1.488 src/share/man/man4/options.4
cvs rdiff -u -r1.5 -r1.6 src/share/man/man4/ubsec.4

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/distrib/sets/lists/man/mi
diff -u src/distrib/sets/lists/man/mi:1.1593 src/distrib/sets/lists/man/mi:1.1594
--- src/distrib/sets/lists/man/mi:1.1593	Thu May 31 00:25:38 2018
+++ src/distrib/sets/lists/man/mi	Wed Jun 13 03:28:36 2018
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1593 2018/05/31 00:25:38 kamil Exp $
+# $NetBSD: mi,v 1.1594 2018/06/13 03:28:36 ozaki-r Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -1088,7 +1088,7 @@
 ./usr/share/man/cat4/ex.0			man-sys-catman		.cat
 ./usr/share/man/cat4/exphy.0			man-sys-catman		.cat
 ./usr/share/man/cat4/faith.0			man-sys-catman		.cat
-./usr/share/man/cat4/fast_ipsec.0		man-sys-catman		.cat
+./usr/share/man/cat4/fast_ipsec.0		man-obsolete		obsolete
 ./usr/share/man/cat4/fd.0			man-sys-catman		.cat
 ./usr/share/man/cat4/fea.0			man-sys-catman		.cat
 ./usr/share/man/cat4/filemon.0			man-sys-catman		.cat
@@ -4233,7 +4233,7 @@
 ./usr/share/man/html4/ex.html			man-sys-htmlman		html
 ./usr/share/man/html4/exphy.html		man-sys-htmlman		html
 ./usr/share/man/html4/faith.html		man-sys-htmlman		html
-./usr/share/man/html4/fast_ipsec.html		man-sys-htmlman		html
+./usr/share/man/html4/fast_ipsec.html		man-obsolete		obsolete
 ./usr/share/man/html4/fd.html			man-sys-htmlman		html
 ./usr/share/man/html4/fea.html			man-sys-htmlman		html
 ./usr/share/man/html4/filemon.html		man-sys-htmlman		html
@@ -7150,7 +7150,7 @@
 ./usr/share/man/man4/ex.4			man-sys-man		.man
 ./usr/share/man/man4/exphy.4			man-sys-man		.man
 ./usr/share/man/man4/faith.4			man-sys-man		.man
-./usr/share/man/man4/fast_ipsec.4		man-sys-man		.man
+./usr/share/man/man4/fast_ipsec.4		man-obsolete		obsolete
 ./usr/share/man/man4/fd.4			man-sys-man		.man
 ./usr/share/man/man4/fea.4			man-sys-man		.man
 ./usr/share/man/man4/filemon.4			man-sys-man		.man

Index: src/share/man/man4/Makefile
diff -u src/share/man/man4/Makefile:1.655 src/share/man/man4/Makefile:1.656
--- src/share/man/man4/Makefile:1.655	Sun May 27 05:31:20 2018
+++ src/share/man/man4/Makefile	Wed Jun 13 03:28:36 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.655 2018/05/27 05:31:20 thorpej Exp $
+#	$NetBSD: Makefile,v 1.656 2018/06/13 03:28:36 ozaki-r Exp $
 #	@(#)Makefile	8.1 (Berkeley) 6/18/93
 
 MAN=	aac.4 ac97.4 acardide.4 aceride.4 acphy.4 \
@@ -23,7 +23,7 @@ MAN=	aac.4 ac97.4 acardide.4 aceride.4 a
 	dmphy.4 dpt.4 dpti.4 drm.4 drum.4 drvctl.4 dtv.4 dtviic.4 dwctwo.4 \
 	eap.4 ebus.4 edc.4 elmc.4 emuxki.4 en.4 envsys.4 ep.4 esh.4 \
 	esa.4 esiop.4 esm.4 eso.4 et.4 etherip.4 etphy.4 exphy.4 \
-	fast_ipsec.4 fd.4 filemon.4 finsio.4 flash.4 fpa.4 fms.4 fss.4 \
+	fd.4 filemon.4 finsio.4 flash.4 fpa.4 fms.4 fss.4 \
 	fujbp.4 full.4 fxp.4 \
 	gcscaudio.4 gem.4 genfb.4 gentbi.4 geodeide.4 \
 	glxtphy.4 gpib.4 gpio.4 gpioirq.4 gpiolock.4 gpiopps.4 gpiopwm.4 \

Index: src/share/man/man4/hifn.4
diff -u src/share/man/man4/hifn.4:1.7 src/share/man/man4/hifn.4:1.8
--- src/share/man/man4/hifn.4:1.7	Tue Mar 13 19:25:40 2012
+++ src/share/man/man4/hifn.4	Wed Jun 13 03:28:36 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: hifn.4,v 1.7 2012/03/13 19:25:40 njoly Exp $
+.\"	$NetBSD: hifn.4,v 1.8 2018/06/13 03:28:36 ozaki-r Exp $
 .\"	$OpenBSD: hifn.4,v 1.32 2002/09/26 07:55:40 miod Exp $
 .\"	$FreeBSD: src/share/man/man4/hifn.4,v 1.1.2.2 2003/10/08 23:57:50 sam Exp $
 .\"
@@ -28,7 +28,7 @@
 .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd October 8, 2003
+.Dd June 13, 2018
 .Dt HIFN 4
 .Os
 .Sh NAME
@@ -68,7 +68,7 @@ AES (7955 and 7956 only), ARC4, MD5,
 MD5-HMAC, SHA1, and SHA1-HMAC operations for
 .Xr opencrypto 9 ,
 and thus for
-.Xr fast_ipsec 4
+.Xr ipsec 4
 and
 .Xr crypto 4 .
 .Pp
@@ -83,7 +83,7 @@ may also supply data to the kernel
 subsystem.
 .Sh SEE ALSO
 .Xr crypto 4 ,
-.Xr fast_ipsec 4 ,
+.Xr ipsec 4 ,
 .Xr intro 4 ,
 .Xr rnd 4 ,
 .Xr opencrypto 9

Index: src/share/man/man4/ipsec.4
diff -u src/share/man/man4/ipsec.4:1.43 src/share/man/man4/ipsec.4:1.44
--- src/share/man/man4/ipsec.4:1.43	Wed Jan 10 12:16:39 2018
+++ src/share/man/man4/ipsec.4	Wed Jun 13 03:28:36 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: ipsec.4,v 1.43 2018/01/10 12:16:39 wiz Exp $
+.\"	$NetBSD: ipsec.4,v 1.44 2018/06/13 03:28:36 ozaki-r Exp $
 .\"	$KAME: ipsec.4,v 1.17 2001/06/27 15:25:10 itojun Exp $
 .\"
 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -28,12 +28,15 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd January 10, 2018
+.Dd June 13, 2018
 .Dt IPSEC 4
 .Os
 .Sh NAME
 .Nm ipsec
 .Nd IP security protocol
+.Sh SYNOPSIS
+.Cd "options IPSEC"
+.Cd "options IPSEC_DEBUG"
 .Sh DESCRIPTION
 This manual pages describes the IPsec protocol.
 For the network device driver please see
@@ -49,7 +52,7 @@ and
 .Xr inet6 4
 .Pc .
 .Nm
-consists of two sub-protocols:
+consists of three sub-protocols:
 .Bl -hang
 .It Em Encapsulated Security Payload Pq ESP
 protects IP payloads from wire-tapping (interception) by encrypting them with
@@ -58,6 +61,8 @@ secret key cryptography algorithms.
 guarantees the integrity of IP packets
 and protects them from intermediate alteration or impersonation,
 by attaching cryptographic checksums computed by one-way hash functions.
+.It Em IP Payload Compression Protocol Pq IPComp
+increases the communication performance by compressing the datagrams.
 .El
 .Pp
 .Nm
@@ -70,13 +75,6 @@ includes IP-in-IP encapsulation operatio
 and is designed for security gateways, as in Virtual Private Network (VPN)
 configurations.
 .El
-.Pp
-Since version 6,
-.Nx
-uses the IPsec implementation formerly known as FAST_IPSEC.
-Its specifics and kernel options are described in the
-.Xr fast_ipsec 4
-manual page.
 .Ss Kernel interface
 .Nm
 is controlled by two engines in the kernel: one for key management
@@ -252,6 +250,22 @@ Variables under the
 tree have similar meanings to their
 .Li net.inet.ipsec
 counterparts.
+.Ss Cryptographic operations
+The current IPsec implementation, formerly called Fast IPsec,
+uses the
+.Xr opencrypto 9
+subsystem to carry out cryptographic operations.
+This means, in particular, that cryptographic hardware devices are
+employed whenever possible to optimize the performance of sub-protocols.
+.Pp
+System configuration requires the
+.Xr opencrypto 9
+subsystem.
+When the
+Fast IPsec
+protocols are configured for use, all protocols are included in the system.
+To selectively enable/disable protocols, use
+.Xr sysctl 8 .
 .\"
 .Sh PROTOCOLS
 The
@@ -282,7 +296,6 @@ routines from looking into IP payload.
 .Xr ioctl 2 ,
 .Xr socket 2 ,
 .Xr ipsec_set_policy 3 ,
-.Xr fast_ipsec 4 ,
 .Xr icmp6 4 ,
 .Xr intro 4 ,
 .Xr ip6 4 ,
@@ -299,6 +312,40 @@ routines from looking into IP payload.
 .%R RFC
 .%N 2367
 .Re
+.Sh HISTORY
+The protocols draw heavily on the
+.Ox
+implementation of the
+.Tn IPsec
+protocols.
+The policy management code is derived from the
+.Tn KAME
+implementation found in their
+.Tn IPsec
+protocols.
+The
+Fast IPsec
+protocols are based on code which appeared in
+.Fx 4.7 .
+The
+.Nx
+version is a close copy of the
+.Fx
+original, and first appeared in
+.Nx 2.0 .
+.Pp
+Support for IPv6 and
+.Tn IPcomp
+protocols has been added in
+.Nx 4.0 .
+.Pp
+Support Network Address Translator Traversal as
+described in RFCs 3947 and 3948 has been added in
+.Nx 5.0 .
+.Pp
+Since
+.Nx 6.0 ,
+the IPsec implementation formerly known as Fast IPsec is used.
 .Sh BUGS
 IPsec support is subject to change as the IPsec protocols develop.
 .Pp
@@ -344,3 +391,8 @@ If you manipulate many IPsec key/policy 
 increase the size of socket buffer or use
 .Xr sysctl 8
 interface.
+.Pp
+Certain legacy authentication algorithms are not supported because of
+issues with the
+.Xr opencrypto 9
+subsystem.

Index: src/share/man/man4/nsp.4
diff -u src/share/man/man4/nsp.4:1.2 src/share/man/man4/nsp.4:1.3
--- src/share/man/man4/nsp.4:1.2	Mon Nov  3 08:48:41 2008
+++ src/share/man/man4/nsp.4	Wed Jun 13 03:28:36 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: nsp.4,v 1.2 2008/11/03 08:48:41 wiz Exp $
+.\"	$NetBSD: nsp.4,v 1.3 2018/06/13 03:28:36 ozaki-r Exp $
 .\"
 .\" Copyright (c) 2008 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 2, 2008
+.Dd June 13, 2018
 .Dt NSP 4
 .Os
 .Sh NAME
@@ -149,7 +149,7 @@ driver offer excellent performance for s
 achieving 75,000 or more such operations per second.
 .Sh SEE ALSO
 .Xr crypto 4 ,
-.Xr fast_ipsec 4 ,
+.Xr ipsec 4 ,
 .Xr intro 4 ,
 .Xr rnd 4 ,
 .Xr opencrypto 9

Index: src/share/man/man4/options.4
diff -u src/share/man/man4/options.4:1.487 src/share/man/man4/options.4:1.488
--- src/share/man/man4/options.4:1.487	Fri May 11 14:38:28 2018
+++ src/share/man/man4/options.4	Wed Jun 13 03:28:36 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: options.4,v 1.487 2018/05/11 14:38:28 maxv Exp $
+.\"	$NetBSD: options.4,v 1.488 2018/06/13 03:28:36 ozaki-r Exp $
 .\"
 .\" Copyright (c) 1996
 .\" 	Perry E. Metzger.  All rights reserved.
@@ -30,7 +30,7 @@
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\"
-.Dd May 11, 2018
+.Dd June 13, 2018
 .Dt OPTIONS 4
 .Os
 .Sh NAME
@@ -1778,7 +1778,7 @@ relying on
 .Xr opencrypto 9
 to carry out cryptographic operations.
 See
-.Xr fast_ipsec 4
+.Xr ipsec 4
 for details.
 .It Cd options IPSEC_DEBUG
 Enables debugging code in IPsec stack.

Index: src/share/man/man4/ubsec.4
diff -u src/share/man/man4/ubsec.4:1.5 src/share/man/man4/ubsec.4:1.6
--- src/share/man/man4/ubsec.4:1.5	Sat Apr 19 12:29:24 2014
+++ src/share/man/man4/ubsec.4	Wed Jun 13 03:28:36 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: ubsec.4,v 1.5 2014/04/19 12:29:24 bad Exp $
+.\"	$NetBSD: ubsec.4,v 1.6 2018/06/13 03:28:36 ozaki-r Exp $
 .\"	$FreeBSD: src/share/man/man4/ubsec.4,v 1.1.2.1 2002/11/21 23:57:24 sam Exp $
 .\"	$OpenBSD: ubsec.4,v 1.26 2003/09/03 15:55:41 jason Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd April 19, 2014
+.Dd June 13, 2018
 .Dt UBSEC 4
 .Os
 .Sh NAME
@@ -74,7 +74,7 @@ driver registers itself to accelerate DE
 MD5-HMAC, and SHA1-HMAC operations for
 .Xr opencrypto 9 ,
 and thus for
-.Xr fast_ipsec 4
+.Xr ipsec 4
 and
 .Xr crypto 4 .
 The driver also supports acceleration of AES-CBC with the BCM5823 or newer.
@@ -90,7 +90,7 @@ registers itself to provide random data 
 subsystem.
 .Sh SEE ALSO
 .Xr crypto 4 ,
-.Xr fast_ipsec 4 ,
+.Xr ipsec 4 ,
 .Xr intro 4 ,
 .Xr rnd 4 ,
 .Xr opencrypto 9

CVS commit: src

Reply via email to