From owner-cvs-all  Thu May 17 10:43:41 2001
Delivered-To: cvs-all@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-32.dsl.lsan03.pacbell.net [63.207.60.32])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4A23537B423; Thu, 17 May 2001 10:43:35 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id E2C6866C8C; Thu, 17 May 2001 10:43:34 -0700 (PDT)
Date: Thu, 17 May 2001 10:43:34 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Brian Somers <brian@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/setkey setkey.8 token.l
Message-ID: <20010517104334.C52819@xor.obsecurity.org>
References: <200105171530.f4HFUtD77891@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="xesSdrSSBC0PokLI"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200105171530.f4HFUtD77891@freefall.freebsd.org>; from brian@FreeBSD.org on Thu, May 17, 2001 at 08:30:53AM -0700
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--xesSdrSSBC0PokLI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, May 17, 2001 at 08:30:53AM -0700, Brian Somers wrote:
> brian       2001/05/17 08:30:53 PDT
>=20
>   Modified files:
>     usr.sbin/setkey      setkey.8 token.l=20
>   Log:
>   Allow ``ip4'' as an ``upperspec'' value, and update the man
>   page with *all* the permissible values.
>  =20
>   This should really be spelt ipencap (as /etc/protocols does),
>   but a precedent has already been set by the ipproto array in
>   setkey.c.
>  =20
>   It would be nice if /etc/protocols was parsed for the upperspec
>   field, but I don't do yacc/lex...
>  =20
>   This change allows policies that only encrypt the encapsulated
>   packets passing between the endpoints of a gif tunnel.  Setting
>   such a policy means that you can still talk directly (and
>   unencrypted) between the public IP numbers with (say) ssh.
>  =20
>   MFC after:	1 week

Please submit this to KAME; core@kame.net, or it may be lost in a
future vendor update.

Kris

--xesSdrSSBC0PokLI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7BA3GWry0BWjoQKURAnECAJ41AX5ymlSLHyCmgWKmZa+kizIx9wCgnVyd
G5vXq6Qw9cTX44sqYKwgG4o=
=jTf2
-----END PGP SIGNATURE-----

--xesSdrSSBC0PokLI--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message