drop __P, suggested by sevan

fix -Wunused and -Wold-style-definition

branches: 1.24.40;
Use the correct constant.
From FreeBSD via Henning Petersen in PR 46005.

allow setkey(8) set and display the ESP fragment size in the NAT-T case,
userland part of PR kern/44952 by Wolfgang Stukenbrock, just changed
the "frag" option name to "esp_frag", for consistency to the existing
option of similar effect in racoon(8)

From Marcelo Leitner <mleitner@redhat.com>: do not shrink pfkey socket
buffers (if system default is larger than what we want as minimum)

branches: 1.21.2; 1.21.6;
fixed a typo, it will now compile when KMADDRESS is defined. reported by Roman Hoog Antink (rha (at) open.ch)

branches: 1.20.2;
ANSIfy

From Yvan Vanhullebus: Use SADB_X_EXT_NAT_T_* consistently for passing the
NAT-T port information. This might break compatibility with some kernels,
but as discussed this is the proper way to pass NAT-T ports and the broken
kernels need to be fixed.

From Arnaud Ebalard:
Improved Mobile IPv6 support per draft-ebalard-mext-pfkey-enhanced-migrate.

From: Matthew Krenzer
Ability to set pfkey socket buffer size via configuration file directive.
(Indentation and minor fixes by me.)

branches: 1.16.4;
- Fix reloading of SPD (Linux satype check, handling of SPD dump responses)
- Remove some spurious error log message from extract_port()

branches: 1.15.8;
Try to increase the buffer size of the pfkey socket, this may help things when we have a huge SPD

branches: 1.14.4; 1.14.6;
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues

branches: 1.13.4;
Bring back API and ABI backward compatibility with previous libipsec before
recent interface change. Bump libipsec minor version. Remove ifdefs in
struct pfkey_send_sa_args to avoid ABI compatibility lossage.
Add a capability flags to detect missing optional feature in libipsec

From Joy Latten: Add support for SELinux security contexts. Also cleanup the
libipsec interface for adding and updating security associations.

branches: 1.11.2;
use sysdep_sa_len to make it compile on Linux

Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts.
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.

Merge ipsec-tools 0.6.3 import

Merge ipsec-tools 0.6.2 import.

Can we please stop using caddr_t?

Update to ipsec-tools 0.6.1

Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.

Add proper casts. Fix a problem where (uint32_t < ~0). Cast both ~0's to
u_int, since this is what the author intended.

Fix NAT-T plus IPcomp

Resurrect TCP-MD5 support. This fixes bin/29915

branches: 1.1.1;
Initial revision

Use the correct constant.
From FreeBSD via Henning Petersen in PR 46005.

allow setkey(8) set and display the ESP fragment size in the NAT-T case,
userland part of PR kern/44952 by Wolfgang Stukenbrock, just changed
the "frag" option name to "esp_frag", for consistency to the existing
option of similar effect in racoon(8)

From Marcelo Leitner <mleitner@redhat.com>: do not shrink pfkey socket
buffers (if system default is larger than what we want as minimum)

branches: 1.21.2; 1.21.6;
fixed a typo, it will now compile when KMADDRESS is defined. reported by Roman Hoog Antink (rha (at) open.ch)

branches: 1.20.2;
ANSIfy

From Yvan Vanhullebus: Use SADB_X_EXT_NAT_T_* consistently for passing the
NAT-T port information. This might break compatibility with some kernels,
but as discussed this is the proper way to pass NAT-T ports and the broken
kernels need to be fixed.

From Arnaud Ebalard:
Improved Mobile IPv6 support per draft-ebalard-mext-pfkey-enhanced-migrate.

From: Matthew Krenzer
Ability to set pfkey socket buffer size via configuration file directive.
(Indentation and minor fixes by me.)

branches: 1.16.4;
- Fix reloading of SPD (Linux satype check, handling of SPD dump responses)
- Remove some spurious error log message from extract_port()

branches: 1.15.8;
Try to increase the buffer size of the pfkey socket, this may help things when we have a huge SPD

branches: 1.14.4; 1.14.6;
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues

branches: 1.13.4;
Bring back API and ABI backward compatibility with previous libipsec before
recent interface change. Bump libipsec minor version. Remove ifdefs in
struct pfkey_send_sa_args to avoid ABI compatibility lossage.
Add a capability flags to detect missing optional feature in libipsec

From Joy Latten: Add support for SELinux security contexts. Also cleanup the
libipsec interface for adding and updating security associations.

branches: 1.11.2;
use sysdep_sa_len to make it compile on Linux

Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts.
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.

Merge ipsec-tools 0.6.3 import

Merge ipsec-tools 0.6.2 import.

Can we please stop using caddr_t?

Update to ipsec-tools 0.6.1

Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.

Add proper casts. Fix a problem where (uint32_t < ~0). Cast both ~0's to
u_int, since this is what the author intended.

Fix NAT-T plus IPcomp

Resurrect TCP-MD5 support. This fixes bin/29915

branches: 1.1.1;
Initial revision

Migrate ipsec-tools CVS to cvs.netbsd.org

Import IPsec-tools 0.6.3. This fixes several bugs, including bugs that
caused DoS.

Import ipsec-tools-0.6.2. Here is the ChangeLog since 0.6.1 (most of them
have already been pulled up in NetBSD CVS)

Import ipsec-tools 0.6.1

Update ipsec-tools to 0.6.1rc1
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.

branches: 1.1.1.2.2;
Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version
according to ipsec-tools' ChangeLog:

2005-02-23 Emmanuel Dreyfus <manu@netbsd.org>

* configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
support for patented algorithms: IDEA and RC5.
* src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
is not required in the configuration
* src/racoon/isakmp.c: do not reject addresses for which kernel
refused UDP encapsulation, they can still be used for non NAT-T
traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)

2005-02-18 Emmanuel Dreyfus <manu@netbsd.org>

* src/racoon/{main.c|eaytest.c|plairsa-gen.c}
src/setkey/setkey.c: don't use fuzzy paths for package_version.h

2005-02-18 Yvan Vanhullebus <vanhu@free.fr>

* src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
related DELETE_SA
* src/racoon/pfkey.c: do NOT unbindph12() when SA acquire

2005-02-17 Emmanuel Dreyfus <manu@netbsd.org>

From Fred Senault <fred.letter@lacave.net>
* src/racoon/remoteconf.c: Fix a bug in script init

2005-02-17 Yvan Vanhullebus <vanhu@free.fr>

* src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks

2005-02-15 Michal Ludvig <michal@logix.cz>

* configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN

Import ipsec-tools (tag ipsec-tools-0_6-base in ipsec-tools CVS)
ipsec-tools is a fork from KAME racoon/libipsec/setkey, with many
enhancements.

Apply patch (requested by manu in ticket #981):
Update ipsec-tools to version 0.6.3.

Pull up the following revisions (requested by manu in ticket #894):
crypto/dist/ipsec-tools/ChangeLog 1.28-1.30
crypto/dist/ipsec-tools/NEWS 1.1.1.4
crypto/dist/ipsec-tools/configure.ac 1.1.1.7
crypto/dist/ipsec-tools/src/libipsec/pfkey.c 1.7-1.8
crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c 1.10
crypto/dist/ipsec-tools/src/libipsec/policy_parse.y 1.7
crypto/dist/ipsec-tools/src/racoon/cfparse.y 1.5-1.9
crypto/dist/ipsec-tools/src/racoon/evt.c 1.3
crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c 1.11
crypto/dist/ipsec-tools/src/racoon/isakmp.c 1.10
crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c 1.5-1.6
crypto/dist/ipsec-tools/src/racoon/isakmp_base.c 1.3-1.4
crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c 1.3
crypto/dist/ipsec-tools/src/racoon/oakley.c 1.6
crypto/dist/ipsec-tools/src/racoon/pfkey.c 1.10
crypto/dist/ipsec-tools/src/racoon/policy.c 1.3
crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 1.21-1.23
crypto/dist/ipsec-tools/src/racoon/sockmisc.c 1.3
crypto/dist/ipsec-tools/src/racoon/sockmisc.h 1.5
crypto/dist/ipsec-tools/src/setkey/setkey.8 1.17
lib/libipsec/package_version.h 1.15

Update to ipsec-tools 0.6.2

Apply patch (requested by tron in ticket #741):
Update ipsec-tools to version 0.6.1.

Pull up revision 1.2 (requested by manu in ticket #132):
Resurrect TCP-MD5 support. This fixes bin/29915

Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).

branches: 1.11.2.2.2;
Pull up following revision(s) (requested by manu in ticket #830):

Import ipsec-tools 0.7

branches: 1.11.2.1.2;
Upgrade ipsec-tools to 0.7-beta3 (Requested by manu in ticket #634).

Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).

Sync with netbsd-4.

Sync w/ NetBSD-4-RC_1

Try to increase the buffer size of the pfkey socket, this may help things when we have a huge SPD

use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues

use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues

file pfkey.c was added on branch matt-mips64 on 2007-07-18 12:07:51 +0000

sync with HEAD

Sync with wrstuden-revivesa-base-2.

Apply patch (requested by manu/spz in #378):
Downgrade ipsec-tools to 0.7.1nb1.

Sync with HEAD

sync with head

From Marcelo Leitner <mleitner@redhat.com>: do not shrink pfkey socket
buffers (if system default is larger than what we want as minimum)